paulo-ferraz-oliveira
commented
2 months ago This is definitely a plus, I've had this same issue in the past (trying to find a version compatible with a specific Erlang/OTP version range).
Open kianmeng opened 2 months ago
paulo-ferraz-oliveira
commented
2 months ago This is definitely a plus, I've had this same issue in the past (trying to find a version compatible with a specific Erlang/OTP version range).
kianmeng
commented
2 months ago @paulo-ferraz-oliveira Should we put this compatibility table in https://github.com/erlef/setup-beam instead here?
paulo-ferraz-oliveira
commented
2 months ago If it were just me choosing, I'd prefer to have it here, and then link from the action. As-is, there, we know about compatibility with the targets (mostly OTP) because of the way it's "documented" in the sources.
Edit: if this doesn't move here, or is rejected (either way I'm pretty sure you'll have follow-up) feel free to open an issue there (erlef/setup-beam), for further discussion (I believe we discussed it in the past, but can't remember and a quick search in the issues yielded no interesting results).
ferd
commented
1 month ago I don't see an issue with this.
It might be worth it to make sure the table considers past security issues and does not recommend versions older than these.
Basically, any release older than these are unsafe for any version whatsoever:
So in the tables above. 3.15.x is risky. It should be 3.15.2 explicitly because 3.15.0 and 3.15.1 had major vulnerabilities.
All other versions in the table are above this and not a concern.
While cleaning up Erlang CI pipeline, I looked for a compatibility table between Rebar3 and Erlang/OTP, but couldn't find one. Therefore, I've compiled the following table based on the release changelog.
Please let me know if the compatibility table above (not sure which one) is helpful as additional details to the README. I can then draft a pull request.