Automated Dependency Updates for Bundler

Categories: ruby

Renovate supports updating Bundler dependencies.

File Matching

By default, Renovate will check any files matching the following regular expression: (^|/)Gemfile$.

For details on how to extend a manager's fileMatch value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: rubygems, ruby-version.

Default config

{
  "fileMatch": [
    "(^|/)Gemfile$"
  ],
  "versioning": "ruby"
}

Additional Information

Renovate uses the bundler manager to extract dependencies from Gemfile and Gemfile.lock files.

Authenticating private registry

If:

• you need Bundler to authenticate to a private registry
• and that private registry is not on the same host as Renovate (your GitHub/GitLab/etc)

Then you should authenticate Renovate with hostRules. For example:

{
  "hostRules": [
    {
      "matchHost": "private-registry.company.com",
      "hostType": "rubygems",
      "token": "abc123"
    }
  ]
}

Important notes:

• hostType is a required field, set hostType=rubygems
• If you use the same registry for more than one package type, you may need more than one hostRules entry
• Instead of token, you can use a username and password

To avoid committing raw secrets to your repository, either:

• If self-hosting: add the hostRules to your bot config file, instead of the repository configuration file, or
• If using the Mend Renovate App: use the encrypted config option

Open items

The below list of features were current when this page was generated on December 21, 2024.

Feature requests

• Bundler: Support for multi Gemfiles with a single lock file #22725
• Bundler: Support inline gemfile declaration and dependencies #14017
• Bundler/Rubygems: support registries with incomplete releases lists #12618
• Update vendored gems when updating with bundler #11004
• Parse gemspec files #10616