Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit & upgrade outdated gems #1411

Closed
4 tasks
annaswims opened this issue Aug 28, 2019 · 5 comments
Closed
4 tasks

Audit & upgrade outdated gems #1411

annaswims opened this issue Aug 28, 2019 · 5 comments
Labels
backend Epic tools-be Used for the backend tools team

Comments

@annaswims
Copy link
Contributor

annaswims commented Aug 28, 2019
edited by kfrz
Loading

NOTE: Dependabot might do most of this work for us. See #116

Review the gems in our Gemfile

Top priority should be our explicitly-required gems that are at least one major version behind.
bundle outdated --filter-major --only-explicit

Acceptance criteria

  • Documentation on what features/changes might we benefit from and is it worth the effort to upgrade?
  • For gems that justify an upgrade if the effort is really low, upgrade the gem, otherwise make an issue to upgrade the gem in a future sprint.
  • Remove duplicated gems (investigate pdftk etc)
  • Annotate and cleanup gemfile with comments
@annaswims annaswims added tools-be Used for the backend tools team and removed tools-improvements labels Nov 26, 2019
@kfrz
Copy link
Contributor

kfrz commented Dec 5, 2019
edited
Loading

Some notes to extract from here

@kfrz
Copy link
Contributor

kfrz commented Dec 5, 2019
edited
Loading

@alexpappasoddball

The following PRs are directly related to the work effort this discovery ticket will spawn.

Only the first one has an issue.

Additionally, I think after this work effort we should discover/ticket work for adding bundle outdated to our CI or git hooks. Thoughts @annaswims ?

@annaswims
Copy link
Contributor Author

I'm hoping that we can use dependabot to nudge us toward upgrades. I like the idea of some sort of automated reminder, but I don't think CI or git hooks are necessarily the right places.

I'm not sure about git hooks either. If we add more noise to git hooks I'd expect people to disable them.

@annaswims
Copy link
Contributor Author

annaswims commented Dec 12, 2019
edited
Loading

the output of bundle outdated --filter-major --only-explicit

Outdated gems included in the bundle:

  • aasm (newest 5.0.6, installed 4.12.0) in groups "default"
  • activerecord-postgis-adapter (newest 6.0.0, installed 5.2.2, requested ~> 5.2.2) in groups "default"
  • awrence (newest 1.1.0, installed 0.1.0) in groups "test"
  • carrierwave (newest 2.0.2, installed 0.11.2, requested ~> 0.11) in groups "default"
  • config (newest 2.0.0, installed 1.4.0) in groups "default"
  • faker (newest 2.8.1, installed 1.6.3) in groups "test"
  • holidays (newest 8.0.0, installed 5.4.0) in groups "default"
  • oj (newest 3.10.0, installed 2.18.2) in groups "default"
  • olive_branch (newest 3.0.0, installed 2.0.0) in groups "default"
  • openid_auth (newest 1.0.2, installed 0.0.1) in groups "default"
  • pg (newest 1.1.4, installed 0.19.0) in groups "default"
  • pundit (newest 2.1.0, installed 1.1.0) in groups "default"
  • rack-attack (newest 6.2.1, installed 5.0.1) in groups "default"
  • rails (newest 6.0.1, installed 5.2.3, requested ~> 5.2.3) in groups "default"
  • redis (newest 4.1.3, installed 3.3.5) in groups "default"
  • restforce (newest 4.2.1, installed 3.0.0) in groups "default"
  • shrine (newest 3.1.0, installed 2.16.0) in groups "default"
  • sidekiq (newest 6.0.3, installed 4.2.10, requested ~> 4.2) in groups "development, test"
  • sidekiq-ent (newest 2.0.1, installed 1.6.1) in groups "production"
  • sidekiq-pro (newest 5.0.1, installed 3.7.0) in groups "production"
  • sidekiq-scheduler (newest 3.0.0, installed 2.2.2, requested ~> 2.0) in groups "default"
  • swagger-blocks (newest 3.0.0, installed 2.0.0) in groups "default"
  • vcr (newest 5.0.0, installed 3.0.3) in groups "test"
  • web-console (newest 4.0.1, installed 3.7.0) in groups "development"

