Bump the prod-dependencies group across 1 directory with 16 updates #12026

dependabot · 2025-04-10T12:28:01Z

Bumps the prod-dependencies group with 16 updates in the /updater directory:

Package	From	To
http	`5.1.1`	`5.2.0`
opentelemetry-metrics-sdk	`0.6.0`	`0.6.1`
zeitwerk	`2.7.1`	`2.7.2`
aws-sdk-codecommit	`1.63.0`	`1.83.0`
aws-sdk-ecr	`1.68.0`	`1.99.0`
faraday	`2.7.11`	`2.13.0`
faraday-retry	`2.2.0`	`2.3.1`
gitlab	`5.0.0`	`5.1.0`
json	`2.6.3`	`2.10.2`
nokogiri	`1.16.5`	`1.18.7`
parser	`3.3.6.0`	`3.3.7.4`
psych	`5.1.2`	`5.2.3`
sorbet-runtime	`0.5.11952`	`0.5.12003`
stackprof	`0.2.25`	`0.2.27`
parseconfig	`1.0.8`	`1.1.2`
rubyzip	`2.3.2`	`2.4.1`

Updates http from 5.1.1 to 5.2.0

Changelog

Sourced from http's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

Removed

BREAKING Drop Ruby 2.x support

Commits

bb754c7 Release v5.2.0
de1e319 ci: Cleanup and update workflow
02e66b0 ci: Add Ruby 3.3 to the test matrix
81d281e SECURITY.md: use private vulnerability reporting feature (#772)
03370c6 Fix changelog uri in gemspec
f7e16c8 Add support for the PURGE HTTP method. (#757)
8b802bf Do more conservative URL normalization (#758)
65276d7 Prevent CRLF injection due to broken URL normalizer (#765)
3b7133c fix: close sockets on initialize timeout (#762)
4060ccd not_found requires two arguments (#761)
Additional commits viewable in compare view

Updates opentelemetry-metrics-sdk from 0.6.0 to 0.6.1

Release notes

Sourced from opentelemetry-metrics-sdk's releases.

opentelemetry-metrics-sdk 0.6.1

v0.6.1 / 2025-04-09

FIXED: Use condition signal to replace sleep and remove timeout.timeout…

Changelog

Sourced from opentelemetry-metrics-sdk's changelog.

v0.6.1 / 2025-04-09

FIXED: Use condition signal to replace sleep and remove timeout.timeout…

Commits

dd14784 release: Release opentelemetry-metrics-sdk 0.6.1 (was 0.6.0) (#1834)
c39e7a6 fix: use condition signal to replace sleep and remove timeout.timeout… (#1826)
See full diff in compare view

Updates zeitwerk from 2.7.1 to 2.7.2

Changelog

Sourced from zeitwerk's changelog.

2.7.2 (18 February 2025)

Internal improvements and micro-optimizations.

Add stable TruffleRuby to CI.

Commits

6aa2821 Ready for 2.7.2
632f2bb Let get_or_set evaluate the fallback lazily
b37c6d1 Add a couple more of tests
d61c3e1 Define get_or_set for cref maps
cc7d546 Revises some signatures
245fc05 Fixes signature annotation
c3eaacc Adds a test for cref maps
177ab23 Docs improvements
85a9b97 Adds code comments
c74ddf7 Introduce Zeitwerk::Cref::Map
Additional commits viewable in compare view

Updates aws-sdk-codecommit from 1.63.0 to 1.83.0

Changelog

Sourced from aws-sdk-codecommit's changelog.

1.83.0 (2025-02-18)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.82.0 (2025-02-06)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.81.0 (2025-01-15)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.80.0 (2024-11-18)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.79.0 (2024-10-18)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.78.0 (2024-09-24)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.77.0 (2024-09-23)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.76.0 (2024-09-20)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.75.0 (2024-09-11)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.74.0 (2024-09-10)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

... (truncated)

Commits

See full diff in compare view

Updates aws-sdk-ecr from 1.68.0 to 1.99.0

Changelog

Sourced from aws-sdk-ecr's changelog.

1.99.0 (2025-04-02)

Feature - Fix for customer issues related to AWS account ID and size limitation for token.

1.98.0 (2025-03-11)

Feature - This release adds Amazon ECR to Amazon ECR pull through cache rules support.

1.97.0 (2025-02-18)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.96.0 (2025-02-07)

Feature - Adds support to handle the new basic scanning daily quota.

