Lock dependencies version to avoid conflict #1545
Description
lua-resty-jwt depended on lua-resty-openssl and APIcast also have a direct dependencies on lua-resty-openssl.
If lua-resty-jwt is installed first, due to the requirement of 'lua-resty-openssl >= 0.6.8', lua-rover will then install the latest version of lua-resty-openssl-1.5.2, then when it tries to install lua-resty-openssl it will throw the following error since the version in Roverfile.lock is 1.5.1,
/usr/local/openresty/luajit/bin/luajit: /usr/local/openresty/luajit/share/lua/5.1/rover/lock.lua:186: cannot have two lua-resty-openssl
stack traceback:
[C]: in function 'error'
/usr/local/openresty/luajit/share/lua/5.1/rover/lock.lua:186: in function 'expand_dependencies'
/usr/local/openresty/luajit/share/lua/5.1/rover/lock.lua:214: in function 'resolve'
.../local/openresty/luajit/share/lua/5.1/rover/cli/lock.lua:23: in function <.../local/openresty/luajit/share/lua/5.1/rover/cli/lock.lua:11>
/usr/local/openresty/luajit/share/lua/5.1/rover/cli.lua:33: in function </usr/local/openresty/luajit/share/lua/5.1/rover/cli.lua:27>
.../luajit/lib/luarocks/rocks-5.1/lua-rover/scm-1/bin/rover:8: in main chunk
[C]: at 0x556371808d10
make: *** [Makefile:215: /opt/app-root/apicast/gateway/Roverfile.lock] Error 1
I think we should lock down the dependency version and improve lua-rover to use the minimum version that can satisfy all constraints