Relax dependencies

[gabceb]

• Relax multi_json and webmock dependencies
• Fix typhoueus to work with typhoeus > 0.5
• Remove Gemfile.lock. See this article for why gemfile.lock should not be checked in no gems

[sanemat]

:+1:

[mwunsch]

I'm okay w/ this patch, except I'm unsure about the Gemfile.lock thing. What Yehuda says is:

Do not check your Gemfile.lock into version control, since it enforces precision that does not exist in the gem command, which is used to install gems in practice. Even if the precision could be enforced, you wouldn’t want it, since it would prevent people from using your library with versions of its dependencies that are different from the ones you used to develop the gem.

Makes perfect sense. Except when building and running the gem from source, the only way to prove correctness is with the lock file. It's possible that a dependency can be updated and the tests will fail. Meaning, a build is not entirely reproducible in CI.

[gabceb]

The idea is that if you have one specific gem that you are worried about you can set the gem version on the gemspec file. Right now you are fixing all the gems to a specific version which increases the chances of a user not being able to use this gem because it conflicts with another gem they use (this is my case).

Also note that you can see the gems bundler by clicking on the bundle install line: