Vote #81366: Deprecation message when executing 'bundle install' - redmineorg-copy202205 - Redmine

編集操作

リンクをコピー

Vote #81366

未完了

Deprecation message when executing 'bundle install'

Admin Redmine さんが約4年前に追加. ほぼ4年前に更新.

ステータス:

New

優先度:

通常

担当者:

カテゴリ:

Gems support_45

対象バージョン:

開始日:

2022/05/09

期日:

進捗率:

予定工数:

Redmineorg_URL:

https://www.redmine.org/issues/35028

category_id:

version_id:

issue_org_id:

35028

author_id:

21060

assigned_to_id:

107353

comments:

status_id:

tracker_id:

plus1:

affected_version:

closed_on:

affected_version_id:

152

ステータス-->[New]

引用

説明

Here is a part of the console output when upgrading Redmine to version 4.2.0:

E:\data\redmine>bundle install --without test development
[DEPRECATED] The `--without` flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions.
Instead please use `bundle config set without 'test development'`, and stop using this flag
[DEPRECATED] Your Gemfile contains multiple primary sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems.
To resolve this warning, use a block to indicate which gems should come from the secondary source.
To upgrade this warning to an error, run `bundle config set disable_multisource true`.
Your Gemfile lists the gem rake (>= 0) more than once.
You should probably keep only one of them.
Remove any duplicate entries and specify the gem only once.
While it's not a problem now, it could cause errors if you change the version of one of them later.

Especially this part:



[DEPRECATED] Your Gemfile contains multiple primary sources. Using source more than once without a block is a security risk, and may result in installing unexpected gems.

To resolve this warning, use a block to indicate which gems should come from the secondary source.

Is it something dangerous? I am not a ruby on rails programmer and cannot tell...

journals

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Thanks Ivan for reporting the issue.

Regarding second deprecation (Gemfile multiplesources), are you using any plugins or a local Gemfile (@Gemfile.local@)?

For the first one, I'll investigate, but being just a deprecation, you should not be worry for now.

--------------------------------------------------------------------------------
1/ this should be just a documentation change in Redmine Installation Guide.
2/ Your Gemfile contains multiple primary sources:

<pre>
Gemfile
source 'https://rubygems.org' # primary source
gem "..."
gem "..."

Gemfile.local
source 'https://rubygems.org' # remove this line
gem "..."
gem "..."
</pre>

or alternatively

<pre>
Gemfile
source 'https://rubygems.org' do
gem "..."
gem "..."

Gemfile.local
source 'https://rubygems.org' do # use a block
gem "..."
gem "..."
end
</pre>

but this is mainly up to plugin maintainers or your Gemfile.local which isn't part of the Redmine source.
--------------------------------------------------------------------------------
I do not worry about the first deprecation.

For the second one, it seems I have some plugin that is the cause. My Gemfile.local is simply nothing:
<pre>
# gem "thin"
# gem "puma"
</pre>
... Yes, I found
<pre>
source 'https://rubygems.org'
</pre>in plugin @additionals@. I will try to remove this line in the plugin's Gemfile.
--------------------------------------------------------------------------------