Private gem's "public" dependencies are not found...

[gencer]

I have very same issue as #3461. I have a private gem which depends on some other "public" gems and Dependabot Native seems trying to find it on GitHub Packages (private registry) rather than Rubygems.org... Therefore, I do not get any PRs from Dependabot native.

Package ecosystem bundler

Package manager version bundler-2.1.17

Language version Ruby 3.0.1

Manifest location and content prior to update /Gemfile

dependabot.yml content

version: 2
registries:
  rubygems-server-rubygems-pkg-github-com:
    type: rubygems-server
    url: https://rubygems.pkg.github.com
    token: '${{secrets.RUBYGEMS_SERVER_RUBYGEMS_PKG_GITHUB_COM_TOKEN}}'

updates:
  - package-ecosystem: bundler
    directory: '/'
    schedule:
      interval: daily
    open-pull-requests-limit: 99
    insecure-external-code-execution: allow
    versioning-strategy: increase
    commit-message:
      prefix: chore
      include: scope
    registries:
      - rubygems-server-rubygems-pkg-github-com

Updated dependency All dependencies causes dkim gem not found error

What you expected to see, versus what you actually saw PRs... Got nothing except error in Dependency page

Native package manager behavior See below...

Images of the diff or a link to the PR, issue or logs See below...

🕹 Bonus points: Smallest manifest that reproduces the issue Private repo :(

PLATFORMS
  ruby

RUBY VERSION
   ruby 3.0.1p64

BUNDLED WITH
   2.2.17

However, I am able to install all gems locally (bundle install) and in CI/CD side.

Dependabot shows this error for every gem it checks:

updater | INFO <job_135224420> Handled error whilst updating puma: dependency_file_not_resolvable {:message=>"Bundler::GemNotFound with message: Your bundle is locked to dkim (1.0.1), but that version could not be found in any of the sources listed in your Gemfile. If you haven't changed sources, that means the author of dkim (1.0.1) has removed it. You'll need to update your bundle to a version other than dkim (1.0.1) that hasn't been removed in order to install."}

Yes, dkim is a public gem and my private gem depends on it. And, These are the logs where dependabot checks dkim:

proxy | 2021/05/18 18:39:21 [206] 200 https://rubygems.pkg.github.com:443/my-org/api/v1/dependencies?gems=celluloid-gems%2Cchilkat%2Cfugit%2Crack%2Crest-client%2Csequel-bulk-audit%2Csequel-redis-cache
  proxy | 2021/05/18 18:39:21 [208] GET https://rubygems.pkg.github.com:443/my-org/api/v1/dependencies?gems=dkim%2Cmail%2Cpg%2Csequel
  proxy | 2021/05/18 18:39:21 [208] * authenticating rubygems server request (host: rubygems.pkg.github.com)
  proxy | 2021/05/18 18:39:21 [208] 200 https://rubygems.pkg.github.com:443/my-org/api/v1/dependencies?gems=dkim%2Cmail%2Cpg%2Csequel%2Cwork_queue
  proxy | 2021/05/18 18:39:21 [210] GET https://index.rubygems.org:443/versions
  proxy | 2021/05/18 18:39:21 [210] 304 https://index.rubygems.org:443/versions
  proxy | 2021/05/18 18:39:22 [214] GET https://index.rubygems.org:443/info/work_queue
  proxy | 2021/05/18 18:39:22 [214] 200 https://index.rubygems.org:443/info/work_queue
  proxy | 2021/05/18 18:39:22 [216] GET https://index.rubygems.org:443/info/dkim
  proxy | 2021/05/18 18:39:22 [216] 200 https://index.rubygems.org:443/info/dkim
  proxy | 2021/05/18 18:39:23 [218] GET 

Originally posted by @gencer in https://github.com/dependabot/dependabot-core/issues/3461#issuecomment-843454592

[jurre]

I think your Gemfile.lock might still be using an older format. Could you check if you see separate GEM blocks with their own remote, so:

GEM
  remote: https://rubygems.pkg.github.com
  specs:
    # .. the specs

GEM
  remote: https://rubygems.org/
  specs:

or a single block, like:

GEM
  remote: https://rubygems.pkg.github.com
  remote: https://rubygems.org/

If the latter, try re-generating the lockfile so that Bundler can tell which gem is supposed to be pulled from where, and I think it'll resolve things 🤞

[gencer]

@jurre How can I send private files to you? Along with logs from GitHub Dependabot? I don't want to publicly put here but i can send via email or any other forms to you all necessary files.

P.S.: I can also generate a temporary read:packages token for our organization for you to test it.

Anyway, I've just deleted Gemfile.lock file and did bundle install. Pushed it and triggered dependabot. Same issue. :(

[jurre]

@jurre How can I send private files to you? Along with logs from GitHub Dependabot? I don't want to publicly put here but i can send via email or any other forms to you all necessary files.

P.S.: I can also generate a temporary read:packages token for our organization for you to test it.

The easiest way would be to go through support: https://support.github.com/contact

Anyway, I've just deleted Gemfile.lock file and did bundle install. Pushed it and triggered dependabot. Same issue. :(

Did you happen to check that you have the latest version of bundler installed when you do this, and that the new lockfile has those two separate GEM blocks?

[gencer]

Did you happen to check that you have the latest version of bundler installed when you do this, and that the new lockfile has those two separate GEM blocks?

Here are my steps:

$ bundle -v
Bundler version 2.2.17

$ bundle install

Gemfile.lock:

GIT
  remote: https://github.com/dev-develop/iyzipay-ruby.git
  revision: e6295138fd091fa29408d8a8db6b6e038743107a
  branch: master
  specs:
    iyzipay (1.0.45)
      rack (~> 2.0)
      rest-client (~> 2.0)

GIT
  remote: https://github.com/ondrejbartas/sidekiq-cron.git
  revision: 6a0aeff6c900f3b7246734282f6869c61e1d5b4e
  branch: master
  specs:
    sidekiq-cron (1.2.0)
      fugit (~> 1.1)
      sidekiq (>= 4.2.1)