@kfrz kfrz changed the title [Discovery] Audit outdated gems [Discovery] Audit & upgrade outdated gems Dec 20, 2019
@annaswims
Copy link
Contributor Author

annaswims commented Jan 6, 2020
edited
Loading

Merged PR's

Bump memoist from 0.15.0 to 0.16.2 department-of-veterans-affairs/vets-api#3669
Bump dry-types from 1.1.0 to 1.2.2 department-of-veterans-affairs/vets-api#3660
Bump rack from 2.0.7 to 2.0.8 security department-of-veterans-affairs/vets-api#3666 by dependab
Bump shrine from 2.16.0 to 2.19.3 department-of-veterans-affairs/vets-api#3662
Bump rubocop-junit-formatter from 0.1.3 to 0.1.4 department-of-veterans-affairs/vets-api#3658
Bump aasm from 4.12.0 to 5.0.6 department-of-veterans-affairs/vets-api#3659
Bump iconv from 1.0.4 to 1.0.8 department-of-veterans-affairs/vets-api#3653
Bump faker from 1.6.3 to 2.9.0 department-of-veterans-affairs/vets-api#3690
Bump activerecord-import from 1.0.1 to 1.0.4 department-of-veterans-affairs/vets-api#3717
Bump request_store from 1.4.1 to 1.5.0 department-of-veterans-affairs/vets-api#3714
Bump addressable from 2.5.2 to 2.7.0 department-of-veterans-affairs/vets-api#3712
Bump faraday_middleware from 0.12.2 to 0.13.1 department-of-veterans-affairs/vets-api#3716
Bump sidekiq-scheduler from 2.2.2 to 3.0.0 department-of-veterans-affairs/vets-api#3696
Bump rubocop-rails from 2.3.2 to 2.4.1 department-of-veterans-affairs/vets-api#3702
Bump rubocop from 0.77.0 to 0.78.0 department-of-veterans-affairs/vets-api#3679
Bump fastimage from 2.1.0 to 2.1.7 department-of-veterans-affairs/vets-api#3697
Bump pdf-reader from 2.0.0 to 2.4.0 department-of-veterans-affairs/vets-api#3709
Bump liquid from 4.0.0 to 4.0.3 department-of-veterans-affairs/vets-api#3700
Bump redis-namespace from 1.5.3 to 1.7.0 department-of-veterans-affairs/vets-api#3688
Bump ox from 2.8.2 to 2.12.0 department-of-veterans-affairs/vets-api#3689
Bump dry-struct from 1.0.0 to 1.2.0 department-of-veterans-affairs/vets-api#3703
Bump mail from 2.6.6 to 2.7.1 department-of-veterans-affairs/vets-api#3651
Bump pdf-forms from 1.1.1 to 1.2.0 department-of-veterans-affairs/vets-api#3678
Bump betamocks from 23ac096 to f9800a7 department-of-veterans-affairs/vets-api#3682
Bump mini_magick from 4.9.4 to 4.9.5 department-of-veterans-affairs/vets-api#3681
Bump statsd-instrument from 2.1.2 to 2.6.0 department-of-veterans-affairs/vets-api#3654
Bump oj from 2.18.2 to 3.10.0 department-of-veterans-affairs/vets-api#3661
Bump rubocop from 0.74.0 to 0.77.0 department-of-veterans-affairs/vets-api#3655
Bump rspec_junit_formatter from 0.2.3 to 0.4.1 department-of-veterans-affairs/vets-api#3670
rubocop - Move LineLength cop from Metrics to Layout department-of-veterans-affairs/vets-api#3722
upgrade rack-attack gem VSPhttps://github.com/department-of-veterans-affairs/vets-api/pull/3636
upgrade pg department-of-veterans-affairs/vets-api#3635
update holidays gem department-of-veterans-affairs/vets-api#3634

Approved but not merged yet

Bump rails from 5.2.3 to 5.2.4.1 department-of-veterans-affairs/vets-api#3710
Bump pg from 1.1.4 to 1.2.0 department-of-veterans-affairs/vets-api#3701
Bump aws-sdk-s3 from 1.9.0 to 1.60.1 department-of-veterans-affairs/vets-api#3698
Bump aws-sdk-sns from 1.1.0 to 1.21.0 department-of-veterans-affairs/vets-api#3691

@alexpappasoddball alexpappasoddball changed the title [Discovery] Audit & upgrade outdated gems Audit & upgrade outdated gems Jan 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend Epic tools-be Used for the backend tools team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@annaswims @LindseySaari @kfrz @alexpappasoddball