Skip to content

fix(deps): add openssl gem to Gemfile #67

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
matteoredz merged 2 commits into from
Jan 11, 2026
Merged

fix(deps): add openssl gem to Gemfile #67

matteoredz merged 2 commits into from
Jan 11, 2026

Conversation

@matteoredz
Copy link
Owner

@matteoredz matteoredz commented Jan 10, 2026
edited by coderabbitai bot
Loading

Running rake cities:import with modern Rubies, I guess >= 3.4, errors with:

rake aborted!
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 peeraddr=185.199.110.133:443 state=error: certificate verify failed (unable to get certificate CRL) (OpenSSL::SSL::SSLError)
...

Because openssl is no longer part of the bundled gems.

This PR adds the dependency explicitly to the Gemfile.

Summary by CodeRabbit

  • Chores
    • Added an OpenSSL dependency to the project to support cryptographic operations.
    • Adjusted CI Ruby setup to disable dependency caching; this may increase build time but ensures fresh dependency installs for each run.

✏️ Tip: You can customize this high-level summary in your review settings.

@matteoredz matteoredz self-assigned this Jan 10, 2026
@coderabbitai
Copy link

coderabbitai bot commented Jan 10, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Added an "openssl" gem to the Gemfile and changed bundler-cache from true to false in .github/workflows/lint.yml; both are configuration/dependency edits with no control-flow or public API changes.

Changes

Cohort / File(s) Summary
Dependency Addition
Gemfile		 Added openssl gem dependency (+1 line).
CI Configuration
.github/workflows/lint.yml		 Changed bundler-cache option for ruby/setup-ruby from true to false (disable Bundler cache).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped through lines with a careful paw,
Added a gem for the cryptic law,
Toggled the cache with a tiny flip,
A quiet change on the CI ship,
Sniffing code crumbs, I take a bow. 🥕

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: adding the openssl gem to the Gemfile to resolve SSL errors in modern Ruby versions.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Jan 10, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Fix all issues with AI agents 
In @.github/workflows/lint.yml:
- Around line 18-20: The Gemfile currently declares a bare gem "openssl" without
version constraints; update the Gemfile entry for the openssl gem (the gem
"openssl" declaration) to include an explicit, supported version constraint (for
example using a pessimistic operator like "~> X.X" or a specific minimum ">=
X.X.X") to ensure reproducible, secure installs, then run bundler to update the
lockfile (bundle install/bundle update) and commit the updated Gemfile and
Gemfile.lock.
🧹 Nitpick comments (1)
.github/workflows/lint.yml (1)

18-20: Verify whether disabling bundler-cache is necessary long-term.

Disabling bundler-cache forces fresh dependency installation on every CI run, which will slow down the workflow. Once the Gemfile.lock is updated with the new openssl gem dependency, re-enabling the cache should be safe and will improve CI performance.

Consider reverting this change to bundler-cache: true after the initial dependency update is complete.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cb581ae and 7b3d5a5.

📒 Files selected for processing (1)
  • .github/workflows/lint.yml
🔇 Additional comments (1)
.github/workflows/lint.yml (1)

19-19: Update Ruby version in lint job: 2.5.0 is end-of-life.

Ruby 2.5.0 reached end-of-life on April 5, 2021. Using an EOL version in CI/CD introduces security vulnerabilities and risks gem compatibility issues. Update the lint job to use a modern, actively-maintained Ruby version (e.g., Ruby 3.4, which is already tested in other workflows).

Since this job runs Rubocop (static analysis), any currently-supported Ruby version is suitable.

.github/workflows/lint.yml
Comment on lines +18 to 20
bundler-cache: false
ruby-version: 2.5.0
- run: bundle install
Copy link

@coderabbitai coderabbitai bot Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify openssl gem is in Gemfile and check version constraints
echo "=== Checking Gemfile for openssl gem ==="
rg -n "gem ['\"]openssl['\"]" Gemfile

echo -e "\n=== Checking Gemfile.lock for openssl gem ==="
rg -A 5 "^  openssl" Gemfile.lock

Repository: matteoredz/itax-code

Length of output: 150

🏁 Script executed:

#!/bin/bash
# First, check if Gemfile exists
if [ -f Gemfile ]; then
  echo "=== Gemfile found, searching for openssl gem ==="
  grep -n "openssl" Gemfile || echo "openssl gem not found in Gemfile"
else
  echo "Gemfile not found"
fi

# Also check Gemfile.lock if it exists
if [ -f Gemfile.lock ]; then
  echo -e "\n=== Checking Gemfile.lock ==="
  grep -n "openssl" Gemfile.lock || echo "openssl not found in Gemfile.lock"
else
  echo "Gemfile.lock not found"
fi

# List files in root to confirm structure
echo -e "\n=== Files in repository root ==="
ls -la | head -20

Repository: matteoredz/itax-code

Length of output: 1119

🏁 Script executed:

cat -n Gemfile

Repository: matteoredz/itax-code

Length of output: 430

Openssl gem is present in Gemfile but lacks version constraints.

The openssl gem has been added to the Gemfile at line 10, confirming the PR objective. However, it uses a bare gem "openssl" declaration without any version constraints. Consider adding an explicit version requirement (e.g., gem "openssl", "~> X.X") for reproducibility and security consistency, especially for a security-sensitive dependency.

🤖 Prompt for AI Agents 
In @.github/workflows/lint.yml around lines 18 - 20, The Gemfile currently
declares a bare gem "openssl" without version constraints; update the Gemfile
entry for the openssl gem (the gem "openssl" declaration) to include an
explicit, supported version constraint (for example using a pessimistic operator
like "~> X.X" or a specific minimum ">= X.X.X") to ensure reproducible, secure
installs, then run bundler to update the lockfile (bundle install/bundle update)
and commit the updated Gemfile and Gemfile.lock.

@matteoredz matteoredz merged commit 3de10e3 into main Jan 11, 2026
14 checks passed
@matteoredz matteoredz deleted the add-openssl-to-gemfile branch January 11, 2026 18:52
@github-actions github-actions bot mentioned this pull request Jan 11, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

@matteoredz matteoredz

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matteoredz