Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bolt should not use EoL upstream software #3341

Open
bastelfreak opened this issue Aug 13, 2024 · 1 comment
Open

bolt should not use EoL upstream software #3341

bastelfreak opened this issue Aug 13, 2024 · 1 comment
Labels
Bug Bug reports and fixes.

Comments

@bastelfreak
Copy link
Contributor

bastelfreak commented Aug 13, 2024
edited
Loading

Describe the Bug

latest bolt ships quite old dependencies. My biggest concern is Ruby:

[root@pe ~]# /opt/puppetlabs/bolt/bin/ruby --version
ruby 2.7.8p225 (2023-03-30 revision 1f4d455848) [x86_64-linux]
[root@pe ~]# /opt/puppetlabs/bolt/bin/bolt --version
3.30.0
[root@pe ~]#

This version is EoL upstream and does not receive any fixes. hiera-eyaml also lacks one major version:

[root@pe ~]# /opt/puppetlabs/bolt/bin/bolt --version
3.30.0
[root@pe ~]# /opt/puppetlabs/bolt/bin/eyaml --version
Welcome to eyaml 3.4.0

Usage:
eyaml subcommand [global-opts] [subcommand-opts]

Available subcommands:
           edit: edit an eyaml file
        encrypt: encrypt some data
        recrypt: recrypt an eyaml file
        version: show version information
     createkeys: create a set of keys with which to encrypt/decrypt eyaml data
        decrypt: decrypt some data

For more help on an individual command, use --help on that command

Installed Plugins:

[root@pe ~]#

Also the list of outdated gems is quite high:

[root@pe ~]# /opt/puppetlabs/bolt/bin/gem outdated
CFPropertyList (2.3.6 < 3.0.7)
addressable (2.8.6 < 2.8.7)
aws-partitions (1.913.0 < 1.963.0)
aws-sdk-core (3.191.6 < 3.201.4)
aws-sdk-ec2 (1.448.0 < 1.469.0)
aws-sigv4 (1.8.0 < 1.9.1)
benchmark (0.1.0 < 0.3.0)
bigdecimal (2.0.0 < 3.1.8)
builder (3.2.4 < 3.3.0)
bundler (2.1.4 < 2.5.17)
cgi (0.1.0.2 < 0.4.1)
colored2 (3.1.2 < 4.0.0)
concurrent-ruby (1.2.3 < 1.3.4)
cri (2.15.11 < 2.15.12)
csv (3.1.2 < 3.3.0)
date (3.0.3 < 3.3.4)
delegate (0.1.0 < 0.3.1)
did_you_mean (1.4.0 < 1.6.3)
erubi (1.12.0 < 1.13.0)
etc (1.1.0 < 1.4.3)
facter (4.7.0 < 4.8.0)
faraday (1.10.3 < 2.10.1)
faraday-em_http (1.0.0 < 2.0.0)
faraday-excon (1.1.0 < 2.1.0)
faraday-httpclient (1.0.1 < 2.0.1)
faraday-net_http (1.0.1 < 3.2.0)
faraday-net_http_persistent (1.2.0 < 2.1.0)
faraday-patron (1.0.0 < 2.0.1)
faraday-rack (1.0.0 < 2.0.0)
faraday-retry (1.0.3 < 2.2.1)
fast_gettext (2.3.0 < 3.0.0)
fcntl (1.0.0 < 1.1.0)
ffi (1.16.3 < 1.17.0)
fiddle (1.0.0 < 1.1.2)
fileutils (1.4.1 < 1.7.2)
forwardable (1.3.1 < 1.3.3)
getoptlong (0.1.0 < 0.2.1)
hiera-eyaml (3.4.0 < 4.1.0)
highline (2.1.0 < 3.1.0)
hocon (1.3.1 < 1.4.0)
io-console (0.5.6 < 0.7.2)
ipaddr (1.2.2 < 1.2.6)
irb (1.2.6 < 1.14.0)
json (2.3.0 < 2.7.2)
jwt (2.7.1 < 2.8.2)
logger (1.4.2 < 1.6.0)
logging (2.3.1 < 2.4.0)
matrix (0.2.0 < 0.4.2)
minitar (0.9 < 1.0.1)
minitest (5.13.0 < 5.24.1)
multipart-post (2.4.0 < 2.4.1)
mutex_m (0.1.0 < 0.2.0)
net-pop (0.1.0 < 0.1.2)
net-smtp (0.1.0 < 0.5.0)
net-ssh (6.1.0 < 7.2.3)
nori (2.6.0 < 2.7.1)
observer (0.1.0 < 0.1.2)
open3 (0.1.0 < 0.2.1)
openssl (2.1.4 < 3.2.0)
ostruct (0.2.0 < 0.6.0)
power_assert (1.1.7 < 2.0.3)
pstore (0.1.0 < 0.1.3)
psych (3.1.0 < 5.1.2)
public_suffix (5.0.5 < 6.0.1)
puppet (7.30.0 < 8.8.1)
puppet_forge (3.2.0 < 5.0.4)
r10k (3.16.0 < 4.1.0)
racc (1.4.16 < 1.8.1)
rake (13.0.1 < 13.2.1)
rdoc (6.2.1.1 < 6.7.0)
readline (0.0.2 < 0.0.4)
readline-ext (0.1.0 < 0.2.0)
reline (0.1.5 < 0.5.9)
rexml (3.2.3.1 < 3.3.5)
rss (0.2.8 < 0.3.1)
ruby_smb (1.1.0 < 3.3.9)
rubyntlm (0.6.3 < 0.6.5)
singleton (0.1.0 < 0.2.0)
stringio (0.1.0 < 3.1.1)
strscan (1.0.3 < 3.1.0)
sys-filesystem (1.4.4 < 1.5.0)
test-unit (3.3.4 < 3.6.2)
thor (1.2.2 < 1.3.1)
timeout (0.1.0 < 0.4.1)
tracer (0.1.0 < 0.2.3)
uri (0.10.0.2 < 0.13.0)
winrm (2.3.6 < 2.3.9)
xmlrpc (0.3.0 < 0.3.3)
yaml (0.1.0 < 0.3.0)
zlib (1.1.0 < 3.1.1)
[root@pe ~]#

In particular I want to point out:

[root@pe ~]# /opt/puppetlabs/bolt/bin/gem info log4r

*** LOCAL GEMS ***

log4r (1.1.10)
    Author: Colby Gutierrez-Kraybill
    Homepage: http://log4r.rubyforge.org
    Installed at: /opt/puppetlabs/bolt/lib/ruby/gems/2.7.0

    Log4r, logging framework for ruby
[root@pe ~]#

Which has a dead upstream. The last release is from 2012, the website is down and the source code isn't available anymore, only the rubygems.org artifacts.

Expected Behavior

Don't ship outdated dependencies. At least not those that are dead upstream.

Steps to Reproduce

Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'

Environment

  • Version [e.g. 1.27.0]
  • Platform [e.g. Ubuntu 18.04]

Additional Context

Add any other context about the problem here.
@bastelfreak bastelfreak added the Bug Bug reports and fixes. label Aug 13, 2024
@donoghuc
Copy link
Member

Thanks, we are working on doing a major refresh including ruby env in bolt 4. Coming soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Bug reports and fixes.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bastelfreak @donoghuc