Sometimes a gem is insecure, but there is no security patch for it yet. This totally breaks our deployments because of scan_gems. There's a work around with I_KNOW_GEMS_ARE_INSECURE, but it's a huge pain.
I propose that the scan_gems task pings rubygems.org to find the latest version of the insecure gem to see if there's an update. If there is no update, it should not stop the deployment process and instead just display a warning. If there is an update, it should abort the deployment as it does now.
The task in question:
Sometimes a gem is insecure, but there is no security patch for it yet. This totally breaks our deployments because of
scan_gems. There's a work around withI_KNOW_GEMS_ARE_INSECURE, but it's a huge pain.I propose that the
scan_gemstask pings rubygems.org to find the latest version of the insecure gem to see if there's an update. If there is no update, it should not stop the deployment process and instead just display a warning. If there is an update, it should abort the deployment as it does now.The task in question:
jefferies_tube/lib/jefferies_tube/capistrano/deploy.rb
Line 26 in 06cb6c8