Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update gem dependencies that have security risks #298

Merged
merged 2 commits into from
Sep 15, 2021
Merged

Update gem dependencies that have security risks #298

merged 2 commits into from
Sep 15, 2021

Conversation

cy-by
Copy link
Contributor

@cy-by cy-by commented Sep 15, 2021
edited
Loading

Comes from #296.

What does this PR do?

  • Update gem dependencies that have security risks
    • Update rails to 5.2.4.6
    • Update bundler to 2.2.19
    • Update nokogiri
    • Update addressable
  • Add run step in CircleCI to use v2 of bundler

Testing

Locally, I'm able to bundle install and run the application bin/rails s without issue.

I might be a good idea for whoever tests this PR, to pull it down locally and make sure a bundle install works properly.

@cy-by cy-by self-assigned this Sep 15, 2021
@cy-by cy-by temporarily deployed to honeycrisp-update-gems-7uyafwa September 15, 2021 18:07 Inactive
@cy-by cy-by temporarily deployed to honeycrisp-update-gems-7uyafwa September 15, 2021 20:55 Inactive
@cy-by cy-by temporarily deployed to honeycrisp-update-gems-7uyafwa September 15, 2021 21:01 Inactive
cy-by
cy-by commented Sep 15, 2021
View reviewed changes
.circleci/config.yml
Comment on lines +76 to +81
- run:
name: "Configure Bundler"
command: |
echo 'export BUNDLER_VERSION=$(cat Gemfile.lock | tail -1 | tr -d " ")' >> $BASH_ENV
source $BASH_ENV
gem install bundler
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had to add this run step in each job, install_dependencies, run_checks, and run_tests. If not, bundler v1 would be used and the job would fail.

I'm not really familiar with CircleCI config code, is there a way to define this once for all three jobs to use? So that this code can be DRY?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@coltborg I believe that yes, you can define it once and reuse it for all three jobs. I think the GYR circle CI config has examples of defining a command and reusing it.

@cy-by cy-by marked this pull request as ready for review September 15, 2021 21:29
@cy-by cy-by added the dependencies Pull requests that update a dependency file label Sep 15, 2021
@cy-by cy-by mentioned this pull request Sep 15, 2021
Closed
22 tasks
bengolder
bengolder approved these changes Sep 15, 2021
View reviewed changes
Copy link
Contributor

@bengolder bengolder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me! Thank you! I'm happy to pair on a followup commit to refactor/DRY the CircleCI config file.

@bengolder bengolder merged commit 95836ed into main Sep 15, 2021
@cy-by cy-by deleted the update-gems branch September 15, 2021 22:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bengolder bengolder bengolder approved these changes

Assignees

@cy-by cy-by

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cy-by @bengolder