Disallow bundle to any changes to Gemfile.lock
What does this MR do?
Per the Rubygems.org advisory, we should be using frozen on CI
https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79
Not that I also had to add a command to install the locked Bundler version (2.2.33) on our CI, so that frozen does not complain, since the Ruby image on our CI has an older version of Bundler.
FYI, @tkuah.
Related issues
Related to #6821 (closed)
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
Pipeline is green on dev.gitlab.org if the change is touching anything besides documentation or internal cookbooks -
trigger-packagehas a green pipeline running against latest commit
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for the GitLab Chart opened
Edited by Michael Kozono