Dependence on rails 3.0.3 is a problem for the new 3.0.4 security release #44
Comments
|
+1 Gems shouldn't declare a hard dependency like that. Unnecessary and annoying! |
|
+1 This change would be really helpful. |
|
+1 This change would be extremely helpful here too. |
|
+1 here too |
|
+1 as well. |
|
+1 I was hoping to try this out, but I can't because I have Rails 3.0.4 |
|
Fixed this guys, and pushed 2.0.0.rc7 to rubygems.org. I know hard dependencies are an issue, but we need to tread lightly with this gem since we mimic some deep ActiveRecord magic in the code used to rebuild past revisions. The 3.0.4 ActiveRecord release had indeed changed some internals which caused AAA to break. I've updated and ensured the behavior is consistent for 3.0.3 & 3.0.4. Unfortunately we can't make any guarantees for 3.0.5 releases at this point in time. Cheers ! |
rocket-turtle
pushed a commit
to rocket-turtle/audited
that referenced
this issue
Jan 4, 2023
Fix for incorrect aliasing
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Rails 3.0.4 was released to fix a couple of security issues. acts_as_audited declares 3.0.3 as a dependency can this be changed to >=3.0.3 if 3.0.3 minimum is actually required or ~> 3.0 if just rails 3 is required
The text was updated successfully, but these errors were encountered: