Avoid actioncable dependency on Rails 5 #15
Conversation
|
Re:
We have Rails 5 apps already using govuk_frontend_toolkit. Is there something specific in smart-answers that's affected? cc @boffbowsh |
|
@fofr it might be that Snyk wasn't catching this vulnerability for those other apps (can you name one us to look at pls?) https://snyk.io/vuln/SNYK-RUBY-ACTIONCABLE-20338 the publish date for this is only a few days ago. |
|
This seems like a good thing to do, but there's still a few things in there like activerecord, actionmailer etc that don't need to be there. |
mgrassotti
force-pushed
the
avoid-actioncable-rails-5
branch
from
35d32a8 to
12f82de
Compare
Following on from Paul's comment, the only dependency I see is when |
Specify single rails gems dependencies to avoid to include actioncable. It has a security vulnerability which prevents `smart-answers`, which rely on govuk_frontend_toolkit, to upgrade to rails 5.
mgrassotti
force-pushed
the
avoid-actioncable-rails-5
branch
from
12f82de to
8e4daf9
Compare
|
I've just seen the branch has been updated. I'll take another look. As a meta point, commenting is helpful to let me know when changes are made. As far as I'm aware, just pushing to the branch, or "reacting" doesn't notify me at least. |
Specify single rails gems dependencies to avoid to include actioncable.
It has a security vulnerability which prevents
smart-answers, whichrely on govuk_frontend_toolkit, to upgrade to rails 5.
related to PR: alphagov/smart-answers#3054
Trello: https://trello.com/c/yKUuy2VI/635-migrate-to-rails-5%3A-smart-answers