Mass update when a Ruby gem is yanked #2153
Labels
F: dependency-downgrades
Avoiding unintentional downgrades, or forcing downgrades when really needed
F: language-support
Issues specific to a particular language or ecosystem; may be paired with an L: label.
L: ruby:bundler
RubyGems via bundler
Stale
T: feature-request
Requests for new features
Comments
|
In this case, 1.11.0 was yanked and 1.11.1 was released, I’m not sure if it’d be a common occurrence that a version is yanked but no new version is immediately released, but maybe worth considering a downgrade strategy? I imagine dependabot isn’t really built with downgrading in mind, though, so probably not worth the trouble :) |
infin8x
added
F: language-support
deivid-rodriguez
added
the
F: dependency-downgrades
1 task
|
👋 This issue has been marked as stale because it has been open for 2 years with no activity. You can comment on the issue to hold stalebot off for a while, or do nothing. If you do nothing, this issue will be closed eventually by the stalebot. Please see CONTRIBUTING.md for more policy details. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A few days ago dependabot updated ffi in my repo to 1.11.0. Yesterday, 1.11.0 was yanked. I only noticed this after trying to run a bundle install locally, which failed.
Should Dependabot run an 'emergency' update across all repositories when a gem is yanked like this, in the same way it does for major security updates?
See also dependabot/feedback#471.
The text was updated successfully, but these errors were encountered: