Bump the minor-and-patch group across 1 directory with 8 updates #2217

dependabot · 2025-02-24T22:33:51Z

Bumps the minor-and-patch group with 8 updates in the / directory:

Package	From	To
rubocop-sorbet	`0.8.7`	`0.8.9`
rubocop-rspec	`3.4.0`	`3.5.0`
ruby-lsp	`0.23.10`	`0.23.11`
graphql	`2.4.9`	`2.4.10`
shopify-money	`3.0.0`	`3.0.1`
sidekiq	`7.3.8`	`7.3.9`
nokogiri	`1.18.2`	`1.18.3`
sorbet-static-and-runtime	`0.5.11842`	`0.5.11851`

Updates rubocop-sorbet from 0.8.7 to 0.8.9

Release notes

Sourced from rubocop-sorbet's releases.

v0.8.9

What's Changed

✨ Enhancements

Tweak Rubocop rules for inline RBS in RBI files by @Morriar in Shopify/rubocop-sorbet#282

Add ForbidTEnum cop by @Morriar in Shopify/rubocop-sorbet#284

Set Sorbet/StrictSigil to Safe: false by @corsonknowles in Shopify/rubocop-sorbet#268

fix documentation: sigil cops autocorrect using suggested level by @stathis-alexander in Shopify/rubocop-sorbet#273

Make deprecations about the codebase by @Morriar in Shopify/rubocop-sorbet#285

New Contributors

@stathis-alexander made their first contribution in Shopify/rubocop-sorbet#273

Full Changelog: Shopify/rubocop-sorbet@v0.8.7...v0.8.9

Commits

e74dff6 Bump version to v0.8.9
6a32550 Merge pull request #285 from Shopify/at-fix-message
a249077 Make deprecations about the codebase
172d5f0 Merge pull request #286 from Shopify/at-fix-example
6bb3376 Fix typos in examples
a9219be Enable example checking on CI
abe6884 Merge pull request #284 from Shopify/at-forbid-t-enum
d0e65c7 Add ForbidTEnum cop
100bcf3 Merge pull request #282 from Shopify/at-rb-rubocop
b9c9965 Tweak Rubocop rules for inline RBS in RBI files
Additional commits viewable in compare view

Updates rubocop-rspec from 3.4.0 to 3.5.0

Release notes

Sourced from rubocop-rspec's releases.

RuboCop RSpec v3.5.0

Don't let RSpec/PredicateMatcher replace respond_to? with two arguments with the RSpec respond_to matcher. (@bquorning)

Fix RSpec/PredicateMatcher support for eql and equal matchers. (@bquorning)

Pluginfy RuboCop RSpec. (@koic)

Changelog

Sourced from rubocop-rspec's changelog.

3.5.0 (2025-02-16)

Don't let RSpec/PredicateMatcher replace respond_to? with two arguments with the RSpec respond_to matcher. ([@bquorning])

Fix RSpec/PredicateMatcher support for eql and equal matchers. ([@bquorning])

Pluginfy RuboCop RSpec. ([@koic])

Commits

4b14015 Merge pull request #2043 from rubocop/release
6dafd48 Release v3.5.0
664e15f Enable pending cops
dac4256 Merge pull request #2025 from rubocop/use-node-groups
876b415 Use node groups in node patterns to replace unions of types
17640ad Merge pull request #2042 from koic/pluginfy_with_lint_roller
5f09fdf Pluginfy RuboCop RSpec
d29fd64 Merge pull request #2039 from rubocop/fewer-inline-disabled-cops
2edbf15 Loosen Metrics/MethodLength to 15
c8b14c1 Remove unnecessary RuboCop disables
Additional commits viewable in compare view

Updates ruby-lsp from 0.23.10 to 0.23.11

Release notes

Sourced from ruby-lsp's releases.

v0.23.11

✨ Enhancements

Add custom request to return LSP internal state (Shopify/ruby-lsp#3194) by @vinistock

Add test items collection builder (Shopify/ruby-lsp#3169) by @vinistock

Add discover tests custom request (Shopify/ruby-lsp#3180) by @vinistock

🐛 Bug Fixes

Fix backward compatibility for Bundler versions < 2.2.17 (Shopify/ruby-lsp#3152) by @Artes02

Fix off by one error when fetching lazy comments (Shopify/ruby-lsp#3167) by @vinistock

Fix composed bundle reference to gemfile in higher-level directory (Shopify/ruby-lsp#3135) by @mckeed

📦 Other Changes

Update Kate editor regarding incremental text updates (Shopify/ruby-lsp#3164) by @larskanis

Accept nil name for actual nesting (Shopify/ruby-lsp#3182) by @vinistock

Accept module/class node's constant path for constant name (Shopify/ruby-lsp#3183) by @vinistock

Commits

25c3a13 Bump extension version to v0.9.5
3e9c3ed Add command to show LSP's internal state for diagnosing issues (#3195)
0cf2dba Avoid focusing on test items on document switch (#3197)
45ae6f6 Remove unused instance variable (#3198)
e02a704 Resolve test items with server request (#3186)
7db4a9f Add discover tests custom request (#3180)
44a38fa Add test items collection builder (#3169)
632113a Add custom request to return LSP internal state (#3194)
1347d79 Add machine id to telemetry logger properties (#3193)
72f6641 Illustrate how to configure an add-on with nvim-lspconfig (#3192)
Additional commits viewable in compare view

Updates graphql from 2.4.9 to 2.4.10

Changelog

Sourced from graphql's changelog.

2.4.10 (18 Feb 2025)

New features

Dataloader: improve built-in Rails integration #5213

Bug fixes

NewRelicTrace: don't double-count time waiting on Dataloader fibers

Fix possible type memberships inherited from superclass #5236

Visibility: properly use configured contexts for visibility profiles #5235

Enum: reduce needless value_method warnings #5230 #5220

Backtrace: fix error handling with rescue_from #5227

Parser: return a proper error when variable type is missing #5225

Commits

c2dedb0 2.4.10
2816885 Merge pull request #5240 from rmosolgo/better-nr-trace
5451eba Add hooks for _lazy events
9246b56 improve test coverage
dd7c30c Add trace_authorized and trace_resolve_type options
bc6fcdf update tests and lint
21f2be7 Test steps, fix validation errors in trace
a711bb4 Rewrite NewRelicTrace to support fiber stops/starts
a5451ab Merge pull request #5213 from rmosolgo/rails-dataloader
8172088 improve test coverage
Additional commits viewable in compare view

Updates shopify-money from 3.0.0 to 3.0.1

Release notes

Sourced from shopify-money's releases.

v3.0.1

What's Changed

Introduce from_json as the inverse of to_json by @pedropb in Shopify/money#326

Do not delete from frozen options passed to as_json by @nvasilevski in Shopify/money#337

Handle when ActiveJob::Serializers is not defined in older versions of Rails by @ryanseys in Shopify/money#345

Update currencies by @elfassy in Shopify/money#358

new without_legacy_deprecations method by @elfassy in Shopify/money#362

New Contributors

@pedropb made their first contribution in Shopify/money#326

@nvasilevski made their first contribution in Shopify/money#337

@ryanseys made their first contribution in Shopify/money#344

@etiennebarrie made their first contribution in Shopify/money#349

Full Changelog: Shopify/money@v3.0.0...v3.0.1

Commits

b1a6edb Merge pull request #363 from Shopify/v3.0.1
0598a28 bump to v3.0.1
dfacdbf Merge pull request #362 from Shopify/without_legacy_deprecations
df28cc5 Merge pull request #358 from Shopify/update_currency_list
15401d7 Correct ZAR decimal mark (,) and thousands separator (space)
6af0b52 symbol improvements
fca780a add Bs as VES symbol
1b567eb Add new SLE currency
c1ffba6 fix symbol for Peruvian Sol
bdecb16 fix symbol vs alternative symbol for NPR
Additional commits viewable in compare view

Updates sidekiq from 7.3.8 to 7.3.9

Changelog

Sourced from sidekiq's changelog.

