Make gitlab/github/http dependencies optional (lazy loaded)

[emilebosch]

Hi, I love pronto but I don't want the extra deps. Because:

• It requires us to keep the dependent gems to be updated.
• Increases the attack vector
• and lowers the chance of this gem being approved by our security scrutiny check.
• Lowers the overal performance

Is it maybe an idea to split things out? We can choose a migration path like this:

We make a pronto-core that includes nothing. only the local runner. This is for people that just want pronto without the gitlab/github integration.

We can then make 2 gems one for gitlab, one for GitHub. And we add then as deps to pronto gem.

It would look like this in the end:

• pronto-core
• pronto-github
• pronto-gitlab
• pronto (basically an empty shim that bundles the top ones above)

Is this maybe a path forwards? Thanks a lot! <3

[bogn83]

That's definitely a good path forwards, I'm not a pronto contributor so this is just a user perspective, but let me add that sparing users the following 8 dependencies which are rather big gems

gitlab
octokit
httparty
faraday
sawyer
multi_xml
terminal-table
addressable

is quite something.

For that reason, I've put together a branch that's taking a stab at this. Specs are green. After I looked at it again and reviewed some things I'll likely make a pull request out of it. Note though that it's more of an easy route so far, it's not taking gem cutting into consideration.

[emilebosch]

@bogn83 Good stuff its a start! Would be nice if the contributors would give this a blessing !