🚨 [security] Update dotenv-rails 3.1.7 → 3.1.8 (patch)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ dotenv-rails (3.1.7 → 3.1.8) · Repo · Changelog

Release Notes

3.1.8

Thanks to Stoked Seagull Software for sponsoring this release of dotenv!
Need help with a software project but don't know where to begin? Stoked Seagull can help.

Interested in sponsoring dotenv?

What's Changed

• fix crash when .env is a folder by @Roupiye in #527
• docs: Clarify order of configuration files for flag -f by @webrails in #529
• docs: Provide a 'Changelog' link on rubygems.org/gems/dotenv-rails by @mark-young-atg in #524

New Contributors

• @webrails made their first contribution in #529
• @Roupiye made their first contribution in #527

Full Changelog: v3.1.7...v3.1.8

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 12 commits:

• Prepare for v3.1.8 release
• Fix lint error
• Merge branch 'Roupiye/main'
• Add specs for loading a directory
• Thanks to @kmatthews812 for sponsoring dotenv
• Merge pull request #524 from mark-young-atg/add_changelog_link_to_gemspec
• Merge pull request #529 from webrails/readme-f-configuration-files
• Fix lint error
• Add funding.yml
• Clarify order of configuration files for flag -f
• fix crash when .env is a folder
• Provide a 'Changelog' link on rubygems.org/gems/dotenv-rails

✳️ nokogiri (1.18.3 → 1.18.7) · Repo · Changelog

Security Advisories 🚨

🚨 Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs

Summary

Nokogiri v1.18.4 upgrades its dependency libxslt to v1.1.43.

libxslt v1.1.43 resolves:

• CVE-2025-24855: Fix use-after-free of XPath context node
• CVE-2024-55549: Fix UAF related to excluded namespaces

Impact

CVE-2025-24855

• "Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node"
• MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
• Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
• NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855

CVE-2024-55549

• "Use-after-free related to excluded result prefixes"
• MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
• Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
• NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-55549

Release Notes

1.18.7

v1.18.7 / 2025-03-31

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.13.7, which is a bugfix release.

sha256 checksums

57a064ab5440814a69a0e040817bd8154adea68a30d2ff2b3aa515a6a06dbb5f  nokogiri-1.18.7-aarch64-linux-gnu.gem
3e442dc5b69376e84288295fe37cbb890a21ad816a7e571e5e9967b3c1e30cd3  nokogiri-1.18.7-aarch64-linux-musl.gem
083abb2e9ed2646860f6b481a981485a658c6064caafaa81bf1cda1bada2e9d5  nokogiri-1.18.7-arm64-darwin.gem
337d9149deb5ae01022dff7c90f97bed81715fd586aacab0c5809ef933994c5e  nokogiri-1.18.7-arm-linux-gnu.gem
97a26edcc975f780a0822aaf7f7d7427c561067c1c9ee56bd3542960f0c28a6e  nokogiri-1.18.7-arm-linux-musl.gem
6b63ff5defe48f30d1d3b3122f65255ca91df2caf5378c6e0482ce73ff46fb31  nokogiri-1.18.7.gem
2cb83666f35619ec59d24d831bf492e49cfe27b112c222330ee929737f42f2eb  nokogiri-1.18.7-java.gem
681148fbc918aa5d54933d8b48aeb9462ab708d23409797ed750af961107f72b  nokogiri-1.18.7-x64-mingw-ucrt.gem
081d1aa517454ba3415304e2ea51fe411d6a3a809490d0c4aa42799cada417b7  nokogiri-1.18.7-x86_64-darwin.gem
3a0bf946eb2defde13d760f869b61bc8b0c18875afdd3cffa96543cfa3a18005  nokogiri-1.18.7-x86_64-linux-gnu.gem
9d83f8ec1fc37a305fa835d7ee61a4f37899e6ccc6dcb05be6645fa9797605af  nokogiri-1.18.7-x86_64-linux-musl.gem