7.3.9

Only require activejob if necessary #6584

Fix iterable job cancellation #6589

Web UI accessibility improvements #6604

Commits

bf9afa4 chore: bump
922f37c Backport accessibility changes to 7-x branch (#6604)
a235881 fix: ensure we load our version of the adapter, not Rails
e0ccdb0 Fix iterable jobs cancellation (#6589)
57bdf45 Fix tests on ruby 3.4
886e434 Adjust railtie to avoid loading AJ driver before AJ, fixes #6584
See full diff in compare view

Updates nokogiri from 1.18.2 to 1.18.3

Release notes

Sourced from nokogiri's releases.

v1.18.3 / 2025-02-18

Security

[CRuby] Vendored libxml2 is updated to v2.13.6 to address CVE-2025-24928 and CVE-2024-56171. See GHSA-vvfq-8hwr-qm4m for more information.

cab20305133078a8f6b60cf96311b48319175038cc7772e5ec586ff624cb7838  nokogiri-1.18.3-aarch64-linux-gnu.gem
acb256bb3213a180b1ed84a49c06d5d4c6c1da26f33bc9681f1fece4dab09a79  nokogiri-1.18.3-aarch64-linux-musl.gem
ce088965cd424b8e752d82087dcf017069d55791f157098ed1f671d966857610  nokogiri-1.18.3-arm64-darwin.gem
37b73a55e0d1e8a058a24abb16868903e81cb4773049739c532b864f87236b1b  nokogiri-1.18.3-arm-linux-gnu.gem
09407970cd13736cf87e975fae69c13e1178bab0313d07b35580ee4dd3650793  nokogiri-1.18.3-arm-linux-musl.gem
6b9fc3b14fd0cedd21f6cad8cf565123ba7401e56b5d0aec180c23cdca28fd5a  nokogiri-1.18.3.gem
236078c5f80ffc3d49c223fa98933d970543455403f9d672ca0aa5a6178a84fe  nokogiri-1.18.3-java.gem
216be1cb454c4657fc64747e5ae32b2ab4015843183766f238e4f4a62fb1f6be  nokogiri-1.18.3-x64-mingw-ucrt.gem
d729406bb5a7b1bbe7ed3c0922336dd2c46085ed444d6de2a0a4c33950a4edea  nokogiri-1.18.3-x86_64-darwin.gem
3c7ad5cee39855ed9c746065f39b584b9fd2aaff61df02d0f85ba8d671bbe497  nokogiri-1.18.3-x86_64-linux-gnu.gem
8aaecc22c0e5f12dac613e15f9a04059c3ec859d6f98f493cc831bd88fe8e731  nokogiri-1.18.3-x86_64-linux-musl.gem

Changelog

Sourced from nokogiri's changelog.

v1.18.3 / 2025-02-18

Security

[CRuby] Vendored libxml2 is updated v2.13.6 to address CVE-2025-24928 and CVE-2024-56171. See GHSA-vvfq-8hwr-qm4m for more information.

Commits

fd3ca2e version bump to v1.18.3
a8c526a dep: update libxml2 to v2.13.6 (#3437)
0847cf8 ci: tired of waiting for gnome mirrors
11945c8 dep: update libxml2 to v2.13.6
See full diff in compare view

Updates sorbet-static-and-runtime from 0.5.11842 to 0.5.11851

Release notes

Sourced from sorbet-static-and-runtime's releases.

sorbet 0.5.11850.20250221083246-9d67da8c6

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.11850', :group => :development
gem 'sorbet-runtime', '0.5.11850'
sorbet 0.5.11849.20250221082535-3141c079c

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.11849', :group => :development
gem 'sorbet-runtime', '0.5.11849'
sorbet 0.5.11848.20250221082523-c50536de5

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.11848', :group => :development
gem 'sorbet-runtime', '0.5.11848'
sorbet 0.5.11847.20250221111543-786c6b015

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.11847', :group => :development
gem 'sorbet-runtime', '0.5.11847'
sorbet 0.5.11846.20250221074550-2a01b6e64

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.11846', :group => :development
gem 'sorbet-runtime', '0.5.11846'
sorbet 0.5.11845.20250220152236-3380582df

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.11845', :group => :development
gem 'sorbet-runtime', '0.5.11845'
sorbet 0.5.11844.20250220143803-cc3cd9373

To use Sorbet add this line to your Gemfile:
gem 'sorbet', '0.5.11844', :group => :development
gem 'sorbet-runtime', '0.5.11844'
sorbet 0.5.11843.20250220141611-99b1f8ff6

