Skip to content

Consider Rails LTS 5.2.8.15 #538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
reedloden merged 3 commits into from
Jan 23, 2023
Merged

Consider Rails LTS 5.2.8.15 #538

reedloden merged 3 commits into from
Jan 23, 2023

Conversation

@tkdn
Copy link
Contributor

@tkdn tkdn commented Jan 23, 2023

@postmodern
Copy link
Member

postmodern commented Jan 23, 2023

This might confuse people who are not familiar with Rails LTS, since Rails LTS has released versions which stock Rails has not. Could you add (rails LTS) after the 5.x versions in the description text, and a # rails LTS commend after the ~> 5.x, >= 5.x.y.z lines?

@postmodern postmodern requested a review from reedloden January 23, 2023 08:22
@tkdn
Copy link
Contributor Author

tkdn commented Jan 23, 2023

@postmodern
Thanks for the review. I've added comments for rails (LTS). 50d6e1d

reedloden
reedloden approved these changes Jan 23, 2023
View reviewed changes
Copy link
Member

@reedloden reedloden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for submitting this!

@reedloden reedloden merged commit c9cf6ea into rubysec:master Jan 23, 2023
@rea-jonpad
Copy link

rea-jonpad commented Apr 3, 2023

This might confuse people who are not familiar with Rails LTS, since Rails LTS has released versions which stock Rails has not. Could you add (rails LTS) after the 5.x versions in the description text, and a # rails LTS commend after the ~> 5.x, >= 5.x.y.z lines?

Because of the way downstream systems such as bundler-audit use the YAML, the # rails LTS comment appended after the ~> 5.x, >= 5.x.y.z lines is effectively ignored by the YAML parser.

Then bundler-audit recommends upgrading to the Rails LTS gem, which is a commercial offering, and not available without a license, username & password.

I realize that in some ways, this is bundler-audit's problem. But with the "# (Rails LTS)" effectively being stripped out by the YAML parser, bundler-audit has no way to identify such gems as being restricted, and not widely available, however it still recommends it as a fix.

Perhaps fixed versions from external third parties could have additional metadata and be marked as such?

@postmodern postmodern mentioned this pull request Feb 7, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reedloden reedloden reedloden approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tkdn @postmodern @rea-jonpad @reedloden