Understanding the Gemfile.lock file
After running the bundle install command, 'Gemfile.lock' is created in the working directory. What do the directives inside that file mean?
For example, let's take the following file:
PATH
remote: .
specs:
gem_one (0.0.1)
GEM
remote: http://example.org/
specs:
gem_two (0.0.2)
gem_three (0.0.3)
gem_four (0.0.4)
PLATFORMS
platform
DEPENDENCIES
gem_two
gem_one!
What do 'PATH', 'GEM', 'PLATFORMS' and 'DEPENDENCIES' describe? Are all of them required?
What should contain the 'remote' and 'specs' subdirectives?
What does the exclamation mark after the gem name in the 'DEPENDENCIES' group mean?
Answer
You can find more about it in the bundler website (emphasis added below for your convenience):
After developing your application for a while, check in the application together with the Gemfile and Gemfile.lock snapshot. Now, your repository has a record of the exact versions of all of the gems that you used the last time you know for sure that the application worked...
This is important: the Gemfile.lock makes your application a single package of both your own code and the third-party code it ran the last time you know for sure that everything worked. Specifying exact versions of the third-party code you depend on in your Gemfile would not provide the same guarantee, because gems usually declare a range of versions for their dependencies.