@robaiken, I'd be happy to fix these smoke tests, but I'm really just not sure why they're failing.

@chrisyuska Thank you for offering to help with the smoke tests! We appreciate your contribution! I'm not too sure why the Python tests are failing, and the bundler test issues also need attention. The cargo tests are also failing, but we already know those need to be updated so you can ignore them for now. Any help you can provide with the Python or bundler tests would be greatly appreciated. The smoke test are in this repo

Thanks, @robaiken . Unfortunately, I can't get the dependabot CLI working locally in order to fix the smoke tests due an error that appears to be due to some networking config, although I haven't been able to figure it out:

updater | fatal: unable to access 'https://github.com/deivid-rodriguez/smoke-tests/': Failed to connect to 172.18.0.2 port 1080 after 3053 ms: No route to host

I'll try to look again later this week if I can.

@chrisyuska thanks for taking over this upgrade. If you're basing this on #11162, there are a couple of code changes that need to be ported to fix warnings.

@chrisyuska thanks for taking over this upgrade. If you're basing this on #11162, there are a couple of code changes that need to be ported to fix warnings.

Sorry, @JamieMagee ! I somehow completely missed that PR. I'll port the deprecation fixes for sure (or we can close this if your PR is merged).

@chrisyuska I am happy for you to take the lead on this and help if you need me to. It's always good to have community contributions. If you are still struggling to get the smoke tests running, then I will happily fix those for you.

@robaiken , I was able to get smoke tests running on my other machine, but fixing them seems to be a bit of a chicken-or-egg problem since they're managed in a separate repo. What is the suggested approach for fixing them before this PR has shipped?

@chrisyuska Thank you so much for all your hard work. We usually merge the core ticket first and then the smoke-test. If this PR is ready to go, then I will give it a review and deploy it. Is there any outstanding task?

@robaiken , thanks, that works. This PR is ready for review then. The hex specs have a failing test, but it appears to be a flake (or at least I can't reproduce it locally).

Canonical is having an outage at the moment¹, which is causing the e2e test failures. We'll need to wait until that is resolved, and re-run the e2e tests.

Are you able to fix the Sorbet type error please?

@JamieMagee , type errors should be fixed now.

Thank you! Changes look broadly good to me, and the failing smoke test likely just needs to be updated.

I just need someone else on our team to sign-off.

What's the next step here, @JamieMagee?

I don't mean to pester. We're just eager to get Dependabot working again with our Ruby applications.

@chrisyuska I understand where you're coming from.

I just need to double check that our internal services are ready. We consume dependabot-common as a dependency, so setting required_ruby_version to >=3.4.0 will cause issues. I was speaking with @markhallen to figure this out, but if you can change required_ruby_version back to >=3.3.0 I can merge this ASAP.

@JamieMagee , sounds good. I've reverted the Ruby requirement back to 3.3.0.

I have currently deployed this to our staging ring and I'm going to spend some time testing there to make sure there are no issues. The only thing I have come across is:

warning: parser/current is loading parser/ruby34, which recognizes 3.4.0-dev-compliant syntax, but you are running 3.4.4.

It's something we should address, but not a blocker for getting this merged.

This is rolled out to production 🎉 Thanks you @chrisyuska

The smoke tests need to be regenerated, but that's not blocking, and I can handle it after the merge.

Thanks for merging, @JamieMagee! It's great to see dependabot PRs rolling in again! 🎉

I have currently deployed this to our staging ring and I'm going to spend some time testing there to make sure there are no issues. The only thing I have come across is:

warning: parser/current is loading parser/ruby34, which recognizes 3.4.0-dev-compliant syntax, but you are running 3.4.4.

It's something we should address, but not a blocker for getting this merged.

Agreed. Parser will need to be swapped out with Prism at some point since it's no longer being updated for Ruby 3.4+. It should be fairly straightforward, but I noticed Parser is used in about a dozen files so I hoped to avoid that refactor in this upgrade.

Was just about to note that there's no way to get rid of that parser warning at this time as parser has not been updated enough for Ruby 3.4 for the gem to claim it's fully compliant.

• Bump parser current_version patch version for ruby 3.4 whitequark/parser#1065

Agreed. Parser will need to be swapped out with Prism at some point since it's no longer being updated for Ruby 3.4+. It should be fairly straightforward, but I noticed Parser is used in about a dozen files so I hoped to avoid that refactor in this upgrade.

I second this notion to move from parser to prism as the latter is better maintained/future-facing.

I created #12403 to track this work. It's not urgent, but likely something we should tackle before we upgrade to Ruby 3.5.