Y
Hacker News
new
|
ask
|
show
|
jobs
by
fish_fan
3221 days ago
Well it's a web of trust: typically people only trust their Gemfile, not their entire Gemfile.lock. If you audit the latter you should be fine (though of course you should upgrade regardless).