Update RubyGems and use --no-document for updating it
#5035
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The idea is to always update to the latest 3.3.x RubyGems when updating Bundler, since it provides Bundler 2.2.x by default, so it updates it automatically. However, for now I lock it to 3.3.11 because 3.3.12 has a bug the could potentially affect Dependabot.
landongrindheim
approved these changes
Apr 25, 2022
Merged
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this pull request
Aug 3, 2022
The `--no-document` flag [skips installing documentation](https://guides.rubygems.org/command-reference/#installupdate-options),so is faster. This was originally proposed by @deivid-rodriguez as part of dependabot#5035, but was lost when dependabot#5048 reverted the version bump. So this adds back only the `--no-document` flag, but doesn't touch the version.
jeffwidman
added a commit
that referenced
this pull request
Oct 7, 2022
Bump Rubygems to `3.3.22`: https://github.com/rubygems/rubygems/blob/master/CHANGELOG.md#3322--2022-09-07 There's some prior history here: 1. Originally bumped from `3.2.20` to `3.3.11` in #5035. That changed how bundler version detection worked, which caused some problems. 2. We attempted to workaround the issue in #5044, but that wasn't sufficient. 3. So in #5048 we rolled back to `3.2.20` 4. However, as part of the Ruby 3.1 upgrade, we _have_ to bump to Rubygems `>=3.3.3`... so we need to figure out a fix. 5. Now that `updater` is merged into `core`, we can have the full test suite checking the results, and don't have to bump in `core`, then pull into `updater` and see if it passes a separate CI... the two-step dance was the reason why this wasn't caught in the original core PR but instead merged and then reverted. 6. I am reasonably sure that @deivid-rodriguez figured out a way around the Bundler version difficulty in #5513, so this PR requires that to land first. 7. Originally I had the Rubygems upgrade bundled as part of the Ruby 3.1 upgrade, but now that we have a better understanding of what's happening, we should be fine to do these changes independently... which lets us more easily debug if we do happen to encounter problems. So I am splitting this out as a separate PR.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The RubyGems version had fallen a bit behind. I didn't update all the way to the latest 3.3.12 because there's a bug in 3.3.12 that might affect Dependabot (I don't think so, but just in case). Also I think it makes sense to use
--no-documentfor updating it because it's faster.