なぜ行ったのか
RubyGemsに脆弱性があるので、rbenv-eachを導入して、まとめてコマンドを実行してみた。
週刊Railsウォッチ(20190311-1/2前編)「Rails Conductor」14年ぶり復活なるか?、RubyGemsに複数の脆弱性、2009年のRailsエコシステムほか
rbenv/rbenv-each: rbenv plugin to Run a command across all installed rubies.
インストール方法
公式リポジトリより
$ git clone https://github.com/rbenv/rbenv-each.git "$(rbenv root)"/plugins/rbenv-each # インストール確認 $ rbenv help each Usage: rbenv each [-v] <command> [arg1 arg2...] Executes a command for each Ruby version by setting RBENV_VERSION. Failures are collected and reported at the end. -v Verbose mode. Prints a header for each ruby.
動作確認
このコードを参考に、Rubyのすべてのバージョンで、そのバージョン情報を出力する。
$ rbenv each ruby -e 'puts "ruby #{RUBY_VERSION} (#{RUBY_RELEASE_DATE} patchlevel #{RUBY_PATCHLEVEL}) [#{RUBY_PLATFORM}]"'
ruby 2.2.8 (2017-09-14 patchlevel 477) [x86_64-darwin16]
ruby 2.5.1 (2018-03-29 patchlevel 57) [x86_64-darwin16]
いざアップデート
脆弱性の修正パッチが当たっているのがRuby2.4以降らしいので、それより前は失敗する。この場合は 2.2.8 のupdateは失敗することに。
$ rbenv each gem update --system
Updating rubygems-update
Fetching: rubygems-update-3.0.3.gem (100%)
ERROR: Error installing rubygems-update:
rubygems-update requires Ruby version >= 2.3.0.
ERROR: While executing gem ... (NoMethodError)
undefined method `version' for nil:NilClass
Updating rubygems-update
Fetching rubygems-update-3.0.3.gem
Successfully installed rubygems-update-3.0.3
Parsing documentation for rubygems-update-3.0.3
Installing ri documentation for rubygems-update-3.0.3
Installing darkfish documentation for rubygems-update-3.0.3
Done installing documentation for rubygems-update after 40 seconds
Parsing documentation for rubygems-update-3.0.3
Done installing documentation for rubygems-update after 0 seconds
Installing RubyGems 3.0.3
Bundler 1.17.3 installed
RubyGems 3.0.3 installed
Regenerating binstubs
Parsing documentation for rubygems-3.0.3
Installing ri documentation for rubygems-3.0.3
=== 3.0.2 / 2019-01-01
Minor enhancements:
* Use Bundler-1.17.3. Pull request #2556 by SHIBATA Hiroshi.
* Fix document flag description. Pull request #2555 by Luis Sagastume.
Bug fixes:
* Fix tests when ruby --program-suffix is used without rubygems
--format-executable. Pull request #2549 by Jeremy Evans.
* Fix Gem::Requirement equality comparison when ~> operator is used. Pull
request #2554 by Grey Baker.
* Unset SOURCE_DATE_EPOCH in the test cases. Pull request #2558 by Sorah
Fukumori.
* Restore SOURCE_DATE_EPOCH. Pull request #2560 by SHIBATA Hiroshi.
=== 3.0.1 / 2018-12-23
Bug fixes:
* Ensure globbed files paths are expanded. Pull request #2536 by Tony Ta.
* Dup the Dir.home string before passing it on. Pull request #2545 by
Charles Oliver Nutter.
* Added permissions to installed files for non-owners. Pull request #2546
by SHIBATA Hiroshi.
* Restore release task without hoe. Pull request #2547 by SHIBATA Hiroshi.
------------------------------------------------------------------------------
RubyGems installed the following executables:
/Users/yamakawa00/.anyenv/envs/rbenv/versions/2.5.1/bin/gem
/Users/yamakawa00/.anyenv/envs/rbenv/versions/2.5.1/bin/bundle
Ruby Interactive (ri) documentation was installed. ri is kind of like man
pages for Ruby libraries. You may access it like this:
ri Classname
ri Classname.class_method
ri Classname#instance_method
If you do not wish to install this documentation in the future, use the
--no-document flag, or set it as the default in your ~/.gemrc file. See
'gem help env' for details.
RubyGems system software updated
FAILED IN: 2.2.8
結果として、2.5.1しか脆弱性修正対象のバージョンがなかったので、rbenv-eachを導入する必要がなかったのではと思ったが、何事も経験なので。
