Search code examples
ruby-on-railsrubygemsbundlergemfilegemfile.lock

bundle install does not respect Gemfile.lock

I faced some issues with bundle install.

When we run 'bundle install' , One of the dependency gem in Gemfile.lock is get auto upgraded. As per theory, "bundle install" will look the Gemfile.lock for version and won't resolve the version and will install the same versions. It will resolve only when there is no Gemfile.lock or when we give "bundle update".

In our server, we having Gemfile.lock but "bundle install" is updated the particular gem mentioned gemfile.lock(it's a dependency gem , so we not specified in gemfile), It should not happen like this, because already one version present in lock file, even though that version is get auto updated, Due to this upgrade some major functionality is broken in the site.

For your references: bundler version - 1.17.2 ruby version - 2.5.3 gem version - 2.7.6 rails version - 5.2.3 that dependency gem name is "nokogiri", This gem locked as 1.11.7, But it's updated to "1.12.1" when i give "bundle install"

Any idea to prevent this issue in future?

Solution

  • First of all it'll be great if you shared the Gemfile.lock error so as to know what i particular might be causing that upgrade. But from afar I think as you said this gem is a dependency gem and it is not stated in your gemfile. It could be that another gem also depends on this gem and per that requirement it triggers an upgrade even before your supposed gem line is run which may be leading to the error. Read the error thoroughly and you can identify the gem(s) causing this.

    After your update I have read around on this. Exactly so as stated earlier on, one of these gems could be the reason why your particular gem gets updated with every bundler install. Unfortunately there is no true turn around to solving this but bundler does give a way around. You can use the --frozen option with bundler which freezes your gemfile.lock to the current versions for each gem and does not update any gem but only installs new gems that you have. Unfortunately this has been deprecated and can only be done be done from /.bundle/config. This can be done from the command line in the root of your project. run bundle config frozen true to freeze bundler from updating your gems in gemfile.lock You may have to grant write permissions to your user to be able to edit the bundle configurations. I found this article as well from bigbinary.com