{"id":13877875,"url":"https://github.com/mattbrictson/bundle_update_interactive","last_synced_at":"2026-03-05T06:03:44.200Z","repository":{"id":248013602,"uuid":"825550655","full_name":"mattbrictson/bundle_update_interactive","owner":"mattbrictson","description":"A stylish interactive mode for Bundler, inspired by `yarn upgrade-interactive`","archived":false,"fork":false,"pushed_at":"2025-04-01T23:12:07.000Z","size":6728,"stargazers_count":201,"open_issues_count":5,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-05T09:12:30.001Z","etag":null,"topics":["bundler","cli","ruby"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mattbrictson.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-08T04:09:14.000Z","updated_at":"2025-04-01T23:12:09.000Z","dependencies_parsed_at":"2024-08-03T04:31:47.122Z","dependency_job_id":"57c814ab-f7ff-4612-b664-13b6d6419996","html_url":"https://github.com/mattbrictson/bundle_update_interactive","commit_stats":null,"previous_names":["mattbrictson/bundle_update_interactive"],"tags_count":13,"template":false,"template_full_name":"mattbrictson/gem","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattbrictson%2Fbundle_update_interactive","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattbrictson%2Fbundle_update_interactive/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattbrictson%2Fbundle_update_interactive/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattbrictson%2Fbundle_update_interactive/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mattbrictson","download_url":"https://codeload.github.com/mattbrictson/bundle_update_interactive/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247980844,"owners_count":21027808,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bundler","cli","ruby"],"created_at":"2024-08-06T08:01:33.732Z","updated_at":"2026-03-05T06:03:44.192Z","avatar_url":"https://github.com/mattbrictson.png","language":"Ruby","readme":"# bundle_update_interactive\n\n[![Gem Version](https://img.shields.io/gem/v/bundle_update_interactive)](https://rubygems.org/gems/bundle_update_interactive)\n[![Gem Downloads](https://img.shields.io/gem/dt/bundle_update_interactive)](https://www.ruby-toolbox.com/projects/bundle_update_interactive)\n[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/mattbrictson/bundle_update_interactive/ci.yml)](https://github.com/mattbrictson/bundle_update_interactive/actions/workflows/ci.yml)\n\n**This gem adds an `update-interactive` command to [Bundler](https://bundler.io).** Run it to see what gems can be updated, then pick and choose which ones to update. If you've used `yarn upgrade-interactive`, the interface should be very familiar.\n\n\u003cimg src=\"images/update-interactive.png\" alt=\"Screenshot of update-interactive UI\" width=\"1154\" /\u003e\n\n---\n\n- [Quick start](#quick-start)\n- [Options](#options)\n- [Features](#features)\n- [Prior art](#prior-art)\n- [Support](#support)\n- [License](#license)\n- [Code of conduct](#code-of-conduct)\n- [Contribution guide](#contribution-guide)\n\n## Quick start\n\nInstall the gem:\n\n```\ngem install bundle_update_interactive\n```\n\nNow you can use:\n\n```\nbundle update-interactive\n```\n\nOr the shorthand:\n\n```\nbundle ui\n```\n\n## Options\n\n- `--commit` [applies each gem update in a discrete git commit](#git-commits)\n- `--latest` [modifies the Gemfile if necessary to allow the latest gem versions](#allow-latest-versions)\n- `--only-explicit` [updates Gemfile gems only (excluding indirect dependencies)](#exclude-indirect-dependencies)\n- `-D` / `--exclusively=GROUP` [limits updatable gems by Gemfile groups](#limit-impact-by-gemfile-groups)\n\n## Features\n\n### Semver highlighting\n\n`bundle update-interactive` highlights each gem according the severity of its version upgrade.\n\n\u003cimg src=\"images/semver.png\" alt=\"Severities are in red, yellow, and green\" width=\"480\" /\u003e\n\nGems sourced from Git repositories are highlighted in cyan, regardless of the semver change, due to the fact that new commits pulled from the Git repo may not yet be officially released. In this case the semver information is unknown.\n\n`bundle update-interactive` also highlights the exact portion of the version number that has changed, so you can quickly scan gem versions for important differences.\n\n\u003cimg src=\"images/version-highlight.png\" alt=\"Screenshot of highlighted version numbers\" width=\"70\" /\u003e\n\n### Security vulnerabilities\n\n`bundle update-interactive` uses [bundler-audit](https://github.com/rubysec/bundler-audit) internally to search for outdated gems that have known security vulnerabilities. These gems are highlighted prominently with white text on a red background.\n\n\u003cimg src=\"images/security.png\" alt=\"Screenshot of security vulnerability highlighted in red\" width=\"402\" /\u003e\n\nSome gems, notably `rails`, are composed of smaller gems like `actionpack`, `activesupport`, `railties`, etc. Because of how these component gem versions are constrained, you cannot update just one of them; they all must be updated together.\n\nTherefore, if any Rails component has a security vulnerability, `bundle update-interactive` will automatically roll up that information into a single `rails` line item, so you can select it and upgrade all of its components in one shot.\n\n### Git commits\n\nSometimes, updating gems can lead to bugs or regressions. To facilitate troubleshooting, `update-interactive` offers the ability to commit each selected gem update in its own git commit, complete with a descriptive commit message. You can then make use of tools like `git bisect` to more easily find the update that introduced the problem.\n\nTo enable this behavior, pass the `--commit` option:\n\n```\nbundle update-interactive --commit\n```\n\nThe gems you select to be updated will be applied in separate commits, like this:\n\n```\n* c9801382 Update activeadmin 3.2.2 → 3.2.3\n* 9957254b Update rexml 3.3.5 → 3.3.6\n* 4a4f2072 Update sass 1.77.6 → 1.77.8\n```\n\n\u003e [!NOTE]\n\u003e In rare cases, Bundler may not be able to update a gem separately, due to interdependencies between gem versions. If this happens, you will see a message like \"attempted to update [GEM] but its version stayed the same.\"\n\n### Held back gems\n\nWhen a newer version of a gem is available, but updating is not allowed due to a Gemfile requirement, `update-interactive` will report that the gem has been held back.\n\n\u003cimg src=\"images/held-back.png\" alt=\"Screenshot of rails and selenium-webdriver gems held back due to Gemfile requirements\" width=\"717\" /\u003e\n\nTo allow updates for gems that would normally be held back, use the `--latest` option (explained in the next section).\n\n### Allow latest versions\n\nNormally `update-interactive` only makes changes to your Gemfile.lock. It honors the version restrictions (\"pins\") in your Gemfile and will not update your Gemfile.lock to have versions that are not allowed. However with the `--latest` flag, update-interactive can update the version pins in your Gemfile as well. Consider the following Gemfile:\n\n```ruby\ngem \"rails\", \"~\u003e 7.1.0\"\n```\n\nNormally running `bundle update-interactive` will report that Rails is held back and therefore cannot be updated to the latest version. However, if you pass the `--latest` option like this:\n\n```\nbundle update-interactive --latest\n```\n\nNow Rails will be allowed to update. If you select to update Rails to the latest version (e.g. 7.2.0), `update-interactive` will modify the version requirement in your Gemfile to look like this:\n\n```ruby\ngem \"rails\", \"~\u003e 7.2.0\"\n```\n\nIn other words, it works similarly to `yarn upgrade-interactive --latest`.\n\n### Changelogs\n\n`bundle update-interactive` will do its best to find an appropriate changelog for each gem.\n\nIt prefers the `changelog_uri` [metadata](https://guides.rubygems.org/specification-reference/#metadata) published in the gem itself. However, this metadata field is optional, and many gem authors do not provide it.\n\nAs a fallback, `bundle update-interactive` will check if the gem's source code is hosted on GitHub, and scans the GitHub repo for obvious changelog files like `CHANGELOG.md`, `NEWS`, etc. Finally, if the project is actively documenting versions using GitHub Releases, the Releases URL will be used.\n\nIf you discover a gem that is missing a changelog in `bundle update-interactive`, [log an issue](https://github.com/mattbrictson/bundle_update_interactive/issues) and I'll see if the algorithm can be improved.\n\n### Git diffs\n\nIf your `Gemfile` sources a gem from a Git repo like this:\n\n```ruby\ngem \"rails\", github: \"rails/rails\", branch: \"7-1-stable\"\n```\n\nThen `bundle update-interactive` will show a diff link instead of a changelog, so you can see exactly what changed when the gem is updated. For example:\n\nhttps://github.com/rails/rails/compare/5a8d894...77dfa65\n\nThis feature currently works for GitHub, GitLab, and Bitbucket repos.\n\n### Exclude indirect dependencies\n\nJust like with `bundle outdated`, you can pass `--only-explicit` to limit updates to only gems that are explicitly listed in the Gemfile.\n\n```sh\nbundle update-interactive --only-explicit\n```\n\nThis will omit indirect dependencies from the list of gems that can be updated.\n\n### Limit impact by Gemfile groups\n\nThe effects of `bundle update-interactive` can be limited to one or more Gemfile groups using the `--exclusively` option:\n\n```sh\nbundle update-interactive --exclusively=group1,group2\n```\n\nThis is especially useful when you want to safely update a subset of your lock file without introducing any risk to your application in production. The best way to do this is with `--exclusively=development,test`, which can be abbreviated to simply `-D`:\n\n```sh\n# Update non-production dependencies.\n# This is equivalent to `bundle update-interactive --exclusively=development,test`\nbundle update-interactive -D\n```\n\nThe `--exclusively` and `-D` options will cause `update-interactive` to only consider gems that are used _exclusively_ by the specified Gemfile groups. Indirect dependencies that are shared with other Gemfile groups will not be updated.\n\nFor example, given this Gemfile:\n\n```ruby\ngem \"rails\"\n\ngroup :test do\n  gem \"capybara\"\nend\n```\n\nIf `--exclusively=test` is used, `capybara` and its indirect dependency `xpath` are both exclusively used in test and can therefore be updated. However, capybara's `nokogiri` indirect dependency, which is also used in production via `rails` → `actionpack` → `nokogiri`, would not be allowed to update.\n\n### Conservative updates\n\n`bundle update-interactive` updates the gems you select by running `bundle update --conservative [GEMS...]`. This means that only those specific gems will be updated. Indirect dependencies shared with other gems will not be affected.\n\n\u003cimg src=\"images/conservative.png\" alt=\"Screenshot of gems being updated\" width=\"762\" /\u003e\n\nAn exception is made for \"meta gems\" like `rails` that are composed of dependencies locked at exact versions. For example, if you chose to upgrade `rails`, the actual command issued to Bundler will be:\n\n```\nbundle update --conservative \\\n  rails \\\n  actioncable \\\n  actionmailbox \\\n  actionmailer \\\n  actionpack \\\n  actiontext \\\n  actionview \\\n  activejob \\\n  activemodel \\\n  activerecord \\\n  activestorage \\\n  activesupport \\\n  railties\n```\n\n## Prior art\n\nThis project was inspired by [yarn upgrade-interactive](https://classic.yarnpkg.com/lang/en/docs/cli/upgrade-interactive/), and borrows many of its interface ideas.\n\nBefore creating `bundle update-interactive`, I published [bundleup](https://github.com/mattbrictson/bundleup), a gem that serves a similar purpose but with a simpler, non-interactive approach.\n\n## Support\n\nIf you want to report a bug, or have ideas, feedback or questions about the gem, [let me know via GitHub issues](https://github.com/mattbrictson/bundle_update_interactive/issues/new) and I will do my best to provide a helpful answer. Happy hacking!\n\n## License\n\nThe gem is available as open source under the terms of the [MIT License](LICENSE.txt).\n\n## Code of conduct\n\nEveryone interacting in this project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](CODE_OF_CONDUCT.md).\n\n## Contribution guide\n\nPull requests are welcome!\n\nTo test your locally cloned version of `bundle update-interactive`, run `rake install`. This will install the gem and its executable so that you can try it out on other local projects.\n\nBefore submitting a PR, make sure to run `rake` to see if there are any RuboCop or test failures.\n","funding_links":[],"categories":["Ruby"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmattbrictson%2Fbundle_update_interactive","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmattbrictson%2Fbundle_update_interactive","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmattbrictson%2Fbundle_update_interactive/lists"}