[Awesome Ruby Gem] Use bundler-leak gem to find leaky gems in your Gemfile.lock dependencies

bundler-leak

The best tool to find leaky gems in your dependencies. Make sure memory leaks are not in your gem dependencies.

Features

  • Checks for memory leaks of gems in Gemfile.lock

  • Prints memory leak information

Installation

You can install it as a gem:

1
$ gem install bundler-leak

or add it into a Gemfile (Bundler):

1
2
3
4
5
6
7
8
# Gemfile

# Put gems used only for development or testing in the appropriate group in the Gemfile
group :development do
# rubymem/bundler-leak: Known-leaky gems verification for bundler: `bundle leak` to check your app and find leaky gems in your Gemfile
# https://github.com/rubymem/bundler-leak
gem 'bundler-leak', '0.2.0'
end

Then, run bundle install.

1
$ bundle install

Synopsis

Audit a project’s Gemfile.lock:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$ bundle leak

Name: celluloid
Version: 0.17.0
URL: https://github.com/celluloid/celluloid/issues/670
Title: Memory Leak using Celluloid::Future
Solution: remove or disable this gem until a patch is available!

Name: therubyracer
Version: 0.12.1
URL: https://github.com/cowboyd/therubyracer/pull/336
Title: Memory leak in WeakValueMap
Solution: upgrade to ~> 0.12.3

Unpatched versions found!

Update the ruby-mem-advisory-db - https://github.com/rubymem/ruby-mem-advisory-db that bundle leak uses:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
$ bundle leak update

cd data/ruby-mem-advisory-db
git pull origin main
remote: Enumerating objects: 14, done.
remote: Counting objects: 100% (14/14), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 9 (delta 5), reused 7 (delta 4), pack-reused 0
Unpacking objects: 100% (9/9), done.
From github.com:rubymem/ruby-mem-advisory-db
* branch main -> FETCH_HEAD
3254525..c4fc78e main -> origin/main
Updating 3254525..c4fc78e
Fast-forward
README.md | 68 ++++++++++++++++++++------------------------------------------------
gems/therubyracer/336.yml | 4 ++++
2 files changed, 24 insertions(+), 48 deletions(-)

Update the ruby-mem-advisory-db - https://github.com/rubymem/ruby-mem-advisory-db and check Gemfile.lock (useful for CI runs):

1
$ bundle leak check --update

Rake task:

1
2
3
4
require 'bundler/plumber/task'
Bundler::Plumber::Task.new

task default: 'bundle:leak'

References

[1] rubymem/bundler-leak: Known-leaky gems verification for bundler: bundle leak to check your app and find leaky gems in your Gemfile - https://github.com/rubymem/bundler-leak

[2] bundler-leak | RubyGems.org | your community gem host - https://rubygems.org/gems/bundler-leak

[3] rubymem/ruby-mem-advisory-db: Leaky gems advisory database - https://github.com/rubymem/ruby-mem-advisory-db

[4] Tracking a Ruby memory leak in 2021 | by Ulysse BUONOMO | Klaxit Tech Blog | Jul, 2021 | Medium - https://medium.com/klaxit-techblog/tracking-a-ruby-memory-leak-in-2021-9eb56575f731

[5] rubysec/bundler-audit: Patch-level verification for Bundler - https://github.com/rubysec/bundler-audit