New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bundler - lock update fails when using complex ranges in Gemfile #5050
Comments
I've also noticed many gems in my Gemfile not getting updated thanks to |
This particular syntax is confusing Renovate. It's expecting the second part to be limiting the first part like |
@rarkins Usually the second part is to ensure some for this case
I think this will be compatible with existing Gemfiles, while smoothly transitioning to the |
I think with using a tool like renovate to upgrade dependecies, this form |
For completion sake, as I was scanning through my Gemfile for different gem "declarations", I've just noticed that renovate does not detect this case as well: I think that's because there is no patch version specified, so it's confused. ( The |
Renovate doesn’t upgrade if the new version satisfies the existing range. If you need ranges then keep them wide. I’d you don’t need them then pin them instead and let Renovate keep it updated. |
And if your repo is an app, just use exact versions |
That's what I was saying, if someone uses renovate, no need to keep wide wide ranges. I'm just pointing out that many Gemfiles out there have different semantic versionning strategies, developers may declare gems in different ways. The fact still remains that this form is quite popular in Gemfiles: All I'm saying is, if possible, you can add in the docs what are the forms that are accepted/handled by renovate, because I was having gems that were being updated, and some that weren't (So I was thinking everything was working OK) and wasn't aware of that. (For instance there was a CVE for puma considered as high) and as I said as I'm implementing |
For instance, you can point to users that if their repo is an app, and they want to use renovate to handle updates, they should stick to exact versions, and let renovate handle all the PR/MR upgrade, while also pointing out that Because right now if many gem declaration |
We will soon support updating the lock file only, so people will get the PRs they expect. If they decide they also want the Gemfile ranges updates too, then they can consider which is the best config. I agree with you that the current approach is suboptimal as people may have mixed expectations. |
Another argument: Most ruby developers copy the line to add to their gemfiles from rubygems.org They suggest to add: gem Just saying that this is a popular form of gem declaration and it might be good to say here in the docs that only the aforementioned patterns are currently supported. |
Yes, good point. It’s essentially the long way to replicate npm’s |
I've added a failing test case to this branch: https://github.com/renovatebot/renovate/tree/fix/5050-bundler-update-complex |
🎉 This issue has been resolved in version 19.96.1 🎉 The release is available on: Your semantic-release bot 📦🚀 |
What Renovate type are you using?
I'm using renovate as a scheduled pipeline on a self hosted gitlab instance using a renovate docker image (
renovate/ruby:2.6.5
)renovate version:
19.89.1
Describe the bug
Hi, I have ranges in my Gemfile like so :
gem 'sidekiq', '~> 5.2', '>= 5.2.5'
However
bundle lock --update
fails with this error:Could not find gem 'sidekiq (~> 5.2, >= 6.0.4)
(basically, it changes the right side)
Is it expected? should i change my Gemfile to not use ranges?
For exacts versions or
~> x.x.x
it works, only issue is with ranges.Did you see anything helpful in debug logs?
To Reproduce
Additional context
Here is the renovate.json of the ruby repository:
And here is the renovate config.js
The text was updated successfully, but these errors were encountered: