Update all gems + gem update make target (#29)

brandur · web-flow · commit c907314f52e1 · 2024-08-30T21:47:09.000-07:00
Run a `bundle update` on the River Ruby gem and its subgems. It's been a
while since dependencies were updated, but specifically we're targeting
ReXML, which has reported vulnerabilities.

Add a new `make bundle-update` target which provides an easy shortcut to
run `bundle update` on all project gems.

Also lock CI to Ruby 3.3 for the time being since `ffi` isn't happy with
the dev version of 3.4 currently being distributed with `head`.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -8,6 +8,8 @@ env:
   # to GITHUB_PATH/PATH.
   BIN_PATH: /home/runner/bin
 
+  RUBY_VERSION: "3.3"
+
   # A suitable URL for a test database.
   TEST_DATABASE_NAME: river_test
   TEST_DATABASE_URL: postgres://postgres:postgres@127.0.0.1:5432/river_test?sslmode=disable
@@ -27,7 +29,7 @@ jobs:
       - name: Install Ruby + `bundle install`
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: "head"
+          ruby-version: ${{ env.RUBY_VERSION }}
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
 
       - name: Build gem (riverqueue-ruby)
@@ -53,7 +55,7 @@ jobs:
       - name: Install Ruby + `bundle install`
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: "head"
+          ruby-version: ${{ env.RUBY_VERSION }}
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
 
       - name: Standard Ruby (riverqueue-ruby)
@@ -87,7 +89,7 @@ jobs:
       - name: Install Ruby + `bundle install`
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: "head"
+          ruby-version: ${{ env.RUBY_VERSION }}
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
 
       - name: Steep (riverqueue-ruby)
@@ -118,7 +120,7 @@ jobs:
       - name: Install Ruby + `bundle install`
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: "head"
+          ruby-version: ${{ env.RUBY_VERSION }}
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
 
