Pin dependencies in Gemfile
The following discussion from !140 (merged) should be addressed:
-
@ahmadsherif started a discussion: (+7 comments) @mkaeppler Thank you for making the change, sorry I got to this MR late (was OOO most of last week).
Can we please restrict the changes in
Gemfile.lock
to lines related topuma
, I'd rather not update other dependencies unnecessarily.puma
seem to only havenio4r
as dependency, so we only need to update lines related to them and discard the rest.
Currently, a bundle install
will pull in minor and patch releases for (transitive) dependencies since we do not pin versions. If we do not want to update any dependencies, we should declare these dependencies explicitly and pin them to specific versions (x.y.z
) so that bundle install
can always be run safely and predictably. See https://bundler.io/gemfile.html