New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gem version requirements notation for "rational version" compatibility #3574
Comments
I found a similar request here: #1919 But in any case, I'm open to any notation, and happy to make a PR with that, including tests and documentation. I hope it would become the most common one to use. Certainly with Sem Ver becoming the norm, I think it should. |
If you're already using Personally, I'm in favor of adding both The real problem is that any gems pushed containing those version numbers would be impossible to install for any existing Ruby users. Even if you implement it today, and we were to somehow (ha) ship it next week, it would be years before gems could use it and expect most developers to be able to install those gems. |
Agreed. That is another alternative for combining requirements.
I like that idea. It brings these more into alignment with an existing convention (
Better late than never. :) If it gains traction, there'd always be an option later to backport it. |
I’m 👎 on either |
Hi @halostatue, this proposal stands on its own without involving
I propose we address the above by supporting a succinct notation that means "SemVer (rational version) compatible". We would document that as best practice just after the concept of "rational version" is introduced. Make sense? I'm totally flexible on the notation we pick for "SemVer" compatible. Just as long as it's succinct. |
Regarding compatibility, I was thinking if we could get I tend to recall |
@deivid-rodriguez That's an interesting approach to get compatibility sooner. In addition to gemspecs through |
Yes, we would need to add some compatibility layer to Regarding my idea for rubygems.org, I'm thinking it might not be necessary because that's what the |
For some reason I always have trouble keeping track of what the |
I don’t think a new sigil operator is needed at all. The Elixir version specification to me is extremely clear and builds on the conceptual grounds that Bundler has with multiple version specification: The simple form ( |
I would like to suggest a feature.
When a gemspec wants to express a version requirement, we typically use the
'~> '
notation like this:This indicates compatibility following the "rational versioning" as described here: https://github.com/ruby/ruby/blob/master/lib/rubygems/version.rb#L72
(basically the same as Semantic Versioning: https://semver.org/).
Anything >= 1.8 and < 2.0 is compatible.
But suppose a CVE comes out like this one: sparklemotion/nokogiri#1915
Many developers reacted to that CVE by changing the requirement to:
But that isn't correct, as it precludes an upgrade to 1.11. We need a notation that means >= 1.10.4 and < 2.0.
The only way to do that currently is to use a combination of two requirements:
I propose we add a "rational compatible" option that would do the above. We could choose any prefix to mean that. For example,
'=>'
. Then the CVE requirement could be expressed succinctly:And developers could use this "rational compatible" operator as their default for all gem requirements.
The implementation would involve adding one entry to the
OPS
hash in requirement.rb:Please LMK if there's interest. I would be happy to submit a Pull Request including tests and documentation.
I will abide by the code of conduct.
The text was updated successfully, but these errors were encountered: