Since bundler came out, managing dependencies on ruby applications has been amazing. Combined with some bootstrap script, it's really easy to download some source code, install, and run an application.

There is still some room for improvement though. I've always supported the use of SemVer and pessimistic locking (the ~>). This will allow you to update applications without pain. And, with all this rails vulnerabilities, you need just that.

But, since people don't always have the versions on their Gemfile, this can get a little messy. So, I've created a simple gem to help you with that.

Welcome version_gemfile

  • 1. Simply install it: $ gem install version_gemfile
  • 2. Go to your rails application: $ cd ~/my/ruby/application
  • 3. And add the versions to your Gemfile: $ version_gemfile

How does it work?

This gem will go through each line in your Gemfile looking for dependencies that have no versions. Then, will look into your Gemfile.lock for the version you are currently using and add a pessimistic lock on that version.

The code can be found on Github. If you have any problems, open an issue there or ping me on Twitter.