Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'bundle update' all dependencies #805

Merged
merged 2 commits into from
Jun 29, 2020
Merged

'bundle update' all dependencies #805

merged 2 commits into from
Jun 29, 2020

Conversation

jrochkind
Copy link
Contributor

Run 'bundle update' to update all dependencies to latest allowed by restrictions in Gemfile or our indirect dependency's own .gemspec files.

That no longer includes latest blacklight as a result of #804

By having up to date dependencies, we make sure we have any available bugfixes, performance improvements, and security patches, and just generally avoid technical debt making sure we are up to date with latest code from our dependencies.

bundle outdated is a command you can run to show you any gems you use (directly or indirectly) that have a newer version available.

Before this PR:

$ bundle outdated
Fetching https://github.com/sciencehistory/kithe.git
Fetching gem metadata from https://rubygems.org/........
Fetching gem metadata from https://rubygems.org/.
Resolving dependencies................

Outdated gems included in the bundle:
  * activerecord-import (newest 1.0.5, installed 1.0.4)
  * autoprefixer-rails (newest 9.8.4, installed 9.7.6)
  * aws-partitions (newest 1.336.0, installed 1.298.0)
  * aws-sdk-core (newest 3.102.1, installed 3.94.0) in groups "default"
  * aws-sdk-ec2 (newest 1.171.0, installed 1.153.0) in groups "default"
  * aws-sdk-kms (newest 1.35.0, installed 1.30.0)
  * aws-sdk-s3 (newest 1.72.0, installed 1.61.2)
  * aws-sigv4 (newest 1.2.1, installed 1.1.2)
  * blacklight (newest 7.9.0, installed 7.7.0, requested ~> 7.7.0) in groups "default"
  * bootstrap (newest 4.5.0, installed 4.4.1, requested ~> 4.3) in groups "default"
  * browse-everything (newest 1.0.2, installed 1.0.1, requested ~> 1.0) in groups "default"
  * byebug (newest 11.1.3, installed 11.1.2)
  * capistrano (newest 3.14.1, installed 3.13.0, requested ~> 3.8) in groups "development"
  * capistrano-rails (newest 1.5.0, installed 1.4.0, requested ~> 1.2) in groups "development"
  * capybara (newest 3.33.0, installed 3.32.1) in groups "test"
  * childprocess (newest 4.0.0, installed 3.0.0)
  * coderay (newest 1.1.3, installed 1.1.2)
  * database_cleaner (newest 1.8.5, installed 1.8.4, requested ~> 1.7) in groups "test"
  * declarative (newest 0.0.20, installed 0.0.10)
  * devise (newest 4.7.2, installed 4.7.1, requested ~> 4.5) in groups "default"
  * diff-lcs (newest 1.4.3, installed 1.3)
  * factory_bot (newest 6.0.2, installed 5.1.2)
  * factory_bot_rails (newest 6.0.0, installed 5.1.1) in groups "test"
  * faraday (newest 1.0.1, installed 0.17.3)
  * faraday_middleware (newest 1.0.0, installed 0.14.0)
  * ffi (newest 1.13.1, installed 1.12.2)
  * geocoder (newest 1.6.3, installed 1.6.2)
  * google-api-client (newest 0.41.1, installed 0.32.1)
  * google_drive (newest 3.0.5, installed 2.1.3)
  * googleauth (newest 0.13.0, installed 0.6.6)
  * honeybadger (newest 4.7.0, installed 4.6.0, requested ~> 4.0) in groups "default"
  * listen (newest 3.2.1, installed 3.1.5, requested >= 3.0.5, < 3.2) in groups "development"
  * lockbox (newest 0.4.5, installed 0.3.6) in groups "default"
  * mini_portile2 (newest 2.5.0, installed 2.4.0)
  * net-scp (newest 3.0.0, installed 1.2.1)
  * net-ssh (newest 6.1.0, installed 6.0.0)
  * pdf-core (newest 0.8.1, installed 0.7.0)
  * qa (newest 5.4.0, installed 5.3.1, requested ~> 5.2) in groups "default"
  * rb-fsevent (newest 0.10.4, installed 0.10.3)
  * rdf (newest 3.1.3, installed 3.1.1)
  * redis (newest 4.2.1, installed 4.1.3)
  * regexp_parser (newest 1.7.1, installed 1.7.0)
  * responders (newest 3.0.1, installed 3.0.0)
  * roda (newest 3.33.0, installed 3.31.0)
  * rspec-core (newest 3.9.2, installed 3.9.1)
  * rspec-expectations (newest 3.9.2, installed 3.9.1)
  * rspec-rails (newest 4.0.1, installed 4.0.0, requested ~> 4.0) in groups "test"
  * rspec-support (newest 3.9.3, installed 3.9.2)
  * sassc (newest 2.4.0, installed 2.3.0)
  * sitemap_generator (newest 6.1.2, installed 6.1.0, requested ~> 6.0) in groups "default"
  * slop (newest 4.8.1, installed 3.6.0)
  * thor (newest 1.0.1, installed 0.20.3)
  * typhoeus (newest 1.4.0, installed 1.3.1)
  * tzinfo (newest 2.0.2, installed 1.2.7)
  * web-console (newest 4.0.3, installed 4.0.1) in groups "development"
  * webdrivers (newest 4.4.1, installed 4.3.0) in groups "test"
  * webpacker (newest 5.1.1, installed 5.0.1, requested ~> 5.0) in groups "default"
  * zeitwerk (newest 2.3.1, installed 2.3.0)

After this PR:

$ bundle outdated
Fetching https://github.com/sciencehistory/kithe.git
Fetching gem metadata from https://rubygems.org/........
Fetching gem metadata from https://rubygems.org/.
Resolving dependencies................

