Update bundler module to ruby 3.3.3

[DuncSmith]

After upgrading our rails app to ruby 3.3.3, we started to get Dependabot::Bundler::FileUpdater::RubyRequirementSetter::RubyVersionNotFound errors

This change updates the ruby requirement to 3.3.3

Trace

updater | 2024/06/18 09:18:49 INFO <job_843844123> Checking if openapi3_parser 0.9.2 needs updating
updater | 2024/06/18 09:18:49 ERROR <job_843844123> Error processing openapi3_parser (Dependabot::Bundler::FileUpdater::RubyRequirementSetter::RubyVersionNotFound)
updater | 2024/06/18 09:18:49 ERROR <job_843844123> Dependabot::Bundler::FileUpdater::RubyRequirementSetter::RubyVersionNotFound
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/bundler/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb:65:in `ruby_version'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/bundler/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb:33:in `rewrite'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/bundler/lib/dependabot/bundler/update_checker/file_preparer.rb:262:in `block in lock_ruby_version'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/bundler/lib/dependabot/bundler/update_checker/file_preparer.rb:260:in `each'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/bundler/lib/dependabot/bundler/update_checker/file_preparer.rb:260:in `lock_ruby_version'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/bundler/lib/dependabot/bundler/update_checker/file_preparer.rb:178:in `gemfile_content_for_update_check'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/bundler/lib/dependabot/bundler/update_checker/file_preparer.rb:63:in `prepared_dependency_files'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/bundler/lib/dependabot/bundler/update_checker.rb:388:in `prepared_dependency_files'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/bundler/lib/dependabot/bundler/update_checker.rb:362:in `latest_version_finder'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/bundler/lib/dependabot/bundler/update_checker.rb:203:in `latest_version_details'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/bundler/lib/dependabot/bundler/update_checker.rb:24:in `latest_version'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/refresh_version_update_pull_request.rb:172:in `all_versions_ignored?'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/refresh_version_update_pull_request.rb:83:in `check_and_update_pull_request'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/refresh_version_update_pull_request.rb:42:in `perform'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:45:in `run'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:44:in `block in perform_job'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace/tracer.rb:37:in `block in in_span'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace.rb:70:in `block in with_span'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/context.rb:87:in `with_value'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace.rb:70:in `with_span'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace/tracer.rb:37:in `in_span'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:18:in `perform_job'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> /home/dependabot/dependabot-updater/lib/dependabot/base_command.rb:37:in `run'
updater | 2024/06/18 09:18:49 ERROR <job_843844123> bin/update_files.rb:46:in `<main>'
updater | 2024/06/18 09:18:49 INFO <job_843844123> Finished job processing
updater | 2024/06/18 09:18:49 INFO Results:
updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details.
updater | +---------------------------------+
updater | |  Dependencies failed to update  |
updater | +-----------------+---------------+
updater | | openapi3_parser | unknown_error |
updater | +-----------------+---------------+

[jurre]

I think we'll also want to upgrade the actual version of Ruby that Dependabot uses?

.ruby-version, Dockerfile.updater-core

[DuncSmith]

Hi @jurre, I've bumped the ruby version. Successfully rebuilt the updater-core image locally and ran a few specs to confirm it's working. I also built and ran a devcontainer successfully. I'm not sure if any further testing is needed?

[deivid-rodriguez]

Looks great! ✅

[Earlopain]

Ruby 3.3.3 currently suffers from a bug where it causes bundler to remove the dependency of net-protocol for net-pop (a few others as well but this is the most impactful one:

• net-protocol gets removed with ruby 3.3.3 ruby/net-pop#26
• https://bugs.ruby-lang.org/issues/20581#note-2

Would this imapct dependabot updates? I can't tell if the tests would cover that case, or if it just irrelevant

[deivid-rodriguez]

Great catch! I'm not fully sure if Dependabot would be affected, but it's certainly possible. I guess the issue can be tested through the CLI with a lockfile that includes these gems. The issue can be patched in the Dockerfile by manually fixing the affected gems, but we may also hold the internal Ruby upgrade (Dockerfile.updater-core and .ruby-version) until 3.3.4 is released (a couple months from now).

[DuncSmith]

In that case I've reverted this PR to its original purpose, hopefully we at least run dependabot on projects running 3.3.3
TBH I'm not sure the best way to go about patching the Dockerfile to account for the net-protocol issue, open to suggestions/pointers?

[Earlopain]

https://bugs.ruby-lang.org/issues/20581#note-2 contains diffs that would need to be applied for this to certainly not be a problem anymore. That would need to be applied to the gemspecs shipped with ruby by default, though I can't tell for certain where they are located.

The best thing would probably to add a test lockfile containing net-pop, maybe this all is a non-issue. I didn't actually test it out, it was just a concern I had. I never contributed here but my personal opinion is to just wait for 3.3.4 unless there's a strong reason to go with 3.3.3 already.

[deivid-rodriguez]

In that case I've reverted this PR to its original purpose, hopefully we at least run dependabot on projects running 3.3.3
TBH I'm not sure the best way to go about patching the Dockerfile to account for the net-protocol issue, open to suggestions/pointers?

I agree with @Earlopain that it's easier to wait to 3.3.4, rather than taking the time to verify if the issue affects Dependabot and if it does, to figure out the right files to patch and apply the proper patches directly from the Gemfile.

This PR already allows projects using Ruby 3.3.3 to use Dependabot, so I think it's good to go without blocking on Dependabot upgrading the version it runs itself.

[jeffwidman]

Thanks @DuncSmith !

And thanks for the review @deivid-rodriguez , I'm basically treating it as the necessary approval here. 😁