#gemfile — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #gemfile, aggregated by home.social.
-
Is your #Gemfile putting your application at risk? Learn about the hidden dangers lurking in your dependencies
-
Very cool:
if you're using #VSCode and you program in :ruby: @ruby, :crystal: @CrystalLanguage or 🐍 @Python, then you might want to use @ninoseki's #vscode_extension Mogami, which shows the latest dependencies in #Gemfile, #shards and #requirements_txt.
Keep in mind that #crystalshard checks are only working on #github repos for now though!
https://github.com/ninoseki/vscode-mogami?tab=readme-ov-file#vscode-mogami
#ruby #RubyLang #CrystalLang #crystal #CrystalLanguage #python #code #dependencies #RubyProgramming #RubyProgrammers
-
Very cool:
if you're using #VSCode and you program in :ruby: @ruby, :crystal: @CrystalLanguage or 🐍 @Python, then you might want to use @ninoseki's #vscode_extension Mogami, which shows the latest dependencies in #Gemfile, #shards and #requirements_txt.
Keep in mind that #crystalshard checks are only working on #github repos for now though!
https://github.com/ninoseki/vscode-mogami?tab=readme-ov-file#vscode-mogami
#ruby #RubyLang #CrystalLang #crystal #CrystalLanguage #python #code #dependencies #RubyProgramming #RubyProgrammers
-
Very cool:
if you're using #VSCode and you program in :ruby: @ruby, :crystal: @CrystalLanguage or 🐍 @Python, then you might want to use @ninoseki's #vscode_extension Mogami, which shows the latest dependencies in #Gemfile, #shards and #requirements_txt.
Keep in mind that #crystalshard checks are only working on #github repos for now though!
https://github.com/ninoseki/vscode-mogami?tab=readme-ov-file#vscode-mogami
#ruby #RubyLang #CrystalLang #crystal #CrystalLanguage #python #code #dependencies #RubyProgramming #RubyProgrammers
-
Very cool:
if you're using #VSCode and you program in :ruby: @ruby, :crystal: @CrystalLanguage or 🐍 @Python, then you might want to use @ninoseki's #vscode_extension Mogami, which shows the latest dependencies in #Gemfile, #shards and #requirements_txt.
Keep in mind that #crystalshard checks are only working on #github repos for now though!
https://github.com/ninoseki/vscode-mogami?tab=readme-ov-file#vscode-mogami
#ruby #RubyLang #CrystalLang #crystal #CrystalLanguage #python #code #dependencies #RubyProgramming #RubyProgrammers
-
Very cool:
if you're using #VSCode and you program in :ruby: @ruby, :crystal: @CrystalLanguage or 🐍 @Python, then you might want to use @ninoseki's #vscode_extension Mogami, which shows the latest dependencies in #Gemfile, #shards and #requirements_txt.
Keep in mind that #crystalshard checks are only working on #github repos for now though!
https://github.com/ninoseki/vscode-mogami?tab=readme-ov-file#vscode-mogami
#ruby #RubyLang #CrystalLang #crystal #CrystalLanguage #python #code #dependencies #RubyProgramming #RubyProgrammers
-
@cam +1 for not enabling the Gemspec/AddRuntimeDependency rule by default. A #Gemspec doesn't have the same rich grammar as a #Bundler #Gemfile, so by definition anything not a development dependency is a runtime dependency. There's no need to be needlessly verbose about it, so kudos on that choice! 👏
-
@gd You can use #Rails Application Templates to change all sorts of defaults. Even if you don't have a specific flag, you can modify the starting #Gemfile or run a sed command using the `run` or `inside` directives before the initial check-in or `bundle install`.
https://guides.rubyonrails.org/rails_application_templates.html
-
Am I the only one?
With #bundler #Gemfile, we can have a `:git` option pointing to a git repository. We also have `:path` to point to a local filesystem path. But:
> Unlike `:git`, bundler does not compile C extensions for gems specified as paths.I would love to have a `:gem` option. Wich instead of downloading the gem from a source, uses a local `.gem`-file. But otherwise behaves just like `:git` or `:source` (compiles C extensions).
This would make vendoring gems so much easier.
-
I just learned the #git option in a #Gemfile.
This feature is very convenient, because it allows me to replace a gem by a fork when I needed to fix a bug in them.
But I'm now suspicious of this feature. Is this not an opener for #supplychain attacks?
-
TIL about bundler-audit, a #Ruby gem to #audit your #Gemfile.lock and report dependencies with security issues.
#Brakeman does not report such issues and I postponed searching for such a tool for a very long time… GitHub relies on I-dont-know-what to offer this service through dependabot, I tried to run OWASP dependency-check without success, and this project really looks like a KISS solution to this problem. Adopted!