An update for one rubygem shouldn't touch another (unrelated) gem
timdiggins opened this issue · comments
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
Bundler
Package manager version
2.4.21
Language version
3.0
Manifest location and content before the Dependabot update
/Gemfile
Excerpt (can provide rest if needed)
source 'https://rubygems.org'
ruby "3.0.6"
gem "rbnacl", ">= 6.0.1"
gem 'memory_profiler'
dependabot.yml content
# https://docs.github.com/en/code-security/supply-chain-security/enabling-and-disabling-version-updates
version: 2
updates:
- package-ecosystem: "npm"
# Look for `package.json` and `lock` files in the `root` directory
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "bundler"
# Look for a `Gemfile` in the `root` directory
directory: "/"
schedule:
interval: "daily"
versioning-strategy: lockfile-only
Updated dependency
@ Gemfile.lock:258 @ GEM
faraday-net_http (3.1.0)
net-http
fast_stack (0.2.0)
ffi (1.17.0)
ffi (1.17.0-x86_64-darwin)
ffi (1.17.0-x86_64-linux-gnu)
ffi-compiler (1.3.2)
ffi (>= 1.15.5)
rake
@ Gemfile.lock:402 @ GEM
net-smtp
marcel (1.0.4)
matrix (0.4.2)
memory_profiler (1.0.1)
memory_profiler (1.0.2)
method_source (1.1.0)
mime-types (3.5.2)
mime-types-data (~> 3.2015)
What you expected to see, versus what you actually saw
I expected to only see changes related to memory_profiler, but I also saw a change from a non-native to a native version of a compiled gem (ffi).
This change (which resulted to a change of platforms in the gemfile in a previous commit) should have been in a different commit.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
This seems the same as #10085, which I hope will be fixed soon. This can be closed as a duplicate!