How do you keep up to date on gems?

I was asked an interview question on how I would keep an app’s gems up
date. Suppose there was a new gem because of some security issue for
instance ?

Where I worked before, we locked the gems in the gem file with a
particular version with the notation of something like:
gem ‘multi_json’ , ‘~> 1.8.2’

That way we would not get surprises when we updated the gems as changes
could occur without our being able to know what they where and the app
would be unstable. I’ve also found when some one gives you an app to
on and it has not been used for several months, if the gemfile has no
versions on the gems then you will have a hard time figuring out why
everything is broken or what gem version it used to work in.

I did not find there to be an easy answer to this question given that a
gem file can contain many gems and knowing when to go to a new version
not clear. At a certain point in time between projects, we might try to
update the gems. Is there a simple way to tell how far out of date the
in the gemfile are using a command of some kind ?

bundle outdated

Check this:

For instance Capybara project on github shows the status of dependencies
with a green button in Readme file.


On Saturday, March 1, 2014 3:18:39 PM UTC-5, Jedrin wrote:

That way we would not get surprises when we updated the gems as changes
in the gemfile are using a command of some kind ?

A couple of things. First, when you initially install gems, the system
automatically locks the version of the gem, whether you specify a
in the Gemfile or not. If you inherit an old application, the file
Gemfile.lock will tell you what gems it is using and what versions of
gems. When you run bundle install, it will stick to those versions,
if a newer version is available.

If you want to see if there are newer versions of the gem than the ones
application is using, run “bundle outdated” as the above post indicates.
That will list all of the gems used by your application that are

If you want to update a gem to a newer version, you run “bundle update
[gemname]” If you don’t include a gem name with the command, it will
update everything (in other words, ignore the Gemfile.lock).

Hope this helps.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs