Upgrade Ruby to 3.4.2

.devcontainer/devcontainer.json

@@ -23,7 +23,7 @@
     "ghcr.io/devcontainers/features/github-cli": "latest",
     "ghcr.io/devcontainers/features/node": "lts",
     "ghcr.io/devcontainers/features/go": "latest",
-    "ghcr.io/devcontainers/features/ruby": "3.3.6",
+    "ghcr.io/devcontainers/features/ruby": "3.4.2",
     "ghcr.io/devcontainers/features/rust": "latest",
     "ghcr.io/devcontainers/features/dotnet": "latest",
     "ghcr.io/devcontainers/features/sshd:1": {

.github/workflows/ci.yml

@@ -92,7 +92,7 @@ jobs:
       BUNDLE_GEMFILE: updater/Gemfile
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
+      - uses: ruby/setup-ruby@32110d4e311bd8996b2a82bf2a43b714ccc91777 # v1.221.0
         with:
           bundler-cache: true
       - run: ./bin/lint

.github/workflows/gems-bump-version.yml

@@ -31,7 +31,7 @@ jobs:
           ref: "main"
 
       # bump-version.rb needs bundler
-      - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
+      - uses: ruby/setup-ruby@32110d4e311bd8996b2a82bf2a43b714ccc91777 # v1.221.0
         with:
           # Use the version of bundler specified in `updater/Gemfile.lock`.
           # Otherwise the generated PR will change `BUNDLED WITH` in

.github/workflows/gems-release-to-rubygems.yml

@@ -16,7 +16,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
+      - uses: ruby/setup-ruby@32110d4e311bd8996b2a82bf2a43b714ccc91777 # v1.221.0
       - run: |
           [ -d ~/.gem ] || mkdir ~/.gem
           echo "---" > ~/.gem/credentials

.github/workflows/sorbet.yml

@@ -16,7 +16,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
+      - uses: ruby/setup-ruby@32110d4e311bd8996b2a82bf2a43b714ccc91777 # v1.221.0
         with:
           bundler-cache: true
 

.ruby-version

@@ -1 +1 @@
-3.3.6
+3.4.2

Dockerfile.updater-core

@@ -56,7 +56,7 @@ COPY --chown=dependabot:dependabot LICENSE $DEPENDABOT_HOME
 
 # Install Ruby from official Docker image
 # When bumping Ruby minor, need to also add the previous version to `bundler/helpers/v2/monkey_patches/definition_ruby_version_patch.rb`
-COPY --from=docker.io/library/ruby:3.3.6-bookworm --chown=dependabot:dependabot /usr/local /usr/local
+COPY --from=docker.io/library/ruby:3.4.2-bookworm --chown=dependabot:dependabot /usr/local /usr/local
 
 # We had to explicitly bump this as the bundled version `0.2.2` in ubuntu 22.04 has a bug.
 # Once Ubuntu base image pulls in a new enough yaml version, we may not need to
@@ -123,7 +123,7 @@ WORKDIR $DEPENDABOT_HOME/dependabot-updater
 # Note that RubyGems & Bundler versions are currently released in sync, but
 # RubyGems version is one major ahead. So when bumping to RubyGems 3.y.z, Bundler
 # version will jump to 2.y.z
-ARG RUBYGEMS_VERSION=3.6.3
+ARG RUBYGEMS_VERSION=3.6.5
 RUN gem update --system $RUBYGEMS_VERSION
 
 RUN bundle config set --global build.psych --with-libyaml-source-dir=$DEPENDABOT_HOME/src/libyaml/yaml-$LIBYAML_VERSION && \

Gemfile.lock

@@ -251,7 +251,7 @@ GEM
     parallel_tests (4.4.0)
       parallel
     parseconfig (1.0.8)
-    parser (3.3.6.0)
+    parser (3.3.7.1)
       ast (~> 2.4.1)
       racc
     prism (1.3.0)
@@ -274,8 +274,7 @@ GEM
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rexml (3.2.8)
-      strscan (>= 3.0.9)
+    rexml (3.4.1)
     rspec (3.12.0)
       rspec-core (~> 3.12.0)
       rspec-expectations (~> 3.12.0)
@@ -350,7 +349,6 @@ GEM
       thor (>= 0.19.2)
     stackprof (0.2.25)
     stringio (3.1.0)
-    strscan (3.1.0)
     tapioca (0.16.6)
       bundler (>= 2.2.25)
       netrc (>= 0.11.0)
@@ -432,4 +430,4 @@ DEPENDENCIES
   zeitwerk (~> 2.7)
 
