dependabot · JamieMagee · Dec 20, 2024 · deivid-rodriguez · Dec 20, 2024 · JamieMagee
@@ -23,7 +23,7 @@
     "ghcr.io/devcontainers/features/github-cli": "latest",
     "ghcr.io/devcontainers/features/node": "lts",
     "ghcr.io/devcontainers/features/go": "latest",
-    "ghcr.io/devcontainers/features/ruby": "3.3.6",
+    "ghcr.io/devcontainers/features/ruby": "3.4.0-rc1",
     "ghcr.io/devcontainers/features/rust": "latest",
     "ghcr.io/devcontainers/features/dotnet": "latest",
     "ghcr.io/devcontainers/features/sshd:1": {

@@ -90,7 +90,7 @@ jobs:
       BUNDLE_GEMFILE: updater/Gemfile
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
+      - uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0
         with:
           bundler-cache: true
       - run: ./bin/lint

@@ -31,7 +31,7 @@ jobs:
           ref: "main"
 
       # bump-version.rb needs bundler
-      - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
+      - uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0
         with:
           # Use the version of bundler specified in `updater/Gemfile.lock`.
           # Otherwise the generated PR will change `BUNDLED WITH` in

@@ -16,7 +16,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
+      - uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0
       - run: |
           [ -d ~/.gem ] || mkdir ~/.gem
           echo "---" > ~/.gem/credentials

@@ -16,7 +16,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
+      - uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0
         with:
           bundler-cache: true
 

@@ -16,7 +16,7 @@ AllCops:
     - "dry-run/**/*"
     - "bundler/helpers/spec_helpers/*"
   NewCops: enable
-  TargetRubyVersion: 3.1
+  TargetRubyVersion: 3.4
   SuggestExtensions: false
 Gemspec/DeprecatedAttributeAssignment:
   Enabled: true

@@ -1 +1 @@
-3.3.6
+3.4.0-rc1
@@ -54,7 +54,7 @@ COPY --chown=dependabot:dependabot LICENSE $DEPENDABOT_HOME
 
 # Install Ruby from official Docker image
 # When bumping Ruby minor, need to also add the previous version to `bundler/helpers/v2/monkey_patches/definition_ruby_version_patch.rb`
-COPY --from=docker.io/library/ruby:3.3.6-bookworm --chown=dependabot:dependabot /usr/local /usr/local
+COPY --from=docker.io/library/ruby:3.4.0-rc1-bookworm --chown=dependabot:dependabot /usr/local /usr/local
 
 # We had to explicitly bump this as the bundled version `0.2.2` in ubuntu 22.04 has a bug.
 # Once Ubuntu base image pulls in a new enough yaml version, we may not need to

@@ -24,7 +24,7 @@ PATH
       faraday (= 2.7.11)
       faraday-retry (= 2.2.0)
       gitlab (= 5.0.0)
-      json (< 2.7)
+      json (~> 2.9)
       nokogiri (~> 1.8)
       octokit (>= 4.6, < 8.0)
       opentelemetry-api (~> 1.4)
@@ -205,12 +205,12 @@ GEM
       csv
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    io-console (0.7.2)
+    io-console (0.8.0)
     irb (1.12.0)
       rdoc
       reline (>= 0.4.2)
     jmespath (1.6.2)
-    json (2.6.3)
+    json (2.9.1)
     language_server-protocol (3.17.0.3)
     mime-types (3.5.2)
       mime-types-data (~> 3.2015)
@@ -220,13 +220,8 @@ GEM
     multi_xml (0.7.1)
       bigdecimal (~> 3.1)
     netrc (0.11.0)
-    nokogiri (1.16.0-aarch64-linux)
-      racc (~> 1.4)
-    nokogiri (1.16.0-arm64-darwin)
-      racc (~> 1.4)
-    nokogiri (1.16.0-x86_64-darwin)
-      racc (~> 1.4)
-    nokogiri (1.16.0-x86_64-linux)
+    nokogiri (1.17.2)
+      mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     octokit (6.1.1)
       faraday (>= 1, < 3)
@@ -254,7 +249,7 @@ GEM
     rdoc (6.6.3.1)
       psych (>= 4.0.0)
     regexp_parser (2.9.2)
-    reline (0.5.2)
+    reline (0.6.0)
       io-console (~> 0.5)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)

