Project

General

Profile

Actions

Defect #35028

open

Deprecation message when executing 'bundle install'

Added by Ivan Cenov over 3 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Category:
Gems support
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

Here is a part of the console output when upgrading Redmine to version 4.2.0:

E:\data\redmine>bundle install --without test development
[DEPRECATED] The `--without` flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions.
Instead please use `bundle config set without 'test development'`, and stop using this flag
[DEPRECATED] Your Gemfile contains multiple primary sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems.
To resolve this warning, use a block to indicate which gems should come from the secondary source.
To upgrade this warning to an error, run `bundle config set disable_multisource true`.
Your Gemfile lists the gem rake (>= 0) more than once.
You should probably keep only one of them.
Remove any duplicate entries and specify the gem only once.
While it's not a problem now, it could cause errors if you change the version of one of them later.

Especially this part:

[DEPRECATED] Your Gemfile contains multiple primary sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems.
To resolve this warning, use a block to indicate which gems should come from the secondary source.
Is it something dangerous? I am not a ruby on rails programmer and cannot tell...

Actions #1

Updated by Marius BĂLTEANU over 3 years ago

  • Is duplicate of Defect #35004: DEPRECATION WARNING during startup added
Actions #2

Updated by Marius BĂLTEANU over 3 years ago

  • Is duplicate of deleted (Defect #35004: DEPRECATION WARNING during startup)
Actions #3

Updated by Marius BĂLTEANU over 3 years ago

  • Assignee set to Marius BĂLTEANU

Thanks Ivan for reporting the issue.

Regarding second deprecation (Gemfile multiplesources), are you using any plugins or a local Gemfile (Gemfile.local)?

For the first one, I'll investigate, but being just a deprecation, you should not be worry for now.

Actions #4

Updated by Pavel Rosický over 3 years ago

1/ this should be just a documentation change in Redmine Installation Guide.
2/ Your Gemfile contains multiple primary sources:

Gemfile
source 'https://rubygems.org' # primary source
gem "..." 
gem "..." 

Gemfile.local
source 'https://rubygems.org' # remove this line
gem "..." 
gem "..." 

or alternatively

Gemfile
source 'https://rubygems.org' do
gem "..." 
gem "..." 

Gemfile.local
source 'https://rubygems.org' do # use a block
  gem "..." 
  gem "..." 
end

but this is mainly up to plugin maintainers or your Gemfile.local which isn't part of the Redmine source.

Actions #5

Updated by Ivan Cenov over 3 years ago

I do not worry about the first deprecation.

For the second one, it seems I have some plugin that is the cause. My Gemfile.local is simply nothing:

# gem "thin" 
# gem "puma" 

... Yes, I found
source 'https://rubygems.org'
in plugin additionals. I will try to remove this line in the plugin's Gemfile.

Actions

Also available in: Atom PDF