New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bundler :"Could not find [gem] in any of the sources" when gem required_ruby_version > 3.1.3 and using vendor/cache #9051
Comments
It's curious to me that having the files committed to vendor/cache makes a difference. The obvious solution of course is for us to upgrade our ruby version, we are currently blocked on bundler 1 support for that but also we could run into the same scenario with some gem that declares it wants |
This looks like a difference:
|
Might not be related, but I wonder if we also need to add Ruby 3.3 to dependabot-core/bundler/helpers/v2/monkey_patches/definition_ruby_version_patch.rb Line 29 in 4229759
|
Yeah I thought this might be related by I tried it and just adding 3.3.0 didn't do the trick. I spent a few minutes debugging and I do think there's a way that we can get bundler to resolve this, but I need to carve out some more time to get to the bottom of it. I'll try to find that time soon, would love to see this resolved |
@bensheldon and I paired on this last week and adding 3.3 there didn't seem to be enough (although we probably want that regardless). We had some initial luck with patching https://github.com/rubygems/rubygems/blob/62a21b44e3af5dcde95e4f1ff7ed8133b6b77772/bundler/lib/bundler/match_metadata.rb#L9-L11 to return |
So, while the underlying issue isn't entirely fixed and might happen again when our Ruby become out of date, but Dependabot is now on Ruby 3.3.1 since #9597, so that should improve things a bit for now at least. |
Is there an existing issue for this?
Package ecosystem
Bundler
Package manager version
No response
Language version
Ruby 3.2+
Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
require_ruby_version > 3.1.3
vernier
which hasspec.required_ruby_version = ">= 3.2.1"
What you expected to see, versus what you actually saw
This error seems to happen when both of the following conditions are met:
required_ruby_version
that is greater than Dependabot's Ruby version (currently Ruby v3.1.3)bundler package
to vendor the.gem
files intovendor/cache
When both of these conditions happen, Dependabot will fail to update with
Bundler::GemNotFound: Could not find [gem] in any of the sources
. Here is an example:This error was generated using dependabot dry run on a stripped down project: https://github.com/bensheldon/dep-resolution-experiment
Below is the full command log/stacktrace:
Dependabot command log
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
https://github.com/bensheldon/dep-resolution-experiment
The text was updated successfully, but these errors were encountered: