Relax Rails dependency to allow security updates

Currently dependabot is failing to upgrade some gems that are part of
Rails. For example, when there's a security issue in ActiveRecord or
ActiveStorage, we get messages like:

```
Dependabot cannot update activestorage to a non-vulnerable version.

The latest possible version that can be installed is 7.1.5.1 because of
the following conflicting dependencies:

rails (7.1.5.1) requires activestorage (= 7.1.5.1) via actionmailbox (7.1.5.1)
rails (7.1.5.1) requires activestorage (= 7.1.5.1) via actiontext (7.1.5.1)
rails (7.1.5.1) requires activestorage (= 7.1.5.1)

The earliest fixed version is 7.1.5.2.
```

So we're relaxing the dependency in order to make it easier for
dependabot to upgrade gems that are part of Rails.

Note that, with this configuration, Dependabot wouldn't be able to
upgrade to Rails 7.1.6 if this releases fixed a security issues in a gem
that is part of Rails. We might still need to upgrade Rails manually in
this case.

This commit is contained in:

Javi Martín

2025-08-15 10:51:09 +02:00

parent 1108c61f01

commit 24dcff3c1d

2 changed files with 2 additions and 2 deletions

									
										2

Gemfile
									
												View File
												
				@@ -2,7 +2,7 @@ source "https://rubygems.org"

				ruby file: ".ruby-version"

				gem "rails", "7.1.5.1"

				gem "rails", "~> 7.1.5.1"

				gem "acts-as-taggable-on", "~> 12.0.0"

				gem "acts_as_votable", "~> 0.14.0"

Relax Rails dependency to allow security updates

2 Gemfile Unescape Escape View File

2

Gemfile

View File