Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Use twiddle wakka for rails dependency. #807

wants to merge 1 commit into


None yet
4 participants

JDutil commented Nov 21, 2011

Since your experimenting with loosening up the rails dependency I think it would be simpler to use a twiddle wakka:

s.add_dependency 'rails', '~>  3.1.1'

This would allow developers to update their rails version to to any 3.1.x release above 3.1.1 without waiting for a spree update after every release. Should problems be found with a particular new Rails release than it would be more appropriate to go to the >= / <= versioning.

This will help developers keep up to date easier, and reduce the development Spree needs to do.



joneslee85 commented Nov 21, 2011

IMHO, I think it is not a good idea as we want to control versioning scope to ensure the product functioning.


radar commented Nov 21, 2011

This is correct.

We don't want the situation where there's a new release of Rails that breaks our gem because then people complain about the breakage. We will do everything in our power to bump the Rails version to the latest, test it and release a new version as soon as a new version of Rails is released.

@radar radar closed this Nov 21, 2011


radar commented Nov 21, 2011

Good example of this: The Rails 3.1.2 release and the 2.3.6, 2.3.7 and 2.3.8 releases.


JDutil commented Nov 21, 2011

Completely understandable. I was just thinking of Rails 3.1.2 also. I was being optimistic on Rails having more solid releases.

However with the current dependencies users may still wind up on Rails 3.1.2 and complaining of a breakage. Having the looser ~> makes it easier for developers to fix their apps in cases where there are rapid rails releases fixing a regression and Spree may not allow it due to the tight <= versioning. Granted this may be a moot point when Spree does a great job keeping up with the Rails releases.

If you want to avoid developers complaining to Spree about bugs that are due to Rails it does make sense to keep tighter control over it, but in my opinion it could help developers find and fix issues easier if they have greater control.


JDutil commented Nov 22, 2011

For example users of Spree 0.70.2 are currently stuck on Rails 3.1.1 or 3.1.2, and cannot update to the latest Rails 3.1.3, which requires a Spree 0.70.3 release.

mck9 commented Jun 1, 2012

It would also make it easier to keep the rails app secure. See yesterdays Active Record vulnerability.

    spree (= 1.1.1) ruby depends on
      rails (<= 3.2.3, >= 3.2.2) ruby

Oh no, f#*@ed!

radar added a commit that referenced this pull request Jun 4, 2012


radar commented Jun 4, 2012

@mck9: If you use latest master or 1-1-stable it will depend on 3.2.5 only.

radar added a commit that referenced this pull request Jun 4, 2012

radar added a commit that referenced this pull request Jun 6, 2012

mck9 commented Jun 9, 2012

@radar yeah, thanks, found out about it. so it is favorable to use the source ...


radar commented Jun 10, 2012

If you want the absolute latest and greatest, yes. The master branch can be unstable at times, but the other branches (with the -stable suffixes) we tend to keep stable. Any bugs on those are considered serious.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment