Bundler silently fails to install gems when gemspec and lock file versions differ

[jamesiarmes]

If I update the version in my gems gemspec file but forget to run bundle update to update Gemfile.lock, when I run bundle install it fails to install gems without notice. For example:

$ bundle install
Fetching gem metadata from https://rubygems.org/
Fetching version metadata from https://rubygems.org/
Fetching dependency metadata from https://rubygems.org/
Resolving dependencies.....
Installing rake 11.1.2
Installing CFPropertyList 2.2.8
Installing i18n 0.7.0
Installing json 1.8.3 with native extensions
Installing minitest 5.9.0
Installing thread_safe 0.3.5
Installing addressable 2.3.8
Installing archive-tar-minitar 0.5.2
Installing cabin 0.8.1
Installing ffi 1.9.10 with native extensions
Installing contracts 0.14.0
Installing builder 3.2.2
Installing gherkin 3.2.0
Installing cucumber-wire 0.0.1
Installing diff-lcs 1.2.5
Installing multi_json 1.12.1
Installing multi_test 0.1.2
Installing rspec-support 3.4.1
Installing thor 0.19.1
Installing ast 2.3.0
Installing encryptor 3.0.0
Installing mini_portile2 2.1.0
Installing pkg-config 1.1.7
Installing lru_redux 0.8.4
Installing jmespath 1.3.0
Installing ice_nine 0.11.2
Installing backports 3.6.8
Using bundler 1.12.5
Installing clamp 1.0.0
Installing colorize 0.7.7
Installing excon 0.51.0
Installing multipart-post 2.0.0
Installing little-plugger 1.1.4
Installing retriable 2.1.0
Installing hashie 3.4.4
Installing multi_xml 0.5.5
Installing rack 2.0.1
Installing equalizer 0.0.11
Installing mysql2 0.4.4 with native extensions
Installing puma 3.6.0 with native extensions
Installing iso8601 0.9.1
Installing statsd-ruby 1.3.0
Using systemd-daemon 0.1.0 from https://github.com/pdrakeweb/systemd-daemon.git (at wip@4462346)
Installing highline 1.7.8
Installing rotp 2.1.2
Installing semantic 1.4.1
Installing github-markup 1.4.0
Installing redcarpet 3.3.4 with native extensions
Installing coderay 1.1.1
Installing thrift 0.9.3.0 with native extensions
Installing docile 1.1.5
Installing facter 2.4.6
Installing insist 1.0.0
Installing mustache 0.99.8
Installing stud 0.0.22
Installing io-like 0.3.0
Installing net-http-persistent 2.9.4
Installing net-http-pipeline 1.0.1
Installing git 1.3.0
Installing json_pure 2.0.1
Installing minitar 0.5.4
Installing semantic_puppet 0.1.1
Installing rsync 1.0.9
Installing method_source 0.8.2
Installing parallel 1.9.0
Installing powerpack 0.1.1
Installing slop 3.6.0
Installing websocket 1.2.3
Installing rainbow 2.1.0
Installing ruby-progressbar 1.8.1
Installing unicode-display_width 1.0.5
Using sequel 4.35.0 from git@github.com:jeremyevans/sequel.git (at d2f6b69@d2f6b69)
Installing simplecov-html 0.10.0
Installing sqlite3 1.3.11 with native extensions
Installing yard 0.8.7.6
Installing bugsnag 2.8.13
Installing tzinfo 1.2.2
Installing descendants_tracker 0.0.4
Installing json-schema 2.5.2
Installing launchy 2.4.3
Installing arr-pm 0.0.10
Installing childprocess 0.5.9
Installing ethon 0.9.0
Installing cucumber-core 1.4.0
Installing rspec-expectations 3.4.0
Installing rspec-core 3.4.4
Installing rspec-mocks 3.4.1
Installing librarianp 0.6.3
Installing parser 2.3.1.2
Installing attr_encrypted 3.0.1
Installing nokogiri 1.6.8 with native extensions
Installing aws-sdk-core 2.2.37
Installing faraday 0.9.2
Installing logging 2.1.0

$ bundle exec rake -T
Could not find activesupport-4.2.7 in any of the sources
Run `bundle install` to install missing gems.

I would expect bundler to error when encountering a version mismatch, rather than continuing to install some gems.

[indirect]

Thanks for reporting this! It sounds like a bug. Could you please provide a list of commands we can run (or a repo we can check out) that will allow us to reproduce this bug so that we can fix it?

[coilysiren]

ping @jamesiarmes

Thanks for reporting this! It sounds like a bug. Could you please provide a list of commands we can run (or a repo we can check out) that will allow us to reproduce this bug so that we can fix it?

[jamesiarmes]

The project that I've encountered this in is private. I'll try to create a Gemfile without private repos that I can post.

[segiddins]

Its possible this is related to https://github.com/bundler/bundler/issues/5264 ?

[colby-swandale]

ping @jamesiarmes

[segiddins]

Closing, presuming fixed by https://github.com/bundler/bundler/issues/5266