diff options
| author | David RodrÃguez <[email protected]> | 2025-02-13 19:08:16 +0100 |
|---|---|---|
| committer | Hiroshi SHIBATA <[email protected]> | 2025-02-18 12:12:54 +0900 |
| commit | 507de2226bcc75b1d0d8c1736cdbe62e46a97916 (patch) | |
| tree | 7dd7d53468a94956a81d5d784a1d295d9321369d /lib | |
| parent | 203a570f68b43ce591c5ef1784112725fa0692cd (diff) | |
[rubygems/rubygems] Fix Bundler incorrectly downgrading direct dependencies
There's no reason to call `converge_specs` when adding additional
lower bound requirements to prevent downgrades, and it actually causes
the extra requirements to be missed sometimes.
Loop over the originally locked specs directly, adding the additional
precaution of not adding the requirement if the Gemfile dependency has
changed and it no longer matches the locked spec.
https://github.com/rubygems/rubygems/commit/5154506912
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/bundler/definition.rb | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index 61add4be10..24dae86493 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -938,7 +938,7 @@ module Bundler def converge_dependencies @missing_lockfile_dep = nil - changes = false + @changed_dependencies = [] current_dependencies.each do |dep| if dep.source @@ -960,10 +960,10 @@ module Bundler end end - changes ||= dep_changed + @changed_dependencies << name if dep_changed end - changes + @changed_dependencies.any? end # Remove elements from the locked specs that are expired. This will most @@ -1095,9 +1095,13 @@ module Bundler def additional_base_requirements_to_prevent_downgrades(resolution_packages) return resolution_packages unless @locked_gems && !sources.expired_sources?(@locked_gems.sources) - converge_specs(@originally_locked_specs).each do |locked_spec| + @originally_locked_specs.each do |locked_spec| next if locked_spec.source.is_a?(Source::Path) - resolution_packages.base_requirements[locked_spec.name] = Gem::Requirement.new(">= #{locked_spec.version}") + + name = locked_spec.name + next if @changed_dependencies.include?(name) + + resolution_packages.base_requirements[name] = Gem::Requirement.new(">= #{locked_spec.version}") end resolution_packages end |