Outdated gems included in the bundle:
  * blacklight (newest 7.9.0, installed 7.7.0, requested ~> 7.7.0) in groups "default"
  * browse-everything (newest 1.0.2, installed 1.0.1, requested ~> 1.0) in groups "default"
  * childprocess (newest 4.0.0, installed 3.0.0)
  * faraday (newest 1.0.1, installed 0.17.3)
  * faraday_middleware (newest 1.0.0, installed 0.14.0)
  * google-api-client (newest 0.41.1, installed 0.32.1)
  * google_drive (newest 3.0.5, installed 2.1.3)
  * googleauth (newest 0.13.0, installed 0.6.6)
  * listen (newest 3.2.1, installed 3.1.5, requested >= 3.0.5, < 3.2) in groups "development"
  * mini_portile2 (newest 2.5.0, installed 2.4.0)
  * pdf-core (newest 0.8.1, installed 0.7.0)
  * slop (newest 4.8.1, installed 3.6.0)
  * thor (newest 1.0.1, installed 0.20.3)
  * tzinfo (newest 2.0.2, installed 1.2.7)

Much shorter! Not 100%, but MOST of these remaining outdated gems are locked by browse_everything. We have been trying to submit to browse_everything to allow updates, but are currenlty blocked on upgrading to a newer version of browse_everything with some relaxed restrictions, by samvera/browse-everything#345

We may end up forking browse_everything to have a version that allows us to update these outdated dependencies.

jrochkind added 2 commits June 29, 2020 14:34
@jrochkind
'bundle update' all dependencies
83afe95 
Run 'bundle update' to update all dependencies to latest allowed by restrictions in Gemfile or our indirect dependency's own .gemspec files.

That no longer includes latest blacklight as a result of #804

By having up to date dependencies, we make sure we have any available bugfixes, performance improvements, and security patches, and just generally avoid technical debt making sure we are up to date with latest code from our dependencies.

`bundle outdated` is a command you can run to show you any gems you use (directly or indirectly) that have a newer version available.

Before this PR:

```
$ bundle outdated
Fetching https://github.com/sciencehistory/kithe.git
Fetching gem metadata from https://rubygems.org/........
Fetching gem metadata from https://rubygems.org/.
Resolving dependencies................

Outdated gems included in the bundle:
  * activerecord-import (newest 1.0.5, installed 1.0.4)
  * autoprefixer-rails (newest 9.8.4, installed 9.7.6)
  * aws-partitions (newest 1.336.0, installed 1.298.0)
  * aws-sdk-core (newest 3.102.1, installed 3.94.0) in groups "default"
  * aws-sdk-ec2 (newest 1.171.0, installed 1.153.0) in groups "default"
  * aws-sdk-kms (newest 1.35.0, installed 1.30.0)
  * aws-sdk-s3 (newest 1.72.0, installed 1.61.2)
  * aws-sigv4 (newest 1.2.1, installed 1.1.2)
  * blacklight (newest 7.9.0, installed 7.7.0, requested ~> 7.7.0) in groups "default"
  * bootstrap (newest 4.5.0, installed 4.4.1, requested ~> 4.3) in groups "default"
  * browse-everything (newest 1.0.2, installed 1.0.1, requested ~> 1.0) in groups "default"
  * byebug (newest 11.1.3, installed 11.1.2)
  * capistrano (newest 3.14.1, installed 3.13.0, requested ~> 3.8) in groups "development"
  * capistrano-rails (newest 1.5.0, installed 1.4.0, requested ~> 1.2) in groups "development"
  * capybara (newest 3.33.0, installed 3.32.1) in groups "test"
  * childprocess (newest 4.0.0, installed 3.0.0)
  * coderay (newest 1.1.3, installed 1.1.2)
  * database_cleaner (newest 1.8.5, installed 1.8.4, requested ~> 1.7) in groups "test"
  * declarative (newest 0.0.20, installed 0.0.10)
  * devise (newest 4.7.2, installed 4.7.1, requested ~> 4.5) in groups "default"
  * diff-lcs (newest 1.4.3, installed 1.3)
  * factory_bot (newest 6.0.2, installed 5.1.2)
  * factory_bot_rails (newest 6.0.0, installed 5.1.1) in groups "test"
  * faraday (newest 1.0.1, installed 0.17.3)
  * faraday_middleware (newest 1.0.0, installed 0.14.0)
  * ffi (newest 1.13.1, installed 1.12.2)
  * geocoder (newest 1.6.3, installed 1.6.2)
  * google-api-client (newest 0.41.1, installed 0.32.1)
  * google_drive (newest 3.0.5, installed 2.1.3)
  * googleauth (newest 0.13.0, installed 0.6.6)
  * honeybadger (newest 4.7.0, installed 4.6.0, requested ~> 4.0) in groups "default"
  * listen (newest 3.2.1, installed 3.1.5, requested >= 3.0.5, < 3.2) in groups "development"
  * lockbox (newest 0.4.5, installed 0.3.6) in groups "default"
  * mini_portile2 (newest 2.5.0, installed 2.4.0)
  * net-scp (newest 3.0.0, installed 1.2.1)
  * net-ssh (newest 6.1.0, installed 6.0.0)
  * pdf-core (newest 0.8.1, installed 0.7.0)
  * qa (newest 5.4.0, installed 5.3.1, requested ~> 5.2) in groups "default"
  * rb-fsevent (newest 0.10.4, installed 0.10.3)
  * rdf (newest 3.1.3, installed 3.1.1)
  * redis (newest 4.2.1, installed 4.1.3)
  * regexp_parser (newest 1.7.1, installed 1.7.0)
  * responders (newest 3.0.1, installed 3.0.0)
  * roda (newest 3.33.0, installed 3.31.0)
  * rspec-core (newest 3.9.2, installed 3.9.1)
  * rspec-expectations (newest 3.9.2, installed 3.9.1)
  * rspec-rails (newest 4.0.1, installed 4.0.0, requested ~> 4.0) in groups "test"
  * rspec-support (newest 3.9.3, installed 3.9.2)
  * sassc (newest 2.4.0, installed 2.3.0)
  * sitemap_generator (newest 6.1.2, installed 6.1.0, requested ~> 6.0) in groups "default"
  * slop (newest 4.8.1, installed 3.6.0)
  * thor (newest 1.0.1, installed 0.20.3)
  * typhoeus (newest 1.4.0, installed 1.3.1)
  * tzinfo (newest 2.0.2, installed 1.2.7)
  * web-console (newest 4.0.3, installed 4.0.1) in groups "development"
  * webdrivers (newest 4.4.1, installed 4.3.0) in groups "test"
  * webpacker (newest 5.1.1, installed 5.0.1, requested ~> 5.0) in groups "default"
  * zeitwerk (newest 2.3.1, installed 2.3.0)
```

After this PR:

```
$ bundle outdated
Fetching https://github.com/sciencehistory/kithe.git
Fetching gem metadata from https://rubygems.org/........
Fetching gem metadata from https://rubygems.org/.
Resolving dependencies................

Outdated gems included in the bundle:
  * blacklight (newest 7.9.0, installed 7.7.0, requested ~> 7.7.0) in groups "default"
  * browse-everything (newest 1.0.2, installed 1.0.1, requested ~> 1.0) in groups "default"
  * childprocess (newest 4.0.0, installed 3.0.0)
  * faraday (newest 1.0.1, installed 0.17.3)
  * faraday_middleware (newest 1.0.0, installed 0.14.0)
  * google-api-client (newest 0.41.1, installed 0.32.1)
  * google_drive (newest 3.0.5, installed 2.1.3)
  * googleauth (newest 0.13.0, installed 0.6.6)
  * listen (newest 3.2.1, installed 3.1.5, requested >= 3.0.5, < 3.2) in groups "development"
  * mini_portile2 (newest 2.5.0, installed 2.4.0)
  * pdf-core (newest 0.8.1, installed 0.7.0)
  * slop (newest 4.8.1, installed 3.6.0)
  * thor (newest 1.0.1, installed 0.20.3)
  * tzinfo (newest 2.0.2, installed 1.2.7)
```

Much shorter! Not 100%, but MOST of these remaining outdated gems are locked by browse_everything. We have been trying to submit to browse_everything to allow updates, but are currenlty blocked on upgrading to a newer version of browse_everything with some relaxed restrictions, by samvera/browse-everything#345

We may end up forking browse_everything to have a version that allows us to update these outdated dependencies.
@jrochkind
loosen capistrano 'lock' restriction to allow any 3.x, so we don't ha…
087bc6a 
…ve to update it every single time we update cap. Not really sure why this exists in capistrano deploy.rb as a duplicate of our Gemfile in the first place
@jrochkind
Copy link
Contributor Author

Also: loosen capistrano 'lock' restriction to allow any 3.x, so we don't have to update it every single time we update cap. Not really sure why this exists in capistrano deploy.rb as a duplicate of our Gemfile in the first place

@eddierubeiz
Copy link
Contributor

Noted. Very satisfying.

@eddierubeiz eddierubeiz merged commit 3bb872c into master Jun 29, 2020
@eddierubeiz eddierubeiz deleted the bundle_update branch September 21, 2020 13:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jrochkind @eddierubeiz