You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The jwt gem's latest version is currently on 2.8.2, and the json gem is currently on 2.7.2.
When you declare your runtime dependencies with the ~> operator, it effectively means we cannot run the latest versions of those gems in our project alongside this gem, and can only run 2.4.1+ to > 2.5.0 for jwt and 2.6.2+ to > 2.7.0 for json respectively.
I've checked, and there is no reason to not allow 2.4.x+ and 2.6.x+ as dependencies, as this gem will a) be more compatible with existing projects, and b) allow us to upgrade shared dependencies past the versions declared in this gem, which is especially important when vulnerabilities have been found.
Please can you change the runtime dependencies to at least something like the below, which will make this gem more compatible without causing problems for itself?
I see no issue with making the gem versions more flexible to improve compatibility and allow for upgrading shared dependencies, especially in light of potential vulnerabilities. Please create a new PR with the updated runtime dependencies as suggested:
Hey there,
I issued PR #40 a while back, and it was closed recently by e22054f
Unfortunately, the gem versions declared are still too strict:
The
jwt
gem's latest version is currently on 2.8.2, and thejson
gem is currently on 2.7.2.When you declare your runtime dependencies with the
~>
operator, it effectively means we cannot run the latest versions of those gems in our project alongside this gem, and can only run 2.4.1+ to > 2.5.0 forjwt
and 2.6.2+ to > 2.7.0 forjson
respectively.I've checked, and there is no reason to not allow 2.4.x+ and 2.6.x+ as dependencies, as this gem will a) be more compatible with existing projects, and b) allow us to upgrade shared dependencies past the versions declared in this gem, which is especially important when vulnerabilities have been found.
Please can you change the runtime dependencies to at least something like the below, which will make this gem more compatible without causing problems for itself?
The text was updated successfully, but these errors were encountered: