Skip to content

Bump the dev-dependencies group across 1 directory with 11 updates#14185

Open
dependabot[bot] wants to merge 3 commits intomainfrom
dependabot/bundler/updater/dev-dependencies-b3e2b3e45c
Open

Bump the dev-dependencies group across 1 directory with 11 updates#14185
dependabot[bot] wants to merge 3 commits intomainfrom
dependabot/bundler/updater/dev-dependencies-b3e2b3e45c

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 15, 2026

Bumps the dev-dependencies group with 11 updates in the /updater directory:

Package From To
debug 1.9.2 1.11.1
gpgme 2.0.25 2.0.26
rake 13.3.0 13.3.1
rspec 3.13.0 3.13.2
rubocop 1.80.2 1.84.2
rubocop-performance 1.26.0 1.26.1
rubocop-rspec 3.7.0 3.9.0
rubocop-sorbet 0.10.5 0.12.0
vcr 6.3.1 6.4.0
webmock 3.25.1 3.26.1
webrick 1.9.1 1.9.2

Updates debug from 1.9.2 to 1.11.1

Release notes

Sourced from debug's releases.

v1.11.1

What's Changed

New Contributors

Full Changelog: ruby/debug@v1.11.0...v1.11.1

v1.11.0

What's Changed

New Contributors

... (truncated)

Commits
  • bad4d38 v1.11.1
  • 88d762c FileUtils is needed
  • 553373a omit on older version
  • c1c1c8e use Kernel.__callee__
  • 24f95d6 catch up 4.0.0 backtrace change
  • bc97d33 add a test for b path: ...
  • 1139d78 support b path: path_expr
  • 06342cd catch any exception on singletonclass
  • 2791573 fix(DAP): Return unverified breakpoints instead of unsuccessful response
  • 14c8a54 Update imemo_mask to match ruby's
  • Additional commits viewable in compare view

Updates gpgme from 2.0.25 to 2.0.26

Changelog

Sourced from gpgme's changelog.

2.0.26 February 14, 2025

  • Fix Data_Get_Struct warnings (#206)
  • Update deprecated key editing functions (#207)
  • Fix callback encoding (#208)
  • More efficient key sign lookups (#209)
  • Improve thread safety (#210)
  • Fix encryption flags (#211)
Commits

Updates rake from 13.3.0 to 13.3.1

Commits
  • f0001c3 v13.3.1
  • a644c80 Merge pull request #483 from luke-gru/fix_test_warnings
  • 2465ea5 silence warnings during execution of rake tasks in Rakefile (ex: rake test)
  • df25fb1 Merge pull request #610 from pvdb/fix_testhelper_require
  • ec12ac9 Merge pull request #635 from nevans/deconstruct_keys-for-nil-keys
  • 4664a69 Merge pull request #666 from ruby/dependabot/github_actions/ruby/setup-ruby-1...
  • 7a0bf15 Bump ruby/setup-ruby from 1.265.0 to 1.266.0
  • b3ed789 Merge pull request #665 from ruby/dependabot/github_actions/ruby/setup-ruby-1...
  • 1e7ef52 Bump ruby/setup-ruby from 1.263.0 to 1.265.0
  • 77225e1 Merge pull request #664 from ruby/dependabot/github_actions/ruby/setup-ruby-1...
  • Additional commits viewable in compare view

Updates rspec from 3.13.0 to 3.13.2

Commits

Updates rubocop from 1.80.2 to 1.84.2

Release notes

Sourced from rubocop's releases.

