[Regression] `bundle lock --update foo --lockfile unexisting_lockfile.lock` now updates *all* gems

[Edouard-chin]

Describe the problem as clearly as you can

Prior to Bundler 2.5.6, running bundle lock --update foo --lockfile Gemfile_bumped.lock would update only the foo gem and write the lockfile to the Gemfile_bumped.lock.

In Bundler 2.5.6 and above running the same command, updates absolutely all gems.
This change is related to #7047

Source of the issue

I'd like to point out that Definition#lock now deprecates passing a path, but maybe this could be worth revisiting this deprecation. Previously it was possible to build a definition from an exiting lockfile, make changes to the definition and dump the content of the modified definition to a new lockfile. This is no longer possible and the source of the problem in this issue.

Let me know if this make sense, I'm happy to help opening a PR :).

Did you try upgrading rubygems & bundler?

Yes

Post steps to reproduce the problem

1. Write this to "Gemfile"

source "https://rubygems.org"

gem "warning"
gem "uri"

2. Write this to "Gemfile.lock"

GEM
  remote: https://rubygems.org/
  specs:
    uri (1.0.2)
    warning (1.4.0)

PLATFORMS
  arm64-darwin-23
  ruby

DEPENDENCIES
  uri
  warning

BUNDLED WITH
   2.5.6

3. Run bundle _2.5.6_ lock --update uri --lockfile Gemfile_bumped.lock
4. You can see in the Gemfile_bumped.lock that the warning gems is now updated to 1.5.0.

Which command did you run?

bundle _2.5.6_ lock --update uri --lockfile Gemfile_bumped.lock

What were you expecting to happen?

Same behaviour as 2.5.5 where only the gem mentioned in the --update [gem] list gets updated.

What happened instead?

All gems get updated

[deivid-rodriguez]

Hei @Edouard-chin, you're totally right and it makes sense, yeah. Not sure how we missed this :(

Can you open a PR fixing it?