New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: Bundler/GemsSpecifySemanticVersion #7669
Comments
Yeah, I'd welcome a cop checking for this. PR welcome! |
Just to clarify, the cop is to ensure there is any version string? One reason for omitting it is some teams commit to "continuous upgrades" and use bots to make PRs to upgrade gems as soon as new versions are released. 🙂 |
@bbatsov I did some digging and found https://docs.rubocop.org/en/latest/development/#add-a-new-cop but I'd appreciate your guidance on what you'd like me to name it (i.e. is the name suggested in this issue title the right one?). Also, I'm not sure where to find an example of a cop that only works on one type of file (or in this case, by running a single command against the project itself). Do I need to do anything special there?
@Drenmi yes. The workflow you describe sounds like you would have this in your gem 'rubocop' Would it be a problem for you to have this instead? gem 'rubocop', '>= 0.0.1' I suppose you could always disable that cop for your own project. |
@ianfixes Not a problem per se, but there is a piece of information in there posing as if it's relevant when it is not, as it is just an arbitrary lowest version. 🙂 Most of our cops are configurable. It'd be great if the cop could be configured to enforce no version constraint, too. |
I completely agree with this opinion. |
I think this would be easy to accomplish. It had honestly never crossed my mind that "don't use version constraints" was a best practice on par with "use pessimistic version constraints". I appreciate the feedback here, because worst case for me is that I start down the path of implementing something that has no chance of being accepted. |
Hi, I always favor It is out of the question, for me, to build some reliable services without any version constraints (at least on production group). I'll be glad to create a
Regards, |
I'm stuck waiting on 3 things before I can work on a PR for this
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contribution and understanding! |
Bump, please advise on what options this cop would have to support in order to be considered as a mergeable contribution |
@ianfixes I've recently added a custom cop that checks for this in a private repo. It doesn't support all of the use cases listed in this thread (checking I used GemComment as an example. I think that's a good place to look to. I would be happy to collaborate with the work I have so far. |
I'd like to enforce that gems in my Gemfile are all specified with a semantic version string -- e.g. the
~>1.7
inMy understanding is that there are no good reasons to omit this version specifier; the "worst case" that still counts as a best practice is to simply use a greater-than operator.
I have a basic implementation of this that doesn't choke on special cases like GitHub-based dependencies:
Is this something that could be added to the list of Bundler Cops?
The text was updated successfully, but these errors were encountered: