From fc77f326ca4d57518ca8bcb44b5a393a71489dd7 Mon Sep 17 00:00:00 2001 From: Jeremy Green Date: Tue, 31 Oct 2023 19:15:33 -0500 Subject: [PATCH] Prevent dependencies from floating when linking core repo When we do `bundle lock --update ...` that allows various dependencies to float up to a new version if one has been released. This prevents that from happening. For instance in `bullet_train-api` we specify a dependency on `jbuilder-schema` of `>= 2.4.0`. In `Gemfile.lock` of the starter repo we had it set to `2.5.0`. But when `2.6.0` was released we started to see failured in CI due to a bug. Since the version was just "floating" to `2.6.0` in CI it wasn't immediately obvious that `jbuilder-schema` was getting updated. Ideally we want to see these kinds of failures when Dependabot generates a PR to update our dependencies. In which case it would be much more obvious that a new verison of a gem is being used. --- bin/checkout-and-link-core-repo | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/checkout-and-link-core-repo b/bin/checkout-and-link-core-repo index 3d843c51c..dc15c0278 100755 --- a/bin/checkout-and-link-core-repo +++ b/bin/checkout-and-link-core-repo @@ -55,7 +55,7 @@ do done updates="${packages[@]}" -bundle lock --update $updates +bundle lock --conservative --update $updates packages=(