Dependency on "multi_json ~>1.3" collides with activesupport (3.1.10)

[h5b]

Hi,

we are trying to upgrade brakeman to 1.9.1 on Rails 3.1
which has the following dependencies regarding "multi_json":

activesupport (3.1.10)
  multi_json (>= 1.0, < 1.3)

While brakeman depends on multi_json (~> 1.3) as stated in brakeman.gemspec.

require './lib/brakeman/version'

Gem::Specification.new do |s|
  [..]
  s.add_dependency "sass", "~>3.0"
  s.add_dependency "multi_json", "~>1.3"
end

The initial switch from "json_pure" to "multi_json" didn't refer to a specific
version. Could we by any chance fix this mutually exclusive dependency?

[presidentbeef]

Hi,

Thanks for reporting this! Yes, it should be possible to resolve this issue. I will look into it.

[h5b]

Thanks for looking into this.

[presidentbeef]

Looks like Rails 3.1 depends on MultiJson < 1.3 for the same reason Brakeman depends on MultiJson ~> 1.3: the MultiJson API started to change at that version.

However, we definitely want to avoid conflicts and support including Brakeman in Gemfiles for Rails 3.0 and 3.1, so I've moved the requirement back to ~> 1.2. I hope this allows enough overlap to fix the dependency.

If you can, please try the changes in #248 and let me know if it works for you.

[h5b]

Diff as found in #248 fixes the Issue. Upgrade works now and the report has been generated.
Thanks a lot!

[presidentbeef]

Great! Thanks for verifying.