On 12/10/2023 14:42, Brian Inglis via Cygwin wrote:
On 2023-10-11 16:47, Yasuhiro Kimura via Cygwin wrote:
From: "Hendrickson, Eric D via Cygwin" <cyg...@cygwin.com>
Subject: Ruby EOL in Cygwin 3.4.9?
Date: Wed, 11 Oct 2023 16:37:29 +0000
Hello all,
As a ~25 year user and sometime contributor to Cygwin, I support
Cygwin here at my place of work. Does anyone know why we are
deploying Ruby 2.6 which EOL about 18 months ago?
https://www.ruby-lang.org/en/downloads/branches/
I'm concerned about proliferation of EOL versions of Ruby in case
some security risk / 0Day is identified.
[...]
Current Cygwin ruby was updated to current upstream 3.2.2 six months
ago; see:
https://cygwin.com/packages/summary/ruby-src.html
Checking the upstream link, preview RCs of 3.3 are available but no
final release yet.
So it is up to you to update to the latest stable releases available on
Cygwin, and whether any package gets updated may be influenced by what
other packages you use which depend on earlier versions of basic
language or runtime packages, although I am not seeing any such holdbacks.
I suspect this is the cause here.
Fujimura-san has done a lot of hard work recently to bring our ruby
packages up to date, but there remain a handful of packages remaining
(see [1]) which still need attention (either updating, or possibly
removing).
If you're installing one of those (or simply installing everything),
then setup will decide that you need an older ruby runtime to allow
those to be installed.
[1] https://cygwin.com/packages/reports/ruby_rebuilds.html
If you are seeing such behaviour, you can check /var/log/setup.log.full
to see the decisions made by the solver to upgrade packages.
