From c907314f52e1cb6a61789943760935e5aa505a91 Mon Sep 17 00:00:00 2001 From: Brandur Leach Date: Sat, 31 Aug 2024 00:47:09 -0400 Subject: [PATCH] Update all gems + gem update make target (#29) Run a `bundle update` on the River Ruby gem and its subgems. It's been a while since dependencies were updated, but specifically we're targeting ReXML, which has reported vulnerabilities. Add a new `make bundle-update` target which provides an easy shortcut to run `bundle update` on all project gems. Also lock CI to Ruby 3.3 for the time being since `ffi` isn't happy with the dev version of 3.4 currently being distributed with `head`. --- .github/workflows/ci.yaml | 10 ++- Gemfile.lock | 83 +++++++++++---------- Makefile | 10 ++- driver/riverqueue-activerecord/Gemfile.lock | 80 ++++++++++---------- driver/riverqueue-sequel/Gemfile.lock | 44 +++++------ 5 files changed, 121 insertions(+), 106 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 223f27c..433a47e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -8,6 +8,8 @@ env: # to GITHUB_PATH/PATH. BIN_PATH: /home/runner/bin + RUBY_VERSION: "3.3" + # A suitable URL for a test database. TEST_DATABASE_NAME: river_test TEST_DATABASE_URL: postgres://postgres:postgres@127.0.0.1:5432/river_test?sslmode=disable @@ -27,7 +29,7 @@ jobs: - name: Install Ruby + `bundle install` uses: ruby/setup-ruby@v1 with: - ruby-version: "head" + ruby-version: ${{ env.RUBY_VERSION }} bundler-cache: true # runs 'bundle install' and caches installed gems automatically - name: Build gem (riverqueue-ruby) @@ -53,7 +55,7 @@ jobs: - name: Install Ruby + `bundle install` uses: ruby/setup-ruby@v1 with: - ruby-version: "head" + ruby-version: ${{ env.RUBY_VERSION }} bundler-cache: true # runs 'bundle install' and caches installed gems automatically - name: Standard Ruby (riverqueue-ruby) @@ -87,7 +89,7 @@ jobs: - name: Install Ruby + `bundle install` uses: ruby/setup-ruby@v1 with: - ruby-version: "head" + ruby-version: ${{ env.RUBY_VERSION }} bundler-cache: true # runs 'bundle install' and caches installed gems automatically - name: Steep (riverqueue-ruby) @@ -118,7 +120,7 @@ jobs: - name: Install Ruby + `bundle install` uses: ruby/setup-ruby@v1 with: - ruby-version: "head" + ruby-version: ${{ env.RUBY_VERSION }} bundler-cache: true # runs 'bundle install' and caches installed gems automatically # Needed for River's CLI. There is a version of Go on Actions' base image, diff --git a/Gemfile.lock b/Gemfile.lock index aa2867b..3a979c3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -13,36 +13,37 @@ PATH GEM remote: https://rubygems.org/ specs: - abbrev (0.1.2) - activesupport (7.1.3.2) + activesupport (7.2.1) base64 bigdecimal - concurrent-ruby (~> 1.0, >= 1.0.2) + concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) - mutex_m - tzinfo (~> 2.0) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) ast (2.4.2) base64 (0.2.0) - bigdecimal (3.1.7) - concurrent-ruby (1.2.3) + bigdecimal (3.1.8) + concurrent-ruby (1.3.4) connection_pool (2.4.1) csv (3.3.0) debug (1.9.2) irb (~> 1.10) reline (>= 0.3.8) diff-lcs (1.5.1) - docile (1.4.0) + docile (1.4.1) drb (2.2.1) - ffi (1.16.3) + ffi (1.17.0-arm64-darwin) + ffi (1.17.0-x86_64-linux-gnu) fileutils (1.7.2) - i18n (1.14.4) + i18n (1.14.5) concurrent-ruby (~> 1.0) io-console (0.7.2) - irb (1.12.0) - rdoc + irb (1.14.0) + rdoc (>= 4.0.0) reline (>= 0.4.2) json (2.7.2) language_server-protocol (3.17.0.3) @@ -51,53 +52,53 @@ GEM rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) logger (1.6.0) - minitest (5.22.3) - mutex_m (0.2.0) - parallel (1.24.0) - parser (3.3.0.5) + minitest (5.25.1) + parallel (1.26.3) + parser (3.3.4.2) ast (~> 2.4.1) racc - pg (1.5.6) + pg (1.5.7) psych (5.1.2) stringio - racc (1.7.3) + racc (1.8.1) rainbow (3.1.1) rb-fsevent (0.11.2) - rb-inotify (0.10.1) + rb-inotify (0.11.1) ffi (~> 1.0) - rbs (3.4.4) - abbrev - rdoc (6.6.3.1) + rbs (3.5.3) + logger + rdoc (6.7.0) psych (>= 4.0.0) - regexp_parser (2.9.0) - reline (0.5.3) + regexp_parser (2.9.2) + reline (0.5.9) io-console (~> 0.5) - rexml (3.2.6) + rexml (3.3.6) + strscan rspec-core (3.13.0) rspec-support (~> 3.13.0) - rspec-expectations (3.13.0) + rspec-expectations (3.13.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) rspec-support (3.13.1) - rubocop (1.62.1) + rubocop (1.65.1) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8, < 3.0) + regexp_parser (>= 2.4, < 3.0) rexml (>= 3.2.5, < 4.0) rubocop-ast (>= 1.31.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.31.2) - parser (>= 3.3.0.4) - rubocop-performance (1.20.2) + rubocop-ast (1.32.1) + parser (>= 3.3.1.0) + rubocop-performance (1.21.1) rubocop (>= 1.48.1, < 2.0) - rubocop-ast (>= 1.30.0, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) ruby-progressbar (1.13.0) securerandom (0.3.1) - sequel (5.79.0) + sequel (5.83.1) bigdecimal simplecov (0.22.0) docile (~> 1.1) @@ -105,19 +106,19 @@ GEM simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) - standard (1.35.1) + standard (1.40.0) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.0) - rubocop (~> 1.62.0) + rubocop (~> 1.65.0) standard-custom (~> 1.0.0) - standard-performance (~> 1.3) + standard-performance (~> 1.4) standard-custom (1.0.2) lint_roller (~> 1.0) rubocop (~> 1.50) - standard-performance (1.3.1) + standard-performance (1.4.0) lint_roller (~> 1.1) - rubocop-performance (~> 1.20.2) - steep (1.6.0) + rubocop-performance (~> 1.21.0) + steep (1.7.1) activesupport (>= 5.1) concurrent-ruby (>= 1.1.10) csv (>= 3.0.9) @@ -128,11 +129,11 @@ GEM logger (>= 1.3.0) parser (>= 3.1) rainbow (>= 2.2.2, < 4.0) - rbs (>= 3.1.0) + rbs (>= 3.5.0.pre) securerandom (>= 0.1) strscan (>= 1.0.0) terminal-table (>= 2, < 4) - stringio (3.1.0) + stringio (3.1.1) strscan (3.1.0) terminal-table (3.0.2) unicode-display_width (>= 1.1.1, < 3) diff --git a/Makefile b/Makefile index fac4888..e58b7ca 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,11 @@ .DEFAULT_GOAL := help +.PHONY: bundle-update +bundle-update: ## Run `bundle update` on gem and all subgems + bundle update + cd driver/riverqueue-activerecord && bundle update + cd driver/riverqueue-sequel && bundle update + # Looks at comments using ## on targets and uses them to produce a help output. .PHONY: help help: ALIGN=14 @@ -7,7 +13,7 @@ help: ## Print this message @awk -F ': .*## ' -- "/^[^':]+: .*## /"' { printf "'$$(tput bold)'%-$(ALIGN)s'$$(tput sgr0)' %s\n", $$1, $$2 }' $(MAKEFILE_LIST) .PHONY: lint -lint: standardrb ## Run linter (standardrb) +lint: standardrb ## Run linter (standardrb) on gem and all subgems .PHONY: rspec rspec: spec @@ -29,7 +35,7 @@ steep: bundle exec steep check .PHONY: test -test: spec ## Run test suite (Rspec) +test: spec ## Run test suite (rspec) on gem and all subgems .PHONY: type-check type-check: steep ## Run type check with Steep diff --git a/driver/riverqueue-activerecord/Gemfile.lock b/driver/riverqueue-activerecord/Gemfile.lock index c8cf7ce..293981a 100644 --- a/driver/riverqueue-activerecord/Gemfile.lock +++ b/driver/riverqueue-activerecord/Gemfile.lock @@ -14,101 +14,105 @@ PATH GEM remote: https://rubygems.org/ specs: - activemodel (7.1.3.2) - activesupport (= 7.1.3.2) - activerecord (7.1.3.2) - activemodel (= 7.1.3.2) - activesupport (= 7.1.3.2) + activemodel (7.2.1) + activesupport (= 7.2.1) + activerecord (7.2.1) + activemodel (= 7.2.1) + activesupport (= 7.2.1) timeout (>= 0.4.0) - activesupport (7.1.3.2) + activesupport (7.2.1) base64 bigdecimal - concurrent-ruby (~> 1.0, >= 1.0.2) + concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) - mutex_m - tzinfo (~> 2.0) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) ast (2.4.2) base64 (0.2.0) - bigdecimal (3.1.7) - concurrent-ruby (1.2.3) + bigdecimal (3.1.8) + concurrent-ruby (1.3.4) connection_pool (2.4.1) debug (1.9.2) irb (~> 1.10) reline (>= 0.3.8) diff-lcs (1.5.1) - docile (1.4.0) + docile (1.4.1) drb (2.2.1) - i18n (1.14.4) + i18n (1.14.5) concurrent-ruby (~> 1.0) io-console (0.7.2) - irb (1.12.0) - rdoc + irb (1.14.0) + rdoc (>= 4.0.0) reline (>= 0.4.2) json (2.7.2) language_server-protocol (3.17.0.3) lint_roller (1.1.0) - minitest (5.22.3) - mutex_m (0.2.0) - parallel (1.24.0) - parser (3.3.0.5) + logger (1.6.0) + minitest (5.25.1) + parallel (1.26.3) + parser (3.3.4.2) ast (~> 2.4.1) racc - pg (1.5.6) + pg (1.5.7) psych (5.1.2) stringio - racc (1.7.3) + racc (1.8.1) rainbow (3.1.1) - rdoc (6.6.3.1) + rdoc (6.7.0) psych (>= 4.0.0) - regexp_parser (2.9.0) - reline (0.5.3) + regexp_parser (2.9.2) + reline (0.5.9) io-console (~> 0.5) - rexml (3.2.6) + rexml (3.3.6) + strscan rspec-core (3.13.0) rspec-support (~> 3.13.0) - rspec-expectations (3.13.0) + rspec-expectations (3.13.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) rspec-support (3.13.1) - rubocop (1.62.1) + rubocop (1.65.1) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8, < 3.0) + regexp_parser (>= 2.4, < 3.0) rexml (>= 3.2.5, < 4.0) rubocop-ast (>= 1.31.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.31.2) - parser (>= 3.3.0.4) - rubocop-performance (1.20.2) + rubocop-ast (1.32.1) + parser (>= 3.3.1.0) + rubocop-performance (1.21.1) rubocop (>= 1.48.1, < 2.0) - rubocop-ast (>= 1.30.0, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) ruby-progressbar (1.13.0) + securerandom (0.3.1) simplecov (0.22.0) docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) - standard (1.35.1) + standard (1.40.0) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.0) - rubocop (~> 1.62.0) + rubocop (~> 1.65.0) standard-custom (~> 1.0.0) - standard-performance (~> 1.3) + standard-performance (~> 1.4) standard-custom (1.0.2) lint_roller (~> 1.0) rubocop (~> 1.50) - standard-performance (1.3.1) + standard-performance (1.4.0) lint_roller (~> 1.1) - rubocop-performance (~> 1.20.2) - stringio (3.1.0) + rubocop-performance (~> 1.21.0) + stringio (3.1.1) + strscan (3.1.0) timeout (0.4.1) tzinfo (2.0.6) concurrent-ruby (~> 1.0) diff --git a/driver/riverqueue-sequel/Gemfile.lock b/driver/riverqueue-sequel/Gemfile.lock index b1cd2d1..66c2613 100644 --- a/driver/riverqueue-sequel/Gemfile.lock +++ b/driver/riverqueue-sequel/Gemfile.lock @@ -14,45 +14,46 @@ GEM remote: https://rubygems.org/ specs: ast (2.4.2) - bigdecimal (3.1.7) + bigdecimal (3.1.8) diff-lcs (1.5.1) - docile (1.4.0) + docile (1.4.1) json (2.7.2) language_server-protocol (3.17.0.3) lint_roller (1.1.0) - parallel (1.24.0) - parser (3.3.0.5) + parallel (1.26.3) + parser (3.3.4.2) ast (~> 2.4.1) racc - pg (1.5.6) - racc (1.7.3) + pg (1.5.7) + racc (1.8.1) rainbow (3.1.1) - regexp_parser (2.9.0) - rexml (3.2.6) + regexp_parser (2.9.2) + rexml (3.3.6) + strscan rspec-core (3.13.0) rspec-support (~> 3.13.0) - rspec-expectations (3.13.0) + rspec-expectations (3.13.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) rspec-support (3.13.1) - rubocop (1.62.1) + rubocop (1.65.1) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8, < 3.0) + regexp_parser (>= 2.4, < 3.0) rexml (>= 3.2.5, < 4.0) rubocop-ast (>= 1.31.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.31.2) - parser (>= 3.3.0.4) - rubocop-performance (1.20.2) + rubocop-ast (1.32.1) + parser (>= 3.3.1.0) + rubocop-performance (1.21.1) rubocop (>= 1.48.1, < 2.0) - rubocop-ast (>= 1.30.0, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) ruby-progressbar (1.13.0) - sequel (5.79.0) + sequel (5.83.1) bigdecimal simplecov (0.22.0) docile (~> 1.1) @@ -60,18 +61,19 @@ GEM simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) - standard (1.35.1) + standard (1.40.0) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.0) - rubocop (~> 1.62.0) + rubocop (~> 1.65.0) standard-custom (~> 1.0.0) - standard-performance (~> 1.3) + standard-performance (~> 1.4) standard-custom (1.0.2) lint_roller (~> 1.0) rubocop (~> 1.50) - standard-performance (1.3.1) + standard-performance (1.4.0) lint_roller (~> 1.1) - rubocop-performance (~> 1.20.2) + rubocop-performance (~> 1.21.0) + strscan (3.1.0) unicode-display_width (2.5.0) PLATFORMS