Update Ruby gem dependencies
Update gems in Canvas LMS following these rules:
Gemfile*.lock files directlyBUNDLE_LOCKFILE=active bundle outdated to find the list of outdated gems.
Keep this list in memory so you don't have to keep running it, since it is a relatively slow command.bundle update --conservative <gem_name> to update individual gemsbundle install one more time to ensure all lockfiles are in syncbundle update <gem_name> (you don't need to include the conservative flag in the commit message).
Be sure to check for changes in Gemfile*.lock, Gemfile.d/*.lock, and gems/*/Gemfile*.lock.Some groups of gems can be updated together:
aws*google*action*, active*, rack*, , , and -- except railsrailtieszeitwerkactive_model_serializersdatadog and its dependencies that aren't shared with other gems, such as libdatadogfaraday*redis*rspec*rubocop* (and their dependencies that aren't shared with other gems, such as ast)ruby-lsp*sentry*All other gems should be updated and committed independently.
The commit message for a group should use the base name without the wildcard, or rails for the Rails group.
Gemfile.lock to determine a gem's dependencies — they're indented one level deeper than the gem that depends on them in each specs section.sorbet-runtime for patch version changes.gems/plugins/*/*.gemspec with an exact pin, it will need to be updated by changing the exact pin in the gemspec, then running BUNDLE_LOCKFILE=active bundle install.
You still need to run a bare bundle install afterwards to ensure the main lockfile and any child lockfiles stay in sync.