Project

General

Profile

Actions

Feature #15619

closed

Support blacklisting certain dependency versions

Added by skalee (Sebastian Skalacki) over 5 years ago. Updated almost 3 years ago.

Status:
Third Party's Issue
Assignee:
-
Target version:
-
[ruby-core:91615]

Description

Abstract

This feature request proposes introducing a new dependency constraint "!=", which will allow to blacklist a specific buggy version of some gem dependency without dropping support for older releases.

Background

I am developing a gem which extends functionality of the Mail gem. It works with Mail 2.6.4 onwards (the current latest is 2.7.1), therefore I'd normally define a dependency constraint as combination of "~> 2.6" AND ">= 2.6.4".

However, there is one exception: Mail version 2.7.0 has some bug, which is fatal for my gem. This bug has been fixed in 2.7.1. I need to prevent users from using the buggy version of Mail with my gem. Currently, I can do following:

  1. Bump version constraint on Mail gem to "~> 2.7" AND ">= 2.7.1".

  2. Release two separate gems (or versions), one with constraint "~> 2.6.4", and another with "~> 2.7" AND ">= 2.7.1".

  3. Display a proper message in README and post-install step in order to inform users that they should care about Mail version themselves (e.g. constrain it in their gemfiles).

  4. Perform a runtime check, and raise exception on incompatible Mail version.

  5. Any reasonable combination of above.

Option 1 seems to be the best. It is easy and very straightforward, also it does not break Bundler's gem resolution. However, it seems wrong to remove support for older versions only because single version of Mail is buggy. What is more, such change to dependencies may be considered as a breaking one. Option 2 adds an unnecessary maintenance burden, and feels odd in general. Options 3 and 4 are also quite odd, as they seem to be an unnecessary complication, and may surprise users who have just upgraded my gem.

Actually, what I would really want to achieve is to be able to define dependency constraint as "~> 2.6" AND ">= 2.6.4" BUT NOT "= 2.7.0".

Proposal

For this reason, I propose introducing "!=" version constraints which exclude unwanted version explicitly. For example, in my case I could write "~> 2.6" AND ">= 2.6.4" AND "!= 2.7.0".

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0