Skip to content

Ignore platform-specific gems #1543

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cd-work merged 3 commits into from
Nov 26, 2024
Merged

Ignore platform-specific gems #1543

cd-work merged 3 commits into from
Nov 26, 2024

Conversation

@cd-work
Copy link
Contributor

@cd-work cd-work commented Nov 25, 2024

This fixes an issue in the Ruby Gemfile.lock parser where version-specific dependencies like ffi (1.17.0-x86_64-linux-gnu) would cause the parser to crash.

Since new Ruby Gems are not allowed to contain dashes, this patch simply discards Gems that contain a - in their version. There are technically two versions of asciidoctor-reducer (1.0.0-rc.1 and 1.0.0-beta.1) which contain dashes, but those are neither commonly used, nor a security risk.

Closes #1540.

@cd-work
Ignore platform-specific gems
325ba9e 
This fixes an issue in the Ruby `Gemfile.lock` parser where
version-specific dependencies like `ffi (1.17.0-x86_64-linux-gnu)` would
cause the parser to crash.

Since new Ruby Gems are not allowed to contain dashes, this patch simply
discards Gems that contain a `-` in their version. There are technically
two versions of `asciidoctor-reducer` (`1.0.0-rc.1` and `1.0.0-beta.1`)
which contain dashes, but those are neither commonly used, nor a
security risk.

Closes #1540.
@cd-work cd-work requested a review from a team as a code owner November 25, 2024 23:17
@cd-work cd-work self-assigned this Nov 25, 2024
@cd-work cd-work marked this pull request as draft November 25, 2024 23:26
@cd-work cd-work marked this pull request as ready for review November 25, 2024 23:35
maxrake
maxrake approved these changes Nov 25, 2024
View reviewed changes
Copy link
Contributor

@maxrake maxrake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code was reviewed and the changes confirmed with local testing. LGTM.

@cd-work cd-work merged commit 538113f into main Nov 26, 2024
16 checks passed
@cd-work cd-work deleted the platform_gems branch November 26, 2024 14:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maxrake maxrake maxrake approved these changes

@mathew-horner mathew-horner Awaiting requested review from mathew-horner mathew-horner is a code owner automatically assigned from phylum-dev/user-components

Assignees

@cd-work cd-work

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

gem lockfile parser does not account for platform-specific gems

3 participants

@cd-work @maxrake