Allow update to Devise 4.6.2

Question

Allow update to Devise 4.6.2

Spone opened this issue 6 years ago · 5 comments

I would like to be able to update Devise to 4.6.2, since there is a security issue in earlier versions, see heartcombo/devise#4981

Why is there dependency to Devise ~> 4.4.3 and not >= 4.4.3?

mooreds commented 6 years ago

Ping

Answer 1 · 2019-04-03T14:16:37.000Z

I think you meant 4.6.2, right @Spone ?

Answer 2 · 2019-04-03T16:18:40.000Z

You're right @mooreds :)

Answer 3 · 2019-04-08T01:22:06.000Z

The 1.7.1 version of the gem allows for the updated devise. I uses a >= not the ~.
I've locked my version for now.

Answer 4 · 2019-04-09T23:14:13.000Z

@Spone We are locking major dependencies to minor versions to avoid inconsistent functionality. I've opened a PR to bump the version of Devise in v2.1. You can wait until v2.1 is released or point directly to the v2.1 branch in you gemfile (although this branch is in active development).

thanks!