Automated dependency
updates for Ruby

Depfu helps your team with the boring chore of keeping your app up-to-date by sending you super nice pull requests with all the info you need about a gem update.
You stay in control if and when to merge.

Signup How does it work?

How it works

Enable the Depfu Github App on your repo in just a few clicks. With the new Github Apps you have fine-grained control over which of your repos you want Depfu to see and keep up-to-date.

Once we have parsed your Gemfile and Gemfile.lock we know exactly which gems and versions you depend on. We connect to rubygems.org to listen for new releases in realtime.

For every new version of a gem that you depend on we create a super nice pull request that shows you exactly what changed. We rely on your CI to trigger a test run.

Get notified about new versions right where you work — with a GitHub pull request

The PR has all the info you need to make an informed decision about a dependency update

What changed?

We gather everything we can find about the new version, from GitHub release notes, the project's changelog to all commits for that version. So you don’t need to hunt that down yourself over and over again. Check out our example repo.

You stay in control

In the ideal case all you need to do now, is to click that merge button. It’s up to you assess the risk using the details from the pull request. Only you know your code base and your test coverage and can decide how risky that upgrade is.

If it hurts, do it more often

We strongly believe in doing small updates continuously instead of waiting until you're quite behind and having to update everything at once. It's actually less work and less risk.

Brings you up-to-date

We drip-feed you updates if you're behind, but never open more than 7 PRs at once to not overwhelm you. This way, we bring you up-to-date one gem at a time at your own pace.

Depfu is CI friendly

You'll never wait for your CI because of us! We're quite smart how and when we schedule updates and also support advanced configs like only letting Depfu run during a certain timeframe.

It just works

Different Bundler and Ruby versions, gems in vendor/cache, conflict-free pull requests. We do a lot of work in the background to make this a smooth experience for you.

  • Trusted by:
"Depfu is a great tool that helps you to reduce the stress of periodically checking dependency updates, with the risk to miss important releases. It definitely reduced the time we spend on maintenance at dnsimple."
Simone Carletti
CTO, dnsimple