Gemspec version dependencies are still too strict

[gee-forr]

Hey there,

I issued PR #40 a while back, and it was closed recently by e22054f

Unfortunately, the gem versions declared are still too strict:

  spec.add_runtime_dependency "rest-client", "~> 2.1.0"
  spec.add_runtime_dependency "jwt", "~> 2.4.1"
  spec.add_runtime_dependency "json", "~> 2.6.2"

The jwt gem's latest version is currently on 2.8.2, and the json gem is currently on 2.7.2.

When you declare your runtime dependencies with the ~> operator, it effectively means we cannot run the latest versions of those gems in our project alongside this gem, and can only run 2.4.1+ to > 2.5.0 for jwt and 2.6.2+ to > 2.7.0 for json respectively.

I've checked, and there is no reason to not allow 2.4.x+ and 2.6.x+ as dependencies, as this gem will a) be more compatible with existing projects, and b) allow us to upgrade shared dependencies past the versions declared in this gem, which is especially important when vulnerabilities have been found.

Please can you change the runtime dependencies to at least something like the below, which will make this gem more compatible without causing problems for itself?

  spec.add_runtime_dependency "rest-client", "~> 2.1"
  spec.add_runtime_dependency "jwt", "~> 2.4"
  spec.add_runtime_dependency "json", "~> 2.6"

[lvitals]

Hi @gee-forr,

I see no issue with making the gem versions more flexible to improve compatibility and allow for upgrading shared dependencies, especially in light of potential vulnerabilities. Please create a new PR with the updated runtime dependencies as suggested:

spec.add_runtime_dependency "rest-client", "~> 2.1"
spec.add_runtime_dependency "jwt", "~> 2.4"
spec.add_runtime_dependency "json", "~> 2.6"

Thank you!