Fix dependency source bug in bundler #9213
Open
+132
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eileencodes
force-pushed
the
fix-dependency-source-bug
branch
from
8071235 to
4336836
Compare
I stumbled across a bundler bug that had me scratching my head for awhile, because I hadn't experienced it before. In some cases when changing the source in a gemfile from a `Source::Gemspec` to either a `Source::Path` or `Source::Git` only the parent gem will have it's gem replaced and updated and the child components will retain the original version. This only happens if the gem version of the `Source::Gemspec` and `Source::Git` are the same. It also requires another gem to share a dependency with the one being updated. For example if I have the following gemfile: ``` gem "rails", "~> 8.1.1" gem "propshaft" ``` Rails has a component called `actionpack` which `propshaft` depends on. If I change `rails` to point at a git source (or path source), only the path for `rails` gets updated: ``` gem "rails", github: "rails/rails", branch: "8-1-stable" gem "propshaft" ``` Because `actionpack` is a dependency of `propshaft`, it will remain in the rubygems source in the lock file WHILE the other gems are correctly pointing to the git source. Gemfile.lock: ``` GIT remote: https://github.com/rails/rails.git revision: 9439f463e0ef974c447edcc1b17882f072e99d22 branch: 8-1-stable specs: actioncable (8.1.1) ... actionmailbox (8.1.1) ... actionmailer (8.1.1) ... actiontext (8.1.1) ... activejob (8.1.1) ... activemodel (8.1.1) ... activerecord (8.1.1) ... activestorage (8.1.1) ... rails (8.1.1) ... railties (8.1.1) ... GEM remote: https://rubygems.org/ specs: action_text-trix (2.1.15) railties actionpack (8.1.1) <===== incorrectly left in Rubygems source ... ``` The gemfile will contain `actionpack` in the rubygems source, but will be missing in the git source so the path will be incorrect. A bundle show on Rails will point to the correct place: ``` $ bundle show rails /Users/eileencodes/.gem/ruby/3.4.4/bundler/gems/rails-9439f463e0ef ``` but a bundle show on actionpack will be incorrect: ``` $ bundle show actionpack /Users/eileencodes/.gem/ruby/3.4.4/gems/actionpack-8.1.1 ``` This bug requires the following to reproduce: 1) A gem like Rails that contains components that are released as their own standalone gem is added to the gemfile pointing to rubygems 2) A second gem is added that depends on one of the gems in the first gem (like propshaft does on actionpack) 3) The Rails gem is updated to use a git source, pointing to the same version that is being used by rubygems (ie 8.1.1) 4) `bundle` will only update the path for Rails component gems if no other gem depends on it. This incorrectly leaves Rails (or any gem like it) using two different codepaths / gem source code.
eileencodes
force-pushed
the
fix-dependency-source-bug
branch
from
4336836 to
dff76ba
Compare
Member
|
/cc @zzak This PR may resolve your issue too. |
Member
|
I will look this after releasing Ruby 4.0. Sorry to not merge this for Bundler 4.0.3. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I stumbled across a bundler bug that had me scratching my head for awhile, because I hadn't experienced it before.
In some cases when changing the source in a gemfile from a
Source::Gemspecto either aSource::PathorSource::Gitonly the parent gem will have it's gem replaced and updated and the child components will retain the original version. This only happens if the gem version of theSource::GemspecandSource::Gitare the same. It also requires another gem to share a dependency with the one being updated.For example if I have the following gemfile:
Rails has a component called
actionpackwhichpropshaftdepends on.If I change
railsto point at a git source (or path source), only the path forrailsgets updated:Because
actionpackis a dependency ofpropshaft, it will remain in the rubygems source in the lock file WHILE the other gems are correctly pointing to the git source.Gemfile.lock:
The gemfile will contain
actionpackin the rubygems source, but will be missing in the git source so the path will be incorrect. A bundle show on Rails will point to the correct place:but a bundle show on actionpack will be incorrect:
This bug requires the following to reproduce:
bundlewill only update the path for Rails component gems if no other gem depends on it.This incorrectly leaves Rails (or any gem like it) using two different codepaths / gem source code.
What was the end-user or developer problem that led to this PR?
What is your fix for the problem, implemented in this PR?
Make sure the following tasks are checked