Currently Gemfile specifies requirements as exact versions up to tiny version/bug fix version. Can this be changed to ~> x.y.z like most other gems do?
If there is a specific bug fix we need, then only we should bump the minimum tiny version.
Since Gemfile.lock can specify exact version, this will not affect any bundler/gem users but can help with debian package/possible other distro packages from patching Gemfile.
Summary: normal minor version bumps should be done via Gemfile.lock only and Gemfile should keep minimum known working version.
For minor and major version updates, it can be done in both Gemfile and Gemfile.lock.
See https://poddery.com/posts/1981852
Note: This discussion was imported from Loomio. Click here to view the original discussion.
Proposal: allow newer patch releases unless we know about a known issue
Currently Gemfile specifies exact versions of the dependencies up to hotfix releases (like nokogiri 1.6.7.2).
Allow newer patch releases by changing “x.y.z” requirement to “~> x.y.z” for stable libraries (x > 1) unless we know a newer patch release introduced a bug that affects us. In case of hotfix releases, we can add “~> x.y.z”, “>= x.y.z.hotfix” so we ensure hotfix releases are covered.
Outcome: failed to get consensus
Votes:
-
Yes: 2
-
Abstain: 0
-
No: 2
-
Block: 0
Note: This proposal was imported from Loomio. Vote details, some comments and metadata were not imported. Click here to view the proposal with all details on Loomio.
@dennisschubert can we do this for gems that advertize SemVer compliance and have a stable version (>= 1.0)?
Proposal: allow newer patch releases for stable libraries following semantic versioning
If a gem complies with SemVer (usually declared in README) and it is a stable release (>= 1.0), allow newer patch releases to match Gemfile requirement.
ie, make it ‘~> x.y.z’, instead of ‘x.y.z’. If we need a specific patch release, we can use ‘~> x.y.z’, ‘>= x.y.z.hotfix’
Outcome:
Votes:
-
Yes: 1
-
Abstain: 0
-
No: 3
-
Block: 0
Note: This proposal was imported from Loomio. Vote details, some comments and metadata were not imported. Click here to view the proposal with all details on Loomio.