RuboCop v1.84.2

Bug fixes

  • #14854: Fix a clobbering error in Style/BlockDelimiters when autocorrecting nested multi-line blocks with adjacent curly braces. (@​koic)
  • #14837: Fix an error for Style/IfUnlessModifier when the first value uses a normal if and the others use modifier if. (@​koic)
  • #14858: Fix an infinite loop error in Layout/FirstArgumentIndentation when first arguments are over-indented in nested method calls. (@​koic)
  • #14843: Fix an error in Layout/MultilineMethodCallIndentation when a multiline method call follows a hash access. (@​koic)
  • #14859: Fix an error in Layout/MultilineMethodCallIndentation when a multiline method call includes a keyword argument whose value is a method call with a block. (@​koic)
  • #14839: Fix a false positive for Layout/EmptyLinesAfterModuleInclusion when include is nested inside an array. (@​eugeneius)
  • #7436: Fix Style/FormatStringToken to not autocorrect strings outside of format method context in aggressive mode. (@​ydakuka)
  • #14841: Fix false negatives in Style/HashAsLastArrayItem when an array contains only a single hash element. (@​koic)
  • #14865: Fix false negatives in Style/MethodDefParentheses when using splat or forwarding arguments without parentheses. (@​koic)
  • #14833: Fix false positive for Layout/MultilineMethodCallIndentation when a multi-dot method chain is inside a hash pair value. (@​ydakuka)
  • #14847: Fix false positive for Layout/MultilineMethodCallIndentation when a method is chained after a single-line block. (@​ydakuka)
  • #14867: Fix Offense#highlighted_area for PseudoSourceRange locations. (@​rafaelfranca)
  • #14861: Fix an error in Style/IfUnlessModifier when the first value uses a normal if and the others use ternary operator. (@​koic)
  • #14816: Use toplevel cache configs for remote configuration files. (@​nekketsuuu)

RuboCop v1.84.1

Bug fixes

  • #14803: Fix an error for Layout/IndentationWidth cop. (@​viralpraxis)
  • #14806: Fix an error in Style/NegativeArrayIndex when using self as array with implicit self receiver. (@​koic)
  • #14813: Fix opt-in cop comments taking precedence over configuration file exclude patterns. (@​afrase)
  • #14819: Fix incorrect autocorrect for Style/GuardClause when using heredoc as an argument of method call in raise in else branch. (@​koic)
  • #14805: Bring back the original indentation from before version 1.84.0. (@​Magikdidi24)
  • #12754: Fix an infinite loop for Style/IfUnlessModifier when multiple if/unless statements share the same line in arrays, method arguments, or hash values. (@​ydakuka)
  • #14817: Fix an infinite loop between Layout/FirstArgumentIndentation and Layout/LineLength when correcting method chains. (@​ydakuka)
  • #11513: Fix Layout/MultilineMethodCallIndentation to properly handle method chains inside hash pair values. (@​ydakuka)
  • #14814: Fix push/pop directives to properly handle nested scopes and state restoration. (@​Magikdidi24)

Changes

  • #14823: Add the built-in infinite? method to the allowlists for Naming/PredicateMethod, Style/IfWithBooleanLiteralBranches, and Style/RedundantCondition, in addition to the existing nonzero?. (@​koic)
  • #14735: Remove deprecated InjectDefaults handling. (@​afurm)

RuboCop v1.84.0

... (truncated)

Changelog

Sourced from rubocop's changelog.

1.84.2 (2026-02-12)

Bug fixes

  • #14854: Fix a clobbering error in Style/BlockDelimiters when autocorrecting nested multi-line blocks with adjacent curly braces. ([@​koic][])
  • #14837: Fix an error for Style/IfUnlessModifier when the first value uses a normal if and the others use modifier if. ([@​koic][])
  • #14858: Fix an infinite loop error in Layout/FirstArgumentIndentation when first arguments are over-indented in nested method calls. ([@​koic][])
  • #14843: Fix an error in Layout/MultilineMethodCallIndentation when a multiline method call follows a hash access. ([@​koic][])
  • #14859: Fix an error in Layout/MultilineMethodCallIndentation when a multiline method call includes a keyword argument whose value is a method call with a block. ([@​koic][])
  • #14839: Fix a false positive for Layout/EmptyLinesAfterModuleInclusion when include is nested inside an array. ([@​eugeneius][])
  • #7436: Fix Style/FormatStringToken to not autocorrect strings outside of format method context in aggressive mode. ([@​ydakuka][])
  • #14841: Fix false negatives in Style/HashAsLastArrayItem when an array contains only a single hash element. ([@​koic][])
  • #14865: Fix false negatives in Style/MethodDefParentheses when using splat or forwarding arguments without parentheses. ([@​koic][])
  • #14833: Fix false positive for Layout/MultilineMethodCallIndentation when a multi-dot method chain is inside a hash pair value. ([@​ydakuka][])
  • #14847: Fix false positive for Layout/MultilineMethodCallIndentation when a method is chained after a single-line block. ([@​ydakuka][])
  • #14867: Fix Offense#highlighted_area for PseudoSourceRange locations. ([@​rafaelfranca][])
  • #14861: Fix an error in Style/IfUnlessModifier when the first value uses a normal if and the others use ternary operator. ([@​koic][])
  • #14816: Use toplevel cache configs for remote configuration files. ([@​nekketsuuu][])

1.84.1 (2026-02-02)

Bug fixes

  • #14803: Fix an error for Layout/IndentationWidth cop. ([@​viralpraxis][])
  • #14806: Fix an error in Style/NegativeArrayIndex when using self as array with implicit self receiver. ([@​koic][])
  • #14813: Fix opt-in cop comments taking precedence over configuration file exclude patterns. ([@​afrase][])
  • #14819: Fix incorrect autocorrect for Style/GuardClause when using heredoc as an argument of method call in raise in else branch. ([@​koic][])
  • #14805: Bring back the original indentation from before version 1.84.0. ([@​Magikdidi24][])
  • #12754: Fix an infinite loop for Style/IfUnlessModifier when multiple if/unless statements share the same line in arrays, method arguments, or hash values. ([@​ydakuka][])
  • #14817: Fix an infinite loop between Layout/FirstArgumentIndentation and Layout/LineLength when correcting method chains. ([@​ydakuka][])
  • #11513: Fix Layout/MultilineMethodCallIndentation to properly handle method chains inside hash pair values. ([@​ydakuka][])
  • #14814: Fix push/pop directives to properly handle nested scopes and state restoration. ([@​Magikdidi24][])

Changes

  • #14823: Add the built-in infinite? method to the allowlists for Naming/PredicateMethod, Style/IfWithBooleanLiteralBranches, and Style/RedundantCondition, in addition to the existing nonzero?. ([@​koic][])
  • #14735: Remove deprecated InjectDefaults handling. ([@​afurm][])

1.84.0 (2026-01-27)

New features

  • #14516: Add AllowImplicitArrayLiterals to Layout/FirstArrayElementLineBreak. ([@​koic][])
  • #14750: Add new Style/ReverseFind cop. ([@​koic][])
  • #12343: Add new Style/EmptyClassDefinition cop to enforce consistent style for empty class definitions. The cop can enforce either a two-line class definition or Class.new for classes with no body. ([@​ydakuka][])
  • #14769: Add new Style/HashLookupMethod cop to enforce Hash#[] vs Hash#fetch preference. ([@​sferik][])
  • #12051: Add new Style/NegativeArrayIndex cop to enforce using negative array indices instead of calculating array length minus a value. The cop handles both simple index patterns and range patterns, and recognizes preserving methods and their combinations. ([@​ydakuka][])
  • #14633: Make a new system to handle push and pop locally. ([@​Magikdidi24][])
  • #14722: Support TargetRubyVersion 4.1 (experimental). ([@​koic][])

... (truncated)

Commits
  • b210a6e Cut 1.84.2
  • b2e355b Update Changelog
  • c7a3c5e [Fix rubocop#7436] Fix Style/FormatStringToken to not autocorrect strings o...
  • 87b0ca4 [Fix rubocop#14847] Fix false positive for `Layout/MultilineMethodCallIndenta...
  • 429b640 [Fix rubocop#14833] Fix false positive for `Layout/MultilineMethodCallIndenta...
  • d1bf379 [Fix #14841] Fix false negatives in Style/HashAsLastArrayItem
  • a1157d2 [Fix #14816] Use toplevel cache configs for remote configuration files
  • 7849c22 Update changelog/fix_offense_highlighted_area_for_pseudo_source_range_locatio...
  • 1f8e439 Fix Offense#highlighted_area for PseudoSourceRange locations
  • 99422a0 [Fix #14858] Fix an error in Layout/FirstArgumentIndentation
  • Additional commits viewable in compare view

Updates rubocop-performance from 1.26.0 to 1.26.1

Release notes

Sourced from rubocop-performance's releases.

RuboCop Performance v1.26.1

Bug fixes

  • #517: Fix false positives for Performance/RedundantStringChars when using str.chars[0, 2]. (@​koic)

Changes

  • #520: Disable Performance/BigDecimalWithNumericArgument by default. (@​earlopain)
Changelog

Sourced from rubocop-performance's changelog.

1.26.1 (2025-10-18)

Bug fixes

  • #517: Fix false positives for Performance/RedundantStringChars when using str.chars[0, 2]. ([@​koic][])

Changes

  • #520: Disable Performance/BigDecimalWithNumericArgument by default. ([@​earlopain][])
Commits
  • 4783c90 Cut 1.26.1
  • d3f1806 Update Changelog
  • a63df04 Merge pull request #521 from Earlopain/disable-bigdecimal
  • 7a5499f [Fix #520] Disable Performance/BigDecimalWithNumericArgument by default
  • 03a6071 Merge pull request #518 from koic/fix_false_positives_for_performance_redunda...
  • a1ef194 [Fix #517] Fix false positives for Performance/RedundantStringChars
  • 6e1afeb Tweak bug report template
  • 60ff474 Suppress RuboCop's offense
  • 955429a Switch back docs version to master
  • See full diff in compare view

Updates rubocop-rspec from 3.7.0 to 3.9.0

Release notes

Sourced from rubocop-rspec's releases.

RuboCop RSpec v3.9.0

  • Fix a false positive for RSpec/LeakyLocalVariable when variables are used only in example metadata (e.g., skip messages). (@​ydah)
  • Fix a false positive for RSpec/ScatteredSetup when the hook is defined inside a class method. (@​d4rky-pl)
  • Fix a false positive for RSpec/DescribedClass inside dynamically evaluated blocks (class_eval, module_eval, instance_eval, class_exec, module_exec, instance_exec). (@​sucicfilip)
  • Add new cop RSpec/Output. (@​kevinrobell-st)

RuboCop RSpec v3.8.0

  • Add new cop RSpec/LeakyLocalVariable. (@​lovro-bikic)
  • Bump RuboCop requirement to +1.81. (@​ydah)
  • Fix a false positive for RSpec/LetSetup when let! used in outer scope. (@​ydah)
  • Fix a false positive for RSpec/ReceiveNever cop when allow(...).to receive(...).never. (@​ydah)
  • Fix detection of nameless doubles with methods in RSpec/VerifiedDoubles. (@​ushi-as)
  • Improve an offense message for RSpec/RepeatedExample cop. (@​ydah)
  • Let RSpec/SpecFilePathFormat leverage ActiveSupport inflections when configured. (@​corsonknowles, @​bquorning)
Changelog

Sourced from rubocop-rspec's changelog.

3.9.0 (2026-01-07)

  • Fix a false positive for RSpec/LeakyLocalVariable when variables are used only in example metadata (e.g., skip messages). ([@​ydah])
  • Fix a false positive for RSpec/ScatteredSetup when the hook is defined inside a class method. ([@​d4rky-pl])
  • Fix a false positive for RSpec/DescribedClass inside dynamically evaluated blocks (class_eval, module_eval, instance_eval, class_exec, module_exec, instance_exec). ([@​sucicfilip])
  • Add new cop RSpec/Output. ([@​kevinrobell-st])

3.8.0 (2025-11-12)

  • Add new cop RSpec/LeakyLocalVariable. ([@​lovro-bikic])
  • Bump RuboCop requirement to +1.81. ([@​ydah])
  • Fix a false positive for RSpec/LetSetup when let! used in outer scope. ([@​ydah])
  • Fix a false positive for RSpec/ReceiveNever cop when allow(...).to receive(...).never. ([@​ydah])
  • Fix detection of nameless doubles with methods in RSpec/VerifiedDoubles. ([@​ushi-as])
  • Improve an offense message for RSpec/RepeatedExample cop. ([@​ydah])
  • Let RSpec/SpecFilePathFormat leverage ActiveSupport inflections when configured. ([@​corsonknowles], [@​bquorning])
Commits
  • f7aecf0 Merge pull request #2151 from rubocop/release
  • 893a25b Bump version to 3.9.0
  • 91ad43d Merge pull request #2150 from kevinrobell-st/patch-1
  • 802b386 Fix CHANGELOG
  • a03e0c7 Merge pull request #2149 from rubocop/ci-test-ruby-4.0
  • 68f25d9 Temporarily add irb to Gemfile
  • b9e50b8 CI: Test with Ruby 4.0
  • b63bcd8 Merge pull request #2148 from sucicfilip/fix-described-class-inside-eval
  • 278245a Fix RSpec/DescribedClass to ignore *_eval and *_exec blocks
  • ca18f5e Merge pull request #2144 from rubocop/dont-use-ruby-version
  • Additional commits viewable in compare view

Updates rubocop-sorbet from 0.10.5 to 0.12.0

Release notes

Sourced from rubocop-sorbet's releases.

v0.12.0

What's Changed

🛠 Other Changes

New Contributors

Full Changelog: Shopify/rubocop-sorbet@v0.11.0...v0.12.0

v0.11.0

What's Changed

🛠 Other Changes

New Contributors

Full Changelog: Shopify/rubocop-sorbet@v0.10.4...v0.11.0

Commits
  • d41d1fe Prepare for 0.12.0
  • b67f892 Merge pull request #366 from Shopify/rm-fix-rubocop-1-82
  • 6d3a46f Fix ObsoleteStrictMemoization crash when Layout/LineLength is disabled
  • 5b52028 Use nix for development setup
  • 824251a Merge pull request #365 from Shopify/fix-forbid-t-struct-nil-max-line-length
  • 77b81e4 Fix ForbidTStruct crash when Layout/LineLength is disabled
  • 371fc96 Merge pull request #363 from Shopify/dependabot/github_actions/actions/checko...
  • ce5b221 Bump actions/checkout from 6.0.1 to 6.0.2
  • f5690a8 Merge pull request #361 from Shopify/dependabot/github_actions/dependabot/fet...
  • bf567fd Bump dependabot/fetch-metadata from 2.4.0 to 2.5.0
  • Additional commits viewable in compare view

Updates vcr from 6.3.1 to 6.4.0

Release notes

Sourced from vcr's releases.

v6.4.0

What's Changed

New Contributors

Full Changelog: vcr/vcr@v6.3.1...v6.4.0

Changelog

Sourced from vcr's changelog.

6.4.0 (Dec 11, 2025)

Full Changelog

Commits

Updates webmock from 3.25.1 to 3.26.1

Release notes

Sourced from webmock's releases.

3.26.0

3.25.2

  • Return support for em_http_request

    Thanks to Oleg

Changelog

Sourced from webmock's changelog.

3.26.1

Fix compatibility with recent async-http versions

Thanks to [Mikhail Doronin](https://github.com/misdoro)

3.26.0

3.25.2

  • Return support for em_http_request

    Thanks to Oleg

Commits
  • 56cb661 Version 3.26.1
  • ea4cea3 Merge pull request #1109 from misdoro/duplicate_headers
  • c05fe47 Split SAMPLE_REQUEST_HEADERS and SAMPLE_RESPONSE_HEADERS to be more realistic
  • 5f46eca Fix specs with recent Async-http versions.
  • aa747ba Run CI on pushes to all branches
  • 348622f Version 3.26.0
  • 710131a Added .devcontainer to ignore.
  • 52cc74c Don't verify peer certificate in requests to google.
  • af3655c Updated request_pattern_spec.rb after error message was updated.
  • 00bd15a Merge branch 'ixti-fix-request-pattern-regression'
  • Additional commits viewable in compare view

Updates webrick from 1.9.1 to 1.9.2

Release notes

Sourced from webrick's releases.

v1.9.2

What's Changed

New Contributors

Full Changelog: ruby/webrick@v1.9.1...v1.9.2

Commits
  • b1684ce v1.9.2
  • 8f979b8 Add GitHub release.yml to exclude dependencies label from changelog
  • 72744d8 Bump ruby/setup-ruby action from v1.190.0 to v1.268.0
  • b0398af Merge pull request #158 from jackorp/fix_test
  • 6456725 Merge pull request #180 from ruby/dependabot/github_actions/actions/checkout-6

@dependabot dependabot bot added dependencies ruby Dependabot pull requests that update Ruby code labels Feb 15, 2026
@dependabot dependabot bot requested a review from a team as a code owner February 15, 2026 16:06
@dependabot dependabot bot added dependencies ruby Dependabot pull requests that update Ruby code labels Feb 15, 2026
@dependabot dependabot bot force-pushed the dependabot/bundler/updater/dev-dependencies-b3e2b3e45c branch 3 times, most recently from e2560bd to c575d0c Compare February 19, 2026 15:25
@JamieMagee JamieMagee force-pushed the dependabot/bundler/updater/dev-dependencies-b3e2b3e45c branch from c575d0c to a741adf Compare February 20, 2026 05:46
dependabot bot and others added 2 commits February 19, 2026 22:32
Bumps the dev-dependencies group with 11 updates in the /updater directory:

| Package | From | To |
| --- | --- | --- |
| [debug](https://github.com/ruby/debug) | `1.9.2` | `1.11.1` |
| [gpgme](https://github.com/ueno/ruby-gpgme) | `2.0.25` | `2.0.26` |
| [rake](https://github.com/ruby/rake) | `13.3.0` | `13.3.1` |
| [rspec](https://github.com/rspec/rspec) | `3.13.0` | `3.13.2` |
| [rubocop](https://github.com/rubocop/rubocop) | `1.80.2` | `1.84.2` |
| [rubocop-performance](https://github.com/rubocop/rubocop-performance) | `1.26.0` | `1.26.1` |
| [rubocop-rspec](https://github.com/rubocop/rubocop-rspec) | `3.7.0` | `3.9.0` |
| [rubocop-sorbet](https://github.com/shopify/rubocop-sorbet) | `0.10.5` | `0.12.0` |
| [vcr](https://github.com/vcr/vcr) | `6.3.1` | `6.4.0` |
| [webmock](https://github.com/bblimke/webmock) | `3.25.1` | `3.26.1` |
| [webrick](https://github.com/ruby/webrick) | `1.9.1` | `1.9.2` |



Updates `debug` from 1.9.2 to 1.11.1
- [Release notes](https://github.com/ruby/debug/releases)
- [Commits](ruby/debug@v1.9.2...v1.11.1)

Updates `gpgme` from 2.0.25 to 2.0.26
- [Changelog](https://github.com/ueno/ruby-gpgme/blob/master/NEWS)
- [Commits](ueno/ruby-gpgme@v2.0.25...v2.0.26)

Updates `rake` from 13.3.0 to 13.3.1
- [Release notes](https://github.com/ruby/rake/releases)
- [Changelog](https://github.com/ruby/rake/blob/master/History.rdoc)
- [Commits](ruby/rake@v13.3.0...v13.3.1)

Updates `rspec` from 3.13.0 to 3.13.2
- [Commits](rspec/rspec@rspec-metagem-v3.13.0...rspec-v3.13.2)

Updates `rubocop` from 1.80.2 to 1.84.2
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop@v1.80.2...v1.84.2)

Updates `rubocop-performance` from 1.26.0 to 1.26.1
- [Release notes](https://github.com/rubocop/rubocop-performance/releases)
- [Changelog](https://github.com/rubocop/rubocop-performance/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop-performance@v1.26.0...v1.26.1)

Updates `rubocop-rspec` from 3.7.0 to 3.9.0
- [Release notes](https://github.com/rubocop/rubocop-rspec/releases)
- [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop-rspec@v3.7.0...v3.9.0)

Updates `rubocop-sorbet` from 0.10.5 to 0.12.0
- [Release notes](https://github.com/shopify/rubocop-sorbet/releases)
- [Commits](Shopify/rubocop-sorbet@v0.10.5...v0.12.0)

Updates `vcr` from 6.3.1 to 6.4.0
- [Release notes](https://github.com/vcr/vcr/releases)
- [Changelog](https://github.com/vcr/vcr/blob/master/CHANGELOG.md)
- [Commits](vcr/vcr@v6.3.1...v6.4.0)

Updates `webmock` from 3.25.1 to 3.26.1
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](bblimke/webmock@v3.25.1...v3.26.1)

Updates `webrick` from 1.9.1 to 1.9.2
- [Release notes](https://github.com/ruby/webrick/releases)
- [Commits](ruby/webrick@v1.9.1...v1.9.2)

---
updated-dependencies:
- dependency-name: debug
  dependency-version: 1.11.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: gpgme
  dependency-version: 2.0.26
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: rake
  dependency-version: 13.3.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: rspec
  dependency-version: 3.13.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: rubocop
  dependency-version: 1.84.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: rubocop-performance
  dependency-version: 1.26.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: rubocop-rspec
  dependency-version: 3.9.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: rubocop-sorbet
  dependency-version: 0.12.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: vcr
  dependency-version: 6.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: webmock
  dependency-version: 3.26.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: webrick
  dependency-version: 1.9.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@JamieMagee JamieMagee force-pushed the dependabot/bundler/updater/dev-dependencies-b3e2b3e45c branch from a741adf to 4668e8d Compare February 20, 2026 06:32
@github-actions github-actions bot added L: php:composer Issues and code for Composer L: ruby:bundler RubyGems via bundler L: elixir:hex Elixir packages via hex L: java:gradle Maven packages via Gradle L: go:modules Golang modules L: github:actions GitHub Actions L: elm Elm packages L: terraform Terraform packages L: docker Docker containers L: rust:cargo Rust crates via cargo L: java:maven Maven packages via Maven L: dart:pub Dart packages via pub L: javascript L: python L: python:uv L: cpp:vcpkg L: opentofu labels Feb 20, 2026
JamieMagee
JamieMagee previously approved these changes Feb 20, 2026
@JamieMagee
Copy link
Member

