Bump has now been superseded by Dependabot, which we recommend for all your dependency updating needs
Bump helps you keep your project's Ruby (Bundler), Node (Yarn) and Python (Pip) dependencies up to date. It:
All that's left for you to do is review the change.
Note: to run Bump on Node projects, they need to be using Yarn.
You can launch your own instance of Bump via Heroku.
Once you've deployed, you'll want to click through to Heroku Scheduler in the
list of addons and set up a scheduled task to bump your dependencies each day.
You can use the
./bin/bump_dependencies_for_repo script to do this:
bundle exec bin/bump_dependencies_for_repo gocardless/bump bundler
You can run Bump locally to kick-off a one-off update of your project's dependencies. Bump will ask you for the project's repository and the package manager for the dependencies you'd like to update.
git clone email@example.com:gocardless/bump.git # Pull down Bump cd bump && bundle install # Install Bump's dependencies cp config/dummy_env .env # Set up your environment # You'll also need to update the `BUMP_GITHUB_TOKEN` in .env to be a valid # token with access to your project and all of its private dependencies.
bundle exec foreman start
DependencyFileFetcher(the first of Bump's services):
bundle exec bin/bump_dependencies_for_repo
The core logic behind Bump lives in bump-core.
GoCardless ♥ open source. If you do too, come join us.