Posted over 8 years ago. Visible to the public. Repeats.

How to update a single gem conservatively

The problem

Calling bundle update GEMNAME will update a lot more gems than you think. E.g. when you do this:

bundle update cucumber-rails

... you might think this will only update cucumber-rails. But it actually updates cucumber-rails and all of its dependencies. This will explode in your face when one of these dependencies release a new version with breaking API changes. Which is all the time.

In the example above updating cucumber-rails will give you Capybara 2.0 (because capybara is a dependency of cucumber-rails), which will break all your tests Archive .

The fix

Bundler >= 1.14 Archive has a --conservative flag. Using the conservative flag allows bundle update GEM to update the version of GEM, but prevents Bundler from updating the versions of any of the gems that GEM depends on.

For the example above you would say:

bundle update cucumber-rails --conservative

Options for old versions of bundler

The options below might be relevant if you're stuck with Bundler < 1.14:

Option 1

This will work if all dependencies for the update are already satisfied.

  • Find out the version you want to update to
  • Change it directly in Gemfile.lock
  • Run bundle install and see if that worked

Option 2

This will work if the gem has no shared dependencies with other gems.

  • Find out the version you want to update to.
  • Add that version explicitly to the Gemfile with , '=1.2.3'
  • Run bundle install
  • Remove the explicit version number again
  • Run bundle install once more

Option 3

This should always work.

  • Run bundle update GEMNAME
  • Run git diff Gemfile.lock and notice all the updates you didn't want
  • Revert the unwanted changes to Gemfile.lock you don't want (manually or by staging changed lines one-by-one), leaving only the desired updates.
  • Run bundle install and see if that worked

Option 4

There are persistent rumors Archive that you can update a single gem by calling bundle update --source GEMNAME. However no one seems to know how and why this works, it's not a documented feature of Bundler. It might be an unintended side effect of something else.

I believe this command will try to update GEMNAME and GEMNAME only. If this leads to unmatched dependencies to to other locked gems, it will fail.

If you use this option, be sure to git diff your Gemfile.lock to see if the changes are what you expected.

Once an application no longer requires constant development, it needs periodic maintenance for stable and secure operation. makandra offers monthly maintenance contracts that let you focus on your business while we make sure the lights stay on.

Owner of this card:

Henning Koch
Last edit:
over 3 years ago
by Henning Koch
bundler, bundle
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Henning Koch to makandra dev
This website uses short-lived cookies to improve usability.
Accept or learn more