Reputation: 22171
What happens when modifying Gemfile.lock directly?
Since the second time of bundle install execution, dependencies are loaded from Gemfile.lock as long as Gemfile isn't changed.
But I wonder how detection of changes is made between those two files.
For instance, if I'm adding a new dependency directly into Gemfile.lock without adding it into Gemfile (as opposed to the best practice since Gemfile.lock is auto-generated from Gemfile), would a bundle install consider Gemfile as changed ?
Indeed, does bundle install process compares the whole Gemfile and Gemfile.lock trees in order to detect changes?
If it is, even if I'm adding a dependency directly to Gemfile.lock, Gemfile would be detected as changed (since different) and would re-erase Gemfile.lock (so losing the added dependency...)
What is the process of bundle install since the launch for the second time ?
To be more clear, my question is:
Are changes based only from Gemfile ? That means bundler would keep a Gemfile snapshot of every bundle install execution number N and merely compares it to the bundle install execution N+1 ?
Or no snapshots are created in bundler memory and bundler makes a comparison with Gemfile.lock each time to detect if Gemfile must be considered as changed.
Upvotes: 16
Views: 11565
Answers (2)
Reputation: 1648
I know this question is very old, but I recently had to deal with this so I am giving my own answer. Omniauth was recently updated to version 1.3.2 to patch a security issue. I was tasked with updating Omniauth to this new patched version, however upon checking our Gemfile I realized we did not have that Gem in there. So I said well maybe I can just switch the version on Gemfile.lock from 1.3.1 to 1.3.2. Long story short, that would have worked, but turns out I did not have to do it that way. What I ended up doing was issuing the following command
bundle update omniauth --patch
Which resulted in the same change I was going to do manually:
- omniauth (1.3.1)
+ omniauth (1.3.2)
That said, if you think you need to make changes to Gemfile.lock there is probably a way to make that change without touching the Gemfile.lock itself. Just do bundle --help and you will probably find and option to do what you are trying to achieve.
Upvotes: 9
Reputation: 4109
If you edit your Gemfile.lock then Rails app would depend on another versions of gems... The integrity of your gem-versioning system would be broken in this case. It's a very-very bad idea to edit Gemfile.lock file directly.
Please, be a good guy and make deals with Gemfile only
Upvotes: 23
Related Questions
- Gemfile.lock generates BUNDLED WITH
- Understanding the Gemfile.lock file
- Are you supposed to include Gemfile.lock in a published gem?
- Understanding the tilde operator in Gemfile.lock
- Why don't we commit our gemfile.lock for gems?
- Why do we need the Gemfile.lock in Ruby?
- gemfile.lock and gemset Ruby applications
- Gemfile.lock does not override Gemfile
- Gemfile.lock Use in Rails?
- How does Bundler utilize Gemfile.lock to load gems?