The purpose of GemFresh is to expose useful information about how outdated your application gems are.
Create config/initializers/gem_fresh.rb for your Rails application. Fill it out like this:
# Any gems that you put in the Gemfile should also be listed here.
# The rake metrics:outdated_gems task calculates which gems are
# outdated and then combines that information with the information
# listed here about a particular gem's reach in the application code.
#
GemFresh::Config.configure do |gems|
# Updating these gems could require you to make large, system-wide changes
# to the application code.
gems.with_system_wide_impact %w(
resque
rspec
...
)
# Updating these gems could require you to make some changes to small
# sections of the application.
gems.with_local_impact %w(
fog
tabulous
...
)
# When updating these gems, you barely have to touch any code at all.
gems.with_minimal_impact %w(
airbrake
bullet
...
)
# We ignore these since we are in complete control of their update cycles.
gems.that_are_private %w(
job_state
...
)
end
See information on your outdated gems by running the rake task:
rake gem_fresh
This combines information from bundle outdated with the information in the GemFresh config to give a weighted view as to how outdated your third-party Ruby code is and how much it matters.
Whenever you add a gem to your Gemfile, add it to GemFresh.rb so that the rake task knows how important the gem is.
Gems are assigned points. The more central a gem is, and the more outdated it is, the higher the points. You can think of the points as a "bounty" on the gem, telling you how badly it needs to be updated.
If you're finding that gem_fresh takes forever you may want to temporarily change your Gemfile's source line from source 'https://rubygems.org' to source 'http://rubygems.org'. This is because bundle outdated makes a lot of requests to the Rubygems API. Removing the SSL handshake reduces the total time dramatically. (You may also want to check this Stack Overflow question.)
I'll re-emphasize that this should be a temporary change, because SSL protects you from a man-in-the-middle attack which could lead to you unknowingly installing bogus gems. It's less necessary to use SSL for this operation because no gems are installed; we're just querying the index for version data.
GemFresh was originally developed at District Management Group by Wyatt Greene, and is now maintained by DMGroup.
FAQs
Unknown package
We found that gem_fresh demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.
Security News
Michigan TypeScript founder Dimitri Mitropoulos implements WebAssembly runtime in TypeScript types, enabling Doom to run after processing 177 terabytes of type definitions.
Security News
vlt's new "reproduce" tool verifies npm packages against their source code, outperforming traditional provenance adoption in the JavaScript ecosystem.