Besides obtaining your
to both your
However, deppbot will ONLY access a repository after you
Subscribe it on your Dashboard.
Based on our default daily schedule or your configured schedule, deppbot will do a bundle
update for the
Gemfile in the repository. Then, deppbot will issue a Bundle Update Pull
Request to the repository for the changes made to
If you use
bundler v.1.10+, deppbot will preserve your
BUNDLED_WITH section in the
Gemfile.lock. Read more about Bundler's
on Bundler's blog.
Besides a Bundle Update Pull Request, deppbot is also able to issue a Security Update Pull Request (feature launched on Christmas 2015). Basically deppbot detects and patches vulnerable ruby gems with secure versions.
For more information on how a Security Update Pull Request works, please refer to our announcement.
GitHub displays a
Delete Branch button as soon as you close or merge a Pull Request.
We encourage you to use that!
For bundle updates, deppbot runs every day by default but has a configurable frequency of
3 days, 5 days, 1 week or 2 weeks that can be adjusted in
Edit Settings for every subscribed
However, supposed the last run didn't yield any updates to
Gemfile.lock, then deppbot will
run again the following day on your repository, and ignore the configured schedule.
For security updates, deppbot checks for ruby gem vulnerabilities several times a day because your application's security is our priority, and will issue a Pull Request as soon as a vulnerability is found.
There is an exception though: To ensure that the repository would not be spammed daily with deppbot's Pull Request, deppbot will only issue a new (Bundle or Security Update) Pull Request after the most recent Pull Request has been closed or merged.
Yes! You can modify the frequency with the options of 1 day, 3 days, 5 days, 1 week or 2
Edit Settings for every subscribed repository.
You might have subscribed a repository without a
a ruby gem.
Essentially, in order for
bundle update to work,
Gemfile.lock are required. Otherwise, deppbot will not be able to process your repository.
Your project is already up-to-date.
When deppbot processes your repository, it will be cloned to our server.
However, as soon as bundle update is done, the repository WILL BE DELETED IMMEDIATELY from our server.
Jolly Good Code employees will only access the account for the purpose of providing support.
deppbot depends on RubyGems.org API to obtain metadata (including the source URL) for a ruby gem. Therefore deppbot is sometimes unable to link to the source repository for ruby gems with incomplete metadata on RubyGems.org.
If you are a ruby gem author, you can help by updating your ruby gem's metadata on
In addition, deppbot is unable to link to ruby gems from https://rails-assets.org at the moment.
deppbot is unable to link to a Compare View on GitHub or BitBucket for ruby gems that do not have a version tag or revision SHA1 associated to a release on RubyGems.org.
We wanted to call it
depbot, but the domain is not available. And, Johnny Depp is cool.