Closed manuelmeurer closed 4 years ago
@manuelmeurer Good point. Any good reasons why we wouldn't want to use Gemfile.lock
to load the list of dependencies in an application? We have done this in another gem we created and I think it could work well: https://github.com/rubymem/bundler-leak/blob/master/lib/bundler/plumber/scanner.rb#L21
That way we could save ourselves a headache evaling user input. 😺
Great idea, @etagwerker, it works well! 👍
We should make sure that no random code can be executed when a Gemfile is parsed in
app/services/gemfiles/create.rb
. Maybe something like this: