Skip to content

Update dependency puma to v5 [SECURITY]#111

Open
renovate[bot] wants to merge 1 commit into
developfrom
renovate/rubygems-puma-vulnerability
Open

Update dependency puma to v5 [SECURITY]#111
renovate[bot] wants to merge 1 commit into
developfrom
renovate/rubygems-puma-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Aug 19, 2023

Copy link
Copy Markdown

Mend Renovate

This PR contains the following updates:

Package Update Change
puma (source, changelog) major '~> 4.1' -> '~> 5.0'

GitHub Vulnerability Alerts

CVE-2021-41136

Impact

Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client.

This behavior (forwarding LF characters as line endings) is very uncommon amongst proxy servers, so we have graded the impact here as "low". Puma is only aware of a single proxy server which has this behavior.

If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client.

Patches

This vulnerability was patched in Puma 5.5.1 and 4.3.9.

Workarounds

This vulnerability only affects Puma installations without any proxy in front.

Use a proxy which does not forward LF characters as line endings.

Proxies which do not forward LF characters as line endings:

  • Nginx
  • Apache (>2.4.25)
  • Haproxy
  • Caddy
  • Traefik

Possible Breakage

If you are dealing with legacy clients that want to send LF as a line ending in an HTTP header, this will cause those clients to receive a 400 error.

References

For more information

If you have any questions or comments about this advisory:

CVE-2022-23634

Impact

Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly.

From Rails:

Under certain circumstances response bodies will not be closed, for example a bug in a webserver[1] or a bug in a Rack middleware. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests, especially when interacting with ActiveSupport::CurrentAttributes.

The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage.

Patches

This problem is fixed in Puma versions 5.6.2 and 4.3.11.

This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2.

See:
GHSA-wh98-p28r-vrc9
for details about the rails vulnerability

Upgrading to a patched Rails or Puma version fixes the vulnerability.

Workarounds

Upgrade to Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2.

The Rails CVE includes a middleware that can be used instead.

References

For more information

If you have any questions or comments about this advisory:

CVE-2022-24790

When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma.

The following vulnerabilities are addressed by this advisory:

  • Lenient parsing of Transfer-Encoding headers, when unsupported encodings should be rejected and the final encoding must be chunked.
  • Lenient parsing of malformed Content-Length headers and chunk sizes, when only digits and hex digits should be allowed.
  • Lenient parsing of duplicate Content-Length headers, when they should be rejected.
  • Lenient parsing of the ending of chunked segments, when they should end with \r\n.

The vulnerability has been fixed in 5.6.4 and 4.3.12. When deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.

These proxy servers are known to have "good" behavior re: this standard and upgrading Puma may not be necessary. Users are encouraged to validate for themselves.

  • Nginx (latest)
  • Apache (latest)
  • Haproxy 2.5+
  • Caddy (latest)
  • Traefik (latest)

CVE-2023-40175

Impact

Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling.

The following vulnerabilities are addressed by this advisory:

  • Incorrect parsing of trailing fields in chunked transfer encoding bodies
  • Parsing of blank/zero-length Content-Length headers

Patches

The vulnerability has been fixed in 6.3.1 and 5.6.7.

Workarounds

No known workarounds.

References

HTTP Request Smuggling

For more information

If you have any questions or comments about this advisory:

Open an issue in Puma
See our security policy


Release Notes

puma/puma (puma)

v5.6.7

Compare Source

  • Security
    • Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields (GHSA-68xg-gqqm-vgj8)

v5.6.6

Compare Source

  • Bugfix
    • Prevent loading with rack 3 ([#​3166])

v5.6.5

Compare Source

  • Feature

    • Puma::ControlCLI - allow refork command to be sent as a request ([#​2868], [#​2866])
  • Bugfixes

    • NullIO#closed should return false ([#​2883])
    • [jruby] Fix TLS verification hang ([#​2890], [#​2729])
    • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used ([#​2885], [#​2839])
    • MiniSSL - detect SSL_CTX_set_dh_auto ([#​2864], [#​2863])
    • Fix rack.after_reply exceptions breaking connections ([#​2861], [#​2856])
    • Escape SSL cert and filenames ([#​2855])
    • Fail hard if SSL certs or keys are invalid ([#​2848])
    • Fail hard if SSL certs or keys cannot be read by user ([#​2847])
    • Fix build with Opaque DH in LibreSSL 3.5. ([#​2838])
    • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) ([#​2817])
    • Fix Puma::StateFile#load incompatibility ([#​2810])

v5.6.4

Compare Source

  • Security

v5.6.2

Compare Source

v5.6.1

Compare Source

  • Bugfixes
    • Reverted a commit which appeared to be causing occasional blank header values ([#​2809])

v5.6.0

Compare Source

  • Features

    • Support localhost integration in ssl_bind ([#​2764], [#​2708])
    • Allow backlog parameter to be set with ssl_bind DSL ([#​2780])
    • Remove yaml (psych) requirement in StateFile ([#​2784])
    • Allow culling of oldest workers, previously was only youngest ([#​2773], [#​2794])
    • Add worker_check_interval configuration option ([#​2759])
    • Always send lowlevel_error response to client ([#​2731], [#​2341])
    • Support for cert_pem and key_pem with ssl_bind DSL ([#​2728])
  • Bugfixes

    • Keep thread names under 15 characters, prevents breakage on some OSes ([#​2733])
    • Fix two 'old-style-definition' compile warning ([#​2807], [#​2806])
    • Log environment correctly using option value ([#​2799])
    • Fix warning from Ruby master (will be 3.2.0) ([#​2785])
    • extconf.rb - fix openssl with old Windows builds ([#​2757])
    • server.rb - rescue handling (Errno::EBADF) for @notify.close ([#​2745])
  • Refactor

    • server.rb - refactor code using @​options[:remote_address] ([#​2742])
    • [jruby] a couple refactorings - avoid copy-ing bytes ([#​2730])

v5.5.2

Compare Source

  • Bugfixes
    • Allow UTF-8 in HTTP header values

v5.5.1

Compare Source

  • Feature (added as mistake - we don't normally do this on bugfix releases, sorry!)

    • Allow setting APP_ENV in preference to RACK_ENV or RAILS_ENV ([#​2702])
  • Security

v5.5.0

Compare Source

  • Features

    • Automatic SSL certificate provisioning for localhost, via localhost gem ([#​2610], [#​2257])
    • add support for the PROXY protocol (v1 only) ([#​2654], [#​2651])
    • Add a semantic CLI option for no config file ([#​2689])
  • Bugfixes

    • More elaborate exception handling - lets some dead pumas die. ([#​2700], [#​2699])
    • allow multiple after_worker_fork hooks ([#​2690])
    • Preserve BUNDLE_APP_CONFIG on worker fork ([#​2688], [#​2687])
  • Performance

    • Fix performance of server-side SSL connection close. ([#​2675])

v5.4.0

Compare Source

  • Features

    • Better/expanded names for threadpool threads ([#​2657])
    • Allow pkg_config for OpenSSL ([#​2648], [#​1412])
    • Add rack_url_scheme to Puma::DSL, allows setting of rack.url_scheme header ([#​2586], [#​2569])
  • Bugfixes

    • Binder#parse - allow for symlinked unix path, add create_activated_fds debug ENV ([#​2643], [#​2638])
    • Fix deprecation warning: minissl.c - Use Random.bytes if available ([#​2642])
    • Client certificates: set session id context while creating SSLContext ([#​2633])
    • Fix deadlock issue in thread pool ([#​2656])
  • Refactor

    • Replace IO.select with IO#wait_* when checking a single IO ([#​2666])

v5.3.2

Compare Source

  • Bugfixes
    • Gracefully handle Rack not accepting CLI options ([#​2630], [#​2626])
    • Fix sigterm misbehavior ([#​2629])
    • Improvements to keepalive-connection shedding ([#​2628])

v5.3.1

Compare Source

  • Security

v5.3.0

Compare Source

  • Features

  • Bugfixes

  • Performance

    • Reset peerip only if remote_addr_header is set ([#​2609])
    • Reduce puma_parser struct size ([#​2590])
  • Refactor

