Constrain minitar gem version and fix require

tpowell-progress commented 1 month ago

Conflict resolution of @halostatue's #27 PR

This should be just specifying "~> 1.0", but backlevel support has been added because Berkshelf still claims to support Ruby 2.7+ and Minitar 1.0 (which is the only supported branch as of 20204-08-07) has explicitly dropped support for any Ruby version 3.0 or older.

Minitar v0.12 is the last of the versions for that line and all users are encouraged to upgrade to v1.0 (no one should be running anything older than Ruby 3.1).

This is a fairly critical update as users of berkshelf are unable to install or use it without this change.

I would strongly recommend that other dependencies like thor and chef itself where there is an unconstrained >= specification be reviewed. This is a potential security or incompatibility hole for all of your users.

Resolves: #26

Description

Issues Resolved

Check List

[ ] New functionality includes tests
[ ] All tests pass
[ ] RELEASE_NOTES.md has been updated if required (not required for bugfixes, required for API changes)