thor: require 1.4 or newer #44
Conversation
|
sighs like an old man
It's probably fine to merge this, but maybe we wait a week until we agreed on voxpupuli/community-triage#60. that will switch to openvox 8 only which is ruby 3.2 for AIO and 3.1 for the server |
ext/project_data.yaml
Outdated
| gem_runtime_dependencies: | ||
| hocon: ~> 1.3 | ||
| thor: ['>= 1.0.1', '< 1.3'] | ||
| thor: '~>= 1.4' |
There was a problem hiding this comment.
where is this file even used?
There was a problem hiding this comment.
that now looks like a syntax error?
There was a problem hiding this comment.
@bastelfreak not sure, what part looks like a syntax error? Tests are passing at least (Windows failure looks unrelated).
There was a problem hiding this comment.
this should be ~> 1.4 or ['>= 1.4', '< 2'], but ~>= doesn't seem right?
@nmburgan do you know if this is some kind of config file for vanagon / if the file is still used?
There was a problem hiding this comment.
Oh oops, changed it to ~> 1.4 so it's consistent with the line above it.
There was a problem hiding this comment.
It's used by the packaging gem.
https://github.com/puppetlabs/packaging/blob/15da180e9574e4582c096b0537334627d3f0f814/lib/packaging/config.rb#L255-L256
https://github.com/puppetlabs/packaging/blob/main/README.md?plain=1
If we're not using that, we can drop both the files from all our repos I think.
There was a problem hiding this comment.
FWIW, there is no security issue. The advisory was withdrawn. See GHSA-mqcp-p2hv-vw6x
kenyon
force-pushed
the
thor
branch
2 times, most recently
from
b8c4254 to
bac435f
Compare
Thor 1.4.0 resolves a security issue: rails/thor#897 Related: voxpupuli/modulesync#309
Thor 1.4.0 resolves a security issue: rails/thor#897
Related: voxpupuli/modulesync#309