@@ -26,7 +26,7 @@ def source_requirements
         Gem::Specification.new("Ruby\0", requested_version)
     end
 
-    %w(2.5.3 2.6.10 2.7.8 3.0.7 3.1.6 3.2.4).each do |version|
+    %w(2.5.3 2.6.10 2.7.8 3.0.7 3.1.6 3.2.4 3.3.6).each do |version|
       sources.metadata_source.specs << Gem::Specification.new("Ruby\0", version)
     end
 

@@ -12,7 +12,7 @@ class RubyRequirementSetter
         class RubyVersionNotFound < StandardError; end
 
         RUBY_VERSIONS = %w(
-          1.8.7 1.9.3 2.0.0 2.1.10 2.2.10 2.3.8 2.4.10 2.5.9 2.6.9 2.7.6 3.0.6 3.1.6 3.2.4 3.3.6
+          1.8.7 1.9.3 2.0.0 2.1.10 2.2.10 2.3.8 2.4.10 2.5.9 2.6.9 2.7.6 3.0.6 3.1.6 3.2.4 3.3.6 3.4.0-rc1
         ).freeze
 
         attr_reader :gemspec

@@ -147,6 +147,18 @@
         it { is_expected.to include(%(gem "business", "~> 1.4.0")) }
       end
 
+      context "when requiring ruby 3.4" do
+        let(:gemspec) do
+          bundler_project_dependency_file("gemfile_require_ruby_3_4", filename: "example.gemspec")
+        end
+        let(:content) do
+          bundler_project_dependency_file("gemfile", filename: "Gemfile").content
+        end
+
+        it { is_expected.to include("ruby '3.4.0.pre.rc1'\n") }
+        it { is_expected.to include(%(gem "business", "~> 1.4.0")) }
+      end
+
       context "when that can't be evaluated" do
         let(:content) do
           bundler_project_dependency_file("gemfile", filename: "Gemfile").content

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gem "business", "~> 1.4.0"
+gem "statesman", "~> 1.2.0"
@@ -0,0 +1,16 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    business (1.4.0)
+    statesman (1.2.5)
+
+PLATFORMS
+  ruby
+  x86_64-linux
+
+DEPENDENCIES
+  business (~> 1.4.0)
+  statesman (~> 1.2.0)
+
+BUNDLED WITH
+   2.6.0.dev
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+Gem::Specification.new do |spec|
+  spec.name         = "example"
+  spec.version      = "0.9.3"
+  spec.summary      = "Automated dependency management"
+  spec.description  = "Core logic for updating a GitHub repos dependencies"
+
+  spec.author       = "Dependabot"
+  spec.email        = "[email protected]"
+  spec.homepage     = "https://github.com/hmarr/example"
+  spec.license      = "MIT"
+
+  spec.require_path = "lib"
+  spec.files        = Dir["CHANGELOG.md", "LICENSE.txt", "README.md",
+                          "lib/**/*", "helpers/**/*"]
+
+  spec.required_ruby_version = ">= 3.4.0-rc1"
+  spec.required_rubygems_version = ">= 3.5.3"
+
+  spec.add_dependency 'business', '~> 1.0'
+end
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
   }
 
   spec.version = Dependabot::VERSION
-  spec.required_ruby_version = ">= 3.1.0"
+  spec.required_ruby_version = ">= 3.4.0-rc1"
   spec.required_rubygems_version = ">= 3.3.7"
 
   spec.require_path = "lib"
@@ -35,7 +35,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "faraday", "2.7.11"
   spec.add_dependency "faraday-retry", "2.2.0"
   spec.add_dependency "gitlab", "5.0.0"
-  spec.add_dependency "json", "< 2.7"
+  spec.add_dependency "json", "~> 2.9"
   spec.add_dependency "nokogiri", "~> 1.8"
   spec.add_dependency "octokit", ">= 4.6", "< 8.0"
   spec.add_dependency "opentelemetry-api", "~> 1.4"

