
PSA: update your Rails - akkartik
8 new vulnerabilities announced at https:&#x2F;&#x2F;groups.google.com&#x2F;forum&#x2F;#!forum&#x2F;rubyonrails-security
======
akkartik
Days like this I _really hate_ the Ruby/Gem/Bundler eco-system.

    
    
      $ bundle exec gem list |grep i18n     
      i18n (0.6.9)
    
      $ bundle exec gem update i18n         
      Updating installed gems
      Updating i18n
      Successfully installed i18n-0.7.0
      Gems updated: i18n
      Installing ri documentation for i18n-0.7.0...
      Installing RDoc documentation for i18n-0.7.0...
    
      $ bundle exec gem update activesupport
      Updating installed gems
      Updating activesupport
      ERROR:  Error installing activesupport:
              activesupport requires i18n (~> 0.7)
      Gems updated: i18n, thread_safe
      Installing ri documentation for i18n-0.7.0...
      Installing ri documentation for thread_safe-0.3.5...
      Installing RDoc documentation for i18n-0.7.0...
      Installing RDoc documentation for thread_safe-0.3.5...
      bundle exec gem update activesupport  23.83s user 0.30s system 98% cpu 24.521 total
    
      $ bundle exec gem list |grep i18n     
      i18n (0.6.9)

~~~
sanderjd
I'm confused about what you're trying to do here. You should be able to just
do `bundle update rails`, and it will re-resolve all the dependencies with the
newest version that matches the version string in your Gemfile (eg. `gem
'rails', '~> 4.1.8'` will match the just-released '4.1.14.1').

~~~
AznHisoka
Not sure if this is the OP's case, but some gems simply do not work if you
upgrade any other gem. It's reliant on an older version of gem X.

~~~
akkartik
Yeah, I tried the blanket upgrade first, and these commands only when it
didn't work. I'm used to gem not knowing the topological order in which to
install dependencies.

Basically my session above shows gem lying that it installed version 0.7 of
the i18n gem. It's done nothing whatsoever.

 _Edit_ : apologies, I just reread grandparent's suggestion. I was trying
'bundle exec gem update' which didn't work. 'bundle update rails' works.
Thanks both!