1.95.0 (2025-02-06)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.94.0 (2025-01-30)

Feature - Temporarily updating dualstack endpoint support

1.93.0 (2025-01-29)

Feature - Add support for Dualstack and Dualstack-with-FIPS Endpoints

1.92.0 (2025-01-15)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.91.0 (2024-12-28)

Feature - Restoring custom endpoint functionality for ECR

1.90.0 (2024-12-26)

Feature - Add support for Dualstack Endpoints

... (truncated)

Commits

See full diff in compare view

Updates faraday from 2.7.11 to 2.13.0

Release notes

Sourced from faraday's releases.

v2.13.0

What's Changed

feat(ssl options): support SNI hostname by @bf4 in lostisland/faraday#1615

New Contributors

@bf4 made their first contribution in lostisland/faraday#1615

Full Changelog: lostisland/faraday@v2.12.3...v2.13.0

v2.12.3

What's Changed

Remove ruby2_keywords by @tisba in lostisland/faraday#1616

Fix thread safety issue by avoiding mutation of proxy options hash by @QWYNG in lostisland/faraday#1617

New Contributors

@QWYNG made their first contribution in lostisland/faraday#1617

Full Changelog: lostisland/faraday@v2.12.2...v2.12.3

v2.12.2

What's Changed

Use generic argument forwarding + remove ruby2_keywords by @chaymaeBZ in lostisland/faraday#1601

[TEST] fix compatibility with ruby 3.4.0dev by @mtasaka in lostisland/faraday#1604

Formatting the log using parameter progname for the logger by @kodram in lostisland/faraday#1606

New Contributors

@chaymaeBZ made their first contribution in lostisland/faraday#1601

@mtasaka made their first contribution in lostisland/faraday#1604

@kodram made their first contribution in lostisland/faraday#1606

Full Changelog: lostisland/faraday@v2.12.1...v2.12.2

v2.12.1

What's Changed

Allow faraday-net_http 3.4.x by @richardmarbach in lostisland/faraday#1599

New Contributors

@richardmarbach made their first contribution in lostisland/faraday#1599

Full Changelog: lostisland/faraday@v2.12.0...v2.12.1

v2.12.0

What's Changed

New features ✨

Make RaiseError middleware configurable to not raise error on certain status codes (e.g. 404) by @clemens in lostisland/faraday#1590

Fixes 🐞

Add json as an explicit dependency by @deivid-rodriguez in lostisland/faraday#1589

... (truncated)

Commits

77204cc Version bump to 2.13.0
919dc8f feat(ssl options): support SNI hostname (#1615)
064a54b Version bump to 2.12.3
cd1c44a Fix thread safety issue by avoiding mutation of proxy options hash (#1617)
1551c32 removes ruby2_keywords usage
a9cf004 Version bump to 2.12.2
529b5b0 Formatting the log using parameter progname for the logger (#1606)
b7b2bc1 [TEST] fix compatibility with ruby 3.4.0dev
f9f4ce5 Use generic argument forwarding + remove ruby2_keywords
93ef9e0 Version bump to 2.12.1
Additional commits viewable in compare view

Updates faraday-retry from 2.2.0 to 2.3.1

Release notes

Sourced from faraday-retry's releases.

v2.3.1

What's Changed

Scope retryable module under faraday module by @bertm13 in lostisland/faraday-retry#45

New Contributors

@bertm13 made their first contribution in lostisland/faraday-retry#45

Full Changelog: lostisland/faraday-retry@v2.3.0...v2.3.1

v2.3.0

What's Changed

Fix typos in README by @garyhtou in lostisland/faraday-retry#42

Implement exhausted_retries_block option by @Combos93 in lostisland/faraday-retry#44

New Contributors

@garyhtou made their first contribution in lostisland/faraday-retry#42

@Combos93 made their first contribution in lostisland/faraday-retry#44

Full Changelog: lostisland/faraday-retry@v2.2.1...v2.3.0

v2.2.1

What's Changed

Document "methods" option with its type as a list of Symbols by @olleolleolle in lostisland/faraday-retry#30

Update docs reference to RaiseError middleware by @Drowze in lostisland/faraday-retry#32

Add Ruby 3.3 to CI matrix by @m-nakamura145 in lostisland/faraday-retry#33

Improve README.md about exceptions config by @mi-wada in lostisland/faraday-retry#35

Check for Faraday::UploadIO while rewinding by @iMacTia in lostisland/faraday-retry#37

Bump actions/checkout from 3 to 4 by @dependabot in lostisland/faraday-retry#38

New Contributors

@Drowze made their first contribution in lostisland/faraday-retry#32

@m-nakamura145 made their first contribution in lostisland/faraday-retry#33

@mi-wada made their first contribution in lostisland/faraday-retry#35

@dependabot made their first contribution in lostisland/faraday-retry#38

Full Changelog: lostisland/faraday-retry@v2.2.0...v2.2.1

Changelog

Sourced from faraday-retry's changelog.

Changelog

Unreleased

nothing yet

v2.2.1 (2024-04-15)

Avoid deprecation warning about ::UploadIO constant when used without faraday-multipart gem [PR #37](lostisland/faraday-retry#37) [@iMacTia]

Documentation update [PR #30](lostisland/faraday-retry#30) [@olleolleolle]

Documentation update [PR #32](lostisland/faraday-retry#32) Thanks, [@Drowze]!

Commits

10ec1da Version bump to 2.3.1
2865414 Move documentation comment to the right place
75d3efb Scope retryable module under faraday module
f021508 v2.3.0
5af8aa8 Gemfile: Avoid warning output from RuboCop
136a4ff Refactoring and rubocop fixes
13e9a7f Update spec/faraday/retry/middleware_spec.rb
2979869 fix code documentation
52a857c fix typo
22ab15a word corrections
Additional commits viewable in compare view

Updates gitlab from 5.0.0 to 5.1.0

Release notes

Sourced from gitlab's releases.

v5.1.0

General improvements

Added base64 to dependencies #697

Bugfixes

Fixed masking short and known private tokens #692

Fixed pagination options for merge request discussions #694

New features

Added support for programming languages used in a project #695

Added support for merge request dependencies #698

Added support for pipelines triggered by a pipeline schedule in a project #699

Added support for using CI/CD job token for authentication #700

Added support for project access tokens API #701

Commits

bcfeb45 Release v5.1.0
6ca8f7a Merge pull request #701 from balasankarc/support-access-token-endpoint
64896ab Add Project Access Token related endpoints
26edb1b Merge pull request #700 from balasankarc/support-ci-job-token
0bfb77c Support using CI_JOB_TOKEN for authentication
579bcda Merge pull request #699 from caiconkhicon/dattang/add-pipeline_schedule_get_p...
a9da2e9 Remove verb from method name
100e256 Add get_pipelines_by_pipeline_schedule method
f3bd928 Merge pull request #698 from ddieulivol/ddieulivol-merge_request_dependencies
5e31a2d Merge branch 'master' into ddieulivol-merge_request_dependencies
Additional commits viewable in compare view

Updates json from 2.6.3 to 2.10.2

Release notes

Sourced from json's releases.

v2.10.2

What's Changed

Fix a potential crash in the C extension parser.

Raise a ParserError on all incomplete unicode escape sequence. This was the behavior until 2.10.0 unadvertently changed it.

Ensure document snippets that are included in parser errors don't include truncated multibyte characters.

Ensure parser error snippets are valid UTF-8.

Fix JSON::GeneratorError#detailed_message on Ruby < 3.2

Full Changelog: ruby/json@v2.10.1...v2.10.2

v2.10.1

What's Changed

Fix a compatibility issue with MultiJson.dump(obj, pretty: true) by @byroot in ruby/json#749

Full Changelog: ruby/json@v2.10.0...v2.10.1

v2.10.0

What's Changed

strict: true now accept symbols as values. Previously they'd only be accepted as hash keys.

The C extension Parser has been entirely reimplemented from scratch.

Introduced JSON::Coder as a new API allowing to customize how non native types are serialized in a non-global way.

Introduced JSON::Fragment to allow assembling cached fragments in a safe way.

The Java implementation of the generator received many optimizations.

Full Changelog: ruby/json@v2.9.1...v2.10.0

v2.9.1

What's Changed

Add support for Solaris 10 which lacks strnlen()

v2.9.0

What's Changed

Fix C implementation of script_safe escaping to not confuse some other 3 wide characters with \u2028 and \u2029. e.g. JSON.generate(["倩", "瀨"], script_safe: true) would generate the wrong JSON.

JSON.dump(object, some_io) now write into the IO in chunks while previously it would buffer the entire JSON before writing.

JSON::GeneratorError now has a #invalid_object attribute, making it easier to understand why an object tree cannot be serialized.

Numerous improvements to the JRuby extension.

Full Changelog: ruby/json@v2.8.2...v2.9.0

v2.8.2

What's Changed

JSON.load_file: explictly load the file as UTF-8

Full Changelog: ruby/json@v2.8.1...v2.8.2

... (truncated)

Changelog

Sourced from json's changelog.

2025-03-12 (2.10.2)

Fix a potential crash in the C extension parser.

Raise a ParserError on all incomplete unicode escape sequence. This was the behavior until 2.10.0 unadvertently changed it.

Ensure document snippets that are included in parser errors don't include truncated multibyte characters.

Ensure parser error snippets are valid UTF-8.

Fix JSON::GeneratorError#detailed_message on Ruby < 3.2

2025-02-10 (2.10.1)

Fix a compatibility issue with MultiJson.dump(obj, pretty: true): no implicit conversion of false into Proc (TypeError).

2025-02-10 (2.10.0)

strict: true now accept symbols as values. Previously they'd only be accepted as hash keys.

The C extension Parser has been entirely reimplemented from scratch.

Introduced JSON::Coder as a new API allowing to customize how non native types are serialized in a non-global way.

Introduced JSON::Fragment to allow assembling cached fragments in a safe way.

The Java implementation of the generator received many optimizations.

2024-12-18 (2.9.1)

Fix support for Solaris 10.

2024-12-03 (2.9.0)

Fix C implementation of script_safe escaping to not confuse some other 3 wide characters with \u2028 and \u2029. e.g. JSON.generate(["倩", "瀨"], script_safe: true) would generate the wrong JSON.

JSON.dump(object, some_io) now write into the IO in chunks while previously it would buffer the entire JSON before writing.

JSON::GeneratorError now has a #invalid_object attribute, making it easier to understand why an object tree cannot be serialized.

Numerous improvements to the JRuby extension.

2024-11-14 (2.8.2)

JSON.load_file explictly read the file as UTF-8.

2024-11-06 (2.8.1)

Fix the java packages to include the extension.

2024-11-06 (2.8.0)

Emit a deprecation warning when JSON.load create custom types without the create_additions option being explictly enabled.

Prefer to use JSON.unsafe_load(string) or JSON.load(string, create_additions: true).

Emit a deprecation warning when serializing valid UTF-8 strings encoded in ASCII_8BIT aka BINARY.

Bump required Ruby version to 2.7.

Add support for optionally parsing trailing commas, via allow_trailing_comma: true, which in cunjunction with the pre-existing support for comments, make it suitable to parse jsonc documents.

Many performance improvements to JSON.parse and JSON.load, up to 1.7x faster on real world documents.

Some minor performance improvements to JSON.dump and JSON.generate.

... (truncated)

Commits

350c1fd Release 2.10.2
c56db31 Merge commit from fork
cf242d8 Fix potential out of bound read in json_string_unescape.
57911f1 Merge pull request #762 from byroot/invalid-escape
7d0637b Raise a ParserError on all incomplete unicode escape sequence.
c079793 Avoid fast-path IO writes when IO has ext enc
ac30b69 Merge pull request #757 from rahim/fix-generator-error-no-method-error
2e015ff Fix JSON::GeneratorError#detailed_message with Ruby < 3.2
f3e1136 Merge pull request #756 from byroot/utf8-snippets
e144793 Ensure parser error snippets are valid UTF-8
Additional commits viewable in compare view

Updates nokogiri from 1.16.5 to 1.18.7

Release notes

Sourced from nokogiri's releases.

v1.18.7 / 2025-03-31

Dependencies

[CRuby] Vendored libxml2 is updated to v2.13.7, which is a bugfix release.

57a064ab5440814a69a0e040817bd8154adea68a30d2ff2b3aa515a6a06dbb5f  nokogiri-1.18.7-aarch64-linux-gnu.gem
3e442dc5b69376e84288295fe37cbb890a21ad816a7e571e5e9967b3c1e30cd3  nokogiri-1.18.7-aarch64-linux-musl.gem
083abb2e9ed2646860f6b481a981485a658c6064caafaa81bf1cda1bada2e9d5  nokogiri-1.18.7-arm64-darwin.gem
337d9149deb5ae01022dff7c90f97bed81715fd586aacab0c5809ef933994c5e  nokogiri-1.18.7-arm-linux-gnu.gem
97a26edcc975f780a0822aaf7f7d7427c561067c1c9ee56bd3542960f0c28a6e  nokogiri-1.18.7-arm-linux-musl.gem
6b63ff5defe48f30d1d3b3122f65255ca91df2caf5378c6e0482ce73ff46fb31  nokogiri-1.18.7.gem
2cb83666f35619ec59d24d831bf492e49cfe27b112c222330ee929737f42f2eb  nokogiri-1.18.7-java.gem
681148fbc918aa5d54933d8b48aeb9462ab708d23409797ed750af961107f72b  nokogiri-1.18.7-x64-mingw-ucrt.gem
081d1aa517454ba3415304e2ea51fe411d6a3a809490d0c4aa42799cada417b7  nokogiri-1.18.7-x86_64-darwin.gem
3a0bf946eb2defde13d760f869b61bc8b0c18875afdd3cffa96543cfa3a18005  nokogiri-1.18.7-x86_64-linux-gnu.gem
9d83f8ec1fc37a305fa835d7ee61a4f37899e6ccc6dcb05be6645fa9797605af  nokogiri-1.18.7-x86_64-linux-musl.gem

v1.18.6 / 2025-03-24

Fixed

[JRuby] In HTML documents, Node#attribute now returns the correct attribute. This has been broken, and returning nil, since v1.17.0. (#3487) @flavorjones

1b11f9a814068282cc2b47ebe61395b2a69d1918092d2ca3bd664074f72540e9  nokogiri-1.18.6-aarch64-linux-gnu.gem
797662f201c37a8feac3bd5b0c0e3447053bc71e6633d273fefd4c68b03e6a54  nokogiri-1.18.6-aarch64-linux-musl.gem
727a441d179d934b4b7c73e0e28e6723ee46463d96bb0cc6e2e33a13540962c4  nokogiri-1.18.6-arm64-darwin.gem
2da07a07ef4c9d9e9da809b3dc0937ed90b031e32c2c658d9918941b85d68b95  nokogiri-1.18.6-arm-linux-gnu.gem
e8ae1c9a4d8cfa7a92d632a6f596a88235ebe66d4b70418543378ba16c601f70  nokogiri-1.18.6-arm-linux-musl.gem
4d283431d7829719ea1287ca388f24c6ce343af736bbcbd1365cbdb83bce41a4  nokogiri-1.18.6.gem
bf16c53446987007ff3e1deb29d65d20444073ba112cb5bddbd2671135ba293c  nokogiri-1.18.6-java.gem
134f6d54f56edd46cb6db77c9d9de1704b3f83b3981a6763671e3cfbeba221f5  nokogiri-1.18.6-x64-mingw-ucrt.gem
fb72568c97ccd90a8d68cb765b0ff0720b109bd62e3babbf372e854ef8fef995  nokogiri-1.18.6-x86_64-darwin.gem
df065db6ba6e1e80f76ef04f860fcf260cc24685125fe33cdc3d1572a1c66b71  nokogiri-1.18.6-x86_64-linux-gnu.gem
75ec7a93cec54687aa63b2eaf830dc4ac5b4f3d8c969f20c035e67c9e6a30cef  nokogiri-1.18.6-x86_64-linux-musl.gem

v1.18.5 / 2025-03-19

Fixed

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.18.7 / 2025-03-31

Dependencies

[CRuby] Vendored libxml2 is updated to v2.13.7, which is a bugfix release.

v1.18.6 / 2025-03-24

Fixed

[JRuby] In HTML documents, Node#attribute now returns the correct attribute. This has been broken, and returning nil, since v1.17.0. (#3487) @flavorjones

v1.18.5 / 2025-03-19

Fixed

[JRuby] Update JRuby's XML serialization so it outputs namespaces exactly like CRuby. (#3455, #3456) @johnnyshields

v1.18.4 / 2025-03-14

Security

[CRuby] Vendored libxslt is updated to v1.1.43 to address CVE-2025-24855 and CVE-2024-55549. See GHSA-mrxw-mxhj-p664 for more information.

v1.18.3 / 2025-02-18

Security

[CRuby] Vendored libxml2 is updated v2.13.6 to address CVE-2025-24928 and CVE-2024-56171. See GHSA-vvfq-8hwr-qm4m for more information.

v1.18.2 / 2024-01-19

Fixed

When performing a CSS selector query, an XML document's root namespace declarations should not be applied to wildcard selectors ("*"). Fixes a bug introduced in v1.17.0. (#3411) @flavorjones

v1.18.1 / 2024-12-29

Fixed

[CRuby] XML::SAX::ParserContext keeps a reference to the input to avoid a potential use-after-free issue that's existed since v1.4.0 (2009). (#3395) @flavorjones

v1.18.0 / 2024-12-25

... (truncated)

Commits

13e8aa4 version bump to v1.18.7
605699d dep: bump libxml2 to 2.13.7 (v1.18.x backport) (#3495)
804e590 dep: bump libxml2 to 2.13.7
52bf15b dep(dev): drop Rubocop from JRuby deps
189769d version bump to v1.18.6
de4982f fix(jruby): Node#attribute in HTML documents (v1.18.x) (#3492)
7d95b0f fix(jruby): Node#attribute in HTML documents
58823ff version bump to v1.18.5
4473261 Fix MRI Ruby vs. JRuby XML child namespace output differences (backport v1.18...
6cac169 doc: update CHANGELOG
Additional commits viewable in compare view

Updates parser from 3.3.6.0 to 3.3.7.4

Changelog

Sourced from parser's changelog.

v3.3.7.4 (2025-03-31)

Bugs fixed:

lexer-strings.rb: Avoid an exception on utf8 surrogate pair codepoints (#1051) (Earlopain)

builder.rb: emit kwargs node for indexasgn when opted in (#1053) (Earlopain)

builder.rb: correctly handle ... forwarding to super with explicit block (#1049) (Earlopain)

numbered parameters are valid for pattern matching pinning (#1060) (Earlopain)

v3.3.7.3 (2025-03-26)

API modifications:

Bump maintenance branches to 3.2.8 and 3.1.7 (#1074) (Koichi ITO)

v3.3.7.2 (2025-03-20)

Features implemented:

add prism-specific node types (#1071) (Earlopain)

Bugs fixed:

builder.rb: fix hash value omission considering some local vars as constants (#1064) (Earlopain)

v3.3.7.1 (2025-02-05)

API modifications:

parser/current: add -dev prefix to 3.4 branch (#1067) (Ilya Bylich)

parser/current: bump 3.2 branch to 3.2.7 (#1066) (Ilya Bylich)

v3.3.7.0 (2025-01-16)

API modifications:

Bump maintenance branches to 3.3.7 (#1061) (Koichi ITO)

bump 3.4 branch, remove 3.0 from CI (EOL) (#1057) (Ilya Bylich)

assert that version-specific checks actually run against at least one version (#1050) (Earlopain)

Features implemented:

ruby34.y: reject return in singleton class (#1048) (Earlopain)

Bugs fixed:

Fix ruby-parse with a folder ending in .rb (#1047) (Earlopain)

Commits

da0aec5 Update changelog.
d368857 Bump version
e261316 - lexer-strings.rb: Avoid an exception on utf8 surrogate pair codepoints (#1051)
6f54456 - builder.rb: emit kwargs node for indexasgn when opted in (#1053)
d34616f - builder.rb: correctly handle ... forwarding to super with explicit block ...
beb5ccd Supress warnings during parsing (#1013)
75c6ce0 - numbered parameters are valid for pattern matching pinning (#1060)
6c92533 Update changelog.
d9f8860 Update changelog.
23d3a8f Bump version
Additional commits viewable in compare view

Updates psych from 5.1.2 to 5.2.3

Release notes

Sourced from psych's releases.

v5.2.3

What's Changed

Bump rubygems/release-gem from 1.1.0 to 1.1.1 by @dependabot in ruby/psych#702

Improve readme formatting by @tas50 in ruby/psych#704

Support bundled gems like pstore and ostruct by @hsbt in ruby/psych#705

Added JAVA_OPTS for java version of psych by @hsbt in ruby/psych#707

Bump step-security/harden-runner from 2.10.2 to 2.10.3 by @dependabot in ruby/psych#706

remove vim settings by @tenderlove in ruby/psych#708

Update to SnakeYAML-Engine 2.9 by @headius in ruby/psych#709

New Contributors

@tas50 made their first contribution in ruby/psych#704

Full Changelog: ruby/psych@v5.2.2...v5.2.3

v5.2.2

What's Changed

Do not depend on the evaluation order of C arguments by @mame in ruby/psych#698

Don't autolink Exception in psych module docs by @zzak in ruby/psych#699

Full Changelog: ruby/psych@v5.2.1...v5.2.2

v5.2.1

What's Changed

Eagerly require date by @tdeo in ruby/psych#695

Bump rubygems/release-gem from 612653d273a73bdae1df8453e090060bb4db5f31 to 9e85cb11501bebc2ae661c1500176316d3987059 by @dependabot in ruby/psych#697

Bump step-security/harden-runner from 2.10.1 to 2.10.2 by @dependabot in ruby/psych#696

New Contributors

@tdeo made their first contribution in ruby/psych#695

Full Changelog: ruby/psych@v5.2.0...v5.2.1

v5.2.0

What's Changed

Remove unused array by @amomchilov in ruby/psych#665

issue #443: quote Y and N when dumping by @ColinDKelley in ruby/psych#641

Provide a 'Changelog' link on rubygems.org/gems/psych by @mark-young-atg in ruby/psych#666

Add :stringify_names option to convert symbol keys to string for dumping by @fnordfish in ruby/psych#621

Don't call Kernel#require in hot loop by @casperisfine in ruby/psych#678

Convert tabs to spaces in C files by @peterzhu2118 in ruby/psych#680

Add .git-blame-ignore-revs to ignore expanding tabs by @peterzhu2118 in ruby/psych#681

Exclude Ruby 2.5 on macOS from CI by @peterzhu2118 in ruby/psych#682

Convert missed tabs to spaces by @peterzhu2118 in ruby/psych#683

Guard from memory leak in Psych::Emitter#start_document by @peterzhu2118 in ruby/psych#684

CI: Ruby 2.5 runs on macos-13 (amd64) by @olleolleolle in ruby/psych#677

docs: specify correct default fallback value by @G-Rath in ruby/psych#668

Make to load stringio lazily by @hsbt in ruby/psych#686

Unlimited line_width with -1 by @xuanxu in ruby/psych#675

... (truncated)

Commits

2af9f6a Bump version for release
d086434 Merge pull request #709 from headius/snakeyaml-engine-2.9
ac887cd Update to SnakeYAML-Engine 2.9
5857e5c Merge pull request #708 from ruby/remove-vim-settings
2f46abf remove vim settings
7a68700 Merge pull request #706 from ruby/dependabot/github_actions/step-security/har...
c80fbf8 Bump step-security/harden-runner from 2.10.2 to 2.10.3
94ea06e Merge pull request #707 from ruby/javaopt
7f7dc1f Added JAVA_OPTS for java version of psych
b96a661 Merge pull request #705 from ruby/support-bundled-gems
Additional commits viewable in compare view

Updates sorbet-runtime from 0.5.11952 to 0.5.12003

Release notes

Sourced from sorbet-runtime's releases.

sorbet 0.5.12002.20250409183236-fcf342988

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.12002', :group => :development
gem 'sorbet-runtime', '0.5.12002'
sorbet 0.5.12001.20250409181302-e84f33a22

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.12001', :group => :development
gem 'sorbet-runtime', '0.5.12001'
sorbet 0.5.12000.20250409101238-1920d186a

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.12000', :group => :development
gem 'sorbet-runtime', '0.5.12000'
sorbet 0.5.11999.20250409100344-f44ba337a

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.11999', :group => :development
gem 'sorbet-runtime', '0.5.11999'
sorbet 0.5.11998.20250408152545-dcd92157d

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.11998', :group => :development
gem 'sorbet-runtime', '0.5.11998'
sorbet 0.5.11997.20250408141929-272046ff0

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.11997', :group => :development
gem 'sorbet-runtime', '0.5.11997'
sorbet 0.5.11996.20250408130059-8e2a4a34d

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.11996', :group => :development
gem 'sorbet-runtime', '0.5.11996'
sorbet 0.5.11995.20250408113934-7b86e85aa

... (truncated)

Commits

See full diff in compare view

Updates stackprof from 0.2.25 to 0.2.27

Commits

a4d23d1 bumping version
d90ad35 Merge pull request #226 from froydnj/froydnj-fix-timing-crash
078f365 Merge pull request #230 from s4na/ruby3.3
02b866a Add Ruby 3.3 to CI
4e504d3 be more diligent about atomic operations
08b5127 don't set running until all relevant state is initialized
ebdd3af bumping version
bd885f9 Merge pull request #222 from casperisfine/typed-data
aaeef71 Migrate to the TypedData API
91d12e7 Merge pull request #219 from casperisfine/yjit-3.3-postponed-jbos
Additional commits viewable in

Bumps the prod-dependencies group with 16 updates in the /updater directory: | Package | From | To | | --- | --- | --- | | [http](https://github.com/httprb/http) | `5.1.1` | `5.2.0` | | [opentelemetry-metrics-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.6.0` | `0.6.1` | | [zeitwerk](https://github.com/fxn/zeitwerk) | `2.7.1` | `2.7.2` | | [aws-sdk-codecommit](https://github.com/aws/aws-sdk-ruby) | `1.63.0` | `1.83.0` | | [aws-sdk-ecr](https://github.com/aws/aws-sdk-ruby) | `1.68.0` | `1.99.0` | | [faraday](https://github.com/lostisland/faraday) | `2.7.11` | `2.13.0` | | [faraday-retry](https://github.com/lostisland/faraday-retry) | `2.2.0` | `2.3.1` | | [gitlab](https://github.com/NARKOZ/gitlab) | `5.0.0` | `5.1.0` | | [json](https://github.com/ruby/json) | `2.6.3` | `2.10.2` | | [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.16.5` | `1.18.7` | | [parser](https://github.com/whitequark/parser) | `3.3.6.0` | `3.3.7.4` | | [psych](https://github.com/ruby/psych) | `5.1.2` | `5.2.3` | | [sorbet-runtime](https://github.com/sorbet/sorbet) | `0.5.11952` | `0.5.12003` | | [stackprof](https://github.com/tmm1/stackprof) | `0.2.25` | `0.2.27` | | [parseconfig](https://github.com/datafolklabs/ruby-parseconfig) | `1.0.8` | `1.1.2` | | [rubyzip](https://github.com/rubyzip/rubyzip) | `2.3.2` | `2.4.1` | Updates `http` from 5.1.1 to 5.2.0 - [Changelog](https://github.com/httprb/http/blob/main/CHANGELOG.md) - [Commits](httprb/http@v5.1.1...v5.2.0) Updates `opentelemetry-metrics-sdk` from 0.6.0 to 0.6.1 - [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-ruby/blob/main/metrics_sdk/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-ruby@opentelemetry-metrics-sdk/v0.6.0...opentelemetry-metrics-sdk/v0.6.1) Updates `zeitwerk` from 2.7.1 to 2.7.2 - [Changelog](https://github.com/fxn/zeitwerk/blob/main/CHANGELOG.md) - [Commits](fxn/zeitwerk@v2.7.1...v2.7.2) Updates `aws-sdk-codecommit` from 1.63.0 to 1.83.0 - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-codecommit/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) Updates `aws-sdk-ecr` from 1.68.0 to 1.99.0 - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-ecr/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) Updates `faraday` from 2.7.11 to 2.13.0 - [Release notes](https://github.com/lostisland/faraday/releases) - [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md) - [Commits](lostisland/faraday@v2.7.11...v2.13.0) Updates `faraday-retry` from 2.2.0 to 2.3.1 - [Release notes](https://github.com/lostisland/faraday-retry/releases) - [Changelog](https://github.com/lostisland/faraday-retry/blob/main/CHANGELOG.md) - [Commits](lostisland/faraday-retry@v2.2.0...v2.3.1) Updates `gitlab` from 5.0.0 to 5.1.0 - [Release notes](https://github.com/NARKOZ/gitlab/releases) - [Commits](NARKOZ/gitlab@v5.0.0...v5.1.0) Updates `json` from 2.6.3 to 2.10.2 - [Release notes](https://github.com/ruby/json/releases) - [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md) - [Commits](ruby/json@v2.6.3...v2.10.2) Updates `nokogiri` from 1.16.5 to 1.18.7 - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.16.5...v1.18.7) Updates `parser` from 3.3.6.0 to 3.3.7.4 - [Changelog](https://github.com/whitequark/parser/blob/master/CHANGELOG.md) - [Commits](whitequark/parser@v3.3.6.0...v3.3.7.4) Updates `psych` from 5.1.2 to 5.2.3 - [Release notes](https://github.com/ruby/psych/releases) - [Commits](ruby/psych@v5.1.2...v5.2.3) Updates `sorbet-runtime` from 0.5.11952 to 0.5.12003 - [Release notes](https://github.com/sorbet/sorbet/releases) - [Commits](https://github.com/sorbet/sorbet/commits) Updates `stackprof` from 0.2.25 to 0.2.27 - [Changelog](https://github.com/tmm1/stackprof/blob/master/CHANGELOG.md) - [Commits](tmm1/stackprof@v0.2.25...v0.2.27) Updates `parseconfig` from 1.0.8 to 1.1.2 - [Changelog](https://github.com/datafolklabs/ruby-parseconfig/blob/master/Changelog) - [Commits](https://github.com/datafolklabs/ruby-parseconfig/commits) Updates `rubyzip` from 2.3.2 to 2.4.1 - [Release notes](https://github.com/rubyzip/rubyzip/releases) - [Changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md) - [Commits](rubyzip/rubyzip@v2.3.2...v2.4.1) --- updated-dependencies: - dependency-name: http dependency-version: 5.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: opentelemetry-metrics-sdk dependency-version: 0.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-dependencies - dependency-name: zeitwerk dependency-version: 2.7.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-dependencies - dependency-name: aws-sdk-codecommit dependency-version: 1.83.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: aws-sdk-ecr dependency-version: 1.99.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: faraday dependency-version: 2.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: faraday-retry dependency-version: 2.3.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: gitlab dependency-version: 5.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: json dependency-version: 2.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: nokogiri dependency-version: 1.18.7 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: parser dependency-version: 3.3.7.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-dependencies - dependency-name: psych dependency-version: 5.2.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: sorbet-runtime dependency-version: 0.5.12003 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-dependencies - dependency-name: stackprof dependency-version: 0.2.27 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-dependencies - dependency-name: parseconfig dependency-version: 1.1.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: rubyzip dependency-version: 2.4.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from a team as a code owner April 10, 2025 12:28