1.18.6

v1.18.6 / 2025-03-24

Fixed

• [JRuby] In HTML documents, Node#attribute now returns the correct attribute. This has been broken, and returning nil, since v1.17.0. (#3487) @flavorjones

sha256 checksums

1b11f9a814068282cc2b47ebe61395b2a69d1918092d2ca3bd664074f72540e9  nokogiri-1.18.6-aarch64-linux-gnu.gem
797662f201c37a8feac3bd5b0c0e3447053bc71e6633d273fefd4c68b03e6a54  nokogiri-1.18.6-aarch64-linux-musl.gem
727a441d179d934b4b7c73e0e28e6723ee46463d96bb0cc6e2e33a13540962c4  nokogiri-1.18.6-arm64-darwin.gem
2da07a07ef4c9d9e9da809b3dc0937ed90b031e32c2c658d9918941b85d68b95  nokogiri-1.18.6-arm-linux-gnu.gem
e8ae1c9a4d8cfa7a92d632a6f596a88235ebe66d4b70418543378ba16c601f70  nokogiri-1.18.6-arm-linux-musl.gem
4d283431d7829719ea1287ca388f24c6ce343af736bbcbd1365cbdb83bce41a4  nokogiri-1.18.6.gem
bf16c53446987007ff3e1deb29d65d20444073ba112cb5bddbd2671135ba293c  nokogiri-1.18.6-java.gem
134f6d54f56edd46cb6db77c9d9de1704b3f83b3981a6763671e3cfbeba221f5  nokogiri-1.18.6-x64-mingw-ucrt.gem
fb72568c97ccd90a8d68cb765b0ff0720b109bd62e3babbf372e854ef8fef995  nokogiri-1.18.6-x86_64-darwin.gem
df065db6ba6e1e80f76ef04f860fcf260cc24685125fe33cdc3d1572a1c66b71  nokogiri-1.18.6-x86_64-linux-gnu.gem
75ec7a93cec54687aa63b2eaf830dc4ac5b4f3d8c969f20c035e67c9e6a30cef  nokogiri-1.18.6-x86_64-linux-musl.gem

1.18.5

v1.18.5 / 2025-03-19

Fixed

• [JRuby] Update JRuby's XML serialization so it outputs namespaces exactly like CRuby. (#3455, #3456) @johnnyshields

sha256 checksums

3f12540863e45db38236257be30a8605cd1d2d074c38a63c6f1307fd968a477c  nokogiri-1.18.5-aarch64-linux-gnu.gem
296a9e346d9a816526ee0944b5df26e947d91ec09225897bf2fc14561e8861ca  nokogiri-1.18.5-aarch64-linux-musl.gem
df7731e550a7653c003ed142cc8bc3c611c15fae3b7be4ff317b61dfe32842d9  nokogiri-1.18.5-arm64-darwin.gem
25fc71081c671fc4e983eac76ad1b3c8ee2707c467dcdb96a066f749f978eaba  nokogiri-1.18.5-arm-linux-gnu.gem
8682d38ac2015ffa3b0c23925c579ced7e455f16931130ab434f26ff1c2846fa  nokogiri-1.18.5-arm-linux-musl.gem
c8a6f8da9418ac21345124bc79b94701f036fa05b27dfec4a6dc148d5fa136dc  nokogiri-1.18.5.gem
22354b83a81acefd028e7622d4dd832c1e3cc305bf152f7f77e7db9c820b59d0  nokogiri-1.18.5-java.gem
874080a907a550a60b28febd56fe8ae921e6a7e0bb0ae61aaecd6c71665dc604  nokogiri-1.18.5-x64-mingw-ucrt.gem
28659cf43eedb652ae2fb94a8c7a14d368b6944db97e63b4158c8d5d5b4f49d8  nokogiri-1.18.5-x86_64-darwin.gem
195f4a139961f3c892ac22fda6ae4e665919e6573149f0adc786adc8c20402be  nokogiri-1.18.5-x86_64-linux-gnu.gem
8c2786d259e3c73687f8c595e1ab040a66809799ad066dad8eb492fd58f4f8fd  nokogiri-1.18.5-x86_64-linux-musl.gem