@@ -1,8 +1,10 @@
 # typed: strict
 # frozen_string_literal: true
 
+require "ostruct"
 require "stringio"
 require "sorbet-runtime"
+
 require "dependabot/config"
 require "dependabot/dependency_file"
 require "dependabot/source"

@@ -3,6 +3,7 @@
 
 require "excon"
 require "open3"
+require "ostruct"
 require "sorbet-runtime"
 
 require "dependabot/errors"

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require "excon"
+require "ostruct"
 require "sorbet-runtime"
 
 require "dependabot/clients/github_with_retries"

@@ -1,6 +1,7 @@
 # typed: strict
 # frozen_string_literal: true
 
+require "ostruct"
 require "sorbet-runtime"
 
 require "dependabot/credential"

@@ -2,7 +2,6 @@
 # frozen_string_literal: true
 
 require "tmpdir"
-require "set"
 require "sorbet-runtime"
 
 require "dependabot/requirement"

@@ -174,7 +174,7 @@ def self.invalid_v2_requirement?(composer_json)
 
       sig { params(dependency_url: String).returns(String) }
       def self.clean_dependency_url(dependency_url)
-        return dependency_url unless URI::DEFAULT_PARSER.regexp[:ABS_URI].match?(dependency_url)
+        return dependency_url unless URI::RFC2396_PARSER.regexp[:ABS_URI].match?(dependency_url)
 
         url = URI.parse(dependency_url)
         url.user = nil

@@ -519,7 +519,7 @@
 
       it "raises a helpful error" do
         expect { latest_version_details }.to raise_error(Dependabot::DependencyFileNotResolvable) do |error|
-          expect(error.message).to start_with("bad URI(is not URI?): \"http://host:port/content/groups/public")
+          expect(error.message).to start_with("bad URI (is not URI?): \"http://host:port/content/groups/public")
         end
       end
     end

@@ -1,8 +1,6 @@
 # typed: true
 # frozen_string_literal: true
 
-require "set"
-
 require "dependabot/git_commit_checker"
 require "dependabot/requirements_update_strategy"
 require "dependabot/shared_helpers"

@@ -944,7 +944,7 @@
     context "when the npm registry uri is invalid and lookup returns a bad URI error" do
       before do
         stub_request(:get, registry_listing_url)
-          .to_return(status: 500, body: '{"error":"bad URI(is not URI?): "https://registry.npmjs.org/\"/webpack""}')
+          .to_return(status: 500, body: '{"error":"bad URI (is not URI?): "https://registry.npmjs.org/\"/webpack""}')
 
         allow(version_finder).to receive(:sleep).and_return(true)
       end

@@ -200,7 +200,7 @@
       context "when accessing a malformed registry requirements" do
         it "raise a helpful error" do
           expect { latest_resolvable_version }.to raise_error do |error|
-            expect(error.message).to include("bad URI(is not URI?)")
+            expect(error.message).to include("bad URI (is not URI?)")
           end
         end
       end

@@ -1,7 +1,6 @@
 # typed: strict
 # frozen_string_literal: true
 
-require "set"
 require "sorbet-runtime"
 
 require "dependabot/file_fetchers"

@@ -5,7 +5,6 @@
 require "dependabot/file_fetchers/base"
 require "dependabot/nuget/discovery/discovery_json_reader"
 require "dependabot/nuget/native_helpers"
-require "set"
 require "sorbet-runtime"
 
 module Dependabot

@@ -286,7 +286,7 @@ def requirement_class
         def validate_index(index_url)
           sanitized_url = index_url.gsub(%r{(?<=//).*(?=@)}, "redacted")
 
-          return if index_url&.match?(URI::DEFAULT_PARSER.regexp[:ABS_URI])
+          return if index_url&.match?(URI::DEFAULT_PARSER.make_regexp)
 
           raise Dependabot::DependencyFileNotResolvable,
                 "Invalid URL: #{sanitized_url}"

@@ -1,6 +1,7 @@
 # typed: false
 # frozen_string_literal: true
 
+require "ostruct"
 require "spec_helper"
 require "dependabot/dependency"
 require "dependabot/dependency_file"