Rewrite the Bundler package manager to use lock file parsing #3309
Assignees
Labels
Comments
sschuberth
added
analyzer
|
Maybe this could also fix #1308 at the same time. |
KorSin
pushed a commit
to boschglobal/oss-review-toolkit
that referenced
this issue
Jan 20, 2021
Closes oss-review-toolkit#3309. Signed-off-by: Korbinian Singhammer <external.Korbinian.Singhammer2@bosch.io>
KorSin
pushed a commit
to boschglobal/oss-review-toolkit
that referenced
this issue
Jan 20, 2021
Closes oss-review-toolkit#3309. Signed-off-by: Korbinian Singhammer <external.Korbinian.Singhammer2@bosch.io>
This has been solved differently via #3514. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current Bundler implementation requires gems to really be installed in order to parse dependencies, which is a problem esp. for native gems as they pull in several native dependencies (e.g.
g++,ruby2.5-devetc.) that would blow up our Docker image.A possible solution to this would be to let Bundler (via JRuby?) create a lock file if not yet preset (or use it straight away if it is present) and parse the lock file as outlined in this discussion.
The text was updated successfully, but these errors were encountered: