Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conflict with net/http? #1523

Open
hallerm opened this issue Dec 7, 2022 · 8 comments
Open

Conflict with net/http? #1523

hallerm opened this issue Dec 7, 2022 · 8 comments

Comments

@hallerm
Copy link

hallerm commented Dec 7, 2022
edited
Loading

With ruby 2.6.10 and mail 2.8.0 installed, requiring 'mail' followed by 'net/http' shows a conflict with the built-in net/protocol. I have not yet observed any functional problems, but it seems problematic that the net-protocol gem code is being overwritten with the built-in library code.

$ irb
irb(main):001:0> require 'mail'
=> true
irb(main):002:0> require 'net/http'
/opt/homebrew/Cellar/ruby@2.6/2.6.10/lib/ruby/2.6.0/net/protocol.rb:66: warning: already initialized constant Net::ProtocRetryError
/opt/homebrew/lib/ruby/gems/2.6.0/gems/net-protocol-0.2.0/lib/net/protocol.rb:68: warning: previous definition of ProtocRetryError was here
/opt/homebrew/Cellar/ruby@2.6/2.6.10/lib/ruby/2.6.0/net/protocol.rb:206: warning: already initialized constant Net::BufferedIO::BUFSIZE
/opt/homebrew/lib/ruby/gems/2.6.0/gems/net-protocol-0.2.0/lib/net/protocol.rb:213: warning: previous definition of BUFSIZE was here
/opt/homebrew/Cellar/ruby@2.6/2.6.10/lib/ruby/2.6.0/net/protocol.rb:503: warning: already initialized constant Net::NetPrivate::Socket
/opt/homebrew/lib/ruby/gems/2.6.0/gems/net-protocol-0.2.0/lib/net/protocol.rb:550: warning: previous definition of Socket was here
=> true

Version 2.7.1 does not have this problem.
@dgm
Copy link

dgm commented Dec 14, 2022

Also a problem on ruby 2.7.7 and mail 2.8.0

@lovitt
Copy link

lovitt commented Dec 28, 2022
edited
Loading

This problem is described well here.

It sounds like the right solution is for mail to declare net-http as a dependency.

@masonlouchart
Copy link

masonlouchart commented Jan 27, 2023
edited
Loading

I encountered this conflict when trying to update Rails (to 6.1.7.2) for fixing security issue CVE-2023-22794.
As (temporary?) solution I locked mail version strictly under 2.8.
Other solution applied: #1523 (comment)

@ClearlyClaire ClearlyClaire mentioned this issue Feb 13, 2023
Closed
@crivotz
Copy link

crivotz commented Feb 15, 2023

As temporary solution you can also add gem "net-http" to your Gemfile as suggested in reference by @lovitt

@crivotz crivotz mentioned this issue Feb 15, 2023
Open
@masonlouchart
Copy link

masonlouchart commented Feb 16, 2023
edited
Loading

@crivotz Actually during PR review we decided to do as you suggested (add net-http to the Gemfile).
It introduced an issue with CircleCI default gem uri but it's another story (we fixed it too).

@crivotz
Copy link

crivotz commented Feb 16, 2023

@crivotz Actually during PR review we decided to do as you suggested (add net-http to the Gemfile). It introduced an issue with CircleCI default gem uri but it's another story (we fixed it too).

I just had trouble deploying because of the uri issue if I pass the net-http gem in the Gemfile in production I get:

You have already activated uri 0.10.1, but your Gemfile requires uri 0.12.0. Since uri is a default gem, you can either remove your dependency on it or try updating to a newer version of bundler that supports uri as a default gem

So for the moment I rollback to 2.7.1 version of mail

@masonlouchart
Copy link

You have already activated uri 0.10.1, but your Gemfile requires uri 0.12.0. Since uri is a default gem, you can either remove your dependency on it or try updating to a newer version of bundler that supports uri as a default gem

We ran through this error too.
The solution we applied is to change the Ruby default gem version.
We added a step to the CI configuration that deploy the application before the dependencies installation.

- run: sudo gem install uri -v0.12.0 --default

@evolve2k
Copy link

I've been pairing on this with a few folk at RubyRetreat AU 2024 in an attempt to get to the bottom of this. Thanks crew! @KJTsanaktsidis @moxvallix @layerssss

The impact of this issue extends beyond the mail gem and is likley affecting most apps attempting to upgrade from Rails 5.1 to Rails 6.x on their journey through a rails upgrade path. Rails relies on this mail gem which in turn is relying on net-http, which is where the conflicts lie.

net/http is only gemified from ruby 3.0 BUT all versions of the net-http gem (v0.1.0 up to latest 0.4.1) list an incorrect minimum support ruby as being >= 2.6.0, but it should be listed as >=3.0

A few compounding issues:

  • net-http gem on rubygems lists incorrect minimum ruby
  • ruby standard library doesnt set clear version dependancies on net-http amplifying this issue.
  • mail brings in net-http, net-imap, net-smpt they all have the same problem, but this adds further confusion

WORKAROUND PROCESS:
Review Gemfile.lock and look for dependancies on net-http, in this case the mail gem.
Pin each of the dependant gems to a version circa ruby 2.6, eg around 2018.

SOLVE WITH:
gem "mail", "~> 2.7.0". # a release of the gem that references earlier dependancies

@evolve2k evolve2k mentioned this issue Oct 20, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@lovitt @dgm @evolve2k @masonlouchart @crivotz @hallerm