Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dealing with "yanked" gems #14

Closed
leoarnold opened this issue Apr 4, 2018 · 1 comment
Closed

Dealing with "yanked" gems #14

leoarnold opened this issue Apr 4, 2018 · 1 comment

Comments

@leoarnold
Copy link

I am sure you heard that parser gem v2.5.0.4 was yanked from RubyGems.org:

https://stackoverflow.com/q/49499606

The version history of parser now lists this gem as "yanked", but the yanked version was simply missing from the list and "not there at all" in the first days after.

This broke a lot of people's (continuous) deployments.
Protection against such mishaps would be a killer feature in Depfu.

Here's what happend in one of our projects:

  1. On Mar 21st Depfu submits "Update rubocop: 0.53.0 → 0.54.0 (minor)":
diff --git a/Gemfile.lock b/Gemfile.lock
index 792335c..6aee8bc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -71,7 +71,7 @@ GEM
     net-ssh (4.2.0)
     netrc (0.11.0)
     parallel (1.12.1)
-    parser (2.5.0.2)
+    parser (2.5.0.4) # <-- This became problematic
       ast (~> 2.4.0)
     powerpack (0.1.1)
     public_suffix (3.0.1)
@@ -94,7 +94,7 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.7.0)
     rspec-support (3.7.0)
-    rubocop (0.53.0)
+    rubocop (0.54.0)
       parallel (~> 1.10)
       parser (>= 2.5)
       powerpack (~> 0.1)
  1. Around Mar 24th, parser publishes a new sub-patch version - and yanks the version in question
  2. On Mar 30th, we deploy - and run into an error

I am not sure why Depfu did not send a PR for the updated parser version (indirect dependency) an whether that is a bug or intentional, but that is also not the point here.

Either way, update to newer or rollback to previous, if Depfu could keep us running despite gems being yanked, that would be awesome!

@leoarnold
Copy link
Author

Screenshot_20200120_125933

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant