Bump sprockets from 4.0.3 to 4.2.0 #3405
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
the
dependencies
|
@dorner you had specifically used sprockets 4.0 in a previous PR instead of 4.2 and I didn't know what the reason was. All the tests pass with this at 4.2, I can do some further testing if it would help. |
dependabot
bot
force-pushed
the
dependabot/bundler/sprockets-4.2.0
branch
from
f5acaba to
4b51cae
Compare
|
@awwaiid it's because of this issue rails/sprockets#749 - it affects development, not any of the other environments. |
dependabot
bot
force-pushed
the
dependabot/bundler/sprockets-4.2.0
branch
2 times, most recently
from
78c47e6 to
cae9104
Compare
dependabot
bot
force-pushed
the
dependabot/bundler/sprockets-4.2.0
branch
from
cae9104 to
6d4abc1
Compare
Bumps [sprockets](https://github.com/rails/sprockets) from 4.0.3 to 4.2.0. - [Release notes](https://github.com/rails/sprockets/releases) - [Changelog](https://github.com/rails/sprockets/blob/main/CHANGELOG.md) - [Commits](rails/sprockets@v4.0.3...v4.2.0) --- updated-dependencies: - dependency-name: sprockets dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/bundler/sprockets-4.2.0
branch
from
6d4abc1 to
feca39d
Compare
|
@dorner Well .... what do you think of this in-code patch to sprockets to work around this? I looked at the upstream sprockets issue and code and didn't see any obvious PR that I should submit there. |
|
Ouch, that's super hacky. :) I'd much rather get a fix for this on the sprockets side. I'm sure it's possible, it's just not easy to do. |
|
I'm going to look into the vendoring work around mentioned in hotwired/stimulus-rails#108 |
|
One of the upstream projects closed the related bug-report, saying that this isn't an issue with newer rails. I'm not sure if that is really true, but might be worth re-evaluating. Still -- we could vendorize the one file and that might at least get this mergeable. |
|
I'd rather not monkey patch if there isn't a really good reason. Just tried it with latest Rails and it seems to still be a problem. |
|
Tried vendoring it as well and it doesn't seem to work either |
|
ok, figured it out. No idea why they're saying this isn't happening any more. Wondering if the "stock app" they're testing on has some kind of different setting than ours. I'll put up a PR. |
|
Closing in favor of #3704 . |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Bumps sprockets from 4.0.3 to 4.2.0.
Release notes
Sourced from sprockets's releases.
Changelog
Sourced from sprockets's changelog.
Commits
eafbd11Prepare for 4.2.0cce2c0aMerge pull request #771 from eregon/thread-safe-CachedEnvironment39490deMake the URI tests pass with ruby-head58eb15dAdd TruffleRuby in CId503c9bAdd ChangeLog entry9d461f1Make Sprockets::Cache::MemoryStore thread-safe by using a Mutex4e74e3aUse Concurrent::Map#fetch_or_store2d454bcMake Sprockets::CachedEnvironment thread-safe by using Concurrent::Map1276b43Merge pull request #759 from ntkme/module-include-thread-safety722d587Make Sprockets::Utils.module_include thread safeYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)