Fix unintentional downgrades when gemspec DSL is used #6131
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What was the end-user or developer problem that led to this PR?
Bundler sets
>= <locked_version>
additional resolution requirements for all direct dependencies, in order to avoid downgrades.Those are passed on to the resolver through this array here:
rubygems/bundler/lib/bundler/definition.rb
Lines 885 to 891 in 084f7d1
In this case thought, an empty array is being passed (so no additional lower bound requirements due to
sources.expired_sources?(@locked_gems.sources)
beingtrue
.That accounts for the case when the user changes Gemfile sources, expiring those in the lock file. In that case, it's possible that a gem in the new source needs to be downgraded, so lower bound requirements are not passed.
Here, however, nobody is changing any sources, and that method is still returning
true
. That's the bug. Closer inspection reveals that theSource::Path
source included inGemfile.lock
is being considered different to theSource::Gemspec
source included in theGemfile
. They are actually the same thing though.What is your fix for the problem, implemented in this PR?
This commit fixes the issue by properly normalizing
Gemspec
andPath
sources so that they can be properly compared.Fixes #6129.
Make sure the following tasks are checked