Faraday dependency causes unexpected Bundler behavior

[mhashizume]

Describe the Bug

6f8661e allowed orchestrator_client to use Faraday >= 2 as a dependency. When orchestrator_client is installed alongside another gem (such as puppet_forge or vmfloaty) that depends on Faraday ~> 1, Bundler installs an unexpected version of Faraday (1.9.0).

This scenario is fairly common in Puppet modules as the default PDK template includes Litmus (which uses Bolt, which uses orchestrator_client) and puppet_forge (by way of dependency_checker), the latest version of which depends on Faraday ~> 1.3.

Faraday 1.9.0 has dependencies that use native extensions, which can cause issues in tests if the runner does not have the necessary libraries installed.

Expected Behavior

Until orchestrator_client 0.7.1 Bundler would install Faraday 1.10.4, the latest 1.y release.

Steps to Reproduce

Create a gemfile with orchestrator_client and a gem that does not permit faraday >= 2:

source "https://rubygems.org"

gem 'orchestrator_client'
gem 'puppet_forge'

Run bundle install. Bundler will install faraday 1.9.0 instead of the expected 1.10.4.

Additional Context

I opened an issue upstream with Bundler about this: rubygems/rubygems#8286

One of the maintainers explained why Bundler behaves this way better than I could and outlines a potential fix.

This issue has affected several Puppet modules:

• (maint) Constrain orchestrator_client to < 0.7.1 puppetlabs-peadm#528
• Constrain orchestrator_client puppetlabs-puppet_agent#743
• Remove Litmus from Gemfile puppetlabs-augeas_core#84