Updating Ruby dependencies with a git source

It's a really common problem: you contribute a fix or feature to a library but want to pull in your changes before the maintainer has cut a release. The solution is to use a git source specifying your commit, but it's easy to then forget about the git source in your Gemfile and fall behind on other updates.

Well, good news! If you pin a Ruby dependency to a git revision, Dependabot will now create an update PR for you if/when that revision is included in a release.

Want to track a branch rather than be updated to the latest release? That's fine too - just specify a branch, rather than a commit, in your Gemfile. Dependabot will then automatically create PRs to update your Gemfile.lock to use the latest commit on that branch.

We're really excited about these features, but we can't take all the credit for them: the idea for updating pinned dependencies was David Rodríguez's, who gave us this feedback. Thanks David!

If there's a feature you'd like us to add, or if you ever have any feedback on Dependabot, let us know!


Update: Dependabot can now update dependencies that use version-like git tags, too! If you're using tags like v0.11.0 in your Gemfile then you can expect Dependabot to start updating them.

Dependabot helps keep your dependencies up-to-date. It's free for personal accounts and open source, and always will be.

Find out moreTake me to the app