2

I got a dependabot alert on one of my personal projects on Github, asking me to Upgrade activesupport to version 6.0.3.1 or later. It has suggested that I do something like gem "activesupport", ">= 6.0.3.1". My question is, do I directly update my Gemfile.lock? Or do I add this line to my Gemfile and let bundler update the Gemfile.lock?

One reason I am confused is that my Gemfile currently has no reference to activesupport, so I'm not sure if I should add that line to the Gemfile at all.

Umar Ghouse
  • 398
  • 3
  • 19

1 Answers1

0

Active Support is one of Rails dependencies. You should not modify Gemfile.lock manually. Instead, update the rails version in Gemfile, for example:

gem "rails", "6.0.3.1"

if you want the exact version to be installed, or:

gem "rails", "~> 6.0.3"

to install latest version >= 6.0.3 and < 6.1.

After that, run:

$ bundle update rails

This should update rails and its dependencies like actiontext, actionview and so on.

MibraDev
  • 1,029
  • 11
  • 17