       # Needed for River's CLI. There is a version of Go on Actions' base image,
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -13,36 +13,37 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    abbrev (0.1.2)
-    activesupport (7.1.3.2)
+    activesupport (7.2.1)
       base64
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
-      tzinfo (~> 2.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
     ast (2.4.2)
     base64 (0.2.0)
-    bigdecimal (3.1.7)
-    concurrent-ruby (1.2.3)
+    bigdecimal (3.1.8)
+    concurrent-ruby (1.3.4)
     connection_pool (2.4.1)
     csv (3.3.0)
     debug (1.9.2)
       irb (~> 1.10)
       reline (>= 0.3.8)
     diff-lcs (1.5.1)
-    docile (1.4.0)
+    docile (1.4.1)
     drb (2.2.1)
-    ffi (1.16.3)
+    ffi (1.17.0-arm64-darwin)
+    ffi (1.17.0-x86_64-linux-gnu)
     fileutils (1.7.2)
-    i18n (1.14.4)
+    i18n (1.14.5)
       concurrent-ruby (~> 1.0)
     io-console (0.7.2)
-    irb (1.12.0)
-      rdoc
+    irb (1.14.0)
+      rdoc (>= 4.0.0)
       reline (>= 0.4.2)
     json (2.7.2)
     language_server-protocol (3.17.0.3)
@@ -51,73 +52,73 @@ GEM
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
     logger (1.6.0)
-    minitest (5.22.3)
-    mutex_m (0.2.0)
-    parallel (1.24.0)
-    parser (3.3.0.5)
+    minitest (5.25.1)
+    parallel (1.26.3)
+    parser (3.3.4.2)
       ast (~> 2.4.1)
       racc
-    pg (1.5.6)
+    pg (1.5.7)
     psych (5.1.2)
       stringio
-    racc (1.7.3)
+    racc (1.8.1)
     rainbow (3.1.1)
     rb-fsevent (0.11.2)
-    rb-inotify (0.10.1)
+    rb-inotify (0.11.1)
       ffi (~> 1.0)
-    rbs (3.4.4)
-      abbrev
-    rdoc (6.6.3.1)
+    rbs (3.5.3)
+      logger
+    rdoc (6.7.0)
       psych (>= 4.0.0)
-    regexp_parser (2.9.0)
-    reline (0.5.3)
+    regexp_parser (2.9.2)
+    reline (0.5.9)
       io-console (~> 0.5)
-    rexml (3.2.6)
+    rexml (3.3.6)
+      strscan
     rspec-core (3.13.0)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.0)
+    rspec-expectations (3.13.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.1)
-    rubocop (1.62.1)
+    rubocop (1.65.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
+      regexp_parser (>= 2.4, < 3.0)
       rexml (>= 3.2.5, < 4.0)
       rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.31.2)
-      parser (>= 3.3.0.4)
-    rubocop-performance (1.20.2)
+    rubocop-ast (1.32.1)
+      parser (>= 3.3.1.0)
+    rubocop-performance (1.21.1)
       rubocop (>= 1.48.1, < 2.0)
-      rubocop-ast (>= 1.30.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
     ruby-progressbar (1.13.0)
     securerandom (0.3.1)
-    sequel (5.79.0)
+    sequel (5.83.1)
       bigdecimal
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.4)
-    standard (1.35.1)
+    standard (1.40.0)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
-      rubocop (~> 1.62.0)
+      rubocop (~> 1.65.0)
       standard-custom (~> 1.0.0)
-      standard-performance (~> 1.3)
+      standard-performance (~> 1.4)
     standard-custom (1.0.2)
       lint_roller (~> 1.0)
       rubocop (~> 1.50)
-    standard-performance (1.3.1)
+    standard-performance (1.4.0)
       lint_roller (~> 1.1)
-      rubocop-performance (~> 1.20.2)
-    steep (1.6.0)
+      rubocop-performance (~> 1.21.0)
+    steep (1.7.1)
       activesupport (>= 5.1)
       concurrent-ruby (>= 1.1.10)
       csv (>= 3.0.9)
@@ -128,11 +129,11 @@ GEM
       logger (>= 1.3.0)
       parser (>= 3.1)
       rainbow (>= 2.2.2, < 4.0)
-      rbs (>= 3.1.0)
+      rbs (>= 3.5.0.pre)
       securerandom (>= 0.1)
       strscan (>= 1.0.0)
       terminal-table (>= 2, < 4)
-    stringio (3.1.0)
+    stringio (3.1.1)
     strscan (3.1.0)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
diff --git a/Makefile b/Makefile
@@ -1,13 +1,19 @@
 .DEFAULT_GOAL := help
 
+.PHONY: bundle-update
+bundle-update: ## Run `bundle update` on gem and all subgems
+	bundle update
+	cd driver/riverqueue-activerecord && bundle update
+	cd driver/riverqueue-sequel && bundle update
+
 # Looks at comments using ## on targets and uses them to produce a help output.
 .PHONY: help
 help: ALIGN=14
 help: ## Print this message
 	@awk -F ': .*## ' -- "/^[^':]+: .*## /"' { printf "'$$(tput bold)'%-$(ALIGN)s'$$(tput sgr0)' %s\n", $$1, $$2 }' $(MAKEFILE_LIST)
 
 .PHONY: lint
-lint: standardrb ## Run linter (standardrb)
+lint: standardrb ## Run linter (standardrb) on gem and all subgems
 
 .PHONY: rspec
 rspec: spec
@@ -29,7 +35,7 @@ steep:
 	bundle exec steep check
 
 .PHONY: test
-test: spec ## Run test suite (Rspec)
+test: spec ## Run test suite (rspec) on gem and all subgems
 
 .PHONY: type-check
 type-check: steep ## Run type check with Steep
diff --git a/driver/riverqueue-activerecord/Gemfile.lock b/driver/riverqueue-activerecord/Gemfile.lock
@@ -14,101 +14,105 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (7.1.3.2)
-      activesupport (= 7.1.3.2)
-    activerecord (7.1.3.2)
-      activemodel (= 7.1.3.2)
-      activesupport (= 7.1.3.2)
+    activemodel (7.2.1)
+      activesupport (= 7.2.1)
+    activerecord (7.2.1)
+      activemodel (= 7.2.1)
+      activesupport (= 7.2.1)
       timeout (>= 0.4.0)
-    activesupport (7.1.3.2)
+    activesupport (7.2.1)
       base64
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
-      tzinfo (~> 2.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
     ast (2.4.2)
     base64 (0.2.0)
-    bigdecimal (3.1.7)
-    concurrent-ruby (1.2.3)
+    bigdecimal (3.1.8)
+    concurrent-ruby (1.3.4)
     connection_pool (2.4.1)
     debug (1.9.2)
       irb (~> 1.10)
       reline (>= 0.3.8)
     diff-lcs (1.5.1)
-    docile (1.4.0)
+    docile (1.4.1)
     drb (2.2.1)
-    i18n (1.14.4)
+    i18n (1.14.5)
       concurrent-ruby (~> 1.0)
     io-console (0.7.2)
-    irb (1.12.0)
-      rdoc
+    irb (1.14.0)
+      rdoc (>= 4.0.0)
       reline (>= 0.4.2)
     json (2.7.2)
     language_server-protocol (3.17.0.3)
     lint_roller (1.1.0)
-    minitest (5.22.3)
-    mutex_m (0.2.0)
-    parallel (1.24.0)
-    parser (3.3.0.5)
+    logger (1.6.0)
+    minitest (5.25.1)
+    parallel (1.26.3)
+    parser (3.3.4.2)
       ast (~> 2.4.1)
       racc
-    pg (1.5.6)
+    pg (1.5.7)
     psych (5.1.2)
       stringio
-    racc (1.7.3)
+    racc (1.8.1)
     rainbow (3.1.1)
-    rdoc (6.6.3.1)
+    rdoc (6.7.0)
       psych (>= 4.0.0)
-    regexp_parser (2.9.0)
-    reline (0.5.3)
+    regexp_parser (2.9.2)
+    reline (0.5.9)
       io-console (~> 0.5)
-    rexml (3.2.6)
+    rexml (3.3.6)
+      strscan
     rspec-core (3.13.0)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.0)
+    rspec-expectations (3.13.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.1)
-    rubocop (1.62.1)
+    rubocop (1.65.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
+      regexp_parser (>= 2.4, < 3.0)
       rexml (>= 3.2.5, < 4.0)
       rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.31.2)
-      parser (>= 3.3.0.4)
-    rubocop-performance (1.20.2)
+    rubocop-ast (1.32.1)
+      parser (>= 3.3.1.0)
+    rubocop-performance (1.21.1)
       rubocop (>= 1.48.1, < 2.0)
-      rubocop-ast (>= 1.30.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
     ruby-progressbar (1.13.0)
+    securerandom (0.3.1)
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.4)
-    standard (1.35.1)
+    standard (1.40.0)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
-      rubocop (~> 1.62.0)
+      rubocop (~> 1.65.0)
       standard-custom (~> 1.0.0)
-      standard-performance (~> 1.3)
+      standard-performance (~> 1.4)
     standard-custom (1.0.2)
       lint_roller (~> 1.0)
       rubocop (~> 1.50)
-    standard-performance (1.3.1)
+    standard-performance (1.4.0)
       lint_roller (~> 1.1)
-      rubocop-performance (~> 1.20.2)
-    stringio (3.1.0)
+      rubocop-performance (~> 1.21.0)
+    stringio (3.1.1)
+    strscan (3.1.0)
     timeout (0.4.1)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
diff --git a/driver/riverqueue-sequel/Gemfile.lock b/driver/riverqueue-sequel/Gemfile.lock
