How do you keep up to date on gems?

musicdenotation · March 1, 2014, 9:20pm

I was asked an interview question on how I would keep an app’s gems up
to
date. Suppose there was a new gem because of some security issue for
instance ?

Where I worked before, we locked the gems in the gem file with a
particular version with the notation of something like:
gem ‘multi_json’ , ‘~> 1.8.2’

That way we would not get surprises when we updated the gems as changes
could occur without our being able to know what they where and the app
would be unstable. I’ve also found when some one gives you an app to
work
on and it has not been used for several months, if the gemfile has no
versions on the gems then you will have a hard time figuring out why
everything is broken or what gem version it used to work in.

I did not find there to be an easy answer to this question given that a
gem file can contain many gems and knowing when to go to a new version
is
not clear. At a certain point in time between projects, we might try to
update the gems. Is there a simple way to tell how far out of date the
gems
in the gemfile are using a command of some kind ?

Jedrin · March 1, 2014, 10:17pm

bundle outdated

Jedrin · March 2, 2014, 1:44pm

Check this:
https://gemnasium.com/features

For instance Capybara project on github shows the status of dependencies
with a green button in Readme file.

Regards
Gurpreet

Jedrin · March 2, 2014, 3:40pm

On Saturday, March 1, 2014 3:18:39 PM UTC-5, Jedrin wrote:

That way we would not get surprises when we updated the gems as changes
in the gemfile are using a command of some kind ?

A couple of things. First, when you initially install gems, the system
automatically locks the version of the gem, whether you specify a
version
in the Gemfile or not. If you inherit an old application, the file
Gemfile.lock will tell you what gems it is using and what versions of
those
gems. When you run bundle install, it will stick to those versions,
even
if a newer version is available.

If you want to see if there are newer versions of the gem than the ones
the
application is using, run “bundle outdated” as the above post indicates.
That will list all of the gems used by your application that are
outdated.

If you want to update a gem to a newer version, you run “bundle update
[gemname]” If you don’t include a gem name with the command, it will
update everything (in other words, ignore the Gemfile.lock).

Hope this helps.