dependabot bot added dependencies ruby Dependabot pull requests that update Ruby code labels Apr 10, 2025

github-actions bot added the L: git:submodules Git submodules label Apr 10, 2025

dependabot bot force-pushed the dependabot/bundler/updater/prod-dependencies-b39c926601 branch 4 times, most recently from 975598b to d9c1c83 Compare April 13, 2025 16:59

sachin-sandhu force-pushed the dependabot/bundler/updater/prod-dependencies-b39c926601 branch from d9c1c83 to 63ab449 Compare April 17, 2025 01:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the prod-dependencies group across 1 directory with 16 updates #12026

Bump the prod-dependencies group across 1 directory with 16 updates #12026

dependabot bot commented on behalf of github Apr 10, 2025 •

edited

Loading

Bump the prod-dependencies group across 1 directory with 16 updates #12026

Are you sure you want to change the base?

Bump the prod-dependencies group across 1 directory with 16 updates #12026

Conversation

dependabot bot commented on behalf of github Apr 10, 2025 • edited Loading

Changelog

Unreleased

Removed

opentelemetry-metrics-sdk 0.6.1

v0.6.1 / 2025-04-09

v0.6.1 / 2025-04-09

2.7.2 (18 February 2025)

1.83.0 (2025-02-18)

1.82.0 (2025-02-06)

1.81.0 (2025-01-15)

1.80.0 (2024-11-18)

1.79.0 (2024-10-18)

1.78.0 (2024-09-24)

1.77.0 (2024-09-23)

1.76.0 (2024-09-20)

1.75.0 (2024-09-11)

1.74.0 (2024-09-10)

1.99.0 (2025-04-02)

1.98.0 (2025-03-11)

1.97.0 (2025-02-18)

1.96.0 (2025-02-07)

1.95.0 (2025-02-06)

1.94.0 (2025-01-30)

1.93.0 (2025-01-29)

1.92.0 (2025-01-15)

1.91.0 (2024-12-28)

1.90.0 (2024-12-26)

v2.13.0

What's Changed

New Contributors

v2.12.3

What's Changed

New Contributors

v2.12.2

What's Changed

New Contributors

v2.12.1

What's Changed

New Contributors

v2.12.0

What's Changed

New features ✨

Fixes 🐞

v2.3.1

What's Changed

New Contributors

v2.3.0

What's Changed

New Contributors

v2.2.1

What's Changed

New Contributors

Changelog

Unreleased

v2.2.1 (2024-04-15)

v5.1.0

General improvements

Bugfixes

New features

v2.10.2

What's Changed

v2.10.1

What's Changed

v2.10.0

What's Changed

v2.9.1

What's Changed

v2.9.0

What's Changed

v2.8.2

What's Changed

2025-03-12 (2.10.2)

2025-02-10 (2.10.1)

2025-02-10 (2.10.0)

2024-12-18 (2.9.1)

dependabot bot commented on behalf of github Apr 10, 2025 •

edited

Loading