Strange bundle update issue: disappearing net-pop (0.1.2) dependency
Asked Answered
A

4

29

I have a strange bundle update issue with the dependency of net-pop.

I manually updated all gems via bundle update GEM. Everything works so far. My CI builds and tests jobs are green.

But:
When I now run bundle update, my Gemfile.lock will be changed and the dependency ‘net-protocol’ of ‘net-pop’ gets deleted. Nothing else get changed.

Gemfile.lock

Of course, my CI build job will fail with the error message:

47.64 Downloading net-pop-0.1.2 revealed dependencies not in the API or the lockfile
47.64 (net-protocol (>= 0)).
47.64 Running `bundle update net-pop` should fix the problem.

Running bundle update net-pop does not help.

The gemspec file of net-pop is correct https://github.com/ruby/net-pop/blob/master/net-pop.gemspec#L31

Currently, the only solution is to manually modify the Gemfile.lock and to re-add the missing line.

I do not understand what’s going on.

Gemfile

Versions:

  • ruby: 3.3.3
  • rails 7.0.8.4
  • bundler 2.5.11
  • rvm 1.29.12-next
  • OS Ubuntu 20.04

edit

not so 'minimal' Gemfile

# frozen_string_literal: true

source 'https://rubygems.org'

# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'rails', '~> 7.0.4'
# used server -> use it for all environments

gem 'bcrypt-ruby'
gem 'jbuilder'

# Gems used only for assets and not required
# in production environments by default.

gem 'net-imap', require: false
gem 'net-pop', require: false
gem 'net-smtp', require: false

gem 'sprockets', '~> 4.0'
gem 'sprockets-rails'

gem 'rexml'
gem 'webrick', '~> 1.7'

gem 'csv'
gem 'mutex_m'
gem 'mail'
gem 'parallel'

bundle install produces:

GEM
  remote: https://rubygems.org/
  specs:
    actioncable (7.0.8.4)
      actionpack (= 7.0.8.4)
      activesupport (= 7.0.8.4)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
    actionmailbox (7.0.8.4)
      actionpack (= 7.0.8.4)
      activejob (= 7.0.8.4)
      activerecord (= 7.0.8.4)
      activestorage (= 7.0.8.4)
      activesupport (= 7.0.8.4)
      mail (>= 2.7.1)
      net-imap
      net-pop
      net-smtp
    actionmailer (7.0.8.4)
      actionpack (= 7.0.8.4)
      actionview (= 7.0.8.4)
      activejob (= 7.0.8.4)
      activesupport (= 7.0.8.4)
      mail (~> 2.5, >= 2.5.4)
      net-imap
      net-pop
      net-smtp
      rails-dom-testing (~> 2.0)
    actionpack (7.0.8.4)
      actionview (= 7.0.8.4)
      activesupport (= 7.0.8.4)
      rack (~> 2.0, >= 2.2.4)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
    actiontext (7.0.8.4)
      actionpack (= 7.0.8.4)
      activerecord (= 7.0.8.4)
      activestorage (= 7.0.8.4)
      activesupport (= 7.0.8.4)
      globalid (>= 0.6.0)
      nokogiri (>= 1.8.5)
    actionview (7.0.8.4)
      activesupport (= 7.0.8.4)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.1, >= 1.2.0)
    activejob (7.0.8.4)
      activesupport (= 7.0.8.4)
      globalid (>= 0.3.6)
    activemodel (7.0.8.4)
      activesupport (= 7.0.8.4)
    activerecord (7.0.8.4)
      activemodel (= 7.0.8.4)
      activesupport (= 7.0.8.4)
    activestorage (7.0.8.4)
      actionpack (= 7.0.8.4)
      activejob (= 7.0.8.4)
      activerecord (= 7.0.8.4)
      activesupport (= 7.0.8.4)
      marcel (~> 1.0)
      mini_mime (>= 1.1.0)
    activesupport (7.0.8.4)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
      tzinfo (~> 2.0)
    bcrypt (3.1.20)
    bcrypt-ruby (3.1.5)
      bcrypt (>= 3.1.3)
    builder (3.3.0)
    concurrent-ruby (1.3.3)
    crass (1.0.6)
    csv (3.3.0)
    date (3.3.4)
    erubi (1.12.0)
    globalid (1.2.1)
      activesupport (>= 6.1)
    i18n (1.14.5)
      concurrent-ruby (~> 1.0)
    jbuilder (2.12.0)
      actionview (>= 5.0.0)
      activesupport (>= 5.0.0)
    loofah (2.22.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.12.0)
    mail (2.8.1)
      mini_mime (>= 0.1.1)
      net-imap
      net-pop
      net-smtp
    marcel (1.0.4)
    method_source (1.1.0)
    mini_mime (1.1.5)
    mini_portile2 (2.8.7)
    minitest (5.23.1)
    mutex_m (0.2.0)
    net-imap (0.4.12)
      date
      net-protocol
    net-pop (0.1.2)
      net-protocol
    net-protocol (0.2.2)
      timeout
    net-smtp (0.5.0)
      net-protocol
    nio4r (2.7.3)
    nokogiri (1.16.5)
      mini_portile2 (~> 2.8.2)
      racc (~> 1.4)
    parallel (1.25.1)
    racc (1.8.0)
    rack (2.2.9)
    rack-test (2.1.0)
      rack (>= 1.3)
    rails (7.0.8.4)
      actioncable (= 7.0.8.4)
      actionmailbox (= 7.0.8.4)
      actionmailer (= 7.0.8.4)
      actionpack (= 7.0.8.4)
      actiontext (= 7.0.8.4)
      actionview (= 7.0.8.4)
      activejob (= 7.0.8.4)
      activemodel (= 7.0.8.4)
      activerecord (= 7.0.8.4)
      activestorage (= 7.0.8.4)
      activesupport (= 7.0.8.4)
      bundler (>= 1.15.0)
      railties (= 7.0.8.4)
    rails-dom-testing (2.2.0)
      activesupport (>= 5.0.0)
      minitest
      nokogiri (>= 1.6)
    rails-html-sanitizer (1.6.0)
      loofah (~> 2.21)
      nokogiri (~> 1.14)
    railties (7.0.8.4)
      actionpack (= 7.0.8.4)
      activesupport (= 7.0.8.4)
      method_source
      rake (>= 12.2)
      thor (~> 1.0)
      zeitwerk (~> 2.5)
    rake (13.2.1)
    rexml (3.3.0)
      strscan
    sprockets (4.2.1)
      concurrent-ruby (~> 1.0)
      rack (>= 2.2.4, < 4)
    sprockets-rails (3.5.1)
      actionpack (>= 6.1)
      activesupport (>= 6.1)
      sprockets (>= 3.0.0)
    strscan (3.1.0)
    thor (1.3.1)
    timeout (0.4.1)
    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
    webrick (1.8.1)
    websocket-driver (0.7.6)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    zeitwerk (2.6.15)

