Through the years, I have contributed to various Rails projects, from huge Rails apps like Skroutz.gr to fresh Rails 6 projects like Tefter.io and I have come to the following rules regarding Ruby gems and their upgrade process.
Let Bundler do its job. Do not use specific versions unless it is really needed.
If you want to set a specific version, be pessimistic. Use the twiddle-waka operator.
Do not host forked gems. Prefer to create PRs. If it is absolutely necessary to do this, set a goal to release your work to the public soon.
Be patient when new gem versions are released, except for security updates. Choose monthly or bi-monthly periods for updates and stick with them.
Use tools like Github's Dependabot alerts and protect your code as fast as possible. Better safe than sorry.
Do not update your gems blindly. Use tools like gemdiff to inspect the changes or at least the commit messages. Try to get an idea of what changes will be introduced to your repo.
Top comments (0)