Skip to content

[Tooling] Update Ruby gems #21825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 23, 2025
Merged

[Tooling] Update Ruby gems #21825

merged 1 commit into from
Apr 23, 2025

Conversation

AliSoftware
Copy link
Contributor

@AliSoftware AliSoftware commented Apr 23, 2025
edited
Loading

Update gems to latest version (by just running bundle update), especially to fix a security issue with nokogiri

As long as CI is green we should be good to go.

Ref: AINFRA-122

@AliSoftware AliSoftware requested review from jkmassel and a team April 23, 2025 16:50
@AliSoftware AliSoftware self-assigned this Apr 23, 2025
@dangermattic
Copy link
Collaborator

1 Warning
⚠️ PR is not assigned to a milestone.

Generated by 🚫 Danger

@AliSoftware AliSoftware enabled auto-merge (squash) April 23, 2025 16:54
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@wpmobilebot
Copy link
Contributor

WordPress📲 You can test the changes from this Pull Request in WordPress by scanning the QR code below to install the corresponding build.
App NameWordPress WordPress
FlavorJalapeno
Build TypeDebug
Versionpr21825-32dddde
Commit32dddde
Direct Downloadwordpress-prototype-build-pr21825-32dddde.apk
 Note: Google Login is not supported on these builds.

@wpmobilebot
Copy link
Contributor

Jetpack📲 You can test the changes from this Pull Request in Jetpack by scanning the QR code below to install the corresponding build.
App NameJetpack Jetpack
FlavorJalapeno
Build TypeDebug
Versionpr21825-32dddde
Commit32dddde
Direct Downloadjetpack-prototype-build-pr21825-32dddde.apk
 Note: Google Login is not supported on these builds.

twstokes
twstokes approved these changes Apr 23, 2025
View reviewed changes
Copy link
Contributor

@twstokes twstokes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Any stability concerns @AliSoftware about packages that had major version updates? (e.g. activesupport)

@AliSoftware AliSoftware merged commit ad0b027 into trunk Apr 23, 2025
28 of 29 checks passed
@AliSoftware AliSoftware deleted the tooling/update-gems branch April 23, 2025 17:44
@AliSoftware
Copy link
Contributor Author

LGTM. Any stability concerns @AliSoftware about packages that had major version updates? (e.g. activesupport)

Good catch and good question.
I'm surprised the dependency to activesupport is not bound to a SemVer constraint (~> x.y) but open-ended instead btw.

From a quick look at the changelog between last 7.x version and 8.0.0, I didn't see any breaking change during the bump to 8.x that should impact my knowledge of what we use of that lib in our codebase.
But activesupport is a pretty big libraries with lots of methods so it's hard to be sure (and we probably use less than 1% of them… if any, actually?). So I'd say worst case scenario something breaks or crashes during one of our automation lanes because of a breaking change in an activesupport Ruby method and we fix it when we discover it anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@twstokes twstokes twstokes approved these changes

@jkmassel jkmassel Awaiting requested review from jkmassel

Assignees

@AliSoftware AliSoftware

Labels
Tooling
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AliSoftware @dangermattic @wpmobilebot @twstokes