How do you update a gem that is a dependency but not in my Gemfile? For example, I am receiving a bundler-audit warning that I need to use eventmachine 1.0.4, but it is not in my Gemfile. However it is in my Gemfile lock at version 1.0.3.
My approach was to put the following into my Gemfile
gem 'eventmachine', '~> 1.0.4', require: false
then I did bundle update eventmachine. When doing this, I chose the earliest release is needed.
This fixed the bundler-audit warning and all my tests passed. The require false should mean that eventmachine should only be called when necessary.