The default version of securerandom (0.2.2) gets activated by RubyGems,
but does not match Rails requirements (>= 0.3), leading to an error like
this:
```
$ gem exec rails new repro
/Users/deivid/Code/rubygems/rubygems/lib/rubygems/specification.rb:2246:in `raise_if_conflicts': Unable to activate activesupport-7.2.1, because securerandom-0.2.2 conflicts with securerandom (>= 0.3) (Gem::ConflictError)
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/specification.rb:1383:in `activate'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/specification.rb:1421:in `block in activate_dependencies'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/specification.rb:1403:in `each'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/specification.rb:1403:in `activate_dependencies'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/specification.rb:1385:in `activate'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/core_ext/kernel_gem.rb:62:in `block in gem'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/core_ext/kernel_gem.rb:62:in `synchronize'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/core_ext/kernel_gem.rb:62:in `gem'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/commands/exec_command.rb:193:in `activate!'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/commands/exec_command.rb:73:in `execute'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/command.rb:326:in `invoke_with_build_args'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/command_manager.rb:255:in `invoke_command'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/command_manager.rb:194:in `process_args'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/command_manager.rb:152:in `run'
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/gem_runner.rb:56:in `run'
from /Users/deivid/code/rubygems/rubygems/exe/gem:12:in `<main>'
```
Vendoring our own securerandom fixes the issue since that way we avoid
activating the gem internally.
Ruby-core CI is having issues with turbo_tests 2.2.1. This version adds
json as a dependency and the `bundle install` command ruby-core uses is
not able to compile it for some reason.
I was not able to reproduce the issue locally, so this needs more
investigation.
We're already locked to 2.2.0, but ruby-core does not use a
`Gemfile.lock` so we need to lock explicitly in the Gemfile for now.
turbo_tests 2.1.1 adds json to its dependency and the current bundler
does not take the standard library json and fails to build as a gem
before the installation.
Some specs now print the following warning:
```
/path/to/bundler/tmp/1/gems/base/ruby/3.2.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:902: warning: constant Tilt::Cache is deprecated
```
Updating sinatra to latest & greatest fixes it.
Update other deps too since at it.
In 2021, Ruby 2.5 and older are EOL.
We can set the default required Ruby version to 2.6.0 to
encourage people to use newer Ruby.
If the command is executed with old Ruby, it falls back to 2.3.0.
It's still possible to create a gem for older Ruby just by changing
two lines of code (one in gemspec and another is in rubocop.yml).
David Rodríguez
Kevin Newton
ilyazub
Nobuyoshi Nakada
Hiroshi SHIBATA
Samuel Giddins
Ian Ker-Seymer
Benoit Daloze
OKURA Masafumi
Andre Arko