Upgrade Bundler to 2.5.11 and RubyGems to 3.5.11 (#9862)

Co-authored-by: AbdulFattaah Popoola <abdulapopoola@github.com>

.gitattributes

@@ -1,3 +1,4 @@
 * text=auto eof=lf
 Dockerfile.development linguist-language=Dockerfile
 Dockerfile.updater-core linguist-language=Dockerfile
+bundler/spec/fixtures/rubygems_responses/*.rz binary linguist-generated

Dockerfile.updater-core

@@ -110,13 +110,13 @@ RUN for ecosystem in git_submodules terraform github_actions hex elm docker nuge
 
 WORKDIR $DEPENDABOT_HOME/dependabot-updater
 
-ARG RUBYGEMS_VERSION=3.5.9
+ARG RUBYGEMS_VERSION=3.5.11
 RUN gem update --system $RUBYGEMS_VERSION
 
 # When bumping Bundler, need to also:
 # * Regenerate `updater/Gemfile.lock` via `BUNDLE_GEMFILE=updater/Gemfile bundle lock --update --bundler`
 # * Regenerate `Gemfile.lock` via `bundle lock --update --bundler`.
-ARG BUNDLER_V2_VERSION=2.5.9
+ARG BUNDLER_V2_VERSION=2.5.11
 
 RUN gem install bundler -v $BUNDLER_V2_VERSION --no-document && \
  rm -rf /var/lib/gems/*/cache/* && \

Gemfile.lock

@@ -410,4 +410,4 @@ DEPENDENCIES
   webrick (>= 1.7)
 
 BUNDLED WITH
-   2.5.9
+   2.5.11

bundler/helpers/v2/lib/functions/lockfile_updater.rb

@@ -189,7 +189,7 @@ def build_definition(dependencies_to_unlock)
       # if those sub-deps are top-level dependencies. We only want true
       # subdeps unlocked, like they were in the UpdateChecker, so we
       # mutate the unlocked gems array.
-      unlocked = defn.instance_variable_get(:@unlock).fetch(:gems)
+      unlocked = defn.instance_variable_get(:@gems_to_unlock)
       must_not_unlock = defn.dependencies.map { |x| x.name.to_s } -
                         dependencies_to_unlock
       unlocked.reject! { |n| must_not_unlock.include?(n) }

bundler/helpers/v2/run.rb

@@ -17,7 +17,6 @@
 require "definition_ruby_version_patch"
 require "definition_bundler_version_patch"
 require "git_source_patch"
-require "definition_bundler_spec_set_patch"
 
 require "functions"
 

bundler/helpers/v2/spec/functions/version_resolver_spec.rb

@@ -36,6 +36,9 @@
     stub_request(:get, "https://rubygems.org/quick/Marshal.4.8/statesman-1.2.1.gemspec.rz")
       .to_return(status: 200, body: fixture("rubygems_responses", "statesman-1.2.1.gemspec.rz"))
 
+    stub_request(:get, "https://rubygems.org/quick/Marshal.4.8/statesman-1.2.5.gemspec.rz")
+      .to_return(status: 200, body: fixture("rubygems_responses", "statesman-1.2.5.gemspec.rz"))
+
     stub_request(:get, %r{quick/Marshal.4.8/business-.*.gemspec.rz})
       .to_return(status: 200, body: fixture("rubygems_responses", "business-1.0.0.gemspec.rz"))
   end
@@ -102,12 +105,12 @@
       its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::Dependency") }
     end
 
-    context "with no update possible due to a version conflict" do
+    context "when there's a version conflict with a subdep also listed as a top level dependency" do
       let(:project_name) { "version_conflict_with_listed_subdep" }
       let(:dependency_name) { "rspec-mocks" }
       let(:requirement_string) { ">= 0" }
 
-      its([:version]) { is_expected.to eq(Gem::Version.new("3.6.0")) }
+      its([:version]) { is_expected.to be > Gem::Version.new("3.6.0") }
     end
   end
 end

bundler/helpers/v2/spec/native_spec_helper.rb

@@ -12,7 +12,6 @@
 # Bundler monkey patches
 require "definition_ruby_version_patch"
 require "definition_bundler_version_patch"
-require "definition_bundler_spec_set_patch"
 require "git_source_patch"
 
 require "functions"

bundler/spec/dependabot/bundler/update_checker/version_resolver_spec.rb

@@ -89,7 +89,13 @@
 
         let(:dependency_files) { bundler_project_dependency_files("blocked_by_subdep") }
 
-        its([:version]) { is_expected.to eq(Gem::Version.new("1.1.0")) }
+        it "only upgrades as far as the subdep allows", :bundler_v1_only do
+          expect(latest_resolvable_version_details[:version]).to eq(Gem::Version.new("1.1.0"))
+        end
+
+        it "is still able to upgrade to the latest version by upgrading the subdep as well", :bundler_v2_only do
+          expect(latest_resolvable_version_details[:version]).to eq(Gem::Version.new("2.0.0"))
+        end
       end
 
       context "when that only appears in the lockfile" do
@@ -235,13 +241,19 @@
         end
       end
 
-      context "with no update possible due to a version conflict" do
+      context "when upgrading needs to unlock subdeps" do
         let(:dependency_name) { "rspec-mocks" }
         let(:requirement_string) { ">= 0" }
 
         let(:dependency_files) { bundler_project_dependency_files("version_conflict_with_listed_subdep") }
 
-        its([:version]) { is_expected.to eq(Gem::Version.new("3.6.0")) }
+        it "does not allow the upgrade", :bundler_v1_only do
+          expect(latest_resolvable_version_details[:version]).to eq(Gem::Version.new("3.6.0"))
+        end
+
+        it "is still able to upgrade", :bundler_v2_only do
+          expect(latest_resolvable_version_details[:version]).to be > Gem::Version.new("3.6.0")
+        end
       end
 
       context "with a legacy Ruby which disallows the latest version" do

updater/Gemfile.lock

@@ -433,4 +433,4 @@ DEPENDENCIES
   webrick (>= 1.7)
 
 BUNDLED WITH
-   2.5.9
+   2.5.11