Skip to content

Bump release-toolkit to 14.x#498

Open
mokagio wants to merge 2 commits intotrunkfrom
mokagio/bump-rt-14
Open

Bump release-toolkit to 14.x#498
mokagio wants to merge 2 commits intotrunkfrom
mokagio/bump-rt-14

Conversation

@mokagio
Copy link
Copy Markdown
Contributor

@mokagio mokagio commented May 8, 2026

Summary

Bumps fastlane-plugin-wpmreleasetoolkit from ~> 13.8 (locked at 13.8.1) to ~> 14.4 (resolves to 14.4.1).
Carries nokogiri 1.19.3 transitively via the toolkit's gemspec floor, closing GHSA-c4rq-3m3g-8wgx without an explicit gem 'nokogiri' pin.

Supersedes #497 — that PR's explicit gem 'nokogiri', '>= 1.19.3' pin is no longer needed once the toolkit is on 14.4.1+, which carries the floor in its own gemspec.

Why now

Part of the release-toolkit 14.x bump campaign.
GutenbergKit is one of the 9 consumer repos that the breaking-change inspection (rt-versions.md) flagged as clean — no Fastfile call sites use any of the APIs broken or removed in rt 12.0, 13.0, or 14.0.

Lockfile delta beyond the headline bumps

  • activesupport and friends drop out — rt 14.3.1 removed activesupport from runtime deps.
  • gettext family added — used by rt's PO-generation path.
  • dotenv added — rt's new EnvManager (14.4.0) wraps it.
  • Fastlane stays at 2.232.2 (existing ~> 2.230 already satisfies the new rt floor of >= 2.231).

Test plan

  • CI green on mokagio/bump-rt-14.
  • bundle exec fastlane lanes lists publish_to_s3, xcframework_sign, set_up_signing_release (verified locally).

🤖 Generated with Claude Code

Posted by Claude (Opus 4.7) on behalf of @mokagio with approval.

@mokagio @claude
Bump release-toolkit to 14.x
e1b90d4 
Carries nokogiri 1.19.3 transitively (`fastlane-plugin-wpmreleasetoolkit`
14.4.1's gemspec floors it at `>= 1.19.3`), closing GHSA-c4rq-3m3g-8wgx
without an explicit `gem 'nokogiri'` pin.

The toolkit's Gemfile.lock entry also gets a SHA pin to 14.4.1
(matching the existing 13.8.1 SHA-pin form). Lockfile churn beyond
the headline bumps comes from rt 14.3.1 dropping `activesupport` from
runtime deps, rt 14.0 raising the Fastlane floor (already satisfied),
and rt's PO-generation path adding the `gettext` family + `dotenv`
for `EnvManager`.

Supersedes the open nokogiri-only pin PR (#497) — the rt 14.x
gemspec carries the floor transitively, so an explicit
`gem 'nokogiri'` line is no longer needed.

---

Generated with the help of Claude Code, https://claude.com/claude-code

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings May 8, 2026 02:33
@mokagio mokagio self-assigned this May 8, 2026
@mokagio mokagio added the [Type] Build Tooling Issues or PRs related to build tooling label May 8, 2026
Copilot AI reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository’s Ruby release tooling dependency (fastlane-plugin-wpmreleasetoolkit) from the 13.x line to 14.x, picking up the toolkit’s newer dependency floors (notably bringing in nokogiri >= 1.19.3 transitively) and updating the Bundler-resolved dependency set accordingly.

Changes:

  • Bump fastlane-plugin-wpmreleasetoolkit from ~> 13.8 to ~> 14.4 in Gemfile.
  • Refresh Gemfile.lock to resolve fastlane-plugin-wpmreleasetoolkit to 14.4.1, and pull in the updated transitive dependencies (including nokogiri 1.19.3).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
Gemfile Updates the release-toolkit plugin version constraint to ~> 14.4.
Gemfile.lock Updates the resolved dependency graph for the toolkit bump, including resolving nokogiri to 1.19.3.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mokagio
Add missing .bundle/config
1b4b5d3 
How was CI `install_gem` working before? Haven't investigated but it's
quite surprising.

On this branch, it failed as it usually does when the repo is not
configured to vendor gems:

https://buildkite.com/automattic/gutenbergkit/builds/2240
@mokagio mokagio mentioned this pull request May 8, 2026
Closed
@mokagio mokagio requested review from iangmaia and twstokes May 8, 2026 08:07
@mokagio mokagio enabled auto-merge (squash) May 8, 2026 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@twstokes twstokes Awaiting requested review from twstokes

@iangmaia iangmaia Awaiting requested review from iangmaia

At least 1 approving review is required to merge this pull request.

Assignees

@mokagio mokagio

Labels

[Type] Build Tooling Issues or PRs related to build tooling

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mokagio