Keep Your Gems Updated
I recently went back through my backups recently and found quite a few old abandoned projects. Looking back on the code I see some things I’m impressed with, but the majority of the code I wouldn’t write today. That’s not to say the code is bad, or doesn’t function. It did exactly what I wanted to accomplish at the time, just not necessarily in the most efficient way.
This archive of old code made me start wondering how much old code I’m using in
the projects that I’m currently writing. Not code that I’ve written but code
that I’m depending on, specifically gems. As of this writing I have 26 active
ruby projects in various states of development all of which make use of RVM and
bundler provides an easy way to update all the gems
installed in a project unless specific version information was provided in the
Gemfile. None of my projects have had a version directly specified in the
Gemfile with the exception of Rails. Each project also has solid test
coverage (though I must admit it’s usually not complete).
For each project I went through and ran
bundle update and kept track of the
results. I did not keep track of unique gems so the four Rails projects
probably had a lot of duplicate gems each one more or less likely to have
different versions of different gems installed depending on when I started the
Across all of the different projects I had 2214 gems installed. Of those 813 had updates. My initial plan was to go through the updates and see how many of those updates were security or bug fixes, how many were added features, or performance improvements, but I wasn’t counting on the shear number of gems that my projects were depending on.
The big question for myself after I updated the Gems was how much will this be now? Running through the thousands of tests in all of the projects I had exactly 7 tests that were now failing and they were all due too projects that removed or renamed a piece of functionality that I was making use of. In one case I had to extend the core Hash method to replace the functionality. All in all it took me about a quarter of an hour to fix all the tests after updating my Gems.
Since I didn’t actually go through all of the gems I don’t know for sure that my projects are in anyway more secure, faster, or more stable but I can’t imagine they’re in a worse state. If you have test coverage on your projects you should try and update the gems and see for yourself.