Conversation
🤖 GitHub commentsJust comment with:
|
donoghuc
left a comment
donoghuc
left a comment
There was a problem hiding this comment.
I'm not following this change? Why is this addition being added to the gemspec? If we want to simply ship a newer faraday, we should just update our gemfile.lock for this stream. Along that line I would expect a corresponding update
logstash/Gemfile.jruby-3.1.lock.release
Line 130 in 96f4035
logstash-core/logstash-core.gemspec
Outdated
| gem.add_runtime_dependency "elasticsearch", '~> 8' | ||
| gem.add_runtime_dependency "manticore", '~> 0.6' | ||
|
|
||
| gem.add_runtime_dependency "faraday", '< 3', '>= 2.14.1' |
There was a problem hiding this comment.
Gemfile.lock contains 2.13.x version. I think we should update that as well?!
🤦 Ah, didn't see this comment! Sorry for noise. |
|
@donoghuc If we update the gemspec we have a clear statement of the requirement I think, and next time we run the bump dependencies GH action (https://github.com/elastic/logstash/actions/workflows/version_bumps.yml) then the lock file should be updated contextually. But I could be wrong. |
|
@andsel I am hesitent to start pulling transitive dependencies into the top level of the gemspec. Over time it becomes really difficult to reason through what logstash dependencies we actually have. If for example the gem for which faraday is a truly a dependency of (therefore a transitive dependency to logstash) moves on from Faraday, or bumps to the next major version we will risk a conflict. IMO, we have the gemfile.lock pattern for this exact use case: Control exactly what gems we ship (rather than just the latest). The gemspec should be reserved for true top level dependencies or pinning to very specific versions (and that second use case could be argued for the Gemfile.template. |
💛 Build succeeded, but was flaky
Failed CI StepsHistory
cc @andsel |
5 participants
No description provided.