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minor-and-patch group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [rubocop-sorbet](https://github.com/shopify/rubocop-sorbet) | `0.8.7` | `0.8.9` | | [rubocop-rspec](https://github.com/rubocop/rubocop-rspec) | `3.4.0` | `3.5.0` | | [ruby-lsp](https://github.com/Shopify/ruby-lsp) | `0.23.10` | `0.23.11` | | [graphql](https://github.com/rmosolgo/graphql-ruby) | `2.4.9` | `2.4.10` | | [shopify-money](https://github.com/Shopify/money) | `3.0.0` | `3.0.1` | | [sidekiq](https://github.com/sidekiq/sidekiq) | `7.3.8` | `7.3.9` | | [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.18.2` | `1.18.3` | | [sorbet-static-and-runtime](https://github.com/sorbet/sorbet) | `0.5.11842` | `0.5.11851` | Updates `rubocop-sorbet` from 0.8.7 to 0.8.9 - [Release notes](https://github.com/shopify/rubocop-sorbet/releases) - [Commits](Shopify/rubocop-sorbet@v0.8.7...v0.8.9) Updates `rubocop-rspec` from 3.4.0 to 3.5.0 - [Release notes](https://github.com/rubocop/rubocop-rspec/releases) - [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop-rspec@v3.4.0...v3.5.0) Updates `ruby-lsp` from 0.23.10 to 0.23.11 - [Release notes](https://github.com/Shopify/ruby-lsp/releases) - [Commits](Shopify/ruby-lsp@v0.23.10...v0.23.11) Updates `graphql` from 2.4.9 to 2.4.10 - [Release notes](https://github.com/rmosolgo/graphql-ruby/releases) - [Changelog](https://github.com/rmosolgo/graphql-ruby/blob/master/CHANGELOG.md) - [Commits](rmosolgo/graphql-ruby@v2.4.9...v2.4.10) Updates `shopify-money` from 3.0.0 to 3.0.1 - [Release notes](https://github.com/Shopify/money/releases) - [Commits](Shopify/money@v3.0.0...v3.0.1) Updates `sidekiq` from 7.3.8 to 7.3.9 - [Changelog](https://github.com/sidekiq/sidekiq/blob/main/Changes.md) - [Commits](sidekiq/sidekiq@v7.3.8...v7.3.9) Updates `nokogiri` from 1.18.2 to 1.18.3 - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.18.2...v1.18.3) Updates `sorbet-static-and-runtime` from 0.5.11842 to 0.5.11851 - [Release notes](https://github.com/sorbet/sorbet/releases) - [Commits](https://github.com/sorbet/sorbet/commits) --- updated-dependencies: - dependency-name: rubocop-sorbet dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: rubocop-rspec dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: ruby-lsp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: graphql dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: shopify-money dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: sidekiq dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: nokogiri dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: sorbet-static-and-runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from a team as a code owner February 24, 2025 22:33

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Feb 24, 2025

dependabot bot mentioned this pull request Feb 24, 2025

Bump the minor-and-patch group across 1 directory with 8 updates #2216

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the minor-and-patch group across 1 directory with 8 updates #2217

Bump the minor-and-patch group across 1 directory with 8 updates #2217

dependabot bot commented on behalf of github Feb 24, 2025

Bump the minor-and-patch group across 1 directory with 8 updates #2217

Are you sure you want to change the base?

Bump the minor-and-patch group across 1 directory with 8 updates #2217

Conversation

dependabot bot commented on behalf of github Feb 24, 2025

v0.8.9

What's Changed

✨ Enhancements

New Contributors

RuboCop RSpec v3.5.0

3.5.0 (2025-02-16)

v0.23.11

✨ Enhancements

🐛 Bug Fixes

📦 Other Changes

2.4.10 (18 Feb 2025)

New features

Bug fixes

v3.0.1

What's Changed

New Contributors

7.3.9

v1.18.3 / 2025-02-18

Security

v1.18.3 / 2025-02-18

Security

sorbet 0.5.11850.20250221083246-9d67da8c6

sorbet 0.5.11849.20250221082535-3141c079c

sorbet 0.5.11848.20250221082523-c50536de5

sorbet 0.5.11847.20250221111543-786c6b015

sorbet 0.5.11846.20250221074550-2a01b6e64

sorbet 0.5.11845.20250220152236-3380582df

sorbet 0.5.11844.20250220143803-cc3cd9373

sorbet 0.5.11843.20250220141611-99b1f8ff6