1.18.4

v1.18.4 / 2025-03-14

Security

• [CRuby] Vendored libxslt is updated to v1.1.43 to address CVE-2025-24855 and CVE-2024-55549. See GHSA-mrxw-mxhj-p664 for more information.

sha256 checksums

8f2263cef9953ce09bd5293d76c9bbd3013d2f94d1cca67783dfe6635c529deb  nokogiri-1.18.4-aarch64-linux-gnu.gem
4e231f8ba3128cfc2ef0cc0bdc807d7ce71fc62cb6a78216e817be8631fe6a96  nokogiri-1.18.4-aarch64-linux-musl.gem
73902663b23b1123282b9c0b6d9654b1fb286dfee8d65cb1f6029087b7f0d037  nokogiri-1.18.4-arm64-darwin.gem
cc2945e2c19560a61a97737e6bd3b329edb1f82ca204d46a18e5e98ad0a550a6  nokogiri-1.18.4-arm-linux-gnu.gem
4fb7f44de0cd85abfa869e4cfb619410da174ebf9fbe26ae0caa65462b818bcb  nokogiri-1.18.4-arm-linux-musl.gem
bb7820521c1bbae1d3e0092ff03b27a8e700912b37d80f962b7e4567947a64ac  nokogiri-1.18.4.gem
cbc0bab72eb5a9573efa7b98351fdd44c609e8d4585456ca1be18db2b7764b64  nokogiri-1.18.4-java.gem
bd567cb509eb75de8f27ca6ecaf4a38bf0563482188991f9bcccccac9c3b9a2f  nokogiri-1.18.4-x64-mingw-ucrt.gem
e4776f58eea9b94d05caf8bf351e3c6aa1cce01edcc2ed530f3c302c13178965  nokogiri-1.18.4-x86_64-darwin.gem
b1c6407b346b88704e97a342a80acd4755175324e624da34d0c5cfdc8d34191e  nokogiri-1.18.4-x86_64-linux-gnu.gem
ea7c0356a70f3d2d0d76315b533877013d20368d5c9f437c38e0bd462c4844dc  nokogiri-1.18.4-x86_64-linux-musl.gem

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 16 commits:

• version bump to v1.18.7
• dep: bump libxml2 to 2.13.7 (v1.18.x backport) (#3495)
• dep: bump libxml2 to 2.13.7
• dep(dev): drop Rubocop from JRuby deps
• version bump to v1.18.6
• fix(jruby): Node#attribute in HTML documents (v1.18.x) (#3492)
• fix(jruby): Node#attribute in HTML documents
• version bump to v1.18.5
• Fix MRI Ruby vs. JRuby XML child namespace output differences (backport v1.18x) (#3476)
• doc: update CHANGELOG
• Fix MRI Ruby vs. JRuby XML child namespace output differences (#3456)
• version bump to v1.18.4
• dep: update libxslt to 1.1.43 (v1.18.x branch) (#3467)
• dep: update libxslt to 1.1.43
• ci: tired of waiting for gnome mirrors
• doc: update CHANGELOG with GHSA

↗️ dotenv (indirect, 3.1.7 → 3.1.8) · Repo · Changelog

Release Notes

3.1.8

Thanks to Stoked Seagull Software for sponsoring this release of dotenv!
Need help with a software project but don't know where to begin? Stoked Seagull can help.

Interested in sponsoring dotenv?

What's Changed

• fix crash when .env is a folder by @Roupiye in #527
• docs: Clarify order of configuration files for flag -f by @webrails in #529
• docs: Provide a 'Changelog' link on rubygems.org/gems/dotenv-rails by @mark-young-atg in #524

New Contributors

• @webrails made their first contribution in #529
• @Roupiye made their first contribution in #527

Full Changelog: v3.1.7...v3.1.8

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 12 commits:

• Prepare for v3.1.8 release
• Fix lint error
• Merge branch 'Roupiye/main'
• Add specs for loading a directory
• Thanks to @kmatthews812 for sponsoring dotenv
• Merge pull request #524 from mark-young-atg/add_changelog_link_to_gemspec
• Merge pull request #529 from webrails/readme-f-configuration-files
• Fix lint error
• Add funding.yml
• Clarify order of configuration files for flag -f
• fix crash when .env is a folder
• Provide a 'Changelog' link on rubygems.org/gems/dotenv-rails

↗️ irb (indirect, 1.15.1 → 1.15.2) · Repo

Release Notes

1.15.2

What's Changed

🐛 Bug Fixes

• Fallback to Reline when require 'readline' fails by @tompng in #1076
• Zero winsize bugfix by @tompng in #1073

📚 Documentation

• (docs) Document the keys for completion by @andyw8 in #1082

🛠 Other Changes

• Use EnvUtil.rubybin instead of "ruby" in copy command test by @tompng in #1071
• Remove ruby-core workflow by @st0012 in #1075
• Suppress irb_info measures ambiguous_width in command test by @tompng in #1074
• bundled gems migration by @hsbt in #1078
• Ignore to contain directory to Gem::Specification#files by @hsbt in #1079
• Disable scheduled jobs for forks by @andyw8 in #1084
• add context.ap_name test by @QWYNG in #1052
• Document USE_PAGER config by @artur-intech in #1086
• Disable truffle-ruby scheduled job on forks by @andyw8 in #1087
• Bump version to 1.15.2 by @tompng in #1088

New Contributors

• @QWYNG made their first contribution in #1052

Full Changelog: v1.15.1...v1.15.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 13 commits:

• Bump version to 1.15.2 (#1088)
• Disable truffle-ruby scheduled job on forks (#1087)
• Document `USE_PAGER` config (#1086)
• add context.ap_name test (#1052)
• Disable schedule jobs for forks (#1084)
• Document the keys for completion (#1082)
• Ignore to contain directory to Gem::Specification#files
• Zero winsize bugfix (#1073)
• bundled gems migration (#1078)
• Fallback to Reline when `require 'readline'` fails (#1076)
• Suppress irb_info measures ambiguous_width in command test (#1074)
• Remove ruby-core workflow (#1075)
• Use EnvUtil.rubybin instead of "ruby" in copy command test (#1071)

↗️ logger (indirect, 1.6.6 → 1.7.0) · Repo

Sorry, we couldn't find anything useful about this release.

↗️ rdoc (indirect, 6.12.0 → 6.13.1) · Repo · Changelog

Release Notes

6.13.1

What's Changed

✨ Enhancements

• Allow customizing path prefix through options by @st0012 in #1330

🛠 Other Changes

• Workaround build task issue in Ruby core CI by @st0012 in #1326
• Bump ruby/setup-ruby from 1.222.0 to 1.227.0 by @dependabot in #1329
• Remove needless RDoc::Options from XrefTestCase by @kou in #1332
• Bump version to v6.13.1 by @st0012 in #1334

Full Changelog: v6.13.0...v6.13.1

6.13.0

What's Changed

✨ Enhancements

• Add breadcrumb list by @unasuke in #973
• Image alt tag header formatting by @ioquatix in #1320

🐛 Bug Fixes

• Fix ri completion to always return candidates start with a given name by @tompng in #1082
• Call update_extends in ClassModule#complete by @st0012 in #1317

📚 Documentation

• Fix CodeObject's inheritance tree document by @st0012 in #1314

🛠 Other Changes

• Bump ruby/setup-ruby from 1.215.0 to 1.218.0 by @dependabot in #1290
• Remove unnecessary coupling in comments' call_seq extraction by @st0012 in #1289
• Bump step-security/harden-runner from 2.10.4 to 2.11.0 by @dependabot in #1293
• Bump ruby/setup-ruby from 1.218.0 to 1.221.0 by @dependabot in #1294
• Removed development group for cloudflare pages by @hsbt in #1295
• Remove unused attributes by @st0012 in #1292
• Refactor darkfish's classes sidebar implementation by @st0012 in #1296
• Explicitly require helper in test_case by @st0012 in #1297
• Add webrick to development dependencies by @st0012 in #1301
• Remove unused darkfish parts by @st0012 in #1303
• Centralize generator setup by @st0012 in #1302
• Remove unused class_dir and file_dir attributes from generators by @st0012 in #1304
• Reenable JRuby for testing by @headius in #1305
• Relax paragraph pattern by @nobu in #1299
• Tests for markdown code using multiple backquotes by @nobu in #1306
• Remove an unused constant by @nobu in #1307
• Avoid accessing RDoc objects through Store by @st0012 in #1308
• Bump ruby/setup-ruby from 1.221.0 to 1.222.0 by @dependabot in #1311
• Make Options a required constructor argument of Store by @st0012 in #1309
• Reduce unnecessary external state assignment (singleton) by @st0012 in #1312
• Fix test target code of module_function by @tompng in #1316
• Remove dead or unnecessary methods/attributes by @st0012 in #1315
• Refactor markdown parsing of Image and ExplicitLink by @tompng in #1323
• Bump version to v6.13.0 by @st0012 in #1324

New Contributors

• @unasuke made their first contribution in #973
• @headius made their first contribution in #1305
• @ioquatix made their first contribution in #1320

Full Changelog: v6.12.0...v6.13.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 48 commits:

• Bump version to v6.13.1 (#1334)
• Allow customizing path prefix through options (#1330)
• Remove needless RDoc::Options from XrefTestCase (#1332)
• Bump ruby/setup-ruby from 1.222.0 to 1.227.0 (#1329)
• Workaround `build` task issue in Ruby core CI (#1326)
• Bump version to v6.13.0 (#1324)
• Refactor markdown parsing of Image and ExplicitLink (#1323)
• Image alt tag header formatting (#1320)
• Call` update_extend`s in `ClassModule#complete` (#1317)
• Remove dead or unnecessary methods/attributes (#1315)
• Fix test target code of module_function (#1316)
• Merge pull request #1314 from ruby/fix-code-object-structure-document
• Fix CodeObject's inheritance tree document
• Reduce unnecessary external state assignment (`singleton`) (#1312)
• Make `Options` a required constructor argument of `Store` (#1309)
• Merge pull request #1311 from ruby/dependabot/github_actions/ruby/setup-ruby-1.222.0
• Bump ruby/setup-ruby from 1.221.0 to 1.222.0
• Disable linear perf test on JRuby temporarily
• Avoid accessing `RDoc` objects through `Store` (#1308)
• Remove an unused constant
• Tests for markdown code using multiple backquotes
• Merge pull request #1299 from nobu/paragraph-excerpt
• Shorten the description text to get rid of JRuby exception
• Make retry condition more defensive not to loop infinitely
• Relax paragraph pattern
• Prefer `tr` over `gsub` to translate single letters
• Extract repeated regexp as a constant
• Merge pull request #1305 from headius/reenable_jruby
• Omit JRuby on Windows
• Reenable JRuby for testing
• Remove unused `class_dir` and `file_dir` attributes from generators (#1304)
• Centralize generator setup (#1302)
• Remove unused darkfish parts (#1303)
• Add webrick to development dependencies (#1301)
• Suppress assigned but unused variable warning
• Explicitly require helper in test_case (#1297)
• Refactor darkfish's classes sidebar implementation (#1296)
• Remove unused attributes (#1292)
• Removed development group for cloudflare pages
• Bump ruby/setup-ruby from 1.218.0 to 1.221.0 (#1294)
• Bump step-security/harden-runner from 2.10.4 to 2.11.0 (#1293)
• Merge pull request #973 from unasuke/breadcrumb
• Display breadcrumb only nested two or more levels
• Merge pull request #1082 from tompng/reline_readline_completion_fix
• Merge pull request #1289 from ruby/refactor-call-seq-extraction
• Merge pull request #1290 from ruby/dependabot/github_actions/ruby/setup-ruby-1.218.0
• Bump ruby/setup-ruby from 1.215.0 to 1.218.0
• Remove indirection from RDoc's call_seq extraction

