Read more

How to update a single gem conservatively

Henning Koch
January 24, 2013Software engineer at makandra GmbH

The problem

Calling bundle update GEMNAME will update a lot more gems than you think. E.g. when you do this:

bundle update cucumber-rails
Illustration online protection

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

  • Prevents you from data breaches and liability risks
  • Upgrade at your own pace
  • Works with modern Rubies
Read more Show archive.org snapshot

... you might think this will only update cucumber-rails. But it actually updates cucumber-rails and all of its dependencies. This will explode in your face when one of these dependencies release a new version with breaking API changes. Which is all the time.

In the example above updating cucumber-rails will give you Capybara 2.0 (because capybara is a dependency of cucumber-rails), which will break all your tests Show archive.org snapshot .

The fix

Bundler >= 1.14 Show archive.org snapshot has a --conservative flag. Using the conservative flag allows bundle update GEM to update the version of GEM, but prevents Bundler from updating the versions of any of the gems that GEM depends on.

For the example above you would say:

bundle update cucumber-rails --conservative

If Bundler complains of a single dependency that it cannot resolve this way, simply add it to the command:

bundle update cucumber-rails capybara --conservative

Options for old versions of bundler

The options below might be relevant if you're stuck with Bundler < 1.14:

Option 1

This will work if all dependencies for the update are already satisfied.

  • Find out the version you want to update to
  • Change it directly in Gemfile.lock
  • Run bundle install and see if that worked

Option 2

This will work if the gem has no shared dependencies with other gems.

  • Find out the version you want to update to.
  • Add that version explicitly to the Gemfile with , '=1.2.3'
  • Run bundle install
  • Remove the explicit version number again
  • Run bundle install once more

Option 3

This should always work.

  • Run bundle update GEMNAME
  • Run git diff Gemfile.lock and notice all the updates you didn't want
  • Revert the unwanted changes to Gemfile.lock you don't want (manually or by staging changed lines one-by-one), leaving only the desired updates.
  • Run bundle install and see if that worked

Option 4

There are persistent rumors Show archive.org snapshot that you can update a single gem by calling bundle update --source GEMNAME. However no one seems to know how and why this works, it's not a documented feature of Bundler. It might be an unintended side effect of something else.

I believe this command will try to update GEMNAME and GEMNAME only. If this leads to unmatched dependencies to to other locked gems, it will fail.

If you use this option, be sure to git diff your Gemfile.lock to see if the changes are what you expected.

Posted by Henning Koch to makandra dev (2013-01-24 17:19)