Rubygems' syntax yields false-positive Hakiri warnings
Closed this issue · 2 comments
Description
Avoiding "open-ended dependencies" using Rubygems' recommended syntax yields false-positive warnings on Hakiri.
Steps to Reproduce
- Run
gem buildusing the syntax Rubygems recommends (to address open-ended dependencies):
google_maps_geocoder.gemspecs.add_runtime_dependency 'activesupport', '~> 4.1', '>= 4.1.11'
- Hakiri reports an attribute-restriction warning even though 1 specifies a patched version.
Emailed Hakiri a bug report:
If we address this “attribute restriction” warning…
By, say, restricting to 12.3.3 or higher with…
s.add_development_dependency 'rake', '>= 12.3.3'
Rubygems generates this warning when building the gem…
$ gem build
WARNING: open-ended dependency on rake (>= 12.3.3, development) is not recommended
if rake is semantically versioned, use:
add_development_dependency 'rake', '~> 12.3', '>= 12.3.3'But, if we address that “open-ended dependency" warning by adding the recommended line, then Hakiri reports a false positive “attribute restriction" warning…
Shouldn’t Hakiri recognize Rubygems’ recommended syntax?
On June 5, 2020, Vasily@Hakiri said:
The behavior you are seeing is the result of a bug in Hakiri. The version parsing logic can result in false positives because the union of overlapping version branches is not performed correctly. Unfortunately, it's not a trivial fix and I don't have an ETA for when it will be done. The best way to go about it right now is to mark this issue as a false negative on Hakiri, so it unblocks your PRs.
I'll let you know once this bug is fixed.