    • Refactor drain on shutdown ([#​2600])
    • Micro optimisations in wait_for_less_busy_worker feature ([#​2579])
    • Lots of test fixes

v5.2.2

Compare Source

  • Bugfixes
    • Add #flush and #sync methods to Puma::NullIO ([#​2553])
    • Restore sync=true on STDOUT and STDERR streams ([#​2557])

v5.2.1

Compare Source

  • Bugfixes
    • Fix TCP cork/uncork operations to work with ssl clients ([#​2550])
    • Require rack/common_logger explicitly if :verbose is true ([#​2547])
    • MiniSSL::Socket#write - use data.byteslice(wrote..-1) ([#​2543])
    • Set @env[CONTENT_LENGTH] value as string. ([#​2549])

v5.2.0

Compare Source

  • Features

    • 10x latency improvement for MRI on ssl connections by reducing overhead ([#​2519])
    • Add option to specify the desired IO selector backend for libev ([#​2522])
    • Add ability to set OpenSSL verification flags (MRI only) ([#​2490])
    • Uses flush after writing messages to avoid mutating $stdout and $stderr using sync=true ([#​2486])
  • Bugfixes

    • MiniSSL - Update dhparam to 2048 bit for use with SSL_CTX_set_tmp_dh ([#​2535])
    • Change 'Goodbye!' message to be output after listeners are closed ([#​2529])
    • Fix ssl bind logging with 0.0.0.0 and localhost ([#​2533])
    • Fix compiler warnings, but skipped warnings related to ragel state machine generated code ([#​1953])
    • Fix phased restart errors related to nio4r gem when using the Puma control server ([#​2516])
    • Add #string method to Puma::NullIO ([#​2520])
    • Fix binding via Rack handler to IPv6 addresses ([#​2521])
  • Refactor

    • Refactor MiniSSL::Context on MRI, fix MiniSSL::Socket#write ([#​2519])
    • Remove Server#read_body ([#​2531])
    • Fail build if compiling extensions raises warnings on GH Actions, configurable via MAKE_WARNINGS_INTO_ERRORS ([#​1953])

v5.1.1

Compare Source

  • Bugfixes
    • Fix over eager matching against banned header names ([#​2510])

v5.1.0

Compare Source

  • Features

    • Phased restart availability is now always logged, even if it is not available.
    • Prints the loaded configuration if the environment variable PUMA_LOG_CONFIG is present ([#​2472])
    • Integrate with systemd's watchdog and notification features ([#​2438])
    • Adds max_fast_inline as a configuration option for the Server object ([#​2406])
    • You can now fork workers from worker 0 using SIGURG w/o fork_worker enabled [#​2449]
    • Add option to bind to systemd activated sockets ([#​2362])
    • Add compile option to change the QUERY_STRING max length ([#​2485])
  • Bugfixes

    • Fix JRuby handling in Puma::DSL#ssl_bind ([#​2489])
    • control_cli.rb - all normal output should be to @​stdout ([#​2487])
    • Catch 'Error in reactor loop escaped: mode not supported for this object: r' ([#​2477])
    • Ignore Rails' reaper thread (and any thread marked forksafe) for warning ([#​2475])
    • Ignore illegal (by Rack spec) response header ([#​2439])
    • Close idle connections immediately on shutdown ([#​2460])
    • Fix some instances of phased restart errors related to the json gem ([#​2473])
    • Remove use of json gem to fix phased restart errors ([#​2479])
    • Fix grouping regexp of ILLEGAL_HEADER_KEY_REGEX ([#​2495])

v5.0.4

Compare Source

  • Bugfixes
    • Pass preloaded application into new workers if available when using preload_app ([#​2461], [#​2454])

v5.0.3

Compare Source

  • Bugfixes

    • Add Client#io_ok?, check before Reactor#register ([#​2432])
    • Fix hang on shutdown in refork ([#​2442])
    • Fix Bundler::GemNotFound errors for nio4r gem during phased restarts ([#​2427], [#​2018])
    • Server run thread safety fix ([#​2435])
    • Fire on_booted after server starts ([#​2431], [#​2212])
    • Cleanup daemonization in rc.d script ([#​2409])
  • Refactor

    • Remove accept_nonblock.rb, add test_integration_ssl.rb ([#​2448])
    • Refactor status.rb - dry it up a bit ([#​2450])
    • Extract req/resp methods to new request.rb from server.rb ([#​2419])
    • Refactor Reactor and Client request buffering ([#​2279])
    • client.rb - remove JRuby specific 'finish' code ([#​2412])
    • Consolidate fast_write calls in Server, extract early_hints assembly ([#​2405])
    • Remove upstart from docs ([#​2408])
    • Extract worker process into separate class ([#​2374])
    • Consolidate option handling in Server, Server small refactors, doc changes ([#​2389])

v5.0.2

Compare Source

  • Bugfixes
    • Reverted API changes to Server.

v5.0.1

Compare Source

  • Bugfixes

    • Fix LoadError in CentOS 8 ([#​2381])
    • Better error handling during force shutdown ([#​2271])
    • Prevent connections from entering Reactor after shutdown begins ([#​2377])
    • Fix error backtrace debug logging && Do not log request dump if it is not parsed ([#​2376])
    • Split TCP_CORK and TCP_INFO ([#​2372])
    • Do not log EOFError when a client connection is closed without write ([#​2384])
  • Refactor

    • Change Events#ssl_error signature from (error, peeraddr, peercert) to (error, ssl_socket) ([#​2375])
    • Consolidate option handling in Server, Server small refactors, doc chang ([#​2373])

v5.0.0

Compare Source

  • Features

    • Allow compiling without OpenSSL and dynamically load files needed for SSL, add 'no ssl' CI ([#​2305])
    • EXPERIMENTAL: Add fork_worker option and refork command for reduced memory usage by forking from a worker process instead of the master process. ([#​2099])
    • EXPERIMENTAL: Added wait_for_less_busy_worker config. This may reduce latency on MRI through inserting a small delay before re-listening on the socket if worker is busy ([#​2079]).
    • EXPERIMENTAL: Added nakayoshi_fork option. Reduce memory usage in preloaded cluster-mode apps by GCing before fork and compacting, where available. ([#​2093], [#​2256])
    • Added pumactl thread-backtraces command to print thread backtraces ([#​2054])
    • Added incrementing requests_count to Puma.stats. ([#​2106])
    • Increased maximum URI path length from 2048 to 8192 bytes ([#​2167], [#​2344])
    • lowlevel_error_handler is now called during a forced threadpool shutdown, and if a callable with 3 arguments is set, we now also pass the status code ([#​2203])
    • Faster phased restart and worker timeout ([#​2220])
    • Added state_permission to config DSL to set state file permissions ([#​2238])
    • Added Puma.stats_hash, which returns a stats in Hash instead of a JSON string ([#​2086], [#​2253])
    • rack.multithread and rack.multiprocess now dynamically resolved by max_thread and workers respectively ([#​2288])
  • Deprecations, Removals and Breaking API Changes

    • --control has been removed. Use --control-url ([#​1487])
    • worker_directory has been removed. Use directory.
    • min_threads now set by environment variables PUMA_MIN_THREADS and MIN_THREADS. ([#​2143])
    • max_threads now set by environment variables PUMA_MAX_THREADS and MAX_THREADS. ([#​2143])
    • max_threads default to 5 in MRI or 16 for all other interpreters. ([#​2143])
    • preload_app! is on by default if number of workers > 1 and set via WEB_CONCURRENCY ([#​2143])
    • Puma::Plugin.workers_supported? has been removed. Use Puma.forkable? instead. ([#​2143])
    • tcp_mode has been removed without replacement. ([#​2169])
    • Daemonization has been removed without replacement. ([#​2170])
    • Changed #connected_port to #connected_ports ([#​2076])
    • Configuration: environment is read from RAILS_ENV, if RACK_ENV can't be found ([#​2022])
    • Log binding on http:// for TCP bindings to make it clickable ([#​2300])
  • Bugfixes

