Skip to content

Automated Dependency Updates for Bundler

Renovate supports updating Bundler dependencies.

File Matching

By default, Renovate will check any files matching the following regular expression: (^|/)Gemfile$.

For details on how to extend a manager's fileMatch value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: rubygems, ruby-version.

Additional Information

The bundler manager is used to extract dependencies from Gemfile and Gemfile.lock files.

Authenticating private registry

If you need Bundler to authenticate with a private registry - and it's not the same host as your GitHub/GitLab/etc - then you should do so with hostRules and be sure to set the hostType value to be "bundler". e.g.

{
  "hostRules": [
    {
      "matchHost": "private-registry.company.com",
      "hostType": "rubygems",
      "token": "abc123"
    }
  ]
}

Important notes regarding the above:

hostType is a required field, and you must provide a value. If you use Renovate v26 or higher, set hostType=rubygems. If you use Renovate v25 or lower, set hostType=bundler.

If the registry is used for multiple package types then you may need multiple hostRules.

Instead of token, you may also supply username and password instead.

If you don't want to commit raw secrets to your repository, either:

  • If self hosting, add the hostRules to your bot's configuration file rather than the repository's configuration file, or
  • If using the hosted Mend Renovate app, make use of the encrypted capability

Open feature requests

  • Bundler compatibility checks #3098
  • Bundler extract and update github dependency #4789
  • bundler with geminabox #6184
  • Parse gemspec files #10616
  • Update vendored gems when updating with bundler #11004
  • Bundler/Rubygems: support registries with incomplete releases lists #12618
  • Bundler: Support inline gemfile declaration and dependencies #14017
  • Support Nexus repository manager for RubyGems #15459

Open bug reports

  • Renovate gives up after first failed update of Ruby Bundler package #4747
  • Error trying to run bundle lock --update undefined #15949

The above list of features and bugs were current when this page was generated on August 15, 2022.