TechQA.

Unable to update sidekiq-batch runtime dependency to recommended version

123 views Asked by At

I am currently working on a Rails application that uses the sidekiq-batch gem. After identifying a vulnerability in the runtime dependency of sidekiq-batch related to the sidekiq, I am attempting to update the runtime dependency to a recommended version (between 6.4.1 to 7.1.2).

Gemfile

gem 'sidekiq-batch', '~> 0.1.6'

vulnerable version >=3

Gemfile.lock

sidekiq-batch (0.1.9)
  sidekiq (>= 3)

To update the runtime dependency, I tried to update the sidekiq-batch gem version to update its runtime dependency, but with the latest version of sidekiq-batch gem I am still getting the same version of its runtime dependency sidekiq.

After updating the sidekiq-batch gem

Gemfile

gem 'sidekiq-batch', '~> 0.1.9'

Gemfile.lock

sidekiq-batch (0.1.9)
  sidekiq (>= 3)

I tried to update the version manually in Gemfile.lock manually. After running bundle update sidekiq-batch it removes the manual changes from Gemfile.lock file.

I would appreciate any insights or guidance on how to address this situation and successfully update the runtime dependency of sidekiq-batch to a recommended version while accommodating the existing sidekiq gem version. Thank you.

Here's my Gemfile

source 'https://rubygems.org'
git_source(:github) {|repo| "https://github.com/#{repo}.git" }

ruby '2.6.6'

gem 'rails', '~> 6.0', '>= 6.0.6.1'

gem 'puma','~> 6.0', '>= 6.0.1'

gem 'redis', '~> 4.5', '< 4.6.0'

gem 'sidekiq', '~> 5.2.8'
gem 'sidekiq-batch', '~> 0.1.6'
gem 'sidekiq-failures', '~> 1.0'

group :development, :test do
  gem 'rspec-rails'
  gem 'pry'
end

group :test do
  gem 'fakeredis'
end
ruby-on-rails ruby rubygems gemfile gemfile.lock
Original Q&A
1

There are 1 answers

1
spickermann On

This line in your Gemfile

gem 'sidekiq', '~> 5.2.8'

means that Bundler is only allowed to install sidekiq versions that are greater or equal to 5.2.8 and smaller than 5.3.

That explains why Bundler is unable to update sidekiq to 6.4.1 or to any 7.x version.

Unless you have a reason to not allow Bundler updating a gem, I suggest removing that version constraint. A good reason could be that you, for example, know about a breaking change in a newer version and therefore cannot upgrade any further.

In your case, I suggest changing those lines to:

gem 'sidekiq', '~> 6.4'
gem 'sidekiq-batch'
gem 'sidekiq-failures'

You might even want to try removing the version constraint from sidekiq entirely, but that might fail because its 7.0 version introduced some breaking changes.

See the following docs:

Related Questions in RUBY-ON-RAILS

Related Questions in RUBY

Related Questions in RUBYGEMS

Related Questions in GEMFILE

Related Questions in GEMFILE.LOCK

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions