[rubygems/rubygems] Ignore local specifications if they have incorrect dependencies

Currently ruby-dev installs an incorrect gemspec for rdoc, that does not declare its dependency on psych. This seems like a ruby-core bug, but it seems best for Bundler to ignore it, go with the remote specification instead, and print a warning. https://github.com/rubygems/rubygems/commit/227cafd657
author: David Rodríguez <deivid.rodriguez@riseup.net> 2025-04-23 13:27:14 +0200
committer: Hiroshi SHIBATA <hsbt@ruby-lang.org> 2025-06-06 10:22:29 +0900
commit: ca1c46d33c9ef86c288d4ae4226644451b4dedec (patch)
tree: c0fbe192264645a36a372633b803962c01f93853 /lib
parent: c0a1e877b3c0c5dd69bb634262bd4e73a07eb27e (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/bundler/index.rb b/lib/bundler/index.rb
index df46facc88..d591b34cc7 100644
--- a/lib/bundler/index.rb
+++ b/lib/bundler/index.rb
@@ -131,6 +131,11 @@ module Bundler
       return unless other
       other.each do |spec|
         if existing = find_by_spec(spec)
+          unless dependencies_eql?(existing, spec)
+            Bundler.ui.warn "Local specification for #{spec.full_name} has different dependencies than the remote gem, ignoring it"
+            next
+          end
+
           add_duplicate(existing)
         end
         add spec
@@ -153,8 +158,8 @@ module Bundler
     end
 
     def dependencies_eql?(spec, other_spec)
-      deps       = spec.dependencies.select {|d| d.type != :development }
-      other_deps = other_spec.dependencies.select {|d| d.type != :development }
+      deps       = spec.runtime_dependencies
+      other_deps = other_spec.runtime_dependencies
       deps.sort == other_deps.sort
     end
author	David Rodríguez <deivid.rodriguez@riseup.net>	2025-04-23 13:27:14 +0200
committer	Hiroshi SHIBATA <hsbt@ruby-lang.org>	2025-06-06 10:22:29 +0900
commit	ca1c46d33c9ef86c288d4ae4226644451b4dedec (patch)
tree	c0fbe192264645a36a372633b803962c01f93853 /lib
parent	c0a1e877b3c0c5dd69bb634262bd4e73a07eb27e (diff)