Feature #15619
closedSupport blacklisting certain dependency versions
Description
Abstract¶
This feature request proposes introducing a new dependency constraint "!=", which will allow to blacklist a specific buggy version of some gem dependency without dropping support for older releases.
Background¶
I am developing a gem which extends functionality of the Mail gem. It works with Mail 2.6.4 onwards (the current latest is 2.7.1), therefore I'd normally define a dependency constraint as combination of "~> 2.6" AND ">= 2.6.4".
However, there is one exception: Mail version 2.7.0 has some bug, which is fatal for my gem. This bug has been fixed in 2.7.1. I need to prevent users from using the buggy version of Mail with my gem. Currently, I can do following:
-
Bump version constraint on Mail gem to "~> 2.7" AND ">= 2.7.1".
-
Release two separate gems (or versions), one with constraint "~> 2.6.4", and another with "~> 2.7" AND ">= 2.7.1".
-
Display a proper message in README and post-install step in order to inform users that they should care about Mail version themselves (e.g. constrain it in their gemfiles).
-
Perform a runtime check, and raise exception on incompatible Mail version.
-
Any reasonable combination of above.
Option 1 seems to be the best. It is easy and very straightforward, also it does not break Bundler's gem resolution. However, it seems wrong to remove support for older versions only because single version of Mail is buggy. What is more, such change to dependencies may be considered as a breaking one. Option 2 adds an unnecessary maintenance burden, and feels odd in general. Options 3 and 4 are also quite odd, as they seem to be an unnecessary complication, and may surprise users who have just upgraded my gem.
Actually, what I would really want to achieve is to be able to define dependency constraint as "~> 2.6" AND ">= 2.6.4" BUT NOT "= 2.7.0".
Proposal¶
For this reason, I propose introducing "!=" version constraints which exclude unwanted version explicitly. For example, in my case I could write "~> 2.6" AND ">= 2.6.4" AND "!= 2.7.0".
Updated by skalee (Sebastian Skalacki) almost 6 years ago
- Subject changed from Blacklist certain dependency versions to Support blacklisting certain dependency versions
Updated by duerst (Martin Dürst) almost 6 years ago
- Status changed from Open to Third Party's Issue
This request makes a lot of sense to me.
However, while the gem library is part of Ruby, they are developed separately. I suggest you submit your request to https://github.com/rubygems/rubygems/issues.
Updated by skalee (Sebastian Skalacki) almost 6 years ago
Thanks for your suggestion. Moved to https://github.com/rubygems/rubygems/issues/2659.
Updated by hsbt (Hiroshi SHIBATA) almost 3 years ago
- Project changed from 14 to Ruby master