    • Fix JSON loading issues on phased-restarts ([#​2269])
    • Improve shutdown reliability ([#​2312], [#​2338])
    • Close client http connections made to an ssl server with TLSv1.3 ([#​2116])
    • Do not set user_config to quiet by default to allow for file config ([#​2074])
    • Always close SSL connection in Puma::ControlCLI ([#​2211])
    • Windows update extconf.rb for use with ssp and varied Ruby/MSYS2 combinations ([#​2069])
    • Ensure control server Unix socket is closed on shutdown ([#​2112])
    • Preserve BUNDLE_GEMFILE env var when using prune_bundler ([#​1893])
    • Send 408 request timeout even when queue requests is disabled ([#​2119])
    • Rescue IO::WaitReadable instead of EAGAIN for blocking read ([#​2121])
    • Ensure BUNDLE_GEMFILE is unspecified in workers if unspecified in master when using prune_bundler ([#​2154])
    • Rescue and log exceptions in hooks defined by users (on_worker_boot, after_worker_fork etc) ([#​1551])
    • Read directly from the socket in #read_and_drop to avoid raising further SSL errors ([#​2198])
    • Set Connection: closed header when queue requests is disabled ([#​2216])
    • Pass queued requests to thread pool on server shutdown ([#​2122])
    • Fixed a few minor concurrency bugs in ThreadPool that may have affected non-GVL Rubies ([#​2220])
    • Fix out_of_band hook never executed if the number of worker threads is > 1 ([#​2177])
    • Fix ThreadPool#shutdown timeout accuracy ([#​2221])
    • Fix UserFileDefaultOptions#fetch to properly use default ([#​2233])
    • Improvements to out_of_band hook ([#​2234])
    • Prefer the rackup file specified by the CLI ([#​2225])
    • Fix for spawning subprocesses with fork_worker option ([#​2267])
    • Set CONTENT_LENGTH for chunked requests ([#​2287])
    • JRuby - Add Puma::MiniSSL::Engine#init? and #teardown methods, run all SSL tests ([#​2317])
    • Improve shutdown reliability ([#​2312])
    • Resolve issue with threadpool waiting counter decrement when thread is killed
    • Constrain rake-compiler version to 0.9.4 to fix ClassNotFound exception when using MiniSSL with Java8.
    • Fix recursive prune_bundler ([#​2319]).
    • Ensure that TCP_CORK is usable
    • Fix corner case when request body is chunked ([#​2326])
    • Fix filehandle leak in MiniSSL ([#​2299])
  • Refactor

    • Remove unused loader argument from Plugin initializer ([#​2095])
    • Simplify Configuration.random_token and remove insecure fallback ([#​2102])
    • Simplify Runner#start_control URL parsing ([#​2111])
    • Removed the IOBuffer extension and replaced with Ruby ([#​1980])
    • Update Rack::Handler::Puma.run to use **options ([#​2189])
    • ThreadPool concurrency refactoring ([#​2220])
    • JSON parse cluster worker stats instead of regex ([#​2124])
    • Support parallel tests in verbose progress reporting ([#​2223])
    • Refactor error handling in server accept loop ([#​2239])

v4.3.12

Compare Source

  • Security

v4.3.11

Compare Source

v4.3.10

Compare Source

  • Bugfixes
    • Allow UTF-8 in HTTP header values

v4.3.9

Compare Source

  • Security

v4.3.8

Compare Source

  • Security

v4.3.7

Compare Source

  • Bugfixes
    • Backport set CONTENT_LENGTH for chunked requests (Originally: [#​2287], backport: [#​2496])

v4.3.6

Compare Source

  • Bugfixes
    • Explicitly include ctype.h to fix compilation warning and build error on macOS with Xcode 12 ([#​2304])
    • Don't require json at boot ([#​2269])

