Issue #16951 has been updated by hsbt (Hiroshi SHIBATA).
would it be possible to get an update on this?
It's difficult to answer. All of dependencies are maintainer's convenience
basically.
I started to suggest to add dependency explicitly for gem authors at
https://bugs.ruby-lang.org/issues/19776. You can see this suggested gems at
https://github.com/ruby/ruby/blob/master/lib/bundled_gems.rb#L2.
On the other hand, I have no plan to add `net-http` into `Gem::BUNDLED_GEMS::SINCE`
because `net-http` provides core feature of RubyGems. So, we can't remove it from
default gems.
----------------------------------------
Bug #16951: Consistently referer dependencies
https://bugs.ruby-lang.org/issues/16951#change-104440
* Author: vo.x (Vit Ondruch)
* Status: Closed
* Priority: Normal
* Assignee: hsbt (Hiroshi SHIBATA)
* ruby -v: ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x86_64-linux]
* Backport: 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN
----------------------------------------
It seems that the default gems interdependencies in Ruby are mess. Years ago, when JSON
was merged into StdLib, there was big movement and everybody dropped their references to
JSON "because it is part of StdLib and therefore it is not needed". I always
thought that removing the references was mistake.
Now, there are other interesting cases. Let me name two I know about:
1) REXML is going to be removed from default gems in Ruby 2.8, so some packages already
started to introduce the dependency explicitly [1]. So once somebody uses Kramdown on
older Ruby, the external REXML of whatever version is going to be used.
2) There are also gems in StdLib, such as IRB, which are specifying their dependencies in
.gemspec file.
This is unfortunately causing very inconsistent user experience, depending if RubyGems are
enabled/disabled, if one is using Bundler or not, if somebody explicitly states something
somewhere and what dependencies are transitively pulled in.
I would really appreciate, if Ruby upstream finally paid attention to this problem. My
suggestion is that if some gem depends on some other gem, this dependency should be always
explicitly stated in the .gemspec file. This would provide clear precedence and guideline
to others. This would save all possible surprises and hidden issues, suddenly using
dependency of different version, which is pulled in transitively.
[1]:
https://github.com/gettalong/kramdown/commit/c1aa6ad98fab589050ab8e82897ec4…
--
https://bugs.ruby-lang.org/