search

apache / flagon

Apache Flagon is a suite of comprehensive, thin-client behavioral logging tools
https://flagon.apache.org/
Apache License 2.0
25 stars 13 forks source link

Update Gemfile #29

Closed brucearctor closed 1 year ago

brucearctor commented 1 year ago

To address some vulnerability concerns [ and aid ease of future updates ]

poorejc commented 1 year ago

@brucearctor Thanks so much for this! Much needed. Let me test the build this week! So sorry for delay!

brucearctor commented 1 year ago

@poorejc -- what's our 'testing the build' process look like? Seems something more ideal to be automated?

poorejc commented 1 year ago

ugh... have been looking at this, but got new laptop and am in Ruby local/global hell. Gonna need to retreat for tonight and try again tomorrow after I reinstall ruby. I'm on this though.

brucearctor commented 1 year ago

Another time receiving... or does this go where we want?

On Fri, Jun 9, 2023, 11:34 PM poorejc @.***> wrote:

ugh... have been looking at this, but got new laptop and am in Ruby local/global hell. Gonna need to retreat for tonight and try again tomorrow after I reinstall ruby. I'm on this though.

— Reply to this email directly, view it on GitHub https://github.com/apache/flagon/pull/29#issuecomment-1585447818, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGMTJC6VVSF7QDI7IPJXXTXKPTNBANCNFSM6AAAAAAXTS2W2M . You are receiving this because you were mentioned.Message ID: @.***>

poorejc commented 1 year ago

So, the last PR from a Dependabot on Master might be the culprit--I can't build your branch or master. I get the same error, which is related to a Ruby version collision. It says it expects v 2.6 and says I'm running 2.5, when I'm not and I don't have that installed on my new box or old. I can build the asf-branch, which is just 1 functional commit behind master. I'm guessing the last Gemfile dependency has some engine constraint in it that we need to address. I think I'll try and regress that dependency and then try and merge your PR.

poorejc commented 1 year ago

Culprit is either something in the public_suffix library or we have something coercing Ruby version to v 2.5 in the code and it's superceding my local and global settings for Ruby. I can get this branch to build if I regress Public_Suffix to 4.0.1. But just doesn't make sense--I'm guessing we have some weird setting that's set globally. Lame. I'll have to return to it later this weekend.