Bug #18855
closed
Updates at 05fed3ab8 - branch 18855-rails-upgrade - developer-run-tests: #2955 
- Upgrades RailsAPI & Workbench rails gems to 5.2.6.2
- Also upgrades all their dependencies but
sprockets & sprockets-rails (because they were needing some extra migration work)
Even though active_storage is requested in the Gemfile.lock, it isn't loaded (the same happens with action_cable) so it wasn't really a security problem. The only way we could avoid having those listed on the Gemfile.lock file is requesting the rest of the rails gems manually, and I'm not sure it's worth the effort.
Lucas Di Pentima wrote:
Updates at 05fed3ab8 - branch 18855-rails-upgrade - developer-run-tests: #2955
- Upgrades RailsAPI & Workbench rails gems to 5.2.6.2
- Also upgrades all their dependencies but
sprockets & sprockets-rails (because they were needing some extra migration work)
Even though active_storage is requested in the Gemfile.lock, it isn't loaded (the same happens with action_cable) so it wasn't really a security problem. The only way we could avoid having those listed on the Gemfile.lock file is requesting the rest of the rails gems manually, and I'm not sure it's worth the effort.
LGTM, thanks!
- Status changed from New to Resolved
Applied in changeset arvados-private:commit:arvados|a3522bb093bab34ce7d51d3cab23fcc44547cffc.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by