GEM
  remote: https://rubygems.org/
  specs:
    actioncable (6.1.3.2)
      actionpack (= 6.1.3.2)
      activesupport (= 6.1.3.2)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
    actionmailbox (6.1.3.2)
      actionpack (= 6.1.3.2)
      activejob (= 6.1.3.2)
      activerecord (= 6.1.3.2)
      activestorage (= 6.1.3.2)
      activesupport (= 6.1.3.2)
      mail (>= 2.7.1)
    actionmailer (6.1.3.2)
      actionpack (= 6.1.3.2)
      actionview (= 6.1.3.2)
      activejob (= 6.1.3.2)
      activesupport (= 6.1.3.2)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 2.0)
    actionpack (6.1.3.2)
      actionview (= 6.1.3.2)
      activesupport (= 6.1.3.2)
      rack (~> 2.0, >= 2.0.9)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
    actiontext (6.1.3.2)
      actionpack (= 6.1.3.2)
      activerecord (= 6.1.3.2)
      activestorage (= 6.1.3.2)
      activesupport (= 6.1.3.2)
      nokogiri (>= 1.8.5)
    actionview (6.1.3.2)
      activesupport (= 6.1.3.2)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.1, >= 1.2.0)
    activejob (6.1.3.2)
      activesupport (= 6.1.3.2)
      globalid (>= 0.3.6)
    activemodel (6.1.3.2)
      activesupport (= 6.1.3.2)
    activerecord (6.1.3.2)
      activemodel (= 6.1.3.2)
      activesupport (= 6.1.3.2)
    activestorage (6.1.3.2)
      actionpack (= 6.1.3.2)
      activejob (= 6.1.3.2)
      activerecord (= 6.1.3.2)
      activesupport (= 6.1.3.2)
      marcel (~> 1.0.0)
      mini_mime (~> 1.0.2)
    activesupport (6.1.3.2)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
      tzinfo (~> 2.0)
      zeitwerk (~> 2.3)
    addressable (2.7.0)
      public_suffix (>= 2.0.2, < 5.0)
    airbrussh (1.4.0)
      sshkit (>= 1.6.1, != 1.7.0)
    amazing_print (1.3.0)
    amq-protocol (2.3.2)
    ansi (1.5.0)
    ast (2.4.2)
    aws-eventstream (1.1.1)
    aws-partitions (1.457.0)
    aws-sdk-core (3.114.0)
      aws-eventstream (~> 1, >= 1.0.2)
      aws-partitions (~> 1, >= 1.239.0)
      aws-sigv4 (~> 1.1)
      jmespath (~> 1.0)
    aws-sdk-kms (1.43.0)
      aws-sdk-core (~> 3, >= 3.112.0)
      aws-sigv4 (~> 1.1)
    aws-sdk-s3 (1.93.1)
      aws-sdk-core (~> 3, >= 3.112.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.1)
    aws-sigv4 (1.2.3)
      aws-eventstream (~> 1, >= 1.0.2)
    base62-rb (0.3.1)
    bcrypt (3.1.16)
    better_errors (2.9.1)
      coderay (>= 1.0.0)
      erubi (>= 1.0.0)
      rack (>= 0.9.0)
    binding_of_caller (1.0.0)
      debug_inspector (>= 0.0.1)
    bootsnap (1.7.5)
      msgpack (~> 1.0)
    brakeman (5.0.1)
    browser (5.3.1)
    bson (4.12.0)
    builder (3.2.4)
    bunny (2.17.0)
      amq-protocol (~> 2.3, >= 2.3.1)
    byebug (11.1.3)
    capistrano (3.16.0)
      airbrussh (>= 1.0.0)
      i18n
      rake (>= 10.0.0)
