So: my own app depending on b-e doesn't actually use dropbox at all -- our use of browse-everything is for other purposes. But by including browse-everything as a dependency, I can't use oauth2 at maintained 2.x -- which means my app might be incompatible with other dependencies that requires the 2.x, and it means I can't use oath2 2.x even in local code, being stuck with an old unmaintained version of a security-related gem!
This is unfortunate.
I'm not even sure if browse-everything's dropbox support is currently working anyway.
I see that there was some old work on updating Dropbox support (I think maybe including updated oauth maybe using new oauth2 gem dependency?) by @jrgriffiniii -- but this is four-years old, and doens't seem to be happening.
The easiest way to solve this would be by simply removing the dropbox-api dependency from browse_everything dependencies. If someone wanted to use dropbox (if it works! If anyone is even using it!), they'd have to manually add it to their own project -- it becomes sort of an "optional" dependency.
This is a pain to manage in ruby, an "optional" dependency -- but we may want to bite the bullet and do it for all adapter-specific dependencies. That I get dependencies for all adapters whether I use them or not, in my dependency tree, is actually often a big pain. So if we do this for dropbox-api, we may want to do it for any other adapter-specific depencies -- including the linked data ones, which have given me a huge pain before.
This would be a kind of backward breaking change though. Not sure if it makes sense to release a new major version just for this, or what. This gem itself is pretty under-maintained/close to abandoned too...
OR if dropbox support actually doesn't work at all anyway, possibly we could just drop it, without even considering it a backward-breaking change?
Curious if anyone has any thoughts or concerns, or even if anyone is using b-e mainline (not a custom fork!) other than me at present!
Browse_everything depends on the dropbox-api gem.
Current dropbox-api depends on oauth2 gem '~> 1.1'
oauth2 1.x is EOL and deprecated. Installing it gets you this message:
dropbox-api is fairly abandoned/unmaintained, I'm not sure if anything can be done to get it to update to
oauth2
2.x, short of forking it.So: my own app depending on b-e doesn't actually use dropbox at all -- our use of
browse-everything
is for other purposes. But by including browse-everything as a dependency, I can't useoauth2
at maintained2.x
-- which means my app might be incompatible with other dependencies that requires the 2.x, and it means I can't use oath2 2.x even in local code, being stuck with an old unmaintained version of a security-related gem!This is unfortunate.
I'm not even sure if browse-everything's dropbox support is currently working anyway.
I see that there was some old work on updating Dropbox support (I think maybe including updated oauth maybe using new oauth2 gem dependency?) by @jrgriffiniii -- but this is four-years old, and doens't seem to be happening.
The easiest way to solve this would be by simply removing the dropbox-api dependency from
browse_everything
dependencies. If someone wanted to use dropbox (if it works! If anyone is even using it!), they'd have to manually add it to their own project -- it becomes sort of an "optional" dependency.This is a pain to manage in ruby, an "optional" dependency -- but we may want to bite the bullet and do it for all adapter-specific dependencies. That I get dependencies for all adapters whether I use them or not, in my dependency tree, is actually often a big pain. So if we do this for dropbox-api, we may want to do it for any other adapter-specific depencies -- including the linked data ones, which have given me a huge pain before.
This would be a kind of backward breaking change though. Not sure if it makes sense to release a new major version just for this, or what. This gem itself is pretty under-maintained/close to abandoned too...
OR if dropbox support actually doesn't work at all anyway, possibly we could just drop it, without even considering it a backward-breaking change?
Curious if anyone has any thoughts or concerns, or even if anyone is using b-e mainline (not a custom fork!) other than me at present!