Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

An update for one rubygem shouldn't touch another (unrelated) gem #10034

Open
1 task done
timdiggins opened this issue Jun 18, 2024 · 0 comments
Open
1 task done

An update for one rubygem shouldn't touch another (unrelated) gem #10034

timdiggins opened this issue Jun 18, 2024 · 0 comments
Labels
L: git:submodules Git submodules L: javascript L: ruby:bundler RubyGems via bundler T: bug 🐞 Something isn't working

Comments

@timdiggins
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

Bundler

Package manager version

2.4.21

Language version

3.0

Manifest location and content before the Dependabot update

/Gemfile

Excerpt (can provide rest if needed)

source 'https://rubygems.org'

ruby "3.0.6"

gem "rbnacl", ">= 6.0.1"
gem 'memory_profiler'

dependabot.yml content

# https://docs.github.com/en/code-security/supply-chain-security/enabling-and-disabling-version-updates
version: 2
updates:
  - package-ecosystem: "npm"
    # Look for `package.json` and `lock` files in the `root` directory
    directory: "/"
    schedule:
      interval: "daily"

  - package-ecosystem: "bundler"
    # Look for a `Gemfile` in the `root` directory
    directory: "/"
    schedule:
      interval: "daily"
    versioning-strategy: lockfile-only

Updated dependency

@ Gemfile.lock:258 @ GEM
faraday-net_http (3.1.0)
net-http
fast_stack (0.2.0)
ffi (1.17.0)
ffi (1.17.0-x86_64-darwin)
ffi (1.17.0-x86_64-linux-gnu)
ffi-compiler (1.3.2)
ffi (>= 1.15.5)
rake

@ Gemfile.lock:402 @ GEM
net-smtp
marcel (1.0.4)
matrix (0.4.2)
memory_profiler (1.0.1)
memory_profiler (1.0.2)
method_source (1.1.0)
mime-types (3.5.2)
mime-types-data (~> 3.2015)

What you expected to see, versus what you actually saw

I expected to only see changes related to memory_profiler, but I also saw a change from a non-native to a native version of a compiled gem (ffi).

This change (which resulted to a change of platforms in the gemfile in a previous commit) should have been in a different commit.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response
@timdiggins timdiggins added the T: bug 🐞 Something isn't working label Jun 18, 2024
@github-actions github-actions bot added L: git:submodules Git submodules L: javascript L: ruby:bundler RubyGems via bundler labels Jun 18, 2024
@saturnflyer saturnflyer mentioned this issue Jun 26, 2024
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: git:submodules Git submodules L: javascript L: ruby:bundler RubyGems via bundler T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@timdiggins