Bundler "Your bundle is locked to X, but that version could not be found" in CI
Gemfile.lock pins an exact gem version that the configured source no longer serves. Bundler refuses to silently pick another version, so it stops and names the gem and version it cannot fetch.
What this error means
bundle install fails with "Your bundle is locked to rails (7.1.2) from rubygems.org, but that version could not be found in rubygems.org." Running with --deployment or BUNDLE_FROZEN makes it fatal.
Your bundle is locked to rails (7.1.2) from rubygems.org, but that version could not be
found in rubygems.org. The source contains the following gems matching 'rails':
rails (7.1.1), rails (7.1.3)
Run `bundle install` elsewhere and add the updated Gemfile.lock to version control.Common causes
The pinned version was yanked from the source
The exact version recorded in Gemfile.lock was removed (yanked) from rubygems.org, so Bundler can no longer download it.
A private mirror was repointed and lost that build
CI uses a mirror or internal gem server that no longer hosts the pinned version, so the locked release is unreachable from the runner.
How to fix it
Relock to an available version
- Read the "following gems matching" list to see which versions the source still has.
- Run bundle update for just that gem to repin it to a published version.
- Commit the refreshed Gemfile.lock so CI installs the available version.
bundle update rails --conservative
git add Gemfile.lockPoint CI at the source that still has the version
If the version was removed from a mirror but exists upstream, configure the mirror to fall back to rubygems.org for missing gems.
bundle config set --global mirror.https://rubygems.org https://gems.internal.example.comHow to prevent it
- Avoid pinning to versions that may be yanked; track active releases.
- Keep CI on the same source that produced the committed lockfile.
- Regenerate Gemfile.lock promptly when a dependency is yanked.