Hello,

We've tried to activate or update your repository on Depfu and found something odd:

Your repo contains both a *.gemspec file and a Gemfile.lock.

Depfu can't really handle that right now, unfortunately, and it's also not best practice:

If your repo contains a *.gemspec that usually means it is meant to be used as a Gem, or put differently, a library. Locking dependencies on a library (via Gemfile.lock) doesn't really make sense, especially since the Gemfile.lock can't and won't be honored when building and installing the gem.

Instead, you should declare your dependencies as specifically as needed (but as loose as possible) in the *.gemspec and add the Gemfile.lock to your .gitignore.

By checking in the Gemfile.lock, you will not only break Depfu (which we might fix at some point, maybe), but you will also keep your CI from testing against real life sets of dependencies.

This is an automated issue by Depfu. You're getting it because someone configured Depfu to automatically update dependencies on this project.