From f7185bcd02395d37e0d6c18277a03e3c167fa4a9 Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Thu, 18 Jan 2024 17:24:48 -0800 Subject: [PATCH] Force strict dependencies for default gems When resolving for a plugin while within the installer, force strict dependencies for all the default gems to prevent the resolver from generating solutions where it may attempt to upgrade any of them. If running within bundler, retain the same behavior and ignore them. --- lib/vagrant/bundler.rb | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/lib/vagrant/bundler.rb b/lib/vagrant/bundler.rb index a059a0463a4..79ee6aaf8e1 100644 --- a/lib/vagrant/bundler.rb +++ b/lib/vagrant/bundler.rb @@ -523,10 +523,20 @@ def internal_install(plugins, update, **extra) if Vagrant.strict_dependency_enforcement @logger.debug("Enabling strict dependency enforcement") plugin_deps += vagrant_internal_specs.map do |spec| - next if system_plugins.include?(spec.name) - # If this spec is for a default plugin included in - # the ruby stdlib, ignore it - next if spec.default_gem? + # NOTE: When working within bundler, skip any system plugins and + # default gems. However, when not within bundler (in the installer) + # include them as strict dependencies to prevent the resolver from + # attempting to create a solution with a newer version. The request + # set does allow for resolving conservatively but it can't be set + # from the public API (requires an instance variable set on the resolver + # instance) so strict dependencies are used instead. + if Vagrant.in_bundler? + next if system_plugins.include?(spec.name) + # # If this spec is for a default plugin included in + # # the ruby stdlib, ignore it + next if spec.default_gem? + end + # If we are not running within the installer and # we are not within a bundler environment then we # only want activated specs