-
Notifications
You must be signed in to change notification settings - Fork 197
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update CHANGELOG to mention pulled 2.5.0.4 version #478
Comments
The changelog is automatically generated. I've pulled the version because, due to a merge screwup, it didn't match the tag. |
Version 2.5.0.4 of `parser` was pulled from rubygems whitequark/parser#478. This was breaking government-frontend CI builds and end-to-end tests. Running bundle update bumps the parser version.
Version 2.5.0.4 of parser was pulled from rubygems whitequark/parser#478. This was breaking government-frontend CI builds and end-to-end tests. Running bundle update bumps the parser version to fix this.
While I appreciate your contributions to the community, please do not pull back published versions. It's one of the most frustrating things you can do as an open source maintainer, since it causes a lot of churn to everybody who has to bump their dependency list. 😢 If you make a mistake and release a bad version, the right thing to do in 99% of the cases is to not yank the bad version (we all make mistakes, that's not the point here), but to:
Yanking is almost always wrong, unless you really messed up and published confidential information, code that contains a virus etc. |
Oh, I had no idea yank was changed to permanently delete the gem back in 2015. That's an awful decision, if you publish credentials you should just change them, not rely on there being no one scraping all uploaded gems... |
Maybe it makes sense to push it back. Is it possible? |
Hmm, agree. Didn't know that they actually changed that a few years ago. I think the NuGet approach is "the right thing". Yank should be "remove from public lists & search results, but not remove from direct URLs" (https://docs.microsoft.com/en-us/nuget/policies/deleting-packages) As @iliabylich suggests, maybe it would make sense to re-publish the package (be it with 2.5.0.5 content or whatever) to minimize the community damage. Thanks for very fast feedback! |
Version 2.5.0.4 of parser was pulled from rubygems whitequark/parser#478. This was breaking government-frontend CI builds and end-to-end tests.
Version 2.5.0.4 of parser was pulled from rubygems whitequark/parser#478. This was breaking government-frontend CI builds and end-to-end tests. Running bundle update bumps the parser version to fix this.
Version 2.5.0.4 of parser was pulled from rubygems whitequark/parser#478. This was breaking government-frontend CI builds and end-to-end tests. Running bundle update parser --conservative bumps the parser version to fix this.
The 2.4.0.4 version of the parser gem was removed from Rubygems. The author posted his reason why here: whitequark/parser#478 (comment)
The 2.5.0.4 version of the parser gem was removed from Rubygems. The author posted his reason why here: whitequark/parser#478 (comment)
version 2.5.0.4 was pulled from rubygems see whitequark/parser#478 (comment)
Fix dependency of parser 2.5.0.4 Since this version war pull out from rubygems See: whitequark/parser#478
CI's.... CI's breaking everywhere :(
|
It's not possible to push over a yanked gem version so there's nothing I can do about it beyond unyanking (which is even worse). Complain to rubygems.org, I guess. |
Please do. I think their current policy is completely broken. It should be extremely hard to yank a package, if it happens more than 5 minutes after it was pushed. |
Note that, if I remember correctly, I've pulled the package within 5 minutes. At a certain volume of installations it just doesn't matter. Yanking must not remove the actual file. But it seems unlikely to me that this policy change will be reverted, and in any case I don't really participate in the Ruby ecosystem anymore. |
Got here because my Lockfile contained a version that no longer existed. It's no biggie, just got curious what happened. For posterity sake I'll add this to others that are curious - AFAIK official policy of RubyGems is that repushing of gem versions is not allowed to prevent unexpected behavior that they're not staffed to deal with (cached versions, webhooks). A bit more info on it here: https://blog.rubygems.org/2015/04/13/permadelete-on-yank.html |
Good point. Anyway, we should push them to change the policy so that yanking doesn't remove the actual file, but only makes it "undiscoverable". Since they have had their current semantics for 3 years now, I think they are unlikely to want to change it, but they are still wrong. 😜 |
1. Synchronize used version of `parser` gem for both versions of rails: 4 and 5. 2. Fix broken CI pipelines for rails5 branches. The 2.5.0.4 version is removed from rubygems, so it's skipped. whitequark/parser#478
Not sure why it was pulled, but it's probably worth mentioning...
The text was updated successfully, but these errors were encountered: