Since bundler came out, managing dependencies on ruby applications has been amazing. Combined with some bootstrap script, it's really easy to download some source code, install, and run an application.
There is still some room for improvement though. I've always supported the use
of SemVer and pessimistic locking (the
~>). This will allow you to
update applications without pain. And, with all this rails vulnerabilities,
you need just that.
But, since people don't always have the versions on their
Gemfile, this can get
a little messy. So, I've created a simple gem to help you with that.
- 1. Simply install it:
$ gem install version_gemfile
- 2. Go to your rails application:
$ cd ~/my/ruby/application
- 3. And add the versions to your Gemfile:
How does it work?
This gem will go through each line in your
Gemfile looking for dependencies
that have no versions. Then, will look into your
Gemfile.lock for the version
you are currently using and add a pessimistic lock on that version.