deps: relax dependencies

[maidsafe-highfive]

Thanks for the pull request, and welcome! The MaidSafe team is excited to review your changes, and you should hear from @Fraser999 (or someone else) soon.

If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. The way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes.

Please see CONTRIBUTOR.md for more information.

[pierrechevalier83]

Hi @ignatenkobrain , Thanks for your PR. Sorry for the late answer. This one seems to have slipped through the system for a while. Using the tilde for dependencies is our company wide preference at Maidsafe. Is there any reason in particular that you would want to be more relaxed here? If there isn't a strong reason, I will reject your PR if that's OK with you.

[ignatenkobrain]

~0.3.0 means that only 0.3.0 and 0.3.1 is acceptable. Which is totally wrong because everything between 0.3 and 0.4 is compatible.

[pierrechevalier83]

@ignatenkobrain , isn't this a measure of your faith in how your dependencies use Denver, though? (Where our stance is caution)

[ignatenkobrain]

the thing is that if you don't trust your deps, you should not use them. my problem is that I have to patch this manually in fedora because we are constantly updating crates to get fixes.

[Fraser999]

Actually, I think ~0.3.0 implies any patch level of 0.3, not just 0.3.1. I don't think there's any difference between using the tilde and not for versions with major version of 0. This only matters when the major version is > 0, and then e.g. ~1.2.0 would use 1.2.3, but not 1.3.0, whereas ^1.2.0 would use 1.3.0.

[pierrechevalier83]

Given @Fraser999 's explanation that it actually doesn't make a difference for versions < 1.0.0, and since it's consistent with the policy we follow for maidsafe crates, I am now closing this PR. Hope it's no bother, @ignatenkobrain.