1.5.3 breaks compatibility with 1.5.2

[skippy]

hey folks,

the API breaks between 1.5.2 and 1.5.3. For example, ::JWT.decoded_segments(token) no longer exists.

would you mind, going forward, if the API changes, to increment at least a minor, if not major, revision number?

thanks!

[eigilsagafos]

+1

[DigitallyBorn]

Also, base64url_decode. Very frustrating.

[databyte]

+1 to breaks in base64url_decode, it was being used by omniauth related work for X509.

[excpt]

I will yank the 1.5.3 release this weekend and re-release it as 1.6.0. In addition I will update the documentation to make the changes more visible.

Sorry for the issues this release caused.

I wasn't aware of the fact that the base64url_decode function was used outside the JWT library in other gems.

[databyte]

Thanks @excpt - unless you make it private methods, undoubtedly someone will find it and use it. Actually, probably for private methods too. But its been used apparently over a thousand times and these are just public repos.

[excpt]

@databyte Thanks for the info. :)

[connorshea]

See Semantic Versioning, which is what most people assume is being followed. This just broke for me after updating some unrelated gems, so now I have to force 1.5.2 in the Gemfile.

[excpt]

@connorshea @skippy @eigilsagafos @databyte @DigitallyBorn

If you have the time - can you check out the current master and test it with your projects? I made 2 PR #135 and #136 to fix the issues for the upcoming version 1.5.4.

[excpt]

Version 1.5.3 yanked.

[mwhahaha]

Please don't yank things until you've published something newer. You've broken a whole bunch of CIs as 1.5.3 is being calculated as a dependency but is not available.

[danleyden]

I would suggest publishing 1.5.4 with a fork of the 1.5.2 code (only
changes would be version and readme / changelog)

On 24 March 2016 at 15:01, Alex Schultz notifications@github.com wrote:

Please don't yank things until you've published something newer. You've
broken a whole bunch of CIs as 1.5.3 is being calculated as a dependency
but is not available.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#133 (comment)

[skippy]

ah, yep, I ran into this as well. 6 projects started to fail.

Would you mind putting 1.5.3 back up? Once it is published it should be locked. If you wouldn't mind, just publish 1.5.4 with backwards compatibility, and just going forward stick to semantic versioning? But the key is going forward :) @excpt, if I can help (besides calling shots from the cheap seats!) please let me know.

[skippy]

@danleyden that is a good idea!

[EmilienM]

@excpt I confirm @mwhahaha - it is breaking a bunch of CI, including OpenStack (30 Puppet modules, around 500 daily CI jobs are failing and will fail on that). Please publish 1.5.4.
Thanks a ton!

[excpt]

Version 1.5.4 released.

[excpt]

Thanks a lot for all the feedback. Lessons learned from the 1.5.3 disaster.

[EmilienM]

Thanks @excpt for your responsiveness, much appreciated.