Defect #35028

Deprecation message when executing 'bundle install'

Added by Ivan Cenov about 1 month ago. Updated about 1 month ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:Marius BALTEANU% Done:

0%

Category:Gems support
Target version:-
Resolution: Affected version:4.2.0

Description

Here is a part of the console output when upgrading Redmine to version 4.2.0:

E:\data\redmine>bundle install --without test development
[DEPRECATED] The `--without` flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions.
Instead please use `bundle config set without 'test development'`, and stop using this flag
[DEPRECATED] Your Gemfile contains multiple primary sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems.
To resolve this warning, use a block to indicate which gems should come from the secondary source.
To upgrade this warning to an error, run `bundle config set disable_multisource true`.
Your Gemfile lists the gem rake (>= 0) more than once.
You should probably keep only one of them.
Remove any duplicate entries and specify the gem only once.
While it's not a problem now, it could cause errors if you change the version of one of them later.

Especially this part:

[DEPRECATED] Your Gemfile contains multiple primary sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems.
To resolve this warning, use a block to indicate which gems should come from the secondary source.
Is it something dangerous? I am not a ruby on rails programmer and cannot tell...

History

#1 Updated by Marius BALTEANU about 1 month ago

  • Duplicates Defect #35004: DEPRECATION WARNING during startup added

#2 Updated by Marius BALTEANU about 1 month ago

  • Duplicates deleted (Defect #35004: DEPRECATION WARNING during startup)

#3 Updated by Marius BALTEANU about 1 month ago

  • Assignee set to Marius BALTEANU

Thanks Ivan for reporting the issue.

Regarding second deprecation (Gemfile multiplesources), are you using any plugins or a local Gemfile (Gemfile.local)?

For the first one, I'll investigate, but being just a deprecation, you should not be worry for now.

#4 Updated by Pavel Rosick√Ĺ about 1 month ago

1/ this should be just a documentation change in Redmine Installation Guide.
2/ Your Gemfile contains multiple primary sources:

Gemfile
source 'https://rubygems.org' # primary source
gem "..." 
gem "..." 

Gemfile.local
source 'https://rubygems.org' # remove this line
gem "..." 
gem "..." 

or alternatively

Gemfile
source 'https://rubygems.org' do
gem "..." 
gem "..." 

Gemfile.local
source 'https://rubygems.org' do # use a block
  gem "..." 
  gem "..." 
end

but this is mainly up to plugin maintainers or your Gemfile.local which isn't part of the Redmine source.

#5 Updated by Ivan Cenov about 1 month ago

I do not worry about the first deprecation.

For the second one, it seems I have some plugin that is the cause. My Gemfile.local is simply nothing:

# gem "thin" 
# gem "puma" 

... Yes, I found
source 'https://rubygems.org'
in plugin additionals. I will try to remove this line in the plugin's Gemfile.

Also available in: Atom PDF