(maint) Drop bundler dev dependency

puppetlabs / ruby-hocon

A Ruby port of the Typesafe Config library.

Apache License 2.0

34 stars 30 forks source link

(maint) Drop bundler dev dependency #124

Closed joshcooper closed 2 years ago

joshcooper commented 2 years ago

This should fix the snyk GH action: https://github.com/puppetlabs/ruby-hocon/runs/6279882660?check_suite_focus=true#step:5:6

LivingInSyn commented 2 years ago

@joshcooper for the purposes of scanning with snyk, you should only have to run bundle lock and not directly install the dependencies. You can also just commit the lock file and skip the generation step

joshcooper commented 2 years ago

@LivingInSyn thanks but bundle lock fails in the same way:

$ bundle lock
Fetching gem metadata from https://rubygems.org/...
Resolving dependencies...
Bundler could not find compatible versions for gem "bundler":
  In Gemfile:
    bundler (~> 1.5)

  Current Bundler version:
    bundler (2.3.7)

I can't think of a good reason for a gem to express a development dependency on bundler...

LivingInSyn commented 2 years ago

me neither, just wanted to try that first 👍 thanks!