Closed mathieujobin closed 8 years ago
ping
I'm not sure how I feel about the switch from ~>
to >=
. Why is that necessary? I'd prefer to lock it to anything in the 1.8.x branch rather than anything greater.
Please switch it back to ~>
unless you can provide a compelling argument as to why >=
is better.
The version bump is a no brainer otherwise.
I found that ~>
is better for locking down dependencies on apps, and >=
is better (less restrictive) on gems. I had issues with too restrictive conflicting gems
then the other question is do we want/need to forbid the 2.0.0 release coming up ?
That seems reasonable. See that is why I always prefer the ~>
I am never up-to-date enough to know what 2.0.0 will break if it's allowed and I just always find it easier to say give me the one that I know (read: tested) it to work with.
I guess we'll just go to >=
and if 2.0.0 breaks something people can submit a patch? Seems reasonable. What do you think?
two vulnerability has been fixed since rest-client 1.8
Sources: https://github.com/rest-client/rest-client/issues/349 http://www.osvdb.org/show/osvdb/117461 https://github.com/rest-client/rest-client/issues/369
Found using Gemnasium https://gemnasium.com/mathieujobin/sports_data_api/alerts