Merge pull request #1427 from Shopify/liz/drop-ruby-versions

lizkenyon · web-flow · commit ffa557321006 · 2025-12-05T15:13:22.000-06:00
[Breaking] Drop Ruby versions 3.0 and 3.1
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -11,10 +11,9 @@ jobs:
     strategy:
       matrix:
         version:
-          - 3.0
-          - 3.1
           - 3.2
           - 3.3
+          - 3.4
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Set up Ruby ${{ matrix.version }}
diff --git a/BREAKING_CHANGES_FOR_V16.md b/BREAKING_CHANGES_FOR_V16.md
@@ -1,5 +1,18 @@
 # Breaking change notice for version 16.0.0
 
+## Minimum Ruby Version Requirement
+
+The minimum required Ruby version has been updated from 3.0 to 3.2.
+
+### Why this change?
+
+Ruby 3.0  and 3.1 have reached End of Life (EOL).
+
+### Migration Guide
+
+If you're currently using Ruby 3.0 or 3.1, you'll need to upgrade to Ruby 3.2 or higher before upgrading to shopify-api-ruby v16.0.0.
+
+**Note:** Ruby 3.2+ includes performance improvements and new features. Most applications should not require code changes beyond updating the Ruby version itself.
 ## Removal of `Session#serialize` and `Session.deserialize` methods
 
 The `Session#serialize` and `Session.deserialize` methods have been removed due to a security vulnerability. The `deserialize` method used `Oj.load` without safe mode, which allows instantiation of arbitrary Ruby objects.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 Note: For changes to the API, see https://shopify.dev/changelog?filter=api
 ## Unreleased
+- ⚠️ [Breaking] Minimum required Ruby version is now 3.2. Ruby 3.0 and 3.1 are no longer supported.
 - ⚠️ [Breaking] Removed `Session#serialize` and `Session.deserialize` methods due to security concerns (RCE vulnerability via `Oj.load`). These methods were not used internally by the library. If your application relies on session serialization, use `Session.new()` to reconstruct sessions from stored attributes instead.
 
 ### 15.0.0
diff --git a/shopify_api.gemspec b/shopify_api.gemspec
@@ -30,7 +30,7 @@ Gem::Specification.new do |s|
 
   s.license = "MIT"
 
-  s.required_ruby_version = ">= 3.0"
+  s.required_ruby_version = ">= 3.2"
 
   s.add_runtime_dependency("activesupport")
   s.add_runtime_dependency("concurrent-ruby")
