From 15af95dee0ebb2f6b464a652a0e1ec4c9d730cd4 Mon Sep 17 00:00:00 2001 From: Dombi Attila <83396+dombesz@users.noreply.github.com> Date: Tue, 9 Jun 2026 15:43:30 +0300 Subject: [PATCH 1/5] [OP-19483] Introduce Bundler cooldown https://community.openproject.org/wp/OP-19483 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 601b5043d53..348d51dd4c4 100644 --- a/Gemfile +++ b/Gemfile @@ -28,7 +28,7 @@ # See COPYRIGHT and LICENSE files for more details. #++ -source "https://rubygems.org" +source "https://rubygems.org", cooldown: 7 # TODO: Once packager.io and heroku buildpacks support bundler 2.4.22, # then we can use the new bundler syntax `ruby file: '.ruby-version'`. From dbd101b1644426151e1abee06eadb21becfa11f8 Mon Sep 17 00:00:00 2001 From: Dombi Attila <83396+dombesz@users.noreply.github.com> Date: Tue, 9 Jun 2026 17:02:26 +0300 Subject: [PATCH 2/5] Ignore cooldown for our gems, same as the dependabot config. --- Gemfile | 9 ++++++--- Gemfile.lock | 6 +++--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Gemfile b/Gemfile index 348d51dd4c4..236db10772c 100644 --- a/Gemfile +++ b/Gemfile @@ -429,6 +429,9 @@ gemfiles.each do |file| send(:eval_gemfile, file) if File.readable?(file) end -gem "openproject-octicons", "~>19.35.0" -gem "openproject-octicons_helper", "~>19.35.0" -gem "openproject-primer_view_components", "~>0.86.2" +# Set cooldown 0 for our own gems +source "https://rubygems.org", cooldown: 0 do + gem "openproject-octicons", "~>19.35.0" + gem "openproject-octicons_helper", "~>19.35.0" + gem "openproject-primer_view_components", "~>0.86.2" +end diff --git a/Gemfile.lock b/Gemfile.lock index cdc2202db82..aa46cf3c856 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1685,10 +1685,10 @@ DEPENDENCIES openproject-job_status! openproject-ldap_groups! openproject-meeting! - openproject-octicons (~> 19.35.0) - openproject-octicons_helper (~> 19.35.0) + openproject-octicons (~> 19.35.0)! + openproject-octicons_helper (~> 19.35.0)! openproject-openid_connect! - openproject-primer_view_components (~> 0.86.2) + openproject-primer_view_components (~> 0.86.2)! openproject-recaptcha! openproject-reporting! openproject-resource_management! From 90d54206a4dfab91870f2ed9e6fd3f59c19198c7 Mon Sep 17 00:00:00 2001 From: Dombi Attila <83396+dombesz@users.noreply.github.com> Date: Tue, 9 Jun 2026 17:06:34 +0300 Subject: [PATCH 3/5] Add cooldown to the module Gemfiles too --- lib/generators/open_project/plugin/templates/Gemfile | 2 +- modules/bim/Gemfile | 2 +- modules/budgets/Gemfile | 2 +- modules/grids/Gemfile | 2 +- modules/ldap_groups/Gemfile | 2 +- modules/my_page/Gemfile | 2 +- modules/recaptcha/Gemfile | 2 +- modules/reporting/Gemfile | 2 +- modules/two_factor_authentication/Gemfile | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/generators/open_project/plugin/templates/Gemfile b/lib/generators/open_project/plugin/templates/Gemfile index be173b205f7..a265f164e69 100644 --- a/lib/generators/open_project/plugin/templates/Gemfile +++ b/lib/generators/open_project/plugin/templates/Gemfile @@ -1,5 +1,5 @@ # frozen_string_literal: true -source "https://rubygems.org" +source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/bim/Gemfile b/modules/bim/Gemfile index 3be9c3cd812..cfd17763742 100644 --- a/modules/bim/Gemfile +++ b/modules/bim/Gemfile @@ -1,2 +1,2 @@ -source "https://rubygems.org" +source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/budgets/Gemfile b/modules/budgets/Gemfile index b4e2a20bb60..91fb9701536 100644 --- a/modules/budgets/Gemfile +++ b/modules/budgets/Gemfile @@ -1,3 +1,3 @@ -source "https://rubygems.org" +source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/grids/Gemfile b/modules/grids/Gemfile index b4e2a20bb60..91fb9701536 100644 --- a/modules/grids/Gemfile +++ b/modules/grids/Gemfile @@ -1,3 +1,3 @@ -source "https://rubygems.org" +source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/ldap_groups/Gemfile b/modules/ldap_groups/Gemfile index b42b1ad4042..91fb9701536 100644 --- a/modules/ldap_groups/Gemfile +++ b/modules/ldap_groups/Gemfile @@ -1,3 +1,3 @@ -source "https://www.rubygems.org" +source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/my_page/Gemfile b/modules/my_page/Gemfile index b4e2a20bb60..91fb9701536 100644 --- a/modules/my_page/Gemfile +++ b/modules/my_page/Gemfile @@ -1,3 +1,3 @@ -source "https://rubygems.org" +source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/recaptcha/Gemfile b/modules/recaptcha/Gemfile index 3be9c3cd812..cfd17763742 100644 --- a/modules/recaptcha/Gemfile +++ b/modules/recaptcha/Gemfile @@ -1,2 +1,2 @@ -source "https://rubygems.org" +source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/reporting/Gemfile b/modules/reporting/Gemfile index 3be9c3cd812..cfd17763742 100644 --- a/modules/reporting/Gemfile +++ b/modules/reporting/Gemfile @@ -1,2 +1,2 @@ -source "https://rubygems.org" +source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/two_factor_authentication/Gemfile b/modules/two_factor_authentication/Gemfile index bb94df82938..e508023e2e5 100644 --- a/modules/two_factor_authentication/Gemfile +++ b/modules/two_factor_authentication/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true -source "https://rubygems.org" +source "https://rubygems.org", cooldown: 7 gemspec From f67e8c02b820431882072a9e7d3e26adee371525 Mon Sep 17 00:00:00 2001 From: Dombi Attila <83396+dombesz@users.noreply.github.com> Date: Tue, 9 Jun 2026 18:00:38 +0300 Subject: [PATCH 4/5] Fix missing magic comment --- modules/bim/Gemfile | 30 ++++++++++++++++++++++++++++++ modules/budgets/Gemfile | 30 ++++++++++++++++++++++++++++++ modules/grids/Gemfile | 30 ++++++++++++++++++++++++++++++ modules/ldap_groups/Gemfile | 30 ++++++++++++++++++++++++++++++ modules/my_page/Gemfile | 30 ++++++++++++++++++++++++++++++ modules/recaptcha/Gemfile | 30 ++++++++++++++++++++++++++++++ modules/reporting/Gemfile | 30 ++++++++++++++++++++++++++++++ 7 files changed, 210 insertions(+) diff --git a/modules/bim/Gemfile b/modules/bim/Gemfile index cfd17763742..f36a1a7cbdd 100644 --- a/modules/bim/Gemfile +++ b/modules/bim/Gemfile @@ -1,2 +1,32 @@ +# frozen_string_literal: true + +#-- copyright +# OpenProject is an open source project management software. +# Copyright (C) the OpenProject GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License version 3. +# +# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: +# Copyright (C) 2006-2013 Jean-Philippe Lang +# Copyright (C) 2010-2013 the ChiliProject Team +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# See COPYRIGHT and LICENSE files for more details. +#++ + source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/budgets/Gemfile b/modules/budgets/Gemfile index 91fb9701536..1e5f620b5b8 100644 --- a/modules/budgets/Gemfile +++ b/modules/budgets/Gemfile @@ -1,3 +1,33 @@ +# frozen_string_literal: true + +#-- copyright +# OpenProject is an open source project management software. +# Copyright (C) the OpenProject GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License version 3. +# +# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: +# Copyright (C) 2006-2013 Jean-Philippe Lang +# Copyright (C) 2010-2013 the ChiliProject Team +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# See COPYRIGHT and LICENSE files for more details. +#++ + source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/grids/Gemfile b/modules/grids/Gemfile index 91fb9701536..1e5f620b5b8 100644 --- a/modules/grids/Gemfile +++ b/modules/grids/Gemfile @@ -1,3 +1,33 @@ +# frozen_string_literal: true + +#-- copyright +# OpenProject is an open source project management software. +# Copyright (C) the OpenProject GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License version 3. +# +# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: +# Copyright (C) 2006-2013 Jean-Philippe Lang +# Copyright (C) 2010-2013 the ChiliProject Team +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# See COPYRIGHT and LICENSE files for more details. +#++ + source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/ldap_groups/Gemfile b/modules/ldap_groups/Gemfile index 91fb9701536..1e5f620b5b8 100644 --- a/modules/ldap_groups/Gemfile +++ b/modules/ldap_groups/Gemfile @@ -1,3 +1,33 @@ +# frozen_string_literal: true + +#-- copyright +# OpenProject is an open source project management software. +# Copyright (C) the OpenProject GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License version 3. +# +# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: +# Copyright (C) 2006-2013 Jean-Philippe Lang +# Copyright (C) 2010-2013 the ChiliProject Team +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# See COPYRIGHT and LICENSE files for more details. +#++ + source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/my_page/Gemfile b/modules/my_page/Gemfile index 91fb9701536..1e5f620b5b8 100644 --- a/modules/my_page/Gemfile +++ b/modules/my_page/Gemfile @@ -1,3 +1,33 @@ +# frozen_string_literal: true + +#-- copyright +# OpenProject is an open source project management software. +# Copyright (C) the OpenProject GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License version 3. +# +# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: +# Copyright (C) 2006-2013 Jean-Philippe Lang +# Copyright (C) 2010-2013 the ChiliProject Team +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# See COPYRIGHT and LICENSE files for more details. +#++ + source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/recaptcha/Gemfile b/modules/recaptcha/Gemfile index cfd17763742..f36a1a7cbdd 100644 --- a/modules/recaptcha/Gemfile +++ b/modules/recaptcha/Gemfile @@ -1,2 +1,32 @@ +# frozen_string_literal: true + +#-- copyright +# OpenProject is an open source project management software. +# Copyright (C) the OpenProject GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License version 3. +# +# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: +# Copyright (C) 2006-2013 Jean-Philippe Lang +# Copyright (C) 2010-2013 the ChiliProject Team +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# See COPYRIGHT and LICENSE files for more details. +#++ + source "https://rubygems.org", cooldown: 7 gemspec diff --git a/modules/reporting/Gemfile b/modules/reporting/Gemfile index cfd17763742..f36a1a7cbdd 100644 --- a/modules/reporting/Gemfile +++ b/modules/reporting/Gemfile @@ -1,2 +1,32 @@ +# frozen_string_literal: true + +#-- copyright +# OpenProject is an open source project management software. +# Copyright (C) the OpenProject GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License version 3. +# +# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: +# Copyright (C) 2006-2013 Jean-Philippe Lang +# Copyright (C) 2010-2013 the ChiliProject Team +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# See COPYRIGHT and LICENSE files for more details. +#++ + source "https://rubygems.org", cooldown: 7 gemspec From cc38f3aa4d4b0ae2c4408fe09331cdbefc1146d2 Mon Sep 17 00:00:00 2001 From: Dombi Attila <83396+dombesz@users.noreply.github.com> Date: Thu, 11 Jun 2026 09:47:51 +0300 Subject: [PATCH 5/5] Update bundled with --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index aa46cf3c856..ef9e71d741f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1849,7 +1849,7 @@ CHECKSUMS browser (6.2.0) sha256=281d5295788825c9396427c292c2d2be0a5c91875c93c390fde6e5d61a5ace2d budgets (1.0.0) builder (3.3.0) sha256=497918d2f9dca528fdca4b88d84e4ef4387256d984b8154e9d5d3fe5a9c8835f - bundler (4.0.13) sha256=19f08be7f27022cf0b89f27da0b044ae075e8270a9ef44ad248a932614e1ca3b + bundler (4.0.14) sha256=d09a0a965cf772266a7e49e83610be7c2f4e49e61134c42a56804bb383cc24b8 byebug (13.0.0) sha256=d2263efe751941ca520fa29744b71972d39cbc41839496706f5d9b22e92ae05d capybara (3.40.0) sha256=42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef capybara-screenshot (1.0.27) sha256=afa1896cc23df77be1774e8d3b3ce3953bf060aeaa04ff87607b5daf689174f2 @@ -2331,4 +2331,4 @@ RUBY VERSION ruby 4.0.2 BUNDLED WITH - 4.0.13 + 4.0.14