Posted about 5 years ago. Visible to the public. Repeats.

How to update a single gem conservatively

Calling bundle update GEMNAME will update a lot more gems than you think. E.g. when you do this:

bundle update cucumber-rails

… you might think this will only update cucumber-rails. But it actually updates cucumber-rails and all of its dependencies. This will explode in your face when one of these dependencies release a new version with breaking API changes. Which is all the time.

In the example above updating cucumber-rails will give you Capybara 2.0 (because capybara is a dependency of cucumber-rails), which will break all your tests.

Unfortunately the position of Bundler is that you should document all your non-Semver versions instead, so you won't get love from Bundler for this.

We know of three ways to do convervative updates manually. They increase in effort, but for some situations the simpler methods will just not work:

Option 1

This will work if all dependencies for the update are already satisfied.

  • Find out the version you want to update to
  • Change it directly in Gemfile.lock
  • Run bundle install and see if that worked

Option 2

This will work if the gem has no shared dependencies with other gems.

  • Find out the version you want to update to.
  • Add that version explicitly to the Gemfile with , '=1.2.3'
  • Run bundle install
  • Remove the explicit version number again
  • Run bundle install once more

Option 3

This should always work.

  • Run bundle update GEMNAME
  • Run git diff Gemfile.lock and notice all the updates you didn't want
  • Revert the unwanted changes to Gemfile.lock you don't want (manually or by staging changed lines one-by-one), leaving only the desired updates.
  • Run bundle install and see if that worked

Option 4

There are persistent rumors that you can update a single gem by calling bundle update --source GEMNAME. However no one seems to know how and why this works, it's not a documented feature of Bundler. It might be an unintended side effect of something else.

I believe this command will try to update GEMNAME and GEMNAME only. If this leads to unmatched dependencies to to other locked gems, it will fail.

If you use this option, be sure to git diff your Gemfile.lock to see if the changes are what you expected.

Option 5

Bundler >= 1.14 has a --conservative flag. Using the conservative flag allows bundle update GEM to update the version of GEM, but prevents Bundler from updating the versions of any of the gems that GEM depends on.

Once an application no longer requires constant development, it needs periodic maintenance for stable and secure operation. makandra offers monthly maintenance contracts that let you focus on your business while we make sure the lights stay on.

Author of this card:

Henning Koch
Last edit:
12 months ago
by Emanuel De
bundler, bundle
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Henning Koch to makandra dev