Dependabot can't resolve your Ruby dependency files
Closed this issue · 4 comments
Dependabot can't resolve your Ruby dependency files.
As a result, Dependabot couldn't update your dependencies.
The error Dependabot encountered was:
Bundler::VersionConflict with message: Bundler could not find compatible versions for gem "activesupport":
In Gemfile:
dropcaster was resolved to 1.0.0, which depends on
activesupport
github-pages was resolved to 197, which depends on
activesupport (= 4.2.10)
Bundler could not find compatible versions for gem "rouge":
In Gemfile:
github-pages was resolved to 197, which depends on
rouge (= 2.2.1)
github-pages was resolved to 197, which depends on
jekyll (= 3.7.4) was resolved to 3.7.4, which depends on
rouge (>= 1.7, < 4)
Bundler could not find compatible versions for gem "ruby":
In Gemfile:
ruby
github-pages was resolved to 197, which depends on
activesupport (= 4.2.10) was resolved to 4.2.10, which depends on
ruby (>= 1.9.3)
libnotify was resolved to 0.9.4, which depends on
ffi (>= 1.0.11) was resolved to 1.10.0, which depends on
ruby (< 2.7.dev) x86-mingw32
libnotify was resolved to 0.9.4, which depends on
ffi (>= 1.0.11) was resolved to 1.10.0, which depends on
ruby (>= 1.9)
github-pages was resolved to 197, which depends on
jekyll (= 3.7.4) was resolved to 3.7.4, which depends on
ruby (>= 2.1.0)
github-pages was resolved to 197, which depends on
listen (= 3.1.5) was resolved to 3.1.5, which depends on
ruby (>= 2.2.3)
github-pages was resolved to 197, which depends on
nokogiri (>= 1.8.5, < 2.0) was resolved to 1.10.2, which depends on
ruby (>= 2.3) x86-mingw32
github-pages was resolved to 197, which depends on
nokogiri (>= 1.8.5, < 2.0) was resolved to 1.10.2, which depends on
ruby (>= 2.3.0)
rubocop (>= 0.66.0, <= 0.67.2) was resolved to 0.67.2, which depends on
parser (>= 2.5, != 2.5.1.1) was resolved to 2.6.2.1, which depends on
ruby (>= 2.0.0)
rubocop (>= 0.66.0, <= 0.67.2) was resolved to 0.67.2, which depends on
psych (>= 3.1.0) was resolved to 3.1.0, which depends on
ruby (< 2.6) x86-mingw32
rubocop (>= 0.66.0, <= 0.67.2) was resolved to 0.67.2, which depends on
ruby (>= 2.2.2)
If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.
You can mention @dependabot in the comments below to contact the Dependabot team.
@dependabot I don't understand the issue here. activesupport should resolve to = 4.2.10, rouge should resolve to = 2.2.1, and ruby should be >= 2.3, < 2.6.
Looks like a bug to me. Let me dig into it.
OK, been digging into this for the last hour and it's a little niche. It look like there's a bug in Bundler (I think) that means if you run bundle update psych on this repo, Bundler will fail (at least on a non-windows machine).
Under the hood, Dependabot unlocks all sub-dependencies when checking whether a top-level dependency is resolvable. That, combined with the issue above, is what's causing the problem here.
I'm going to have a think on fixes now.
Edit: It might be that I'm getting this error because I'm running Ruby 2.6, as is Dependabot.
FYI, I'm deploying this fix now. Dependabot will mirror your Ruby version if it finds one in your Gemfile / gemspec / Gemfile.lock. In this case, none is present, so the only Ruby version available on the system was the installed one (2.6.2), but psych requires a Ruby version of < 2.6.
Having an additional dummy Ruby version kicking around shouldn't hurt anything, and will fix Dependabot for this repo (and anyone else using pysch on a windows platform).
Thanks for tagging us here!