Deprecation message when executing 'bundle install'
|Assignee:||Marius BALTEANU||% Done:|
Here is a part of the console output when upgrading Redmine to version 4.2.0:
E:\data\redmine>bundle install --without test development [DEPRECATED] The `--without` flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions. Instead please use `bundle config set without 'test development'`, and stop using this flag [DEPRECATED] Your Gemfile contains multiple primary sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source. To upgrade this warning to an error, run `bundle config set disable_multisource true`. Your Gemfile lists the gem rake (>= 0) more than once. You should probably keep only one of them. Remove any duplicate entries and specify the gem only once. While it's not a problem now, it could cause errors if you change the version of one of them later.
Especially this part:
[DEPRECATED] Your Gemfile contains multiple primary sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source.Is it something dangerous? I am not a ruby on rails programmer and cannot tell...
#3 Updated by Marius BALTEANU 7 months ago
- Assignee set to Marius BALTEANU
Thanks Ivan for reporting the issue.
Regarding second deprecation (Gemfile multiplesources), are you using any plugins or a local Gemfile (
For the first one, I'll investigate, but being just a deprecation, you should not be worry for now.
#4 Updated by Pavel Rosický 7 months ago
1/ this should be just a documentation change in Redmine Installation Guide.
2/ Your Gemfile contains multiple primary sources:
Gemfile source 'https://rubygems.org' # primary source gem "..." gem "..." Gemfile.local source 'https://rubygems.org' # remove this line gem "..." gem "..."
Gemfile source 'https://rubygems.org' do gem "..." gem "..." Gemfile.local source 'https://rubygems.org' do # use a block gem "..." gem "..." end
but this is mainly up to plugin maintainers or your Gemfile.local which isn't part of the Redmine source.
#5 Updated by Ivan Cenov 7 months ago
I do not worry about the first deprecation.
For the second one, it seems I have some plugin that is the cause. My Gemfile.local is simply nothing:
# gem "thin" # gem "puma"
... Yes, I found
source 'https://rubygems.org'in plugin
additionals. I will try to remove this line in the plugin's Gemfile.