Unexpected results for Salzig/evulgo about gemnasium-parser HOT 9 CLOSED

I see that it's out of date in both places. Can you confirm that?

https://gemnasium.com/Salzig
https://gemnasium.com/Salzig/evulgo

from gemnasium-parser.

if green means "out of date", then yes.

from gemnasium-parser.

Sorry, I meant that I see that the "evulgo" project is out of date (red) on the dashboard as well as the project page. Also, I see that the "inherited_resources" gem/dependency is up to date (green) on both the dashboard and the project page. Everything looks right to me with those. I've cleared the maybe-incorrectly-cached status values on your projects so please let me know if everything looks right now.

from gemnasium-parser.

The Day i posted this "bug". /Salzig shows inherited_resources as outdated, and /Salzig/evulgo as everything is fine.

btw, both should show "red". Cause the Gemfile.lock locks inherited_resources at 1.3.0.

from gemnasium-parser.

Okay great. As for the red vs. green status, the status is based on your specified requirement, not the actually installed version.

from gemnasium-parser.

Gemfile.lock describes not the actually installed version. It describes the actually used version.

…
This is important: the Gemfile.lock makes your application a single package of both your own code and the third-party code it ran the last time you know for sure that everything worked.
…
http://gembundler.com/rationale.html

from gemnasium-parser.

I think we're saying the same thing. The Gemfile.lock describes both the required version/range as well as the currently used version at the time of generation. Not all Bundler-friendly projects commit the Gemfile.lock (many gems) so we made a design decision to pay attention to the gem dependency requirement rather than the specifically used version, for consistency.

This also has the bonus effect that when developers make the intentional decision to keep their dependencies (again, mostly for gems) as open as possible, there's less upkeep and their Gemnasium statuses won't go red every time a new version is released.

Gemnasium is meant to notify you when there's potential for upgrade outside of what you're currently requiring. Developers should run bundle update to refresh their dependencies within their requirements as a matter of routine.

from gemnasium-parser.

ok. Sorry, that was an misconception on my part.

from gemnasium-parser.

No problem at all. Glad we got it cleared up!

from gemnasium-parser.