Update Rubygems to v3.2.33 to ensure bundler v2.2.33 is installed
What does this MR do?
Ruby v2.7.5 ships with bundler v2.1.4 by default, and that version contains a number of bugs in CVEs that have been fixed.
This update to RubyGems ensures bundler v2.2.33 is installed. Also use
the --no-document
flag to speed installs. This is already done in
the UBI-8 build.
This is alternative approach to !1100 (closed).
Before
$ docker run -it registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee:master bash
Begin parsing .erb templates from /srv/gitlab/config
Begin parsing .tpl templates from /srv/gitlab/config
root@8e020d67af46:/# gem list bundle
*** LOCAL GEMS ***
bundler (2.3.15, default: 2.2.19)
After
$ docker run -it registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee:sh-update-bundler-ruby bash
Begin parsing .erb templates from /srv/gitlab/config
Begin parsing .tpl templates from /srv/gitlab/config
root@6ccdfd3b158d:/# gem --version
3.2.33
root@6ccdfd3b158d:/# gem list bundler
*** LOCAL GEMS ***
bundler (2.3.15, default: 2.2.33)
$ docker run -it registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee:sh-update-bundler-ruby-ubi8-ubi8 bash
gem list bundler
gem list bundler
Begin parsing .erb templates from /srv/gitlab/config
Begin parsing .tpl templates from /srv/gitlab/config
[root@3f2e0f8b582a /]# gem list bundler
*** LOCAL GEMS ***
bundler (2.3.15, default: 2.2.33)
Related issues
Relates to https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3471
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Integration tests added to GitLab QA -
The impact any change in container size has should be evaluated
Edited by Stan Hu