To not having to match exact tiny versions of all dependencies for big apps.

We should approach each upstream and make them promise they will follow Semantic Versioning. issue for allowing SemVer compliance field.


"If tiny version change is allowed, we can surely keep minor versions updated in debian and major versions can be embedded if those cannot be synced." - Praveen

"I would love it would work that way. But it’s a dreamworld. Start out by looking at how many of our dependencies are at 0.x.y, even following ?SemVer, you’re allowed to break everything with any release in that period, regardless of version number.

Now ignoring that fact, it assumes people don’t make mistakes. But they do, they release broken things in patch versions. Support for new major versions of other dependencies is added with just a patch release. Keeping an unspecific dependency graph of this size in a compatible state while allowing the most broad version requirements is a fucking full time job. We opted to actually be able to develop diaspora* further in our time and test against only two exact graphs specifically. Anything that breaks the exact graph, we cannot, will not and should not support." - Jonne Haß


  1. typhoeus

  2. valid

  3. devise

  4. doorkeeper

  5. fog

  6. unicorn

  7. slack notifier

  8. request_store

  9. omniauth-saml

  10. licensee

  11. faraday (like ?SemVer even though it is 0.x)

  12. addressable

  13. browser

  14. active_model_serializers (like ?SemVer even though it is 0.x)

  15. stringex

  16. hamlit

  17. sentry-raven - kind of, mostly

  18. rdoc

  19. kaminari - kind of, mostly

  20. oauth2

  21. kubeclient

  22. octokit (already mentioned in README)
  23. oj

  24. omniauth (already mentioned in README)
  25. gettext_i18n_rails_js

  26. recursive-open-struct

  27. pg


  1. sidekiq - negative, it will never be supported

  2. compass-rails - (bug closed without any explanation)

  3. httpclient - will try, but no promise

  4. rack-oauth2 - closed without reply, dropped ruby version support in a minor update

  5. toml-rb - closed without reply


  1. tinder

  2. gon

  3. github-markup

  4. devise-two-factor

  5. redis-store

  6. net-ssh

  7. nokogiri

  8. omniauth-twitter

  9. omniauth-github

  10. asset_sync