livingsocial / bundler-patch

Update your gems conservatively to deal with vulnerable gems or just get more current.
MIT License
65 stars 3 forks source link

Support all bundler-patch commands without installing gems #34

Closed JuanitoFatas closed 8 years ago

JuanitoFatas commented 8 years ago

There is a bundle lock command (introduced in https://github.com/bundler/bundler/pull/3439) that will do exactly like bundle update (update lockfile without installing any gems).

Should we add --patch support to the lock command?

What's great about this lock command is that you can update your lockfile with a script, and let the script send the changes of lockfile to open a Pull Request, and your CI will run to know if anything went wrong.

So more for automation consumers. :)

chrismo commented 8 years ago

i didn't know about this command, thx! I think this needs to be added to the todo list in bundler issues, there are other todos to help make the conservative stuff compatible in other places (like outdated).

chrismo commented 8 years ago

closing this in favor of https://github.com/bundler/bundler/issues/4912