Do not over-pin versions of dependencies

Question

Do not over-pin versions of dependencies

qortex opened this issue 4 years ago · 2 comments

Is there a reason to pin versions up to the 3rd decimal?

s.add_runtime_dependency 'rest-client', '~> 2.0.0'
s.add_runtime_dependency 'jwt', '~> 2.2.0'
s.add_runtime_dependency 'zache', '~> 0.12.0'
s.add_runtime_dependency 'addressable', '~> 2.7.0'

It prevents updating to 5.0.0 in my case because I had more up to date versions of those dependencies in my Gemfile (rest-client in my case). This results in bundle update updating to 4.8.0 only.

Pinning to the second ~> 2.0 would fix that.

Example:

Bundler could not find compatible versions for gem "rest-client":
  In snapshot (Gemfile.lock):
    rest-client (= 2.1.0)

  In Gemfile:
    rest-client

    auth0 (= 5.0.0) was resolved to 5.0.0, which depends on
      rest-client (~> 2.0.0)

Answer 1 · 2020-12-03T20:18:07.000Z

@qortex Thanks for pointing this out, I believe pinning to the major should be sufficient. If you want to open a PR for this I will gladly merge and release it.

Answer 2 · 2021-01-04T22:23:37.000Z

#254 (comment)