Upgrade Ruby to 3.4.4

.devcontainer/devcontainer.json

@@ -23,7 +23,7 @@
     "ghcr.io/devcontainers/features/github-cli": "latest",
     "ghcr.io/devcontainers/features/node": "lts",
     "ghcr.io/devcontainers/features/go": "latest",
-    "ghcr.io/devcontainers/features/ruby": "3.3.6",
+    "ghcr.io/devcontainers/features/ruby": "3.4.4",
     "ghcr.io/devcontainers/features/rust": "latest",
     "ghcr.io/devcontainers/features/dotnet": "latest",
     "ghcr.io/devcontainers/features/sshd:1": {

.rubocop.yml

@@ -16,7 +16,7 @@ AllCops:
     - "dry-run/**/*"
     - "bundler/helpers/spec_helpers/*"
   NewCops: enable
-  TargetRubyVersion: 3.3
+  TargetRubyVersion: 3.4
   SuggestExtensions: false
 Gemspec/DeprecatedAttributeAssignment:
   Enabled: true

.ruby-version

@@ -1 +1 @@
-3.3.6
+3.4.4

Dockerfile.updater-core

@@ -56,7 +56,7 @@ COPY --chown=dependabot:dependabot LICENSE $DEPENDABOT_HOME
 
 # Install Ruby from official Docker image
 # When bumping Ruby minor, need to also add the previous version to `bundler/helpers/v2/monkey_patches/definition_ruby_version_patch.rb`
-COPY --from=docker.io/library/ruby:3.3.6-bookworm --chown=dependabot:dependabot /usr/local /usr/local
+COPY --from=docker.io/library/ruby:3.4.4-bookworm --chown=dependabot:dependabot /usr/local /usr/local
 
 # We had to explicitly bump this as the bundled version `0.2.2` in ubuntu 22.04 has a bug.
 # Once Ubuntu base image pulls in a new enough yaml version, we may not need to

Gemfile.lock

@@ -273,7 +273,7 @@ GEM
     parallel_tests (4.4.0)
       parallel
     parseconfig (1.0.8)
-    parser (3.3.6.0)
+    parser (3.3.7.1)
       ast (~> 2.4.1)
       racc
     prism (1.3.0)
@@ -296,8 +296,7 @@ GEM
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rexml (3.2.8)
-      strscan (>= 3.0.9)
+    rexml (3.4.1)
     rspec (3.12.0)
       rspec-core (~> 3.12.0)
       rspec-expectations (~> 3.12.0)
@@ -372,7 +371,6 @@ GEM
       thor (>= 0.19.2)
     stackprof (0.2.25)
     stringio (3.1.0)
-    strscan (3.1.0)
     tapioca (0.16.11)
       benchmark
       bundler (>= 2.2.25)
@@ -537,7 +535,7 @@ CHECKSUMS
   parallel (1.24.0) sha256=5bf38efb9b37865f8e93d7a762727f8c5fc5deb19949f4040c76481d5eee9397
   parallel_tests (4.4.0) sha256=dc6da7bd9a7baf5c20f09435b2defb04de27dc783f5cb3b839a49982dd765055
   parseconfig (1.0.8) sha256=b86e117fcb635eb850b6dbae2454fc7a5a7b3767482951a07a9eb06f667a222f
-  parser (3.3.6.0) sha256=25d4e67cc4f0f7cab9a2ae1f38e2005b6904d2ea13c34734511d0faad038bc3b
+  parser (3.3.7.1) sha256=7dbe61618025519024ac72402a6677ead02099587a5538e84371b76659e6aca1
   prism (1.3.0) sha256=b11620829831b1cb7e6c9b46c81ff8a6e36ccb3f888f164485eb7351f386273a
   psych (5.1.2) sha256=337322f58fc2bf24827d2b9bd5ab595f6a72971867d151bb39980060ea40a368
   public_suffix (5.0.4) sha256=35cd648e0d21d06b8dce9331d19619538d1d898ba6d56a6f2258409d2526d1ae
@@ -549,7 +547,7 @@ CHECKSUMS
   regexp_parser (2.9.2) sha256=5a27e767ad634f8a4b544520d5cd28a0db7aa1198a5d7c9d7e11d7b3d9066446
   reline (0.6.1) sha256=1afcc9d7cb1029cdbe780d72f2f09251ce46d3780050f3ec39c3ccc6b60675fb
   rest-client (2.1.0) sha256=35a6400bdb14fae28596618e312776c158f7ebbb0ccad752ff4fa142bf2747e3
-  rexml (3.2.8) sha256=0908a86381d9f973824680df4e0a75422766272f03b1c0e49db7e79c23db1135
+  rexml (3.4.1) sha256=c74527a9a0a04b4ec31dbe0dc4ed6004b960af943d8db42e539edde3a871abca
   rspec (3.12.0) sha256=ccc41799a43509dc0be84070e3f0410ac95cbd480ae7b6c245543eb64162399c
   rspec-core (3.12.2) sha256=155b54480f28e2b2813185077fe435c2d663031616360ed3b179a9d6a55d2551
   rspec-expectations (3.12.3) sha256=093d18e2e7e0a2c619ef8f7343d442fc6c0793fb7897d56f16f26c8a9d244416
@@ -581,7 +579,6 @@ CHECKSUMS
   spoom (1.5.1) sha256=61dbab2059a094506210886455a513615c6915654048e3d2447223790e423095
   stackprof (0.2.25) sha256=28db0e2d22b817ae35def7163822505a04a026b02ef119b6aa89d70b967b0d2e
   stringio (3.1.0) sha256=c1f6263ae03a15025e51194ab19b06b15e06adcaaedb7f5f6c06ab60f5d67718
-  strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555
   tapioca (0.16.11) sha256=beeb388a5e2022ef8880cd24f57bc2acb59b65a4d5a6aa59bc1f10bc7b1eb1f7
   terminal-table (3.0.2) sha256=f951b6af5f3e00203fb290a669e0a85c5dd5b051b3b023392ccfd67ba5abae91
   thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda

bundler/helpers/v2/monkey_patches/definition_ruby_version_patch.rb

@@ -26,7 +26,7 @@ def source_requirements
         Gem::Specification.new("Ruby\0", requested_version)
     end
 
-    %w(2.5.3 2.6.10 2.7.8 3.0.7 3.1.6 3.2.4).each do |version|
+    %w(2.5.3 2.6.10 2.7.8 3.0.7 3.1.6 3.2.8 3.3.8).each do |version|
       sources.metadata_source.specs << Gem::Specification.new("Ruby\0", version)
     end
 

bundler/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb

@@ -1,26 +1,34 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "parser/current"
+require "sorbet-runtime"
+
 require "dependabot/bundler/file_updater"
 require "dependabot/bundler/requirement"
+require "dependabot/bundler/version"
 
 module Dependabot
   module Bundler
     class FileUpdater
       class RubyRequirementSetter
+        extend T::Sig
+
         RUBY_VERSIONS = %w(
-          1.8.7 1.9.3 2.0.0 2.1.10 2.2.10 2.3.8 2.4.10 2.5.9 2.6.9 2.7.6 3.0.6 3.1.6 3.2.4 3.3.6
+          1.8.7 1.9.3 2.0.0 2.1.10 2.2.10 2.3.8 2.4.10 2.5.9 2.6.9 2.7.6 3.0.6 3.1.6 3.2.8 3.3.8 3.4.4
         ).freeze
 
         LANGUAGE = "ruby"
 
+        sig { returns(Dependabot::DependencyFile) }
         attr_reader :gemspec
 
+        sig { params(gemspec: Dependabot::DependencyFile).void }
         def initialize(gemspec:)
           @gemspec = gemspec
         end
 
+        sig { params(content: String).returns(String) }
         def rewrite(content)
           return content unless gemspec_declares_ruby_requirement?
 
@@ -39,17 +47,20 @@ def rewrite(content)
 
         private
 
+        sig { returns(T::Boolean) }
         def gemspec_declares_ruby_requirement?
           !ruby_requirement.nil?
         end
 
+        sig { params(node: T.untyped).returns(T::Boolean) }
         def declares_ruby_version?(node)
           return false unless node.is_a?(Parser::AST::Node)
           return true if node.type == :send && node.children[1] == :ruby
 
           node.children.any? { |cn| declares_ruby_version?(cn) }
         end
 
+        sig { returns(Dependabot::Version) }
         def ruby_version
           requirement = if ruby_requirement.is_a?(Gem::Requirement)
                           ruby_requirement
@@ -74,6 +85,7 @@ def ruby_version
         end
 
         # rubocop:disable Security/Eval
+        sig { returns(T.untyped) }
         def ruby_requirement
           ast = Parser::CurrentRuby.parse(gemspec.content)
           requirement_node = find_ruby_requirement_node(ast)
@@ -87,6 +99,7 @@ def ruby_requirement
         end
         # rubocop:enable Security/Eval
 
+        sig { params(node: T.untyped).returns(T.nilable(Parser::AST::Node)) }
         def find_ruby_requirement_node(node)
           return unless node.is_a?(Parser::AST::Node)
           return node if declares_ruby_requirement?(node)
@@ -97,17 +110,22 @@ def find_ruby_requirement_node(node)
           end
         end
 
+        sig { params(node: T.untyped).returns(T::Boolean) }
         def declares_ruby_requirement?(node)
           return false unless node.is_a?(Parser::AST::Node)
 
           node.children[1] == :required_ruby_version=
         end
 
         class GemfileRewriter < Parser::TreeRewriter
+          extend T::Sig
+
+          sig { override.params(ruby_version: Dependabot::Version).void }
           def initialize(ruby_version:)
             @ruby_version = ruby_version
           end
 
+          sig { override.params(node: T.untyped).void }
           def on_send(node)
             return unless declares_ruby_version?(node)
 
@@ -117,8 +135,10 @@ def on_send(node)
 
           private
 
+          sig { returns(Dependabot::Version) }
           attr_reader :ruby_version
 
+          sig { params(node: T.untyped).returns(T::Boolean) }
           def declares_ruby_version?(node)
             return false unless node.is_a?(Parser::AST::Node)
             return false unless node.type == :send

bundler/spec/dependabot/bundler/file_updater/ruby_requirement_setter_spec.rb

@@ -131,7 +131,7 @@
           bundler_project_dependency_file("gemfile", filename: "Gemfile").content
         end
 
-        it { is_expected.to include("ruby '3.2.4'\n") }
+        it { is_expected.to include("ruby '3.2.8'\n") }
         it { is_expected.to include(%(gem "business", "~> 1.4.0")) }
       end
 
@@ -143,7 +143,19 @@
           bundler_project_dependency_file("gemfile", filename: "Gemfile").content
         end
 
-        it { is_expected.to include("ruby '3.3.6'\n") }
+        it { is_expected.to include("ruby '3.3.8'\n") }
+        it { is_expected.to include(%(gem "business", "~> 1.4.0")) }
+      end
+
+      context "when requiring ruby 3.4" do
+        let(:gemspec) do
+          bundler_project_dependency_file("gemfile_require_ruby_3_4", filename: "example.gemspec")
+        end
+        let(:content) do
+          bundler_project_dependency_file("gemfile", filename: "Gemfile").content
+        end
+
+        it { is_expected.to include("ruby '3.4.4'\n") }
         it { is_expected.to include(%(gem "business", "~> 1.4.0")) }
       end
 

