livingsocial / bundler-patch

Update your gems conservatively to deal with vulnerable gems or just get more current.
MIT License
65 stars 3 forks source link

If `-m` not used, but only minor increase is available, it looks like maybe it's broken since there's no feedback. #12

Open chrismo opened 8 years ago

chrismo commented 8 years ago

bundler-patch 0.7.2

* Could not attempt upgrade for mail from 1.0.0 to any patched versions 2.6.0, 2.2.15, 2.4.4. Most often this is because a major version increment would be required and it's safer for a major version increase to be done manually.
No known vulnerabilities to update.
Updating 'mail' conservatively.
Fetching gem metadata from https://rubygems.org/..............
Fetching version metadata from https://rubygems.org/..
Resolving dependencies...
Using mime-types 2.0
Using polyglot 0.2.5
Using treetop 1.4.1
Using mail 1.0.0
Using bundler 1.10.6

My first concern was the vuln warning was interfering, but it turns out there is no release version increment available for mail 1.0.0 - the next version is 1.1.0.