Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Nokogiri & Ruby version #121

Merged
merged 2 commits into from
Dec 18, 2024

Conversation

etherz10
Copy link
Contributor

@etherz10 etherz10 commented Nov 4, 2024

Closes #120

While bumping the minimum Nokogiri version I ran into the following error which required me to update the minimum required Ruby version for the Gem.

Given 3.0.x is already EOL I think stopping 2.x is fine?

Fetching gem metadata from https://rubygems.org/.
Resolving dependencies...
Bundler could not find compatible versions for gem "ruby":
  In Gemfile:
    ruby

    amazing_print was resolved to 1.6.0, which depends on
      ruby (>= 2.5.0)

    nokogiri (~> 1.16.7) was resolved to 1.16.7, which depends on
      ruby (>= 3.0.0)

@aburgel
Copy link

aburgel commented Dec 4, 2024

Came looking for a fix for this issue too. Updating nokogiri will certainly fix this, but I think the underlying cause is that the Gemfile.lock is included in the gem, which is not necessary.

The Gemfile.lock is not committed to the repo, so it looks like when building the gem, the lock file gets included incidentally.

A common practice is to use the list of committed files as filter for what's included in the gem. That would fix this issue and also keep out other unintended files.

You'd do something like this in the gemspec: https://github.com/rubygems/rubygems/blob/master/bundler/lib/bundler/templates/newgem/newgem.gemspec.tt#L28-L36

Copy link
Member

@HarlemSquirrel HarlemSquirrel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah let's do it. Thanks!

@HarlemSquirrel HarlemSquirrel merged commit 0015eff into amazing-print:master Dec 18, 2024
@etherz10 etherz10 deleted the update-nokogiri branch January 6, 2025 12:40
@etherz10
Copy link
Contributor Author

etherz10 commented Jan 6, 2025

@HarlemSquirrel Any ETA on a RubyGems release?

@HarlemSquirrel
Copy link
Member

Don't have time this week myself but maybe @paddor has some time

@paddor
Copy link
Contributor

paddor commented Jan 7, 2025

Yeah I can look into this.

@paddor
Copy link
Contributor

paddor commented Jan 7, 2025

After some hurdles, this is now released in v1.7.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

nokogiri security vulnerabilities
4 participants