diff --git a/bundler/lib/dependabot/bundler/file_updater/lockfile_updater.rb b/bundler/lib/dependabot/bundler/file_updater/lockfile_updater.rb index ebd7ebd80fa..f723bf5ea70 100644 --- a/bundler/lib/dependabot/bundler/file_updater/lockfile_updater.rb +++ b/bundler/lib/dependabot/bundler/file_updater/lockfile_updater.rb @@ -16,6 +16,7 @@ class LockfileUpdater require_relative "gemspec_updater" require_relative "gemspec_sanitizer" require_relative "gemspec_dependency_name_finder" + require_relative "ruby_requirement_setter" LOCKFILE_ENDING = /(?\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze @@ -82,7 +83,7 @@ def build_updated_lockfile end def write_temporary_dependency_files - File.write(gemfile.name, updated_gemfile_content(gemfile)) + File.write(gemfile.name, prepared_gemfile_content(gemfile)) File.write(lockfile.name, sanitized_lockfile_body) top_level_gemspecs.each do |gemspec| @@ -222,6 +223,16 @@ def replacement_version_for_gemspec(gemspec_content) end # rubocop:enable Metrics/PerceivedComplexity + def prepared_gemfile_content(file) + content = updated_gemfile_content(file) + + top_level_gemspecs.each do |gs| + content = RubyRequirementSetter.new(gemspec: gs).rewrite(content) + end + + content + end + def updated_gemfile_content(file) GemfileUpdater.new( dependencies: dependencies, diff --git a/bundler/spec/dependabot/bundler/file_updater_spec.rb b/bundler/spec/dependabot/bundler/file_updater_spec.rb index 5ccb1443d0c..8d7b2998a5b 100644 --- a/bundler/spec/dependabot/bundler/file_updater_spec.rb +++ b/bundler/spec/dependabot/bundler/file_updater_spec.rb @@ -439,6 +439,27 @@ end end + context "with an imported gemspec that specifies a minimum Ruby version not satisfied by the running Ruby" do + let(:dependency_files) { bundler_project_dependency_files("unsatisfied_required_ruby_version") } + + before do + require "dependabot/bundler/file_updater/ruby_requirement_setter" + + stub_const( + "#{described_class}::RubyRequirementSetter::RUBY_VERSIONS", + described_class::RubyRequirementSetter::RUBY_VERSIONS + ["99.0.0"] + ) + end + + it "locks the updated gem to the latest version" do + expect(file.content).to include("business (1.5.0)") + end + + it "doesn't add in a RUBY VERSION" do + expect(file.content).not_to include("RUBY VERSION") + end + end + context "when the Gemfile specifies a Ruby version" do let(:dependency_files) { bundler_project_dependency_files("explicit_ruby_in_lockfile") } diff --git a/bundler/spec/fixtures/projects/bundler1/unsatisfied_required_ruby_version/Gemfile b/bundler/spec/fixtures/projects/bundler1/unsatisfied_required_ruby_version/Gemfile new file mode 100644 index 00000000000..09c43d7ce76 --- /dev/null +++ b/bundler/spec/fixtures/projects/bundler1/unsatisfied_required_ruby_version/Gemfile @@ -0,0 +1,5 @@ +source "https://rubygems.org" + +gemspec + +gem "business", "~> 1.4.0" diff --git a/bundler/spec/fixtures/projects/bundler1/unsatisfied_required_ruby_version/Gemfile.lock b/bundler/spec/fixtures/projects/bundler1/unsatisfied_required_ruby_version/Gemfile.lock new file mode 100644 index 00000000000..cc7fe84e151 --- /dev/null +++ b/bundler/spec/fixtures/projects/bundler1/unsatisfied_required_ruby_version/Gemfile.lock @@ -0,0 +1,13 @@ +GEM + remote: https://rubygems.org/ + specs: + business (1.4.0) + +PLATFORMS + ruby + +DEPENDENCIES + business (~> 1.4.0) + +BUNDLED WITH + 1.17.3 diff --git a/bundler/spec/fixtures/projects/bundler1/unsatisfied_required_ruby_version/example.gemspec b/bundler/spec/fixtures/projects/bundler1/unsatisfied_required_ruby_version/example.gemspec new file mode 100644 index 00000000000..a95f2b2d1f9 --- /dev/null +++ b/bundler/spec/fixtures/projects/bundler1/unsatisfied_required_ruby_version/example.gemspec @@ -0,0 +1,18 @@ +# frozen_string_literal: true +Gem::Specification.new do |spec| + spec.name = "example" + spec.version = "0.9.3" + spec.summary = "Automated dependency management" + spec.description = "Core logic for updating a GitHub repos dependencies" + + spec.author = "Dependabot" + spec.email = "support@dependabot.com" + spec.homepage = "https://github.com/hmarr/example" + spec.license = "MIT" + + spec.require_path = "lib" + spec.files = Dir["CHANGELOG.md", "LICENSE.txt", "README.md", + "lib/**/*", "helpers/**/*"] + + spec.required_ruby_version = ">= 99.0.0" +end diff --git a/bundler/spec/fixtures/projects/bundler2/unsatisfied_required_ruby_version/Gemfile b/bundler/spec/fixtures/projects/bundler2/unsatisfied_required_ruby_version/Gemfile new file mode 100644 index 00000000000..09c43d7ce76 --- /dev/null +++ b/bundler/spec/fixtures/projects/bundler2/unsatisfied_required_ruby_version/Gemfile @@ -0,0 +1,5 @@ +source "https://rubygems.org" + +gemspec + +gem "business", "~> 1.4.0" diff --git a/bundler/spec/fixtures/projects/bundler2/unsatisfied_required_ruby_version/Gemfile.lock b/bundler/spec/fixtures/projects/bundler2/unsatisfied_required_ruby_version/Gemfile.lock new file mode 100644 index 00000000000..ef69a787fd1 --- /dev/null +++ b/bundler/spec/fixtures/projects/bundler2/unsatisfied_required_ruby_version/Gemfile.lock @@ -0,0 +1,13 @@ +GEM + remote: https://rubygems.org/ + specs: + business (1.4.0) + +PLATFORMS + ruby + +DEPENDENCIES + business (~> 1.4.0) + +BUNDLED WITH + 2.2.10 diff --git a/bundler/spec/fixtures/projects/bundler2/unsatisfied_required_ruby_version/example.gemspec b/bundler/spec/fixtures/projects/bundler2/unsatisfied_required_ruby_version/example.gemspec new file mode 100644 index 00000000000..a95f2b2d1f9 --- /dev/null +++ b/bundler/spec/fixtures/projects/bundler2/unsatisfied_required_ruby_version/example.gemspec @@ -0,0 +1,18 @@ +# frozen_string_literal: true +Gem::Specification.new do |spec| + spec.name = "example" + spec.version = "0.9.3" + spec.summary = "Automated dependency management" + spec.description = "Core logic for updating a GitHub repos dependencies" + + spec.author = "Dependabot" + spec.email = "support@dependabot.com" + spec.homepage = "https://github.com/hmarr/example" + spec.license = "MIT" + + spec.require_path = "lib" + spec.files = Dir["CHANGELOG.md", "LICENSE.txt", "README.md", + "lib/**/*", "helpers/**/*"] + + spec.required_ruby_version = ">= 99.0.0" +end