Stop bumping the minimum solidity version

[Arachnid]

OZ seems to regularly bump the version required in headers - for instance, recently it was bumped from ^0.5.0 to ^0.5.2. Since Truffle is currently pinned at 0.5.0, this breaks OZ for all Truffle projects until Truffle updates.

The pragma is intended to specify the minimum version with which the code is compatible. Can you please stop bumping it except where it requires the new compiler version to operate correctly?

[frangio]

Thanks for bringing this up @Arachnid! We really appreciate hearing other opinions about this.

Please see our rationale for bumping to 0.5.7 here: OpenZeppelin forcing Solidity version upgrade to v0.5.7.

One of our objectives in OpenZeppelin is to make it very hard to write incorrect code. While all of these [solc] bugs have a low probability of occurrence, we’d rather be extra-careful and force our users to use the latest Solidity version (v0.5.7) by updating the pragma solidity statement in all our contracts.

Given this, would you still say that we shouldn't bump to 0.5.7? Note that Truffle is not pinned to 0.5.0, since the user can choose any version they want. It's true that the default is 0.5.0, though, which should definitely be updated by Truffle.

The bump to 0.5.2 was not because of a solc bug, but because it removed a lot of false positive warnings affecting our codebase. This is admittedly a less legitimate reason but we felt it was justified by the significant improvement in the user experience.

[Arachnid]

I think that a library should be non-opinionated. Each component's version should be the earliest one you're confident works safely.

If you bump the minimum version each time a release comes out, you'll create a perverse situation where people pin their version of Open Zeppelin to one that doesn't break their build, and update that infrequently - the exact opposite of what you're trying to achieve.

Tangentially, I'm not aware of a way to select a different solc version in Truffle - how do you do that?

[nventuro]

@Arachnid thank you for bringing this up. After discussing this we decided to relax this requirement, and try to get other parts of the development ecosystem, such as truffle, to suggest upgrading compiler versions. We'll be reverting this change for the v2.3 release.

Tangentially, I'm not aware of a way to select a different solc version in Truffle - how do you do that?

There's an option on the truffle configuration file to set a compiler version: a new project will have these contents there:

  // Configure your compilers
  compilers: {
    solc: {
      // version: "0.5.1",    // Fetch exact version from solc-bin (default: truffle's version)
      //  optimizer: {
      //    enabled: false,
      //    runs: 200
      //  },
      // }
    }
  }

so it's simply a matter of removing the comment from that line and selecting an appropriate version. You can check out their documentation page to learn more about other options, including running from Docker, etc.