rack-jwt icon indicating copy to clipboard operation
rack-jwt copied to clipboard

Published 20 hours ago verified publisher icon eparreno

rack dependency on rubygems.org says `rack ~> 2.0.0` which differs from repo

Open copiousfreetime opened this issue 5 years ago • 1 comments

I was putting rack-jwt in a project that has depedency rack ~> 2.2 and bundler complains that there is a dependency issue.

% bundle
Fetching gem metadata from https://rubygems.org/...............
Resolving dependencies...
Bundler could not find compatible versions for gem "rack":
  In Gemfile:
    rack (~> 2.2)

    rack-jwt (~> 0.5) was resolved to 0.5.0, which depends on
      rack (~> 2.0.0)

The rack dependency on rubygems shows rack ~> 2.0.0 but the rack dependency in both the github tagged release and in the current repo show no version dependency on rack at all.

% gem dependency -r 'rack-jwt'
Gem rack-jwt-0.5.0
  bundler (~> 1.16.2, development)
  jwt (~> 2.1.0)
  rack (~> 2.0.0)
  rack-test (~> 1.0.0, development)
  rake (~> 12.0.0, development)
  rbnacl (~> 6.0.1, development)
  rspec (~> 3.8.0, development)
  simplecov (~> 0.16.0, development)

I pulled down the gem file directly from rubygems, and check the specification in gem file itself and the dependency is `rack ~> '2.0.0'

% gem fetch rack-jwt -v 0.5.0
Downloaded rack-jwt-0.5.0

% gem specification -l ./rack-jwt-0.5.0.gem
...
- !ruby/object:Gem::Dependency
  name: rack
  requirement: !ruby/object:Gem::Requirement
    requirements:
    - - "~>"
      - !ruby/object:Gem::Version
        version: 2.0.0
  type: :runtime
  prerelease: false
  version_requirements: !ruby/object:Gem::Requirement
    requirements:
    - - "~>"
      - !ruby/object:Gem::Version
        version: 2.0.0
...

I'm assuming that this is not the intended dependency, specially since the 0.4.0 version was rack >= 1.6.0 and there is no commit in the repo setting the rack dependency to ~> 2.0.0.

I would assume that a release of a 0.5.1 with the right dependency would solve this.

Thanks.

copiousfreetime avatar Apr 18 '20 00:04 copiousfreetime

I'm blocked by this as well - any chance of a bump to resolve this and allow usage with rack => 2.1? Perhaps a looser version spec of ~> 2.0? I can't see anything in the rack changelog on the minor versions that would have an impact

Similar to https://github.com/eparreno/rack-jwt/pull/19

dabarrell avatar Aug 03 '20 14:08 dabarrell

@dabarrell @copiousfreetime hey, I've just pushed 0.6.0 version with relaxed rack dependency. Enjoy!

nashby avatar Aug 31 '23 21:08 nashby