Confusing error message when running bundle lock --patch

[andyundso]

Hello!

I'm coming over from Renovate bot which helps us to automate dependency updates in Ruby applications. To summarise: I first discovered an issue with their bot when grouping minor and patch updates into one PR (discussion here). They found and resolved this issue. As per their recommendation, we also started pinning dependencies in the Gemfile to get more accurate updates, which I know is unusual for the bundler world.

I then ran into another issue where Renovate claimed to be unable to find a new version of the zammad_api gem. I reported this issue, and in the following discussion, we found out that bundler reports quite a different message depending if the --patch flag is provided.

To reproduce the issue, you can check out this repository and switch to the branch renovate/all-minor-patch.

Output when providing --patch:

$ bundler lock --patch --strict --update appsignal faker nokogiri productive rails redis
Fetching gem metadata from https://rubygems.org/..........
Could not find gem 'zammad_api (= 1.2.0)' with platform 'ruby' in rubygems repository https://rubygems.org/ or installed locally.

The source contains the following gems matching 'zammad_api (= 1.2.0)':
  * zammad_api-1.2.0

Output when providing --minor:

bundler lock --minor --strict --update appsignal faker nokogiri productive rails redis
Fetching gem metadata from https://rubygems.org/..........
Resolving dependencies...
Could not find compatible versions

Because zammad_api >= 1.2.0 depends on faraday ~> 2
  and faraday ~> 2 could not be found in rubygems repository https://rubygems.org/ or installed locally for any resolution platforms (ruby),
  zammad_api >= 1.2.0 cannot be used.
So, because Gemfile depends on zammad_api = 1.2.0,
  version solving has failed.

The source contains the following gems matching 'faraday (~> 2)':
  * faraday-2.0.0
  * faraday-2.0.1
  * faraday-2.1.0
  * faraday-2.2.0
  * faraday-2.3.0
  * faraday-2.4.0
  * faraday-2.5.0
  * faraday-2.5.1
  * faraday-2.5.2
  * faraday-2.6.0
  * faraday-2.7.0
  * faraday-2.7.1
  * faraday-2.7.2
  * faraday-2.7.3
  * faraday-2.7.4
  * faraday-2.7.5
  * faraday-2.7.6
  * faraday-2.7.7
  * faraday-2.7.8
  * faraday-2.7.9
  * faraday-2.7.10

Output without any flag:

bundler lock --strict --update appsignal faker nokogiri productive rails redis
Fetching gem metadata from https://rubygems.org/..........
Resolving dependencies...
Could not find compatible versions

Because json_api_client >= 1.6.0, < 1.17.0 depends on faraday >= 0.15.2, < 1.A
  and json_api_client >= 1.17.0, < 1.21.0 depends on faraday >= 0.15.2, < 1.2.0,
  json_api_client >= 1.6.0, < 1.21.0 requires faraday >= 0.15.2, < 1.2.0.
And because json_api_client >= 1.21.0 depends on faraday >= 0.15.2, < 2.0,
  json_api_client >= 1.6.0 requires faraday >= 0.15.2, < 2.0.
And because productive >= 0.6.60 depends on json_api_client >= 1.13.0, <= 1.21.0
  and zammad_api >= 1.2.0 depends on faraday ~> 2,
  productive >= 0.6.60 is incompatible with zammad_api >= 1.2.0.
So, because Gemfile depends on zammad_api = 1.2.0
  and Gemfile depends on productive = 0.6.71,
  version solving has failed.

I'm not sure if I understand the restriction that --patch or --minor imposes when running the bundle lock command, but for me as an end user, it is somewhat confusing when bundle claims to not find any gem on RubyGems although it is there.

What I would expect as an output in this situation:

• With --patch: Unable to update zammad_api since it is a minor update.
• With --minor: Best would be to display the dependency conflict that is shown in the output without any flag. What would also work is Unable to zammad_api since it does a major version bump for one of its dependencies.
• Without any flag: Good as it is :)