FastRuby.ioIs your #Gemfile putting your application at risk? Learn about the hidden dangers lurking in your dependencies
alexanderadamVery cool:
if you're using #VSCode and you program in 
@ruby, 
@CrystalLanguage or 🐍 @Python, then you might want to use @ninoseki's #vscode_extension Mogami, which shows the latest dependencies in #Gemfile, #shards and #requirements_txt.
Keep in mind that #crystalshard checks are only working on #github repos for now though!
https://github.com/ninoseki/vscode-mogami?tab=readme-ov-file#vscode-mogami
#ruby #RubyLang #CrystalLang #crystal #CrystalLanguage #python #code #dependencies #RubyProgramming #RubyProgrammers
Todd A. Jacobs | Rubyist@cam +1 for not enabling the Gemspec/AddRuntimeDependency rule by default. A #Gemspec doesn't have the same rich grammar as a #Bundler #Gemfile, so by definition anything not a development dependency is a runtime dependency. There's no need to be needlessly verbose about it, so kudos on that choice! 👏
@gd You can use #Rails Application Templates to change all sorts of defaults. Even if you don't have a specific flag, you can modify the starting #Gemfile or run a sed command using the `run` or `inside` directives before the initial check-in or `bundle install`.
https://guides.rubyonrails.org/rails_application_templates.html
Rails Application Templates — Ruby on Rails Guides
Rails Application TemplatesApplication templates are simple Ruby files containing DSL for adding gems, initializers, etc. to your freshly created Rails project or an existing Rails project.After reading this guide, you will know: How to use templates to generate/customize Rails applications. How to write your own reusable application templates using the Rails template API.
Qiita - 人気の記事
RobertAm I the only one?
With #bundler #Gemfile, we can have a `:git` option pointing to a git repository. We also have `:path` to point to a local filesystem path. But:
> Unlike `:git`, bundler does not compile C extensions for gems specified as paths.
I would love to have a `:gem` option. Wich instead of downloading the gem from a source, uses a local `.gem`-file. But otherwise behaves just like `:git` or `:source` (compiles C extensions).
This would make vendoring gems so much easier.
🧠 What if we told you…
That you could level up your Rails deployment game on Heroku.
Learn how to utilize buildpacks and gemfile for a smooth upgrade process. Check out our latest guide: https://www.fastruby.io/blog/how-to-run-multiple-versions-of-rails-on-heroku.html?utm_source=Mastodon&utm_medium=Organic&utm_campaign=Blogpromo&utm_term=heroku-multiple-rails-rubies&utm_content=Textonly&utm_id= #gemfile #heroku #rubyonrails
🔑 Unlock the power of Heroku buildpacks with a different Gemfile.
Our latest guide explores the intricacies of buildpacks, Gemfile.next, and more. Dive in: https://www.fastruby.io/blog/how-to-run-multiple-versions-of-rails-on-heroku.html?utm_source=Mastodon&utm_medium=Organic&utm_campaign=Blogpromo&utm_term=heroku-multiple-rails-rubies&utm_content=Textonly&utm_id= #heroku #gemfile #rubyonrails #upgraderails
CSDUMMI✝️🕊️🏛️I just learned the #git option in a #Gemfile.
This feature is very convenient, because it allows me to replace a gem by a fork when I needed to fix a bug in them.
But I'm now suspicious of this feature. Is this not an opener for #supplychain attacks?
Romain TartièreTIL about bundler-audit, a #Ruby gem to #audit your #Gemfile.lock and report dependencies with security issues.
#Brakeman does not report such issues and I postponed searching for such a tool for a very long time… GitHub relies on I-dont-know-what to offer this service through dependabot, I tried to run OWASP dependency-check without success, and this project really looks like a KISS solution to this problem. Adopted!