bundler/spec/fixtures/projects/bundler2/gemfile_require_ruby_3_4/Gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gem "business", "~> 1.4.0"
+gem "statesman", "~> 1.2.0"

bundler/spec/fixtures/projects/bundler2/gemfile_require_ruby_3_4/Gemfile.lock

@@ -0,0 +1,15 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    business (1.4.0)
+    statesman (1.2.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  business (~> 1.4.0)
+  statesman (~> 1.2.0)
+
+BUNDLED WITH
+   2.6.9

bundler/spec/fixtures/projects/bundler2/gemfile_require_ruby_3_4/example.gemspec

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+Gem::Specification.new do |spec|
+  spec.name         = "example"
+  spec.version      = "0.9.3"
+  spec.summary      = "Automated dependency management"
+  spec.description  = "Core logic for updating a GitHub repos dependencies"
+
+  spec.author       = "Dependabot"
+  spec.email        = "[email protected]"
+  spec.homepage     = "https://github.com/hmarr/example"
+  spec.license      = "MIT"
+
+  spec.require_path = "lib"
+  spec.files        = Dir["CHANGELOG.md", "LICENSE.txt", "README.md",
+                          "lib/**/*", "helpers/**/*"]
+
+  spec.required_ruby_version = ">= 3.4.4"
+  spec.required_rubygems_version = ">= 3.6.9"
+
+  spec.add_dependency 'business', '~> 1.0'
+end

common/dependabot-common.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
   }
 
   spec.version = Dependabot::VERSION
-  spec.required_ruby_version = ">= 3.3.0"
+  spec.required_ruby_version = ">= 3.4.4"
   spec.required_rubygems_version = ">= 3.3.7"
 
   spec.require_path = "lib"

maven/spec/dependabot/maven/update_checker/version_finder_spec.rb

@@ -532,7 +532,7 @@
 
       it "raises a helpful error" do
         expect { latest_version_details }.to raise_error(Dependabot::DependencyFileNotResolvable) do |error|
-          expect(error.message).to start_with("bad URI(is not URI?): \"http://host:port/content/groups/public")
+          expect(error.message).to start_with("bad URI (is not URI?): \"http://host:port/content/groups/public")
         end
       end
     end

npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/latest_version_finder_spec.rb

@@ -944,7 +944,7 @@
     context "when the npm registry uri is invalid and lookup returns a bad URI error" do
       before do
         stub_request(:get, registry_listing_url)
-          .to_return(status: 500, body: '{"error":"bad URI(is not URI?): "https://registry.npmjs.org/\"/webpack""}')
+          .to_return(status: 500, body: '{"error":"bad URI (is not URI?): "https://registry.npmjs.org/\"/webpack""}')
 
         allow(version_finder).to receive(:sleep).and_return(true)
       end

npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb

@@ -200,7 +200,7 @@
       context "when accessing a malformed registry requirements" do
         it "raise a helpful error" do
           expect { latest_resolvable_version }.to raise_error do |error|
-            expect(error.message).to include("bad URI(is not URI?)")
+            expect(error.message).to include("bad URI (is not URI?)")
           end
         end
       end

pub/spec/dependabot/pub/file_updater_spec.rb

@@ -11,7 +11,7 @@
 
 RSpec.describe Dependabot::Pub::FileUpdater do
   let(:project) { "can_update" }
-  let(:dev_null) { WEBrick::Log.new("/dev/null", 7) }
+  let(:dev_null) { WEBrick::Log.new(File::NULL, 7) }
   let(:server) { WEBrick::HTTPServer.new({ Port: 0, AccessLog: [], Logger: dev_null }) }
   let(:dependency_files) do
     files = project_dependency_files(project)
@@ -46,6 +46,8 @@
       server.unmount "/api/packages/#{package}"
     end
     server.shutdown
+
+    FileUtils.rm_rf("/tmp/flutter")
   end
 
   before do