77b004a343
In our case, and in most cases, I don't see a point for an application to repeat constraints in `Gemfile` and `Gemfile.lock`, where the former gets automatically updated by a program anyway. Most of our `gem` requirements are written in this way to begin with, but fix those that aren't while changing the strategy. The upshot of this is, when a requirement (e.g. due to an incompatible new version) really does need to be specified, it is effective, and Dependabot doesn't go about updating the `Gemfile` to render the restriction ineffective.
967 B
967 B