Describe the problem as clearly as you can
We have been seeing cases where public gems (like Rails) have had their position in the gemfile.lock moved from the public source to inside the listing for a private source
I can't show a full example, but the pattern is
GEM
remote: <our internal gem source>
specs:
internal-gem (1.1.0)
<dependencies>
rails (7.2.1)
<dependencies>
GEM
remote: https://rubygems.org
specs:
Rails shouldn't be showing up as coming from our internal source.
I think, but I'm not sure, that it happens when a public gem is a dependency of an internal gem.
Did you try upgrading rubygems & bundler?
This seems to happen on the current version
Post steps to reproduce the problem
It appears to happen on a normal bundle update when a private gem has a public gem as a dependency
-->
Which command did you run?
bundle update
What were you expecting to happen?
regular bundle update
What actually happened?
public gems get moved to our private source
If not included with the output of your command, run bundle env and paste the output below
Describe the problem as clearly as you can
We have been seeing cases where public gems (like Rails) have had their position in the gemfile.lock moved from the public source to inside the listing for a private source
I can't show a full example, but the pattern is
Rails shouldn't be showing up as coming from our internal source.
I think, but I'm not sure, that it happens when a public gem is a dependency of an internal gem.
Did you try upgrading rubygems & bundler?
This seems to happen on the current version
Post steps to reproduce the problem
It appears to happen on a normal bundle update when a private gem has a public gem as a dependency
-->
Which command did you run?
bundle update
What were you expecting to happen?
regular bundle update
What actually happened?
public gems get moved to our private source
If not included with the output of your command, run
bundle envand paste the output below