[rubygems/rubygems] Fix only_update_to_newer_versions regression

The `only_update_to_newer_versions` feature flag will enable some new behaviour in bundler 3 (or maybe earlier if we decide to consider it a bug fix) that prevents `bundle update` from unexpectedly downgrading direct dependencies. This seems reasonable, but the current implementation is adding additional requirements for all locked dependencies, not only from the ones in the `Gemfile`. That causes some situations where the `Gemfile` is edited and will resolve to older versions to start failing. This commit fixes the problem by making sure extra requirements are added exclusively for direct dependencies in the `Gemfile`, not for all direct dependencies in the lock file. rubygems/rubygems@128b4596e1
ruby · Jun 18, 2020 · f8f3f11 · f8f3f11
1 parent a447563
commit f8f3f11
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb
@@ -984,8 +984,9 @@ def additional_base_requirements_for_resolve
       @locked_gems.specs.reduce({}) do |requirements, locked_spec|
         name = locked_spec.name
         dependency = dependencies_by_name[name]
+        next requirements unless dependency
         next requirements if @locked_gems.dependencies[name] != dependency
-        next requirements if dependency && dependency.source.is_a?(Source::Path)
+        next requirements if dependency.source.is_a?(Source::Path)
         dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
         requirements[name] = DepProxy.new(dep, locked_spec.platform)
         requirements

diff --git a/spec/bundler/install/bundler_spec.rb b/spec/bundler/install/bundler_spec.rb
@@ -131,6 +131,21 @@
       expect(err).to include(nice_error)
     end
 
+    it "does not cause a conflict if new dependencies in the Gemfile require older dependencies than the lockfile" do
+      install_gemfile! <<-G
+        source "#{file_uri_for(gem_repo2)}"
+        gem 'rails', "2.3.2"
+      G
+
+      install_gemfile <<-G
+        source "#{file_uri_for(gem_repo2)}"
+        gem "rails_fail"
+      G
+
+      expect(out).to include("Installing activesupport 1.2.3 (was 2.3.2)")
+      expect(err).to be_empty
+    end
+
     it "can install dependencies with newer bundler version with system gems" do
       bundle! "config set path.system true"