Dependabot-core: Update ruby version in Gemfile

Thanks @avokhmin. I agree this would be awesome. Tough to do right (probably need to update the Travis or CircleCI config files, too), but not impossible. I'll add it to my backlog.

How about in Dockerfile?

Will already do it in your Dockerfile, if you add an update config for Docker to your repo. Trouble is that Ruby versions also get specified in .ruby_verison, Gemfile, Gemfile.lock, .travis.yml files (and more).

If you have a Dockerfile you'll at least get a PR when new Ruby versions are release, it's just that your tests are likely to fail. We can do better than that at some point...

Would it be possible to get a PR in like the simplest case (e.g. just the .ruby-version or the Gemfile) just so that you can be notified when a new version is released? Then you at least know that a new version is out and can decide if you want to manually fix it until it's fully automatic 😄

In our use case we use ruby '~> 2.6' in the Gemfile and in CircleCI we also use circleci/ruby:2.6-node-browsers, so all we are missing is something that bumps the ruby version in the Gemfile.lock so Heroku picks it up. ;) It would be awesome if dependabot did that for us.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within seven days. Thank you for your contributions.

This issue is still relevant.

I've just discovered this is partially supported by Renovate on GitHub marketplace.

Renovate will update .ruby-version with the latest stable ruby version: https://github.com/marketplace/renovate

For an example of how it works, see these 2 closed PRs: https://github.com/eliotsykes/ruby-version-test/pulls?q=is%3Apr+is%3Aclosed

I intend to use Renovate for updating .ruby-version, whilst dependabot will continue to handle gem updates. Renovate looks like it will also try to update gems, so I expect Renovate's config will need to be customized to disable this.

NB. At time of writing, Renovate doesn't update Gemfile's ruby version. As a workaround, Gemfile can read from .ruby-version using:

-ruby '2.7.0'
+ruby File.read('.ruby-version')

For when dependabot build support for this, it may be handy to know:

• Renovate scrapes ruby-lang.org's releases page for its version info
• Alternatively this YAML file could be parsed which ruby-lang.org appears to keep up-to-date with versions: https://github.com/ruby/www.ruby-lang.org/blob/master/_data/releases.yml