New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add restrictive_version_specifiers to Bundler/GemComment #9358
Add restrictive_version_specifiers to Bundler/GemComment #9358
Conversation
156ad1a
to
f56f502
Compare
I'm fine with the proposed change, but I think you should expand the cop's documentation to account for its rationale. |
@RobinDaugherty ping :-) |
2eb73d0
to
7b73d03
Compare
842c4d3
to
08f5b87
Compare
CHANGELOG.md
Outdated
@@ -5485,6 +5485,7 @@ | |||
[@wcmonty]: https://github.com/wcmonty | |||
[@nguyenquangminh0711]: https://github.com/nguyenquangminh0711 | |||
[@chocolateboy]: https://github.com/chocolateboy | |||
[@RobinDaugherty]: https://github.com/RobinDaugherty |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that's not needed, as it will added automatically once we regen the changelog.
The changes look good, but your branch has to be rebased on top of the current |
08f5b87
to
bb6f25e
Compare
✅ I've rebased it. |
Thanks! |
The problem I'm trying to solve:
There are multiple reasons one might lock the version of a gem in the Gemfile:
">= 2.0"
.)"!= 2.4.0"
.)"< 3.0"
.)gem 'mygem', '~> 2.3'
to your Gemfile".The last two reasons lead to a project's dependencies falling behind because the
bundle update
process will not update to 3.0 without manual intervention. This would cause dependencies to continue to fall behind and in some cases even limit other non-locked dependencies because of cross-dependencies.To combat this, good practice would include a periodic cleanup of Gemfile version specifications that limit updating of gems.
Another good practice is a rule that when a gem has a limiting version specifier like items 3 and 4 above, there's a comment in the Gemfile explaining the reason. This allows the periodic cleanup process to be more effective, since one can determine whether a bug is fixed, or know what kind of breakage or test failure to look for when updating the gem past the version specification.
Currently, the
version_specifiers
option for this cop checks a gem specification for any version specifier, requiring a gem comment if one exists. This means that a non-limiting version specification like ">= 1.0" without a justification would warrant a complaint.This new option,
limiting_version_specifiers
, requires a gem comment only for version specifications that are limiting in nature, but not for other version specifications.So the following version specifications are permitted without comment:
while the following require an accompanying gem comment:
Before submitting the PR make sure the following are checked:
[Fix #issue-number]
(if the related issue exists).master
(if not - rebase it).bundle exec rake default
. It executes all tests and runs RuboCop on its own code.{change_type}_{change_description}.md
if the new code introduces user-observable changes. See changelog entry format for details.