mathieujobin
commented
8 years ago ping
Closed mathieujobin closed 8 years ago
mathieujobin
commented
8 years ago ping
RLovelett
commented
8 years ago I'm not sure how I feel about the switch from ~> to >=. Why is that necessary? I'd prefer to lock it to anything in the 1.8.x branch rather than anything greater.
Please switch it back to ~> unless you can provide a compelling argument as to why >= is better.
The version bump is a no brainer otherwise.
mathieujobin
commented
8 years ago I found that ~> is better for locking down dependencies on apps, and >= is better (less restrictive) on gems. I had issues with too restrictive conflicting gems
then the other question is do we want/need to forbid the 2.0.0 release coming up ?
RLovelett
commented
8 years ago That seems reasonable. See that is why I always prefer the ~> I am never up-to-date enough to know what 2.0.0 will break if it's allowed and I just always find it easier to say give me the one that I know (read: tested) it to work with.
I guess we'll just go to >= and if 2.0.0 breaks something people can submit a patch? Seems reasonable. What do you think?
two vulnerability has been fixed since rest-client 1.8
Sources: https://github.com/rest-client/rest-client/issues/349 http://www.osvdb.org/show/osvdb/117461 https://github.com/rest-client/rest-client/issues/369
Found using Gemnasium https://gemnasium.com/mathieujobin/sports_data_api/alerts