increase rest-client version to non-vulnerable one

[mathieujobin]

two vulnerability has been fixed since rest-client 1.8

Sources:
rest-client/rest-client#349
http://www.osvdb.org/show/osvdb/117461
rest-client/rest-client#369

Found using Gemnasium
https://gemnasium.com/mathieujobin/sports_data_api/alerts

[mathieujobin]

ping

[RLovelett]

I'm not sure how I feel about the switch from ~> to >=. Why is that necessary? I'd prefer to lock it to anything in the 1.8.x branch rather than anything greater.

Please switch it back to ~> unless you can provide a compelling argument as to why >= is better.

The version bump is a no brainer otherwise.

[mathieujobin]

I found that ~> is better for locking down dependencies on apps, and >= is better (less restrictive) on gems. I had issues with too restrictive conflicting gems

then the other question is do we want/need to forbid the 2.0.0 release coming up ?

[RLovelett]

That seems reasonable. See that is why I always prefer the ~> I am never up-to-date enough to know what 2.0.0 will break if it's allowed and I just always find it easier to say give me the one that I know (read: tested) it to work with.

I guess we'll just go to >= and if 2.0.0 breaks something people can submit a patch? Seems reasonable. What do you think?