      sshkit (>= 1.9.0)
    capistrano-bundler (2.0.1)
      capistrano (~> 3.1)
    capistrano-git-with-submodules (2.0.4)
      capistrano (~> 3.7)
    capistrano-rails (1.6.1)
      capistrano (~> 3.1)
      capistrano-bundler (>= 1.1, < 3)
    capistrano-rbenv (2.2.0)
      capistrano (~> 3.1)
      sshkit (~> 1.3)
    capistrano-sentry (0.4.2)
      capistrano (~> 3.1)
    chronic_duration (0.10.6)
      numerizer (~> 0.1.1)
    coderay (1.1.3)
    concurrent-ruby (1.1.8)
    connection_pool (2.2.5)
    crass (1.0.6)
    database_cleaner (2.0.1)
      database_cleaner-active_record (~> 2.0.0)
    database_cleaner-active_record (2.0.1)
      activerecord (>= 5.a)
      database_cleaner-core (~> 2.0.0)
    database_cleaner-core (2.0.1)
    debug_inspector (1.1.0)
    devise (4.7.3)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 4.1.0)
      responders
      warden (~> 1.2.3)
    diff-lcs (1.4.4)
    digest-crc (0.6.3)
      rake (>= 12.0.0, < 14.0.0)
    dkim (1.0.1)
    domain_name (0.5.20190701)
      unf (>= 0.0.5, < 1.0.0)
    doorkeeper (5.5.1)
      railties (>= 5)
    doorkeeper-sequel (2.4.0)
      bcrypt (~> 3.1)
      doorkeeper (>= 5.0.0, < 5.6)
      sequel (>= 4.0.0, < 6)
      sequel_polymorphic (~> 0.2, < 1.0)
      thor (>= 0.18, < 6)
    down (5.2.1)
      addressable (~> 2.5)
    dry-configurable (0.12.1)
      concurrent-ruby (~> 1.0)
      dry-core (~> 0.5, >= 0.5.0)
    dry-container (0.7.2)
      concurrent-ruby (~> 1.0)
      dry-configurable (~> 0.1, >= 0.1.3)
    dry-core (0.5.0)
      concurrent-ruby (~> 1.0)
    dry-inflector (0.2.0)
    dry-logic (1.2.0)
      concurrent-ruby (~> 1.0)
      dry-core (~> 0.5, >= 0.5)
    dry-struct (1.4.0)
      dry-core (~> 0.5, >= 0.5)
      dry-types (~> 1.5)
      ice_nine (~> 0.11)
    dry-types (1.5.1)
      concurrent-ruby (~> 1.0)
      dry-container (~> 0.3)
      dry-core (~> 0.5, >= 0.5)
      dry-inflector (~> 0.1, >= 0.1.2)
      dry-logic (~> 1.0, >= 1.0.2)
    elasticsearch (7.12.0)
      elasticsearch-api (= 7.12.0)
      elasticsearch-transport (= 7.12.0)
    elasticsearch-api (7.12.0)
      multi_json
    elasticsearch-model (7.1.1)
      activesupport (> 3)
      elasticsearch (> 1)
      hashie
    elasticsearch-persistence (7.1.1)
      activemodel (> 4)
      activesupport (> 4)
      elasticsearch (~> 7)
      elasticsearch-model (= 7.1.1)
      hashie
    elasticsearch-transport (7.12.0)
      faraday (~> 1)
      multi_json
    erubi (1.10.0)
    et-orbi (1.2.4)
      tzinfo
    ethon (0.14.0)
      ffi (>= 1.15.0)
    factory_bot (6.1.0)
      activesupport (>= 5.0.0)
    factory_bot_rails (6.1.0)
      factory_bot (~> 6.1.0)
      railties (>= 5.0.0)
    faker (2.17.0)
      i18n (>= 1.6, < 2)
    faraday (1.4.1)
      faraday-excon (~> 1.1)
      faraday-net_http (~> 1.0)
      faraday-net_http_persistent (~> 1.1)
      multipart-post (>= 1.2, < 3)
      ruby2_keywords (>= 0.0.4)
    faraday-excon (1.1.0)
    faraday-net_http (1.0.1)
    faraday-net_http_persistent (1.1.0)
    ffi (1.15.0)
    foreman (0.87.2)
    fugit (1.4.5)
      et-orbi (~> 1.1, >= 1.1.8)
      raabro (~> 1.4)
    globalid (0.4.2)
      activesupport (>= 4.2.0)
    grape (1.5.3)
      activesupport
      builder
      dry-types (>= 1.1)
      mustermann-grape (~> 1.0.0)
      rack (>= 1.3.0)
      rack-accept
    grape-entity (0.9.0)
      activesupport (>= 3.0.0)
      multi_json (>= 1.3.2)
    grape_logging (1.8.4)
      grape
      rack
    hashie (4.1.0)
    hiredis (0.6.3)
    http-accept (1.7.0)
    http-cookie (1.0.3)
      domain_name (~> 0.5)
    i18n (1.8.10)
      concurrent-ruby (~> 1.0)
    ice_nine (0.11.2)
    image_info (1.2.2)
      addressable (~> 2.0)
      image_size (~> 2.0)
      typhoeus (~> 1.0)
    image_processing (1.12.1)
      mini_magick (>= 4.9.5, < 5)
      ruby-vips (>= 2.0.17, < 3)
    image_size (2.1.0)
    inline_svg (1.7.2)
      activesupport (>= 3.0)
      nokogiri (>= 1.6)
    iso8601 (0.9.1)
    jmespath (1.4.0)
    json (2.5.1)
    jwt (2.2.3)
    link_thumbnailer (3.4.0)
      activesupport (>= 3.0)
      image_info (~> 1.0, >= 1.2.0)
      json (>= 1.7.7)
      net-http-persistent (>= 2.9)
      nokogiri (>= 1.6)
      rake (>= 0.9)
      video_info (>= 2.6)
    listen (3.5.1)
      rb-fsevent (~> 0.10, >= 0.10.3)
      rb-inotify (~> 0.9, >= 0.9.10)
    loofah (2.9.1)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.1)
      mini_mime (>= 0.1.1)
    manilla (1.0.0)
    marcel (1.0.1)
    method_source (1.0.0)
    middleware (0.1.0)
    mime-types (3.3.1)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2021.0225)
    mini_magick (4.11.0)
    mini_mime (1.0.3)
    mini_portile2 (2.5.1)
    minitest (5.14.4)
    mongo (2.14.0)
      bson (>= 4.8.2, < 5.0.0)
    msgpack (1.4.2)
    multi_json (1.15.0)
    multipart-post (2.1.1)
    mustermann (1.1.1)
      ruby2_keywords (~> 0.0.1)
    mustermann-grape (1.0.1)
      mustermann (>= 1.0.0)
    net-dns (0.6.1)
    net-http-persistent (4.0.1)
      connection_pool (~> 2.2)
    net-scp (3.0.0)
      net-ssh (>= 2.6.5, < 7.0.0)
    net-ssh (6.1.0)
    net_http_timeout_errors (0.3.5)
    netrc (0.11.0)
    nio4r (2.5.7)
    nobrainer (0.34.1)
      activemodel (>= 4.1.0)
      activesupport (>= 4.1.0)
      middleware (~> 0.1.0)
      rethinkdb (>= 2.3.0)
      symbol_decoration (~> 1.1)
    nokogiri (1.11.4)
      mini_portile2 (~> 2.5.0)
      racc (~> 1.4)
    nokogumbo (2.0.5)
      nokogiri (~> 1.8, >= 1.8.4)
    numerizer (0.1.1)
    oga (3.3)
      ast
      ruby-ll (~> 2.1)
    orm_adapter (0.5.0)
    orm_adapter-sequel (0.1.0)
      activemodel (>= 3.0.0)
      orm_adapter (>= 0.4.0)
      sequel (>= 3.18.0)
    pdfkit (0.8.5)
    pg (1.2.3)
    postmark (1.21.3)
      json
    postmark-rails (0.21.0)
      actionmailer (>= 3.0.0)
      postmark (>= 1.21.3, < 2.0)
    pry (0.14.1)
      coderay (~> 1.1)
      method_source (~> 1.0)
    public_suffix (4.0.6)
    puma (5.3.1)
      nio4r (~> 2.0)
    raabro (1.4.0)
    racc (1.5.2)
    rack (2.2.3)
    rack-accept (0.4.5)
      rack (>= 0.4)
    rack-attack (6.5.0)
      rack (>= 1.0, < 3)
    rack-cors (1.1.1)
      rack (>= 2.0.0)
    rack-mini-profiler (2.3.2)
      rack (>= 1.2.0)
    rack-test (1.1.0)
      rack (>= 1.0, < 3)
    rails (6.1.3.2)
      actioncable (= 6.1.3.2)
      actionmailbox (= 6.1.3.2)
      actionmailer (= 6.1.3.2)
      actionpack (= 6.1.3.2)
      actiontext (= 6.1.3.2)
      actionview (= 6.1.3.2)
      activejob (= 6.1.3.2)
      activemodel (= 6.1.3.2)
      activerecord (= 6.1.3.2)
      activestorage (= 6.1.3.2)
      activesupport (= 6.1.3.2)
      bundler (>= 1.15.0)
      railties (= 6.1.3.2)
      sprockets-rails (>= 2.0.0)
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
    rails-html-sanitizer (1.3.0)
      loofah (~> 2.3)
    rails_semantic_logger (4.5.1)
      rack
      railties (>= 3.2)
      semantic_logger (~> 4.4)
    railties (6.1.3.2)
      actionpack (= 6.1.3.2)
      activesupport (= 6.1.3.2)
      method_source
      rake (>= 0.8.7)
      thor (~> 1.0)
    rake (13.0.3)
    rb-fsevent (0.11.0)
    rb-inotify (0.10.1)
      ffi (~> 1.0)
    redis (4.2.5)
    redis-actionpack (5.2.0)
      actionpack (>= 5, < 7)
      redis-rack (>= 2.1.0, < 3)
      redis-store (>= 1.1.0, < 2)
    redis-activesupport (5.2.0)
      activesupport (>= 3, < 7)
      redis-store (>= 1.3, < 2)
    redis-namespace (1.8.1)
      redis (>= 3.0.4)
    redis-rack (2.1.3)
      rack (>= 2.0.8, < 3)
      redis-store (>= 1.2, < 2)
    redis-rails (5.0.2)
      redis-actionpack (>= 5.0, < 6)
      redis-activesupport (>= 5.0, < 6)
      redis-store (>= 1.2, < 2)
    redis-store (1.9.0)
      redis (>= 4, < 5)
    responders (3.0.1)
      actionpack (>= 5.0)
      railties (>= 5.0)
    rest-client (2.1.0)
      http-accept (>= 1.7.0, < 2.0)
      http-cookie (>= 1.0.2, < 2.0)
      mime-types (>= 1.16, < 4.0)
      netrc (~> 0.8)
    rethinkdb (2.4.0.0)
    rexml (3.2.5)
    rspec-core (3.10.1)
      rspec-support (~> 3.10.0)
    rspec-expectations (3.10.1)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.10.0)
    rspec-mocks (3.10.2)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.10.0)
    rspec-rails (5.0.1)
      actionpack (>= 5.2)
      activesupport (>= 5.2)
      railties (>= 5.2)
      rspec-core (~> 3.10)
