search

rails / thor

Thor is a toolkit for building powerful command-line interfaces.
http://whatisthor.com/
MIT License
5.14k stars 553 forks source link

V1.0.0 release untagged #700

Closed orien closed 4 years ago

orien commented 4 years ago

I'm a little concerned with the recent v1.0.0 release. While this release has been pushed to Rubygems, there's no v1.0.0 tag in this repository and the version.rb file still reads "0.20.3". I'm concerned about rogue releases containing malicious payloads.

Can you please confirm this is a legitimate release?

/cc @rafaelfranca

vinibol12 commented 4 years ago

My bundle pulled that version and getting this when trying to update Rails

 ~/src/project [rails-upgrade $ bundle exec rake rails:update
rake aborted!
NoMethodError: undefined method `deprecation_warning' for Thor:Class
/Users/vbolz001/.rbenv/versions/2.2/bin/bundle:23:in `load'
/Users/vbolz001/.rbenv/versions/2.2/bin/bundle:23:in `<main>'

Gemfile

require File.expand_path(File.dirname(__FILE__) + '/config/msd_env_settings.rb')

gem 'rails', '4.0.13'

gem 'msd_ldap', '3.0.0'

gem 'ruby-oci8', '2.2.2'
gem 'activerecord-oracle_enhanced-adapter', '1.5.0'

gem 'prototype-rails', '~> 4.0.1'

gem 'calendar_date_select', '2.0.0'

gem 'i18n', '0.8.6'

group :development, :test do
  gem 'thin', '1.6.3'
end

# The following 2 lines are required to get a console working in staging. They can probably be removed when Rails is upgraded.
gem 'minitest', '4.7.5', require: false
gem 'test-unit-minitest', require: false

group :test do
  gem 'minitest', '4.7.5'
  gem 'test-unit-minitest', require: 'test/unit'
  gem 'minitest-reporters', '0.14.24'
  gem 'capybara', '2.11.0'
  gem 'capybara-screenshot', '1.0.14'
  gem 'poltergeist', '1.12.0'
  gem 'ci_reporter', '1.8.3'
  gem 'simplecov', :require => false
end

# Session store extracted into gem in Rails 4
gem 'activerecord-session_store'

My Gemfile.lock

GEM
  remote: https://rubygems.org/
  specs:
    actionmailer (4.0.13)
      actionpack (= 4.0.13)
      mail (~> 2.5, >= 2.5.4)
    actionpack (4.0.13)
      activesupport (= 4.0.13)
      builder (~> 3.1.0)
      erubis (~> 2.7.0)
      rack (~> 1.5.2)
      rack-test (~> 0.6.2)
    activemodel (4.0.13)
      activesupport (= 4.0.13)
      builder (~> 3.1.0)
    activerecord (4.0.13)
      activemodel (= 4.0.13)
      activerecord-deprecated_finders (~> 1.0.2)
      activesupport (= 4.0.13)
      arel (~> 4.0.0)
    activerecord-deprecated_finders (1.0.4)
    activerecord-oracle_enhanced-adapter (1.5.0)
    activerecord-session_store (1.1.3)
      actionpack (>= 4.0)
      activerecord (>= 4.0)
      multi_json (~> 1.11, >= 1.11.2)
      rack (>= 1.5.2, < 3)
      railties (>= 4.0)
    activesupport (4.0.13)
      i18n (~> 0.6, >= 0.6.9)
      minitest (~> 4.2)
      multi_json (~> 1.3)
      thread_safe (~> 0.1)
      tzinfo (~> 0.3.37)
    addressable (2.3.6)
    ansi (1.5.0)
    arel (4.0.2)
    builder (3.1.4)
    calendar_date_select (2.0.0)
      rails (>= 3.1)
    capybara (2.11.0)
      addressable
      mime-types (>= 1.16)
      nokogiri (>= 1.3.3)
      rack (>= 1.0.0)
      rack-test (>= 0.5.4)
      xpath (~> 2.0)
    capybara-screenshot (1.0.14)
      capybara (>= 1.0, < 3)
      launchy
    ci_reporter (1.8.3)
      builder (>= 2.1.2)
    cliver (0.3.2)
    concurrent-ruby (1.1.5)
    daemons (1.2.3)
    docile (1.3.1)
    erubis (2.7.0)
    eventmachine (1.0.8)
    hashie (2.1.1)
    i18n (0.8.6)
    json (2.3.0)
    launchy (2.4.3)
      addressable (~> 2.3)
    mail (2.7.1)
      mini_mime (>= 0.1.1)
    mime-types (3.3)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2019.1009)
    mini_mime (1.0.2)
    mini_portile2 (2.4.0)
    minitest (4.7.5)
    minitest-reporters (0.14.24)
      ansi
      builder
      minitest (>= 2.12, < 5.0)
      powerbar
    msd_ldap (3.0.0)
      activesupport (>= 3.2.22.5)
      net-ldap
    multi_json (1.14.1)
    net-ldap (0.16.1)
    nokogiri (1.9.1)
      mini_portile2 (~> 2.4.0)
    poltergeist (1.12.0)
      capybara (~> 2.1)
      cliver (~> 0.3.1)
      websocket-driver (>= 0.2.0)
    powerbar (1.0.18)
      hashie (>= 1.1.0)
    prototype-rails (4.0.1)
      rails (~> 4.0)
    rack (1.5.5)
    rack-test (0.6.3)
      rack (>= 1.0)
    rails (4.0.13)
      actionmailer (= 4.0.13)
      actionpack (= 4.0.13)
      activerecord (= 4.0.13)
      activesupport (= 4.0.13)
      bundler (>= 1.3.0, < 2.0)
      railties (= 4.0.13)
      sprockets-rails (~> 2.0)
    railties (4.0.13)
      actionpack (= 4.0.13)
      activesupport (= 4.0.13)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
    rake (13.0.1)
    ruby-oci8 (2.2.2)
    simplecov (0.16.1)
      docile (~> 1.1)
      json (>= 1.8, < 3)
      simplecov-html (~> 0.10.0)
    simplecov-html (0.10.2)
    sprockets (3.7.2)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
    sprockets-rails (2.3.3)
      actionpack (>= 3.0)
      activesupport (>= 3.0)
      sprockets (>= 2.8, < 4.0)
    test-unit-minitest (0.9.1)
      minitest (~> 4.7)
    thin (1.6.3)
      daemons (~> 1.0, >= 1.0.9)
      eventmachine (~> 1.0)
      rack (~> 1.0)
    thor (1.0.0)
    thread_safe (0.3.6)
    tzinfo (0.3.56)
    websocket-driver (0.6.5)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.2)
    xpath (2.0.0)
      nokogiri (~> 1.3)

PLATFORMS
  ruby
  x86_64-darwin-17

DEPENDENCIES
  activerecord-oracle_enhanced-adapter (= 1.5.0)
  activerecord-session_store
  calendar_date_select (= 2.0.0)
  capybara (= 2.11.0)
  capybara-screenshot (= 1.0.14)
  ci_reporter (= 1.8.3)
  i18n (= 0.8.6)
  minitest (= 4.7.5)
  minitest-reporters (= 0.14.24)
  msd_ldap (= 3.0.0)
  poltergeist (= 1.12.0)
  prototype-rails (~> 4.0.1)
  rails (= 4.0.13)
  ruby-oci8 (= 2.2.2)
  simplecov
  test-unit-minitest
  thin (= 1.6.3)

BUNDLED WITH
   1.17.3
vinibol12 commented 4 years ago

I've just downgraded to 0.20.3 requiring the gem explicitly for now and it works.

BrianHawley commented 4 years ago

@vinibol12 see #703 for the solution and workaround for the issue you reported. Happened to me too.