Safedep

safedep automatically writes missing version specifiers for dependencies in your Gemfile.

• Using >= Considered Harmful (or, What’s Wrong With >=) « Katz Got Your Tongue?

Version specifier with >= is considered harmful, then dependencies without version specifier must be super harmful. :)

Example

Here's a Gemfile with dependencies without version specifier:

$ cat Gemfile
source 'https://rubygems.org'

group :development, :test do
  gem 'rake'
  gem 'rspec'
  gem 'rubocop'
end

And they have already been installed via bundle install:

$ egrep '(rake|rspec|rubocop) ' Gemfile.lock
    rake (10.4.2)
    rspec (3.1.0)
    rubocop (0.28.0)

Then run safedep:

$ safedep

Now the Gemfile should have safe version specifiers in the SemVer way:

$ git diff
diff --git a/Gemfile b/Gemfile
index 5ff2c3c..488dd41 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,7 +1,7 @@
 source 'https://rubygems.org'

 group :development, :test do
-  gem 'rake'
-  gem 'rspec'
-  gem 'rubocop'
+  gem 'rake', '~> 10.4'
+  gem 'rspec', '~> 3.1'
+  gem 'rubocop', '~> 0.28'
 end

Installation

$ gem install safedep

Usage

Just run safedep command in your project's root directory, and then you should see the Gemfile is modified.

$ cd your-project
$ safedep

Options

--without

Specify groups to skip modification as comma-separated list.

$ safedep --without development,test

Compatibility

Tested on MRI 2.2, 2.3, 2.4, 2.5 and JRuby 9000.

License

Copyright (c) 2015 Yuji Nakayama

See the LICENSE.txt for details.