↗️ reline (indirect, 0.6.0 → 0.6.1) · Repo

Release Notes

0.6.1

What's Changed

✨ Enhancements

• Support inserting C-c C-z C-\ with quoted_insert by @tompng in #798
• Enter newline if cursor position is middle of input by @ima1zumi in #802
• Update to Unicode 16.0.0 by @ima1zumi in #803

🐛 Bug Fixes

• Fix bracketed paste and scrolling bug by @tompng in #801

🛠 Other Changes

• Fix typos in comment by @ydah in #796
• test_tty_ambiguous_width: Use Reline.test_rubybin by @sorah in #797
• Refactor handling key in LineEditor by @tompng in #799
• Refactor utf-8 strings and invalid strings in test code by @tompng in #800
• Fix typo: marco -> macro by @kaibadash in #806
• Fix CI for Ruby 2.7 by @ima1zumi in #807
• Migration for bundled gems by @hsbt in #811
• Add gem readline to Gemfile to fix failing ci jobs: readline by @tompng in #810
• Remove ruby-core workflow by @tompng in #812
• Remove unused constant CAPNAME_KEY_BINDINGS by @tompng in #808
• Refactor undo redo by @tompng in #809
• Reject directory from Gem::Specification#files by @hsbt in #813
• Use Relin::ANSI's buffer instead of calling STDIN.ungetc by @tompng in #815
• Fix typo by @ima1zumi in #817
• Add gem fiddle to Gemfile (Only used in windows) by @tompng in #818
• Basic setup for Reline's official documentation website by @st0012 in #820
• Bump version to 0.6.1 by @tompng in #823

New Contributors

• @ydah made their first contribution in #796
• @kaibadash made their first contribution in #806

Full Changelog: v0.6.0...v0.6.1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 23 commits:

• Bump version to 0.6.1 (#823)
• Basic setup for Reline's official documentation website (#820)
• Add gem fiddle to Gemfile (Only used in windows) (#818)
• Fix typo (#817)
• Use Relin::ANSI's buffer instead of calling STDIN.ungetc (#815)
• Merge pull request #813 from ruby/fixup-rbinstall
• Reject directory from Gem::Specification#files
• Refactor undo redo (#809)
• Remove unused constant CAPNAME_KEY_BINDINGS (#808)
• Remove ruby-core workflow (#812)
• Add gem readline to Gemfile (#810)
• Migration for bundled gems (#811)
• Fix CI for Ruby 2.7 (#807)
• Fix typo: marco -> macro (#806)
• Update to Unicode 16.0.0 (#803)
• Enter newline if cursor position is middle of input (#802)
• Refactor utf-8 strings and invalid strings in test code (#800)
• Fix bracketed paste and scrolling bug (#801)
• Refactor handling key in LineEditor (#799)
• Support inserting C-c C-z C-\ with quoted_insert (#798)
• Merge pull request #797 from sorah/test_tty_ambiguous_width-rubybin
• test_tty_ambiguous_width: Use Reline.test_rubybin
• Fix typos in comment (#796)

↗️ stringio (indirect, 3.1.5 → 3.1.6) · Repo · Changelog

Release Notes

3.1.6

Fixes

• CRuby: Fix SEGV at unget to a null device StringIO
• JRuby:
  • Fix NullPointerException at unget to a null device StringIO
  • Use proper checkEncoding signature
  • Update strioWrite logic to match CRuby
  • GH-124

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 10 commits:

• Add 3.1.6 entry
• Use proper type for checkEncoding
• Also setup Java 21 for Windows jruby-head build
• Fix null StringIO modifiable check
• Set up Java 21 for jruby-head builds
• Re-get the string encoding after conversion
• Don't re-raise as RuntimeException
• Fix SEGV at unget to a null device StringIO
• Suppress a warning for the chilled string
• Development of 3.1.6 started.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[coveralls]

coverage: 99.07%. remained the same
when pulling 99503a0 on depfu/update/dotenv-rails-3.1.8
into 04fcd3a on main.