 BUNDLED WITH
-   2.6.3
+   2.6.5

bundler/helpers/v2/monkey_patches/definition_ruby_version_patch.rb

@@ -26,7 +26,7 @@ def source_requirements
         Gem::Specification.new("Ruby\0", requested_version)
     end
 
-    %w(2.5.3 2.6.10 2.7.8 3.0.7 3.1.6 3.2.4).each do |version|
+    %w(2.5.3 2.6.10 2.7.8 3.0.7 3.1.6 3.2.7 3.3.7).each do |version|
       sources.metadata_source.specs << Gem::Specification.new("Ruby\0", version)
     end
 

bundler/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb

@@ -10,7 +10,7 @@ module Bundler
     class FileUpdater
       class RubyRequirementSetter
         RUBY_VERSIONS = %w(
-          1.8.7 1.9.3 2.0.0 2.1.10 2.2.10 2.3.8 2.4.10 2.5.9 2.6.9 2.7.6 3.0.6 3.1.6 3.2.4 3.3.6
+          1.8.7 1.9.3 2.0.0 2.1.10 2.2.10 2.3.8 2.4.10 2.5.9 2.6.9 2.7.6 3.0.6 3.1.6 3.2.7 3.3.7 3.4.2
         ).freeze
 
         LANGUAGE = "ruby"

bundler/spec/dependabot/bundler/file_updater/ruby_requirement_setter_spec.rb

@@ -131,7 +131,7 @@
           bundler_project_dependency_file("gemfile", filename: "Gemfile").content
         end
 
-        it { is_expected.to include("ruby '3.2.4'\n") }
+        it { is_expected.to include("ruby '3.2.7'\n") }
         it { is_expected.to include(%(gem "business", "~> 1.4.0")) }
       end
 
@@ -143,7 +143,19 @@
           bundler_project_dependency_file("gemfile", filename: "Gemfile").content
         end
 
-        it { is_expected.to include("ruby '3.3.6'\n") }
+        it { is_expected.to include("ruby '3.3.7'\n") }
+        it { is_expected.to include(%(gem "business", "~> 1.4.0")) }
+      end
+
+      context "when requiring ruby 3.4" do
+        let(:gemspec) do
+          bundler_project_dependency_file("gemfile_require_ruby_3_4", filename: "example.gemspec")
+        end
+        let(:content) do
+          bundler_project_dependency_file("gemfile", filename: "Gemfile").content
+        end
+
+        it { is_expected.to include("ruby '3.4.2'\n") }
         it { is_expected.to include(%(gem "business", "~> 1.4.0")) }
       end
 

bundler/spec/fixtures/projects/bundler2/gemfile_require_ruby_3_4/Gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gem "business", "~> 1.4.0"
+gem "statesman", "~> 1.2.0"

bundler/spec/fixtures/projects/bundler2/gemfile_require_ruby_3_4/Gemfile.lock

@@ -0,0 +1,15 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    business (1.4.0)
+    statesman (1.2.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  business (~> 1.4.0)
+  statesman (~> 1.2.0)
+
+BUNDLED WITH
+   2.6.3

bundler/spec/fixtures/projects/bundler2/gemfile_require_ruby_3_4/example.gemspec

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+Gem::Specification.new do |spec|
+  spec.name         = "example"
+  spec.version      = "0.9.3"
+  spec.summary      = "Automated dependency management"
+  spec.description  = "Core logic for updating a GitHub repos dependencies"
+
+  spec.author       = "Dependabot"
+  spec.email        = "support@dependabot.com"
+  spec.homepage     = "https://github.com/hmarr/example"
+  spec.license      = "MIT"
+
+  spec.require_path = "lib"
+  spec.files        = Dir["CHANGELOG.md", "LICENSE.txt", "README.md",
+                          "lib/**/*", "helpers/**/*"]
+
+  spec.required_ruby_version = ">= 3.4.2"
+  spec.required_rubygems_version = ">= 3.6.5"
+
+  spec.add_dependency 'business', '~> 1.0'
+end