gem version 1.11.0 requires json gem version < 2.0, please release new fpm gem version #1741
Comments
|
#1950 removes the |
jordansissel
added a commit
that referenced
this issue
Nov 3, 2022
The original `json` gem dependency was added in the original fpm.gemspec because, at the time, Ruby 1.8.7 was common and required an external `json` dependency for parsing JSON. Later, Ruby releases since 1.9.1 have bundled `json`[1]. Therefore, it feels safe to remove this dependency. As a bonus, the rubygems `json` gem places requirements on the minimum version of Ruby. At this time, the latest `json` gem requires Ruby >= 2.3. If the `json` gem dependency is removed, fpm will still retain the ability to process JSON while lowering the minimum required Ruby version to Ruby 1.9.x -- It's not perfect, but it's a start! :) [1] https://docs.ruby-lang.org/en/2.3.0/NEWS-1_9_1.html The idea for this change change came originally from a discussion with @edolnx in #1949 Fixes #1741, #1264, #1949
jordansissel
added a commit
that referenced
this issue
Nov 3, 2022
The original `json` gem dependency was added in the original fpm.gemspec because, at the time, Ruby 1.8.7 was common and required an external `json` dependency for parsing JSON. Later, Ruby releases since 1.9.1 have bundled `json`[1]. Therefore, it feels safe to remove this dependency. As a bonus, the rubygems `json` gem places requirements on the minimum version of Ruby. At this time, the latest `json` gem requires Ruby >= 2.3. If the `json` gem dependency is removed, fpm will still retain the ability to process JSON while lowering the minimum required Ruby version to Ruby 1.9.x -- It's not perfect, but it's a start! :) [1] https://docs.ruby-lang.org/en/2.3.0/NEWS-1_9_1.html The idea for this change change came originally from a discussion with @edolnx in #1949 Fixes #1741, #1264, #1949
jordansissel
added a commit
that referenced
this issue
Nov 4, 2022
The original `json` gem dependency was added in the original fpm.gemspec because, at the time, Ruby 1.8.7 was common and required an external `json` dependency for parsing JSON. Later, Ruby releases since 1.9.1 have bundled `json`[1]. Therefore, it feels safe to remove this dependency. As a bonus, the rubygems `json` gem places requirements on the minimum version of Ruby. At this time, the latest `json` gem requires Ruby >= 2.3. If the `json` gem dependency is removed, fpm will still retain the ability to process JSON while lowering the minimum required Ruby version to Ruby 1.9.x -- It's not perfect, but it's a start! :) [1] https://docs.ruby-lang.org/en/2.3.0/NEWS-1_9_1.html The idea for this change change came originally from a discussion with @edolnx in #1949 Fixes #1741, #1264, #1949
|
fpm 1.15.0 is released and, I believe, has resolve this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The json gem version requirement has already been relaxed on master, but no new gem has ben built and released on rubygems.org.
As far I know, all 1.x json gems have security issues, so we constantly get warnings about using insecure json gems.
It would help us quite a bit if you could a release a new gem version from the current master.
The text was updated successfully, but these errors were encountered: