Skip to content

Comments

ruby: 2.7.4 -> 2.7.5, 3.0.2 -> 3.0.3#147343

Merged
marsam merged 1 commit intoNixOS:masterfrom
chvp:bump-ruby
Dec 2, 2021
Merged

ruby: 2.7.4 -> 2.7.5, 3.0.2 -> 3.0.3#147343
marsam merged 1 commit intoNixOS:masterfrom
chvp:bump-ruby

Conversation

@chvp
Copy link
Member

@chvp chvp commented Nov 25, 2021

Motivation for this change

Fixes 3 CVE's:

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 21.11 Release Notes (or backporting 21.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@chvp chvp requested a review from marsam as a code owner November 25, 2021 09:14
@github-actions github-actions bot added the 6.topic: ruby A dynamic, open source programming language with a focus on simplicity and productivity. label Nov 25, 2021
@chvp chvp added 1.severity: security Issues which raise a security issue, or PRs that fix one backport release-21.05 6.topic: ruby A dynamic, open source programming language with a focus on simplicity and productivity. and removed 6.topic: ruby A dynamic, open source programming language with a focus on simplicity and productivity. labels Nov 25, 2021
@ofborg ofborg bot requested review from manveru and vrthra November 25, 2021 09:26
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 1001-2500 This PR causes many rebuilds on Darwin and should most likely target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 1001-2500 This PR causes many rebuilds on Linux and should target the staging branches. labels Nov 25, 2021
@SuperSandro2000
Copy link
Member

SuperSandro2000 commented Nov 25, 2021

This need to go to staging.

@chvp
Copy link
Member Author

chvp commented Nov 25, 2021

The previous update also went straight to master: #129586

@risicle
Copy link
Contributor

risicle commented Nov 27, 2021

nixpkgs-review ... --package-regex '.*ruby.*' reveals no new failures on macos 10.15

@teoljungberg
Copy link
Contributor

teoljungberg commented Dec 2, 2021

Is there anything we can do to pull this in? I'd love to get our rubies upgraded to 3.0.3.

@marsam marsam merged commit 6cdb3ec into NixOS:master Dec 2, 2021
@github-actions
Copy link
Contributor

github-actions bot commented Dec 2, 2021

Backport failed for release-21.05, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git fetch origin release-21.05
git worktree add -d .worktree/backport-147343-to-release-21.05 origin/release-21.05
cd .worktree/backport-147343-to-release-21.05
git checkout -b backport-147343-to-release-21.05
ancref=$(git merge-base 47b35f569e84eb6dbbcf0a9fc75d8729ab8837fd 26038de2256eae025045e4646d91a73285700ed3)
git cherry-pick -x $ancref..26038de2256eae025045e4646d91a73285700ed3

@github-actions github-actions bot mentioned this pull request Dec 2, 2021
Merged
1 task
@github-actions
Copy link
Contributor

github-actions bot commented Dec 2, 2021

Successfully created backport PR #148254 for release-21.11.

@chvp chvp deleted the bump-ruby branch December 2, 2021 10:30
@jonringer
Copy link
Contributor

jonringer commented Dec 2, 2021

these updates going straight to master are really disruptive, because it causes rebuilds on master, and staging-next, and the release channel.

Please use staging next time

@jonringer
Copy link
Contributor

jonringer commented Dec 2, 2021

The previous update also went straight to master: #129586

just because it was done before, doesn't mean it was right

@jonringer
Copy link
Contributor

jonringer commented Dec 2, 2021

essentially, part of the reason why it takes so long for staging to get into master, is because of excessive rebuilds being piled on.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@manveru manveru Awaiting requested review from manveru

@vrthra vrthra Awaiting requested review from vrthra

1 more reviewer

@marsam marsam marsam approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: ruby A dynamic, open source programming language with a focus on simplicity and productivity. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 1001-2500 This PR causes many rebuilds on Darwin and should most likely target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 1001-2500 This PR causes many rebuilds on Linux and should target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@chvp @SuperSandro2000 @risicle @teoljungberg @jonringer @marsam