The best tool to find leaky gems in your dependencies. Make sure memory leaks are not in your gem dependencies.
Gemfile.lock
Audit a project's Gemfile.lock
:
$ bundle leak
Name: celluloid
Version: 0.17.0
URL: https://github.com/celluloid/celluloid/issues/670
Title: Memory Leak using Celluloid::Future
Solution: remove or disable this gem until a patch is available!
Name: therubyracer
Version: 0.12.1
URL: https://github.com/cowboyd/therubyracer/pull/336
Title: Memory leak in WeakValueMap
Solution: upgrade to ~> 0.12.3
Unpatched versions found!
Update the ruby-mem-advisory-db that bundle leak
uses:
$ bundle leak update
cd data/ruby-mem-advisory-db
git pull origin main
remote: Enumerating objects: 14, done.
remote: Counting objects: 100% (14/14), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 9 (delta 5), reused 7 (delta 4), pack-reused 0
Unpacking objects: 100% (9/9), done.
From github.com:rubymem/ruby-mem-advisory-db
* branch main -> FETCH_HEAD
3254525..c4fc78e main -> origin/main
Updating 3254525..c4fc78e
Fast-forward
README.md | 68 ++++++++++++++++++++------------------------------------------------
gems/therubyracer/336.yml | 4 ++++
2 files changed, 24 insertions(+), 48 deletions(-)
Update the ruby-mem-advisory-db and check Gemfile.lock
(useful for CI runs):
$ bundle leak check --update
Rake task:
require 'bundler/plumber/task'
Bundler::Plumber::Task.new
task default: 'bundle:leak'
$ gem install bundler-leak
./bin/setup
# To populate data dir.bundle exec rake
Copyright (c) 2019 OmbuLabs (hello at ombulabs.com)
Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
bundler-leak is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
bundler-leak is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with bundler-leak. If not, see http://www.gnu.org/licenses/.
Everyone interacting in the bundler-leak project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.
bundler-leak
is maintained and funded by FastRuby.io, inc. The names and logos for FastRuby.io are trademarks of FastRuby.io, inc.