Disallow bundle to any changes to Gemfile.lock
What does this MR do?
Per the Rubygems.org advisory, we should be using frozen
on CI
https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79
Not that I also had to add a command to install the locked Bundler version (2.2.33
) on our CI, so that frozen
does not complain, since the Ruby image on our CI has an older version of Bundler.
FYI, @tkuah.
Related issues
Related to #6821 (closed)
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
Pipeline is green on dev.gitlab.org if the change is touching anything besides documentation or internal cookbooks -
trigger-package
has a green pipeline running against latest commit
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for the GitLab Chart opened
Edited by Michael Kozono