[rubygems/rubygems] Fix bundle update foo not upgrading foo to latest in a specific case

If upgrading `foo` needs an indirect dependency to be downgraded,
Bundler would not be able to upgrade foo.

This is because when calculating the latest resolvable version of foo,
Bundler was still adding lower bound requirements on the locked versions
of all dependencies to avoid downgrades, effectively pinning foo to a
version older than the latest.

To fix this, instead of creating a second "unlocked" definition to
figure out the latest resolvable version, create a second unlocked
resolver, and DO NOT add lower bound requirements to it.

ruby/rubygems@00cc0ecc69

Author: deivid-rodriguez

lib/bundler/definition.rb

@@ -492,8 +492,6 @@ def unlocking?
       @unlocking
     end
 
-    attr_writer :source_requirements
-
     def add_checksums
       @locked_checksums = true
 
@@ -614,7 +612,7 @@ def write_lock(file, preserve_unknown_sections)
     end
 
     def resolver
-      @resolver ||= Resolver.new(resolution_base, gem_version_promoter, @most_specific_locked_platform)
+      @resolver ||= new_resolver(resolution_base)
     end
 
     def expanded_dependencies
@@ -632,8 +630,7 @@ def resolution_base
       @resolution_base ||= begin
         last_resolve = converge_locked_specs
         remove_invalid_platforms!
-        new_resolution_platforms = @current_platform_missing ? @new_platforms + [Bundler.local_platform] : @new_platforms
-        base = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlocking_all || @gems_to_unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local, new_platforms: new_resolution_platforms)
+        base = new_resolution_base(last_resolve: last_resolve, unlock: @unlocking_all || @gems_to_unlock)
         base = additional_base_requirements_to_prevent_downgrades(base)
         base = additional_base_requirements_to_force_updates(base)
         base
@@ -1136,25 +1133,14 @@ def additional_base_requirements_to_prevent_downgrades(resolution_base)
 
     def additional_base_requirements_to_force_updates(resolution_base)
       return resolution_base if @explicit_unlocks.empty?
-      full_update = dup_for_full_unlock.resolve
+      full_update = SpecSet.new(new_resolver_for_full_update.start)
       @explicit_unlocks.each do |name|
         version = full_update.version_for(name)
         resolution_base.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
       end
       resolution_base
     end
 
-    def dup_for_full_unlock
-      unlocked_definition = self.class.new(@lockfile, @dependencies, @sources, true, @ruby_version, @optional_groups, @gemfiles)
-      unlocked_definition.source_requirements = source_requirements
-      unlocked_definition.gem_version_promoter.tap do |gvp|
-        gvp.level = gem_version_promoter.level
-        gvp.strict = gem_version_promoter.strict
-        gvp.pre = gem_version_promoter.pre
-      end
-      unlocked_definition
-    end
-
     def remove_invalid_platforms!
       return if Bundler.frozen_bundle?
 
@@ -1173,5 +1159,22 @@ def remove_invalid_platforms!
     def source_map
       @source_map ||= SourceMap.new(sources, dependencies, @locked_specs)
     end
+
+    def new_resolver_for_full_update
+      new_resolver(unlocked_resolution_base)
+    end
+
+    def unlocked_resolution_base
+      new_resolution_base(last_resolve: SpecSet.new([]), unlock: true)
+    end
+
+    def new_resolution_base(last_resolve:, unlock:)
+      new_resolution_platforms = @current_platform_missing ? @new_platforms + [Bundler.local_platform] : @new_platforms
+      Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local, new_platforms: new_resolution_platforms)
+    end
+
+    def new_resolver(base)
+      Resolver.new(base, gem_version_promoter, @most_specific_locked_platform)
+    end
   end
 end

spec/bundler/commands/update_spec.rb

@@ -445,6 +445,49 @@
       expect(out).to include("Installing sneakers 2.11.0").and include("Installing rake 13.0.6")
     end
 
+    it "downgrades indirect dependencies if required to fulfill an explicit upgrade request" do
+      build_repo4 do
+        build_gem "rbs", "3.6.1"
+        build_gem "rbs", "3.9.4"
+
+        build_gem "solargraph", "0.56.0" do |s|
+          s.add_dependency "rbs", "~> 3.3"
+        end
+
+        build_gem "solargraph", "0.56.2" do |s|
+          s.add_dependency "rbs", "~> 3.6.1"
+        end
+      end
+
+      gemfile <<~G
+        source "https://gem.repo4"
+
+        gem 'solargraph', '~> 0.56.0'
+      G
+
+      lockfile <<~L
+        GEM
+          remote: https://gem.repo4/
+          specs:
+            rbs (3.9.4)
+            solargraph (0.56.0)
+              rbs (~> 3.3)
+
+        PLATFORMS
+          #{lockfile_platforms}
+
+        DEPENDENCIES
+          solargraph (~> 0.56.0)
+
+        BUNDLED WITH
+           #{Bundler::VERSION}
+      L
+
+      bundle "lock --update solargraph"
+
+      expect(lockfile).to include("solargraph (0.56.2)")
+    end
+
     it "does not downgrade direct dependencies unnecessarily" do
       build_repo4 do
         build_gem "redis", "4.8.1"