Closed kumar1202 closed 9 months ago
We are still not able to install the gem on Ruby 2.3 when the source is RubyGems, as it didn't create the dependencies correctly. -> https://rubygems.org/gems/vault/versions/0.18.2
~# /opt/chef/embedded/bin/ruby --version
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]
~# /opt/chef/embedded/bin/gem install vault
Fetching: aws-eventstream-1.3.0.gem (100%)
ERROR: Error installing vault:
aws-eventstream requires Ruby version >= 2.5.
As it looks like the parsed gemspec is being parsed by a Ruby parser > 2.4
The vault gem uses the aws-sigv4 gem in the gemspec and has not been locked.
Yesterday, the vault gem started failing in Ruby 2.3 when the aws-eventstream and aws-sigv4 gems were upgraded to 1.3.0 and 1.7.0 respectively.
Although, the README says that Vault is still is supported in Ruby versions >2.0.0. The release of aws gems used as dependencies are breaking the vault in EOL Ruby environments.
Locking the aws-sigv4 version to the earliest available versions also won't help because the aws-eventstream lock was introduced as
'~> 1.0', '>= 1.0.2')
here which still points to the latest version and eventually breaks on Ruby 2.3.The solution is to lock, aws-sigv4 to 1.6.0 and aws-eventstream to 1.2.0 for Ruby versions < 2.4.0 in the vault.gemspec.