Bumping rubocop to 1.84.2 and rubocop-rspec to 3.9.0 introduced 179 lint offenses and 18 Sorbet errors. Here's what I did to fix them:

  • Ran rubocop autocorrect for the straightforward stuff (indentation, spacing, etc.)
  • Converted local variables to let blocks in 18 spec files to fix the new RSpec/LeakyLocalVariable cop
  • Split a long comment across two lines in bun and npm_and_yarn file_fetcher.rb for line length
  • Bumped sorbet (0.6.12544 -> 0.6.12949) and tapioca (0.17.7 -> 0.17.10) to fix method signature mismatches in generated RBI files
  • Regenerated all Sorbet RBI files
  • Fixed a Module -> T::Module[T.anything] type in updater/error_handler.rb that the new Sorbet started catching
  • Added an RDoc::Markup::Heading superclass suppression to sorbet/config (inherent conflict between Sorbet's payload and rdoc's actual class hierarchy)
  • Synced Gemfile.lock and RBIs for the root bundle

@JamieMagee JamieMagee force-pushed the dependabot/bundler/updater/dev-dependencies-b3e2b3e45c branch from 4668e8d to 922cbc7 Compare February 20, 2026 06:40
- Fix RuboCop offenses from rubocop 1.84.2 and rubocop-rspec 3.9.0
- Fix RSpec/LeakyLocalVariable offenses across 18 spec files
- Fix Layout/LineLength in bun and npm_and_yarn file_fetcher.rb
- Bump sorbet 0.6.12544 -> 0.6.12949, tapioca 0.17.7 -> 0.17.10
- Regenerate Sorbet RBI files for updated gems
- Fix Sorbet error in updater/error_handler.rb (Module -> T::Module)
- Add RDoc::Markup::Heading superclass suppression to sorbet/config
@JamieMagee JamieMagee force-pushed the dependabot/bundler/updater/dev-dependencies-b3e2b3e45c branch from 922cbc7 to 92e5829 Compare February 20, 2026 06:51
"auth_headers" => auth_headers(cred.fetch("url").gsub(%r{/+$}, ""))
}
{
"url" => cred.fetch("url").gsub(%r{/+$}, ""),

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data High

This
regular expression
that depends on a
library input
may run slow on strings with many repetitions of '/'.
This
regular expression
that depends on a
library input
may run slow on strings with many repetitions of '/'.
}
{
"url" => cred.fetch("url").gsub(%r{/+$}, ""),
"auth_headers" => auth_headers(cred.fetch("url").gsub(%r{/+$}, ""))

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data High

This
regular expression
that depends on a
library input
may run slow on strings with many repetitions of '/'.
This
regular expression
that depends on a
library input
may run slow on strings with many repetitions of '/'.
.find do |c|
cred_url = c.fetch("url").gsub(%r{/+$}, "")
next false unless cred_url == maven_repo_url
cred_url = c.fetch("url").gsub(%r{/+$}, "")

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data High

This
regular expression
that depends on a
library input
may run slow on strings with many repetitions of '/'.
This
regular expression
that depends on a
library input
may run slow on strings with many repetitions of '/'.
.find do |c|
cred_host = c.fetch("host").gsub(%r{/+$}, "")
next false unless URI(maven_repo_url).host == cred_host
cred_host = c.fetch("host").gsub(%r{/+$}, "")

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data High

This
regular expression
that depends on a
library input
may run slow on strings with many repetitions of '/'.
This
regular expression
that depends on a
library input
may run slow on strings with many repetitions of '/'.
@JamieMagee
Copy link
Member

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies L: cpp:vcpkg L: dart:pub Dart packages via pub L: docker Docker containers L: elixir:hex Elixir packages via hex L: elm Elm packages L: github:actions GitHub Actions L: go:modules Golang modules L: java:gradle Maven packages via Gradle L: java:maven Maven packages via Maven L: javascript L: opentofu L: php:composer Issues and code for Composer L: python:uv L: python L: ruby:bundler RubyGems via bundler L: rust:cargo Rust crates via cargo L: terraform Terraform packages ruby Dependabot pull requests that update Ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant

Comments