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate

renovate Bot commented Aug 19, 2023

Copy link
Copy Markdown
Author

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Gemfile.lock
[01:30:20.951] INFO (9): Installing tool ruby v2.7.1...
installing v2 tool ruby v2.7.1
linking tool ruby v2.7.1
ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x86_64-linux]
gem 3.1.2
RubyGems Environment:
  - RUBYGEMS VERSION: 3.1.2
  - RUBY VERSION: 2.7.1 (2020-03-31 patchlevel 83) [x86_64-linux]
  - INSTALLATION DIRECTORY: /tmp/worker/19e81c/b60443/cache/others/bundler
  - USER INSTALLATION DIRECTORY: /home/ubuntu/.gem/ruby/2.7.0
  - RUBY EXECUTABLE: /opt/containerbase/tools/ruby/2.7.1/bin/ruby
  - GIT EXECUTABLE: /usr/bin/git
  - EXECUTABLE DIRECTORY: /tmp/worker/19e81c/b60443/cache/others/bundler/bin
  - SPEC CACHE DIRECTORY: /home/ubuntu/.gem/specs
  - SYSTEM CONFIGURATION DIRECTORY: /usr/local/ruby/2.7.1/etc
  - RUBYGEMS PLATFORMS:
    - ruby
    - x86_64-linux
  - GEM PATHS:
     - /tmp/worker/19e81c/b60443/cache/others/bundler
     - /home/ubuntu/.gem/ruby/2.7.0
     - /opt/containerbase/tools/ruby/2.7.1/lib/ruby/gems/2.7.0
  - GEM CONFIGURATION:
     - :update_sources => true
     - :verbose => true
     - :backtrace => false
     - :bulk_threshold => 1000
     - "gem" => "--bindir /home/ubuntu/bin --no-document"
     - :benchmark => false
  - REMOTE SOURCES:
     - https://rubygems.org/
  - SHELL PATH:
     - /home/ubuntu/.cargo/bin
     - /home/ubuntu/.local/bin
     - /go/bin
     - /home/ubuntu/bin
     - /home/ubuntu/.cargo/bin
     - /home/ubuntu/.local/bin
     - /go/bin
     - /home/ubuntu/bin
     - /home/ubuntu/.cargo/bin
     - /home/ubuntu/.local/bin
     - /go/bin
     - /home/ubuntu/bin
     - /home/ubuntu/bin
     - /home/ubuntu/.cargo/bin
     - /home/ubuntu/.local/bin
     - /go/bin
     - /home/ubuntu/bin
     - /home/ubuntu/bin
     - /usr/local/sbin
     - /usr/local/bin
     - /usr/sbin
     - /usr/bin
     - /sbin
     - /bin
[01:30:22.912] INFO (9): Installed tool ruby in 1.9s.
[01:30:23.011] INFO (103): Installing tool bundler v2.1.4...
installing v2 tool bundler v2.1.4
Successfully installed bundler-2.1.4
1 gem installed
linking tool bundler v2.1.4
Bundler version 2.1.4
[01:30:34.456] INFO (103): Installed tool bundler in 11.4s.
ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x86_64-linux]
Fetching gem metadata from https://rubygems.org/.........
Fetching gem metadata from https://rubygems.org/.
Resolving dependencies...

/usr/local/bin/docker: line 4: .: filename argument required
.: usage: . filename [arguments]
Your bundle is locked to mimemagic (0.3.5), but that version could not be found
in any of the sources listed in your Gemfile. If you haven't changed sources,
that means the author of mimemagic (0.3.5) has removed it. You'll need to update
your bundle to a version other than mimemagic (0.3.5) that hasn't been removed
in order to install.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants