What happens when modifying Gemfile.lock directly?

Question

Since the second time of bundle install execution, dependencies are loaded from Gemfile.lock as long as Gemfile isn\'t changed.

But I wonder how detecti

Answer 1

If you edit your Gemfile.lock then Rails app would depend on another versions of gems... The integrity of your gem-versioning system would be broken in this case. It's a very-very bad idea to edit Gemfile.lock file directly.

Please, be a good guy and make deals with Gemfile only

Answer 2

I know this question is very old, but I recently had to deal with this so I am giving my own answer. Omniauth was recently updated to version 1.3.2 to patch a security issue. I was tasked with updating Omniauth to this new patched version, however upon checking our Gemfile I realized we did not have that Gem in there. So I said well maybe I can just switch the version on Gemfile.lock from 1.3.1 to 1.3.2. Long story short, that would have worked, but turns out I did not have to do it that way. What I ended up doing was issuing the following command

bundle update omniauth --patch

Which resulted in the same change I was going to do manually:

-    omniauth (1.3.1)
+    omniauth (1.3.2)

That said, if you think you need to make changes to Gemfile.lock there is probably a way to make that change without touching the Gemfile.lock itself. Just do bundle --help and you will probably find and option to do what you are trying to achieve.