search

livingsocial / bundler-patch

Update your gems conservatively to deal with vulnerable gems or just get more current.
MIT License
65 stars 3 forks source link

Is version comparison doing it by string ... :D #16

Closed chrismo closed 8 years ago

chrismo commented 8 years ago

probably. prepare :facepalm: - cuz 15 > 9 but '9' > '15'

chrismo commented 8 years ago

Well, unit test passed, and manual test here worked:

[chrismo@momac int]$ cat > Gemfile
source 'https://rubygems.org'

gem 'newrelic_rpm', '~> 3.9.0'
[chrismo@momac int]$ bundle install --path zz
Fetching gem metadata from https://rubygems.org/
Fetching version metadata from https://rubygems.org/
Resolving dependencies...
Installing newrelic_rpm 3.9.9.275
Using bundler 1.12.5
Bundle complete! 1 Gemfile dependency, 2 gems now installed.
Bundled gems are installed into ./zz.
[chrismo@momac int]$ vi Gemfile 
[chrismo@momac int]$ cat Gemfile
source 'https://rubygems.org'

gem 'newrelic_rpm', '~> 3.9'
[chrismo@momac int]$ bundle patch -m
No known vulnerabilities to update.
Updating all gems conservatively.
Fetching gem metadata from https://rubygems.org/
Fetching version metadata from https://rubygems.org/
Resolving dependencies...
Installing newrelic_rpm 3.15.2.317 (was 3.9.9.275)
Using bundler 1.12.5

I guess I had a glitch with how I was using the -m flag and the newrelic_rpm gem