From 266e33c86cfb100294ba92bd8e9f799b3d9e4b44 Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Thu, 7 May 2026 18:47:55 +0900
Subject: [ruby/rubygems] Unlock direct deps too for metadata-field overrides

The per-dep loop in converge_dependencies only knows about version:
overrides via apply_override_to + matches_spec?. Metadata overrides
on direct deps were therefore invisible to lockfile change detection
and would silently no-op against an existing lock. Extend
converge_overrides_outside_dependencies to also unlock direct deps
when the override targets a non-version field.

https://github.com/ruby/rubygems/commit/fdd4c30523

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 lib/bundler/definition.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb
index 3cfe401d2a..7f5a72f0eb 100644
--- a/lib/bundler/definition.rb
+++ b/lib/bundler/definition.rb
@@ -1065,8 +1065,11 @@ module Bundler
 
         name = override.target
         next if @changed_dependencies.include?(name)
-        next if @dependencies.any? {|d| d.name == name }
         next if @originally_locked_specs[name].empty?
+        # version: overrides on direct deps are detected in the per-dep
+        # converge_dependencies loop via apply_override_to + matches_spec?.
+        # Other fields are not visible there, so they always reach here.
+        next if override.field == :version && @dependencies.any? {|d| d.name == name }
 
         @gems_to_unlock << name
         @changed_dependencies << name
-- 
cgit v1.2.3