I just recently had to redo my package.json because the latest web-ext package, to easily debug Firefox Web Extensions, required a node and npm update and it broke my complete gulp setup after running perfectly fine for 14 months.
I regularly run bundle update then I run my test suite to see if all tests pass. If so I commit.
Recently I upgraded to ruby 2.5.0 without any warnings.
I recently read a blog post about gem dependencies and how they can drag you down.
I remove faraday and more after that.
I regularly update my dependencies carefully, not only by doing bundle update but also by double-checking changelogs for the most mission-critical ones. Even if there are not major updates, I issue a PR stating which updates to which dependencies were made. Itās useful to have insight on regressions.
For those using Ruby, I suggest using something like Gemnasium or Deppbot to keep track of your dependencies (and update them automatically, if youāre confident enough).
There are no dependencies on my project (embedded C project). So, Iāve used the time to look into packaging some python scripts I want to distributeā¦
Took this opportunity mainly to improve the annotations in my Gemfile, and also spotted an unused gem in the test group in the process.
One thing I like about Gemfile vs. package.json is that you can add comments to explain why each thing is there and what itās for. For some weirdly-named gems, I would have to look up what it is every time I see it, so adding comments to remind myself of what each gem is for and where, in broad strokes, it fits into the applicationā¦ that saves me lots of time. For example, anybody know without looking it up what āredcarpetā does?
I was hoping to finally appease the (very helpful!) GitHub security warnings weāve been getting, but ended up going way over the 20 minutes and still have some broken tests. This is definitely one I need to finish.
We usually use Codeclimate to help out with this, but I used bundler audit with the updated audit DB (bundle audit update) and found and fixed a new vulnerability in one of the gems we use
I managed to remove the deprecated gem travis-lint, one that doesnāt have to part of the app dependencies awesome_print and moved another one to the production group of the Gemfile, rails_12factor.
I also identified few other gems that should also be either moved from their group or removed. Thatās what I call a successful 20min!