-
Notifications
You must be signed in to change notification settings - Fork 317
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Non-Compliance with Dependency API Deprecation #536
Comments
Is there any way fixing this? A workaround? May 10th is approaching... |
This PR uses the modern ruby gems API - #435 |
Could you update this issue? |
Any news on this or #435 ? |
It seems that the workaround that the jfrog guys describe also works for geminabox: If you are not using a reverse-proxy and want a quick-and-dirty fix, just find get '/api/v1/dependencies' do
halt 404, "https://github.com/geminabox/geminabox/issues/536"
#query_gems.any? ? Marshal.dump(gem_list) : 200
end
get '/api/v1/dependencies.json' do
halt 404, "https://github.com/geminabox/geminabox/issues/536"
#query_gems.any? ? gem_list.to_json : {}
end |
The issue with that solution is that it's wildly slow, the real solution here is to get that PR listed above merged. We've been testing a solution based off of it for a couple of weeks now and haven't found any issues, i plan to merge it upstream. |
That is why I wrote "workaround", "quick-and-dirty fix", and not "solution". Of course merging the pull request would be better, but that is outside of my power. So I thought others might be interested in a workaround as well. |
Another work around is to simply pull either mine or @skaes changes and execute from source or package and distribute it as a gem. |
This works with |
Not sure if #435 resolves the issue of API dependency deprecation. I have built an image based on it, but I am still encountering the same problem as with the master branch. Has anyone else attempted to test it as well? |
435 wasn't 100% complete, #547 works somewhat, with the minor caveat of there being high potential for out of memory situations due to the sheer size of the versions file that's returned by rubygems.org. One solution of course would lie in being able to stream the response and write the file chunk by chunk. Currently the rubygems.org apis don't support streaming requests as far as i can tell though. It does however build and run fine as far as i can tell provided you give it like 4 gigs of memory to work with... |
Could you update this issue? |
Could you update this issue? |
Still in dev |
Could you update this issue? |
@github-actions You are starting to sound like a broken record. Btw. if somebody is searching for another workaround (using different software): Nexus OSS seems to have fixed the issue, and supports many more package formats besides rubygems. |
Could you update this issue? |
ping. |
Could you update this issue? |
Sneaky github actions bot closing this while i was out for holiday. |
https://blog.rubygems.org/2023/02/22/dependency-api-deprecation.html
From this document:
March 22 at 00:00 UTC (4pm PT / 7pm ET) for 5 minutes
March 29 at the top of every hour UTC for 10 minutes
April 03 for the entire day UTC
April 10 from 00:00 UTC onward
As of April 10th the dependency API on rubygems.org will be deprecated. They're running a test brownout today on the third. Attempting to pull gems via the rubygems proxy will return a 404 error, like this one.
https://gist.github.com/LukeIGS/d28433f789bcba619e1b50885adb38f9
The text was updated successfully, but these errors were encountered: