List updatable dependencies of a Ruby project
A typical Ruby project has many dependencies managed by Bundler. If this project is a web application based on a web framework (ex: Ruby on Rails), it will also have many Node JS dependencies. Any software project will have many dependencies that are out of date. Unless there is a security vulnerability having outdated libraries is not an issue.
However, to avoid ending up with a relic, we should update libraries promptly. Fortunately, Bundler and Yarn provide tools to identify outdated dependencies and available new versions.
Bundler
Bundler is a great tool that helps us manage a project's dependencies. It provides us with the helpful command bundle outdated
to identify outdated Ruby gems.
⇒ bundle outdated
Fetching gem metadata from https://rubygems.org/...........
Resolving dependencies...........
Gem Current Latest Requested Groups
actioncable 6.1.4.4 7.0.0
actionmailbox 6.1.4.4 7.0.0
actionmailer 6.1.4.4 7.0.0
...
puma 5.3.2 5.5.2 ~> 5.0 default
pundit 2.1.0 2.1.1 >= 0 default
...
rails 6.1.4.4 7.0.0 ~> 6.1.2, >= 6.1.2.1 default
railties 6.1.4.4 7.0.0
redis 4.2.5 4.5.1 ~> 4.0 default
reform 2.6.0 2.6.1 ~> 2.6.0 default
reform-rails 0.2.2 0.2.3 ~> 0.2.2 default
...
This is not particularly useful because it provides us with a complete list of libraries used in the project. Ideally, we only need to know about gems specified in the Gemfile. That is what the --only-explicit
option does:
⇒ bundle outdated --only-explicit
Fetching gem metadata from https://rubygems.org/...........
Resolving dependencies...........
Gem Current Latest Requested Groups
bootsnap 1.7.5 1.9.3 >= 1.4.4 default
cells-rails 0.0.6 0.1.4 >= 0 default
dry-validation 1.6.0 1.7.0 >= 0 default
jbuilder 2.11.2 2.11.5 ~> 2.7 default
letter_opener_web 1.4.0 2.0.0 >= 0 development
listen 3.5.1 3.7.0 ~> 3.3 development
omniauth-facebook 8.0.0 9.0.0 ~> 8.0 default
puma 5.3.2 5.5.2 ~> 5.0 default
pundit 2.1.0 2.1.1 >= 0 default
rack-mini-profiler 2.3.2 2.3.3 ~> 2.0 development
rails 6.1.4.4 7.0.0 ~> 6.1.2, >= 6.1.2.1 default
redis 4.2.5 4.5.1 ~> 4.0 default
reform 2.6.0 2.6.1 ~> 2.6.0 default
reform-rails 0.2.2 0.2.3 ~> 0.2.2 default
shoulda-matchers 4.5.1 5.1.0 ~> 4.5 test
sidekiq 6.1.3 6.3.1 ~> 6.1.3 default
slim-rails 3.2.0 3.3.0 ~> 3.2.0 default
spring 2.1.1 4.0.0 >= 0 development
trailblazer-rails 2.1.7 2.3.0 ~> 2.1.7 default
tzinfo-data 1.2021.1 1.2021.5 >= 0 default
web-console 4.1.0 4.2.0 >= 4.1.0 development
webpacker 5.4.0 5.4.3 ~> 5.0 default
will_paginate 3.3.0 3.3.1 ~> 3.3 default
yard 0.9.26 0.9.27 >= 0 development
We can use this command in a particular library:
⇒ bundle outdated reform-rails
Fetching gem metadata from https://rubygems.org/...........
Resolving dependencies...........
Gem Current Latest Requested Groups
reform-rails 0.2.2 0.2.3 ~> 0.2.2 default
While less valuable, we can also check for outdated libraries in a particular group in the Gemfile:
⇒ bundle outdated --group="test"
Fetching gem metadata from https://rubygems.org/...........
Resolving dependencies...........
Gem Current Latest Requested Groups
shoulda-matchers 4.5.1 5.1.0 ~> 4.5 test
A complete list of options available to you can be found using bundle outdated --help
.
BUNDLE-OUTDATED(1)
NAME
bundle-outdated - List installed gems with newer versions available
SYNOPSIS
bundle outdated [GEM] [--local] [--pre] [--source] [--strict] [--parseable | --porcelain] [--group=GROUP] [--groups] [--update-strict] [--patch|--minor|--major] [--filter-major] [--filter-minor] [--filter-patch] [--only-explicit]
DESCRIPTION
Outdated lists the names and versions of gems that have a newer version available in the given source. Calling outdated with [GEM [GEM]] will only check for newer versions of the given gems. Prerelease gems are ignored by default. If your gems are up to date,
Bundler will exit with a status of 0. Otherwise, it will exit 1.
....
Yarn
Yarn provides us with a similar command to find outdated packages. It is a little fancier than bundler outdated
as it colours the output making it easy to identify which libraries need updates.
⇒ yarn outdated
yarn outdated v1.22.17
info Color legend :
"<red>" : Major Update backward-incompatible updates
"<yellow>" : Minor Update backward-compatible features
"<green>" : Patch Update backward-compatible bug fixes
Package Current Wanted Latest Package Type URL
@fontsource/material-icons-outlined 4.2.4 4.5.0 4.5.0 dependencies https://github.com/fontsource/fontsource/tree/master/packages/material-icons-outlined#readme
@fortawesome/fontawesome-free 5.15.3 5.15.4 5.15.4 dependencies https://fontawesome.com
@rails/actioncable 6.1.2 6.1.4 7.0.0 dependencies https://rubyonrails.org/
@rails/activestorage 6.1.2 6.1.4 7.0.0 dependencies https://rubyonrails.org/
@rails/ujs 6.1.2 6.1.4 7.0.0 dependencies https://rubyonrails.org/
@rails/webpacker 5.2.1 5.2.1 5.4.3 dependencies https://github.com/rails/webpacker
air-datepicker 2.2.3 2.2.3 3.1.0 dependencies https://air-datepicker.com
bootstrap 4.6.0 4.6.1 5.1.3 dependencies https://getbootstrap.com/
chart.js 2.9.4 2.9.4 3.7.0 dependencies https://www.chartjs.org
yarn 1.22.10 1.22.17 1.22.17 dependencies https://github.com/yarnpkg/yarn#readme
As with Bundler, Yarn allows us to use the outdated
command on a single library:
⇒ yarn outdated @rails/ujs
yarn outdated v1.22.17
info Color legend :
"<red>" : Major Update backward-incompatible updates
"<yellow>" : Minor Update backward-compatible features
"<green>" : Patch Update backward-compatible bug fixes
Package Current Wanted Latest Package Type URL
@rails/ujs 6.1.2 6.1.4 7.0.0 dependencies https://rubyonrails.org/
✨ Done in 6.01s
Conclusion
The software world changes rapidly, and it is essential to keep up with the tide. Your mission to upgrade your application by updating its dependencies bundle outdated
and yarn outdated
is beneficial. I am glad to see you are interested in keeping your libraries up-to-date.
Happy Hacking! 👍
About the Author
Ziyan Junaideen -
Ziyan is an expert Ruby on Rails web developer with 8 years of experience specializing in SaaS applications. He spends his free time he writes blogs, drawing on his iPad, shoots photos.