Bulk selection for patch level and risk of breaking changes

[deniciocode]

Use Case

As a user I would like to select all gems based on the level of risk it takes to update them.

For example:

If I only want to update gems which will not break. In this case a keymap to select all of them would be very helpful.

[mattbrictson]

Interesting idea! Do you have a suggested key mapping for this? Right now our key mappings look like:

• j/k/n/p vi and emacs up/down
• a/r select all and reverse select (see #16)

Perhaps this?

• shift-p select [P]atches
• shift-i select m[I]nor
• shift-j select ma[J]or
• shift-s select [S]ecurity

[deniciocode]

Hey @mattbrictson I do not have an idea what could be the mapping here. Your suggestion sound valid to me.

[sirwolfgang]

Part of this, I it would be nice to be able to upgrade everything at that risk level; Like I want to get everything to the latest patch or minor level before bumping the major, because often that's the intended upgrade flow. So it's not necessarily I want to skip straight to the latest version, but I want to go to the latest within a risk group.

[mattbrictson]

@sirwolfgang I agree; I think there are two slightly different features being discussed.

Right now, update-interactive resolves the Gemfile by trying to find the latest upgradeable version for each gem, and then displays those in a table for you to pick and choose. We can offer shortcuts to choose a subset of these updates based on risk. I think this is the feature originally requested in the issue.

A different approach would be to limit the Gemfile resolution algorithm itself, to only allow certain updates, similar to running bundle update --patch.

For example, consider your lock file currently has rack 2.2.7. To limit risk, you might want to update to rack 2.2.9 (the latest in the 2.x series) before going all the way to the latest, which is rack 3.1.7. Right now update-interactive will only give you the 3.1.7 option.

Because of the complexity of Bundler's dependency resolution algorithm, update-interactive can't know that both the 2.2.9 and the 3.1.7 options exist without having to re-resolve the Gemfile. So I think this is an option that needs to be provided up front, like bundle update-interactive --patch. I'll open a separate issue to capture this as a feature request.