From 7190e5563fdb884f34dbfce4f6a6c940fe947feb Mon Sep 17 00:00:00 2001 From: Igor Fedoronchuk Date: Tue, 2 Jun 2026 17:30:55 +0200 Subject: [PATCH] Tighten dependency version constraints MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Open-ended `>= X.Y` constraints triggered rubygems build warnings ("if X is semantically versioned, use ~> X.Y"). Convert each single-line floor to a pessimistic constraint or an explicit upper bound where appropriate: - devise, omniauth*, dev-only gems: `~> X.Y` (pessimistic — locks to the major). - rails: `>= 7.2, < 9` — must still allow Rails 8. - omniauth_openid_connect: `>= 0.6, < 1` — 0.6.x ships openid_connect 1.x (no faraday), 0.7.x+ ships 2.x (faraday 2.x); both work, but staying inside 0.x avoids surprises if a 1.0 reshapes the API. - sqlite3 dev-dep: `>= 1.7, < 3` — sqlite3 2.x and 1.x both work for the in-memory test DB; 3.x not yet vetted. --- activeadmin-oidc.gemspec | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/activeadmin-oidc.gemspec b/activeadmin-oidc.gemspec index c443dc1..fe2326d 100644 --- a/activeadmin-oidc.gemspec +++ b/activeadmin-oidc.gemspec @@ -31,30 +31,30 @@ Gem::Specification.new do |spec| # Devise 5.0 wraps `Devise.mappings` with `reload_routes_unless_loaded` # (heartcombo/devise#5728) so OmniAuth's failure handler works under # Rails 8 lazy route loading without an engine-side workaround. - spec.add_dependency "devise", ">= 5.0" - spec.add_dependency "omniauth", ">= 2.1" - spec.add_dependency "omniauth-rails_csrf_protection", ">= 1.0" + spec.add_dependency "devise", "~> 5.0" + spec.add_dependency "omniauth", "~> 2.1" + spec.add_dependency "omniauth-rails_csrf_protection", "~> 1.0" # 0.6.x → openid_connect 1.x (httpclient-based, no faraday dep). # 0.7.x+ → openid_connect 2.x (faraday 2.x). Host apps still on faraday 1.x # need 0.6.x. activeadmin-oidc only uses the standard OmniAuth strategy # registration API, which is identical across both lines. - spec.add_dependency "omniauth_openid_connect", ">= 0.6" - spec.add_dependency "rails", ">= 7.2" + spec.add_dependency "omniauth_openid_connect", ">= 0.6", "< 1" + spec.add_dependency "rails", ">= 7.2", "< 9" - spec.add_development_dependency "rspec-rails", ">= 6.0" - spec.add_development_dependency "capybara", ">= 3.40" - spec.add_development_dependency "webmock", ">= 3.19" - spec.add_development_dependency "jwt", ">= 2.7" - spec.add_development_dependency "sqlite3", ">= 1.7" + spec.add_development_dependency "rspec-rails", "~> 6.0" + spec.add_development_dependency "capybara", "~> 3.40" + spec.add_development_dependency "webmock", "~> 3.19" + spec.add_development_dependency "jwt", "~> 2.7" + spec.add_development_dependency "sqlite3", ">= 1.7", "< 3" # The asset pipeline gems live in the per-version gemfiles under # gemfiles/ rather than here: ActiveAdmin 3.5 needs Sprockets + Sassc, # while ActiveAdmin 4.0 needs Propshaft + importmap + cssbundling + # Tailwind. Keeping them out of the gemspec lets each gemfile install # exactly one asset stack instead of both. - spec.add_development_dependency "rake", ">= 13.0" - spec.add_development_dependency "rubocop", ">= 1.60" - spec.add_development_dependency "rubocop-rails", ">= 2.20" - spec.add_development_dependency "rubocop-rspec", ">= 2.25" + spec.add_development_dependency "rake", "~> 13.0" + spec.add_development_dependency "rubocop", "~> 1.60" + spec.add_development_dependency "rubocop-rails", "~> 2.20" + spec.add_development_dependency "rubocop-rspec", "~> 2.25" spec.metadata["rubygems_mfa_required"] = "true" end