PLATFORMS
  ruby

DEPENDENCIES
  bcrypt-ruby
  csv
  jbuilder
  mail
  mutex_m
  net-imap
  net-pop
  net-smtp
  parallel
  rails (~> 7.0.4)
  rexml
  sprockets (~> 4.0)
  sprockets-rails
  webrick (~> 1.7)

BUNDLED WITH
   2.5.11

and bundle update afterwards deletes the net-protocol line.

Allyson answered 13/6 at 10:59 Comment(3)
Can you post a minimal Gemfile that replicates the problem?Hypothec
@Hypothec I tried to add a "minimal" Gemfile and the corresponding Gemfile.lock.Allyson
I found a related github issue: github.com/ruby/net-pop/issues/26Trousers
S
40

The issue is reproducible with ruby v3.3.3 only:

# Gemfile

source "https://rubygems.org"

gem "net-pop", require: false

I traced it all the way up to ruby installation. net-pop is a bundled gem it gets installed with ruby, this process generates a gemspec file:

# ~/.rbenv/versions/3.3.3/lib/ruby/gems/3.3.0/specifications/net-pop-0.1.2.gemspec

# -*- encoding: utf-8 -*-
# stub: net-pop 0.1.2 ruby lib

Gem::Specification.new do |s|
  s.name = "net-pop".freeze
  s.version = "0.1.2".freeze

  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
  s.metadata = { "homepage_uri" => "https://github.com/ruby/net-pop", "source_code_uri" => "https://github.com/ruby/net-pop" } if s.respond_to? :metadata=
  s.require_paths = ["lib".freeze]
  s.authors = ["Yukihiro Matsumoto".freeze]
  s.bindir = "exe".freeze
  s.date = "2024-06-12"
  s.description = "Ruby client library for POP3.".freeze
  s.email = ["[email protected]".freeze]
  s.homepage = "https://github.com/ruby/net-pop".freeze
  s.licenses = ["Ruby".freeze, "BSD-2-Clause".freeze]
  s.rubygems_version = "3.3.5".freeze
  s.summary = "Ruby client library for POP3.".freeze

  s.installed_by_version = "3.5.11".freeze if s.respond_to? :installed_by_version
end

There are two lines missing, including the dependency:

s.specification_version = 4
s.add_runtime_dependency(%q<net-protocol>.freeze, [">= 0".freeze])

When you run bundle, that file is used to lookup all the information for a gem and generate a Gemfile.lock.

Workarounds

Remove that gemspec file and run bundle update or gem install again:

rm ~/.rbenv/versions/3.3.3/lib/ruby/gems/3.3.0/specifications/net-pop-0.1.2.gemspec
bundle update

or from irb:

File.delete(Gem::Specification.find_by_name("net-pop").spec_file)
Gem.install("net-pop")

or uninstall it first:

gem uninstall net-pop
gem install net-pop

or @Schneems' solution that also works on Heroku:

# Gemfile

gem "net-pop", github: "ruby/net-pop"

which will recreate gemspec file correctly:

# ~/.rbenv/versions/3.3.3/lib/ruby/gems/3.3.0/specifications/net-pop-0.1.2.gemspec

# -*- encoding: utf-8 -*-
# stub: net-pop 0.1.2 ruby lib

Gem::Specification.new do |s|
  s.name = "net-pop".freeze
  s.version = "0.1.2".freeze

  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
  s.metadata = { "homepage_uri" => "https://github.com/ruby/net-pop", "source_code_uri" => "https://github.com/ruby/net-pop" } if s.respond_to? :metadata=
  s.require_paths = ["lib".freeze]
  s.authors = ["Yukihiro Matsumoto".freeze]
  s.bindir = "exe".freeze
  s.date = "2022-09-28"
  s.description = "Ruby client library for POP3.".freeze
  s.email = ["[email protected]".freeze]
  s.homepage = "https://github.com/ruby/net-pop".freeze
  s.licenses = ["Ruby".freeze, "BSD-2-Clause".freeze]
  s.rubygems_version = "3.4.0.dev".freeze
  s.summary = "Ruby client library for POP3.".freeze

  s.installed_by_version = "3.5.11".freeze if s.respond_to? :installed_by_version

  s.specification_version = 4

  s.add_runtime_dependency(%q<net-protocol>.freeze, [">= 0".freeze])
end

Looks like gemspec files are part of the ruby releases, so it's just broken out of the box:
https://www.ruby-lang.org/en/downloads/releases/

/ruby-3.3.3/.bundle/specifications/net-pop-0.1.2.gemspec

Spragens answered 14/6 at 0:13 Comment(2)
Thank you very much! I added the link to your comment to the issue github.com/ruby/net-pop/issues/26 found by @TrousersAllyson
Can you update your answer to include this workaround using gem "net-pop", github: "ruby/net-pop" in the Gemfile? github.com/ruby/ruby/pull/11006#issuecomment-2176562332. The currently stated solution doesn't work on Heroku, but linking to the github source from the Gemfile will.Foot
P
7

Fixed in Ruby 3.3.4.

https://github.com/ruby/ruby/releases/tag/v3_3_4

Just make sure you run bundle update net-pop after upgrading to Ruby 3.3.4. This adds the net-protocol dependency in the Gemfile.lock file. Otherwise, you get the same error message.

Peltate answered 9/7 at 20:25 Comment(0)
M
4

tl;dr - this issue was fixed with ruby 3.3.4, but you need to explicitly uninstall the net-pop gem and re-run bundle update net-pop:

  1. Update to ruby 3.3.4 (make sure to update the version in your Gemfile, Dockerfile, .ruby-version, etc.)
  2. Re-install net-pop:
    1. gem uninstall net-pop
    2. bundle update net-pop

Note - this answer is simply an aggregation of the pre-existing answers, but none of those sufficiently answered my problem in and of itself, so I've posted this as a simple solution for people struggling with this in the future.

Murraymurre answered 12/7 at 22:38 Comment(0)
S
0

First you need to uninstall the existing gem(s) from your system:

gem uninstall net-pop

Then you need to update the gem:

bundle update net-pop

You will have a diff like

     net-pop (0.1.2)
+      net-protocol
Spirochaetosis answered 5/7 at 16:5 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.