What's even more silly is implying that caching your dependencies is some kind of a fix here. So you'll be able to deploy for a few more days, then what?
I don't claim it's a long term solution, and that you should run of your cache for years.
But having that cache means you have the time to get a clean solution rather than having to rush something because nobody can work anymore can you can't deploy fixes to production either.
These yanking issues are really problematic, but if they interrupted your workflow, then there's something wrong with your build pipeline.
It allows you to deploy for a few more days. That fixes the "i can not deploy problem" if my customer needs a urgent fix.
Sure you will be as much in violation of GPL as without that (even if you don't deploy you will violate the GPL), but that is another problem which needs to be addressed.
> That fixes the "i can not deploy problem" if my customer needs a urgent fix.
Only if the issue is fixed upstream before your cache expires. Obviously, breaking Rails gets things fixed quickly, but what if it was a less-actively-maintained gem?
Alternatively we could have continuee to deploy for a few more days until Rails core shipped a new version of Active Storage without that dependency.
It's effectively the same as vendoring, except we're not blowing up our repositories with 10 years of dependencies.