signet change to required_ruby_version = 2.4 breaks install on older Ruby versions

[Footpad]

Summary

I am trying to install Fastlane in a Ruby 2.3 runtime which depends on google-api-client. This no longer works because the signet RubyGem has released a new version that sets the required ruby version to 2.4.

Recommendations

I would recommend either the following, or both:

• Ruby versions prior to 2.4 are now end-of-life. A new version of google-api-client could be released that requires Ruby 2.4 or later and has a version constraint of signet ~> 0.12.
• Support for older versions of Ruby can be maintained by updating the version constraint to signet >= 0.10, < 0.12

Environment details

• OS: macOS Mojave 10.14.6
• Ruby version: Ruby 2.3.8
• Gem name and version:

Steps to reproduce

1. Install a Ruby runtime version older than 2.4 (say, using ruby-build) and put it in the PATH.
2. gem install google-api-client

Expected result

The gem install would succeed.

Observed result

ERROR: error installing google-api-client:
signet requires Ruby version >= 2.4.0.

Workaround

The problem can be worked around by installing the penultimate version of signet before installing google-api-client: gem install signet --version 0.11.

[dazuma]

Hi, thanks for the report.

Unfortunately, you're running into a limitation (I would actually consider it a bug) in Rubygems. The gem install command doesn't check the minimum Ruby version for the gem against your own Ruby version; it only reports failure after the fact. There isn't much that this or any Ruby library can do about that.

We are updating google-api-client to require Ruby 2.4 in the next few days (and it also depends on the correspondingly updated signet and googleauth gems). See #834. However, that will probably not help you by itself. Your workaround will work, but as these and other gems update their Ruby requirements to match the Ruby EOL schedule, you'll need to pin more and more gems.

If you really need to continue to use Ruby 2.3 (which, as you pointed out, is end-of-life), I recommend using bundler to install gems. It is smart enough to check against the Ruby version requirement and find a set of gem releases that will satisfy your environment.

[milch]

There isn't much that this or any Ruby library can do about that.

Many would consider removing support for a previously supported language version a breaking change. A breaking change necessitates a major version bump in semantic versioning

If you are not using semver, you break many assumptions made by gem authors, e.g. usage of the ~> operator for version selection

[dazuma]

@milch The point is debatable and reasonable arguments can be made on both sides. (See, e.g. semver/semver#148 which was closed with no clear resolution.) We considered the options and intentionally decided not to consider this a breaking change because (1) there is no actual breaking API change inherent in the updated Ruby requirement, which seems to be the core intent of semver, and (2) tools like bundler shield users from actual breakage and indeed are intended to do so, making dependency-based "breakage" much less of an issue.

Finally, this gem is officially pre-1.0, and thus we do not actually make any semver guarantees with it anyway. This is probably a permanent state for this library since it is a conglomeration of all public Google APIs—as a result, breaking changes are made all the time, with nearly every release, as underlying APIs, many of which are also prerelease, change or are removed. We have tentative long-term plans to break this library into individual libraries for each API, at which point semver would probably make more sense for those individual libraries, but until then, don't expect this library to be semver-compliant.

[milch]

Sounds like we’ll have to disagree about what constitutes a breaking change. That they closed the ticket without resolution is a bit strange considering it seems to be an open question, and opinionated specs like semver are intended exactly to resolve this kind of debate.

I see you’ve merged one of the suggested changes from the OP (update ruby requirement to 2.4) in #834, so this can probably be closed if @Footpad agrees.

this gem is officially pre-1.0, and thus we do not actually make any semver guarantees with it anyway. This is probably a permanent state for this library

I assume the same applies to signet?

---

Also just to link this back here, at fastlane a lock to the signet version was added to specifically avoid this problem: fastlane/fastlane#15483

[dazuma]

Signet is in a different place. It is a targeted library with a specific purpose and requirements, and so it could reasonably go 1.0 in the future, at which point it would start following semver. (However, the caveat with updated dependency requirements still applies.)

Also FYI google-api-client 0.33.0 was released a few minutes ago. It requires Ruby 2.4 and has a signet constraint of ~> 0.12. As this is the OP's recommendation, I'm closing this issue.

[milch]

@dazuma Just FYI, there are people in the fastlane repo reporting Bundler trying to install signet 0.12 and failing on Ruby 2.3: fastlane/fastlane#15497 (comment)

[dazuma]

@milch I just commented in those threads. TL;DR make sure you use the correct bundler command to update your bundle.