Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Constrain minitar gem version and fix require #27

Closed
wants to merge 1 commit into from
Closed

Constrain minitar gem version and fix require #27

wants to merge 1 commit into from

Conversation

halostatue
Copy link

This should be just specifying "~> 1.0", but backlevel support has
been added because Berkshelf still claims to support Ruby 2.7+ and
Minitar 1.0 (which is the only supported branch as of 20204-08-07) has
explicitly dropped support for any Ruby version 3.0 or older.

Minitar v0.12 is the last of the versions for that line and all users
are encouraged to upgrade to v1.0 (no one should be running anything
older than Ruby 3.1).

This is a fairly critical update as users of berkshelf are unable to
install or use it without this change.

I would strongly recommend that other dependencies like thor and
chef itself where there is an unconstrained >= specification be
reviewed. This is a potential security or incompatibility hole for all
of your users.

Resolves: #26

This should be just specifying `"~> 1.0"`, but backlevel support has
been added because Berkshelf still claims to support Ruby 2.7+ and
Minitar 1.0 (which is the only supported branch as of 20204-08-07) has
explicitly dropped support for any Ruby version 3.0 or older.

Minitar v0.12 is the last of the versions for that line and all users
are encouraged to upgrade to v1.0 (no one should be running anything
older than Ruby 3.1).

This is a fairly critical update as users of berkshelf are unable to
install or use it without this change.

I would strongly recommend that other dependencies like `thor` and
`chef` itself where there is an unconstrained `>=` specification be
reviewed. This is a potential security or incompatibility hole for all
of your users.

Resolves: #26
Signed-off-by: Austin Ziegler <[email protected]>
Copy link

sonarqubecloud bot commented Aug 9, 2024

@tpowell-progress
Copy link
Collaborator

@halostatue I'm resolving the PR in #30 so that we can get this merged.

@tpowell-progress
Copy link
Collaborator

Superseded by #30 with berkshelf.gemspec conflict fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Berkshelf started failing cannot load such file -- archive/tar/minitar
2 participants