      rspec-expectations (~> 3.10)
      rspec-mocks (~> 3.10)
      rspec-support (~> 3.10)
    rspec-support (3.10.2)
    rspec_junit_formatter (0.4.1)
      rspec-core (>= 2, < 4, != 2.12.0)
    ruby-filemagic (0.7.2)
    ruby-ll (2.1.2)
      ansi
      ast
    ruby-vips (2.1.2)
      ffi (~> 1.12)
    ruby2_keywords (0.0.4)
    sanitize (5.2.3)
      crass (~> 1.0.2)
      nokogiri (>= 1.8.0)
      nokogumbo (~> 2.0)
    sassc (2.4.0)
      ffi (~> 1.9)
    semantic_logger (4.7.4)
      concurrent-ruby (~> 1.0)
    sentry-rails (4.3.4)
      railties (>= 5.0)
      sentry-ruby-core (~> 4.3.0)
    sentry-ruby (4.3.2)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      faraday (>= 1.0)
      sentry-ruby-core (= 4.3.2)
    sentry-ruby-core (4.3.2)
      concurrent-ruby
      faraday
    sentry-sidekiq (4.3.0)
      sentry-ruby-core (~> 4.3.0)
    sequel (5.43.0)
    sequel-devise (0.0.13)
      devise
      orm_adapter-sequel
      sequel (>= 3.11.0)
    sequel-elasticsearch (0.4.13)
      elasticsearch (>= 1.0)
      sequel (>= 4.0)
    sequel-rails (1.1.1)
      actionpack (>= 4.0.0)
      activemodel (>= 4.0.0)
      railties (>= 4.0.0)
      sequel (>= 3.28, < 6.0)
    sequel_pg (1.14.0)
      pg (>= 0.18.0, != 1.2.0)
      sequel (>= 4.38.0)
    sequel_polymorphic (0.5.0)
      sequel (>= 4.0.0, < 6)
    sidekiq (6.2.1)
      connection_pool (>= 2.2.2)
      rack (~> 2.0)
      redis (>= 4.2.0)
    sidekiq-failures (1.0.0)
      sidekiq (>= 4.0.0)
    sidekiq-status (1.1.4)
      chronic_duration
      sidekiq (>= 3.0)
    spring (2.1.1)
    spring-watcher-listen (2.0.1)
      listen (>= 2.7, < 4.0)
      spring (>= 1.2, < 3.0)
    sprockets (4.0.2)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
    sprockets-rails (3.2.2)
      actionpack (>= 4.0)
      activesupport (>= 4.0)
      sprockets (>= 3.0.0)
    sshkit (1.21.2)
      net-scp (>= 1.1.2)
      net-ssh (>= 2.8.0)
    streamio-ffmpeg (3.0.2)
      multi_json (~> 1.8)
    stronger_parameters (2.13.0)
      actionpack (>= 4.2, < 6.2)
    symbiont-ruby (0.6.0)
    symbol_decoration (1.1.0)
    table_print (1.5.7)
    thor (1.1.0)
    typhoeus (1.4.0)
      ethon (>= 0.9.0)
    tzinfo (2.0.4)
      concurrent-ruby (~> 1.0)
    umbrellio-sequel-plugins (0.5.0)
      sequel
      symbiont-ruby
    unf (0.1.4)
      unf_ext
    unf_ext (0.0.7.7)
    uuid4 (1.3.4)
      base62-rb (~> 0.3.0)
    vcardio (0.1.1)
      manilla (~> 1.0.0)
    video_info (3.0.1)
      iso8601 (~> 0.9.1)
      net_http_timeout_errors (~> 0.3.0)
      oga (~> 3.0)
    warden (1.2.9)
      rack (>= 2.0.9)
    websocket-driver (0.7.3)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    work_queue (2.5.4)
    zammad_api (1.0.6)
      faraday (~> 1)
    zaru (0.3.0)
    zeitwerk (2.4.2)

GEM
  remote: https://rubygems.pkg.github.com/nienbo/
  specs:
    chilkat (9.5.0.86)
    sequel-bulk-audit (1.0.3)
      pg (~> 1.1)
      sequel (~> 5.0)
    sequel-redis-cache (0.1.1)
      sequel (~> 5.0)
    tuktuk (1.0.4)
      dkim (~> 1.0.1)
      mail (~> 2.7)
      net-dns (= 0.6.1)
      work_queue (~> 2.5.4)

PLATFORMS
  ruby

DEPENDENCIES
  amazing_print (~> 1.3.0)
  aws-sdk-s3 (~> 1.93.1)
  aws-sigv4 (~> 1.2.3)
  better_errors (~> 2.9.1)
  binding_of_caller (~> 1.0.0)
  bootsnap (~> 1.7.5)
  brakeman (~> 5.0.1)
  browser (~> 5.3.1)
  bunny (~> 2.17.0)
  byebug (~> 11.1.3)
  capistrano (~> 3.16.0)
  capistrano-bundler (~> 2.0.1)
  capistrano-git-with-submodules (~> 2.0.4)
  capistrano-rails (~> 1.6.1)
  capistrano-rbenv (~> 2.2.0)
  capistrano-sentry (~> 0.4.2)
  chilkat (~> 9.5.0.86)!
  connection_pool (~> 2.2.5)
  database_cleaner (~> 2.0.1)
  devise (~> 4.7.3)
  digest-crc (~> 0.6.3)
  doorkeeper (~> 5.5.1)
  doorkeeper-sequel (~> 2.4.0)
  down (~> 5.2.1)
  dry-struct (~> 1.4.0)
  dry-types (~> 1.5.1)
  elasticsearch (~> 7.12.0)
  elasticsearch-persistence (~> 7.1.1)
  factory_bot_rails (~> 6.1.0)
  faker (~> 2.17.0)
  foreman (~> 0.87.2)
  grape (~> 1.5.3)
  grape-entity (~> 0.9.0)
  grape_logging (~> 1.8.4)
  hiredis (~> 0.6.3)
  image_processing (~> 1.12.1)
  inline_svg (~> 1.7.2)
  iyzipay!
  jwt (~> 2.2.3)
  link_thumbnailer (~> 3.4.0)
  listen (~> 3.5.1)
  mime-types (~> 3.3.1)
  mongo (~> 2.14.0)
  nobrainer (~> 0.34.1)
  pdfkit (~> 0.8.5)
  pg (~> 1.2.3)
  postmark-rails (~> 0.21.0)
  pry (~> 0.14.1)
  puma (~> 5.3.1)
  rack-attack (~> 6.5.0)
  rack-cors (~> 1.1.1)
  rack-mini-profiler (~> 2.3.2)
  rails (~> 6.1.3.2)
  rails_semantic_logger (~> 4.5.1)
  redis (~> 4.2.5)
  redis-namespace (~> 1.8.1)
  redis-rails (~> 5.0.2)
  rethinkdb (~> 2.4.0.0)
  rexml (~> 3.2.5)
  rspec-rails (~> 5.0.1)
  rspec_junit_formatter (~> 0.4.1)
  ruby-filemagic (~> 0.7.2)
  sanitize (~> 5.2.3)
  sassc (~> 2.4.0)
  sentry-rails (~> 4.3.4)
  sentry-ruby (~> 4.3.2)
  sentry-sidekiq (~> 4.3.0)
  sequel (~> 5.43.0)
  sequel-bulk-audit (~> 1.0.3)!
  sequel-devise (~> 0.0.13)
  sequel-elasticsearch (~> 0.4.13)!
  sequel-rails (~> 1.1.1)
  sequel-redis-cache (~> 0.1.1)!
  sequel_pg (~> 1.14.0)
  sequel_polymorphic (~> 0.5.0)
  sidekiq (~> 6.2.1)
  sidekiq-cron!
  sidekiq-failures (~> 1.0.0)
  sidekiq-status (~> 1.1.4)
  spring (~> 2.1.1)
  spring-watcher-listen (~> 2.0.1)
  streamio-ffmpeg (~> 3.0.2)
  stronger_parameters (~> 2.13.0)
  table_print (~> 1.5.7)
  tuktuk (~> 1.0.4)!
  tzinfo-data (~> 1.2020.1)
  umbrellio-sequel-plugins (~> 0.5.0)
  uuid4 (~> 1.3.4)
  vcardio (~> 0.1.1)
  wdm (~> 0.1.1)
  zammad_api (~> 1.0.6)
  zaru (~> 0.3.0)

RUBY VERSION
   ruby 3.0.1p64

BUNDLED WITH
   2.2.17

Please note that, GitHub Packages has some issues with PLATFORMS and due to this I use ruby instead of x86_64-linux so that private gem chilkat found easily. Otherwise it does not consider this gem as x64...

If I use x86_64-linux as a platform, chilkat gem installing everytime i hit bundle install like it didn't installed before. ruby in the other hands does flawlessly install all gems. I am telling you this because I do not know if this may be related to dependabot issue.

[gencer]

If I do this:

$ rm Gemfile.lock
$ bundle install -v 2.1.4
$ bundle _2.1.4_ install
$ # git commit & push

Then 2 remotes in single source used and dependabot is able to create PRs for this repository. Once I upgrade my lockfile to 2.2.17 and remotes split up, dependabot no longer able to create PRs anymore. (In both cases im able to install all dependencies locally or in CI/CD environment. Just dependabot complains about latest bundler version)

[jeffwidman]

👋 Sorry for the radio silence for a bit. We've bumped bundler to a newer version and pushed several fixes too... so can you doublecheck if this issue is still happening? There's a a chance it's already been fixed...

[jeffwidman]

Closing due to lack of user response.