Skip to content

DEPS: Bump the gems group across 1 directory with 7 updates#45

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/gems-4ff2155b7a
Open

DEPS: Bump the gems group across 1 directory with 7 updates#45
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/gems-4ff2155b7a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 27, 2026

Bumps the gems group with 6 updates in the / directory:

Package From To
benchmark-ips 2.14.0 2.15.1
lefthook 2.1.6 2.1.8
puma 8.0.1 8.0.2
dry-configurable 1.3.0 1.4.0
rubocop 1.86.1 1.86.2
sorbet-runtime 0.6.13219 0.6.13252

Updates benchmark-ips from 2.14.0 to 2.15.1

Commits
  • 4a0fac5 Bump to 2.15.1
  • 55bdcd1 Merge pull request #148 from paddor/fix-ruby4-benchmark-warning
  • c960af5 Bump to 2.15.0
  • 8b78b2a Merge pull request #149 from jhawthorn/harmonic_mean
  • 09d469d Display +/- Inf% for errors > 99.9%
  • d9823a1 Calculate IPS as just total_iterations / total_time
  • ab36da8 Use harmonic mean to calculate IPS
  • b369a08 undo changes in test/
  • d2af3af Fix Ruby 4.0 warning: use require_relative for internal files
  • 41f80d2 Bump actions/checkout from 4 to 6 (#147)
  • Additional commits viewable in compare view

Updates lefthook from 2.1.6 to 2.1.8

Release notes

Sourced from lefthook's releases.

v2.1.8

Changelog

  • 488a5f99a5a496e5837f757f8ce3e6c6d1415792 fix: do not warn if local hooks path is equal to default hooks path (#1421)

v2.1.7

Changelog

  • f415a9d3fce1d4f6af62622cf96c72e04ecf7bd3 chore: go mod tidy
  • cf4ab9ea4580f5aeb0d4b61d4dd169533e5bb0c9 fix: always restore unstaged changes (#1416)
  • 4c0e000d6fe9f35f42efefb9263b0b4cb5dfbd49 fix: apply stage_fixed only if it is safe (#1418)
  • 76aa843ef5ceb6970f61cd2ff28d16dd2ec82272 fix: linter, sacrifice optimization for readability
  • 9d53c36ed9a26d3bf66e341a9650a0ecac9b6a37 fix: separate fallback push branch from pathspecs (#1396)
  • 22c9f773cf93b59005bd244c5b00caab2947a755 fix: try to always restore unstaged changes (#1417)
  • 37d83986d8e6d6bf6792f57e22e7cbb1a9e28064 fix: use contrast colors (#1420)
  • eb1064d0b8c6248627960bea1abf6891db5a21b1 refactor: add new logger without a global state (#1385)
Changelog

Sourced from lefthook's changelog.

2.1.8 (2026-05-19)

  • fix: do not warn if local hooks path is equal to default hooks path (#1421) by @​mrexox

2.1.7 (2026-05-19)

Commits
  • 9e75b21 2.1.8: reduce warning for core.hooksPath if it matches the default
  • 488a5f9 fix: do not warn if local hooks path is equal to default hooks path (#1421)
  • b5c8310 2.1.7: restore unstaged changes when possible
  • 37d8398 fix: use contrast colors (#1420)
  • 4c0e000 fix: apply stage_fixed only if it is safe (#1418)
  • 22c9f77 fix: try to always restore unstaged changes (#1417)
  • cf4ab9e fix: always restore unstaged changes (#1416)
  • f415a9d chore: go mod tidy
  • eb1064d refactor: add new logger without a global state (#1385)
  • 76aa843 fix: linter, sacrifice optimization for readability
  • Additional commits viewable in compare view

Updates puma from 8.0.1 to 8.0.2

Release notes

Sourced from puma's releases.

v8.0.2

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)

Security advisories

Changelog

Sourced from puma's changelog.

8.0.2 / 2026-05-27

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)
Commits

Updates dry-configurable from 1.3.0 to 1.4.0

Release notes

Sourced from dry-configurable's releases.

v1.4.0

Added

  • Added Config#to_data, returning a frozen Data representation of the config's resolved values for performance-sensitive read paths. (@​cllns in #167)

Changed

Compare v1.3.0 ... v1.4.0

Changelog

Sourced from dry-configurable's changelog.

1.4.0 - 2026-05-13

Added

  • Added Config#to_data, returning a frozen Data representation of the config's resolved values for performance-sensitive read paths. (@​cllns in #167)

Changed

Commits

Updates rubocop from 1.86.1 to 1.86.2

Release notes

Sourced from rubocop's releases.

RuboCop v1.86.2

New features

Bug fixes

  • #15156: Fix an error for Style/HashLookupMethod when chaining fetch (or []) calls on the same expression. (@​koic)
  • #15161: Fix an error for Style/ReduceToHash when nested each_with_object/inject/reduce calls would build hashes. (@​koic)
  • #15144: Fix an error in Style/SoleNestedConditional when autocorrecting nested conditionals containing comments. (@​koic)
  • #15040: Exclude constants from Style/ModuleMemberExistenceCheck. (@​t-daisuke)
  • #15155: Fix false negatives in Style/RedundantSelf when an explicit self receiver in one scope matches the LHS of an ||=, &&=, or op_asgn in another scope. (@​koic)
  • #15107: Fix false positives in Lint/RequireRelativeSelfPath when a non-.rb file uses require_relative with its own basename. (@​koic)
  • #15137: Fix incorrect "does not support IndentationWidth parameter" warning for Layout/ClosingParenthesisIndentation and Layout/CommentIndentation. (@​koic)
  • #15148: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in rescue or ensure bodies. (@​koic)
  • #15147: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in the body of unless. (@​koic)
  • #15163: Fix false positives in Style/Copyright when Notice pattern starts with \A#, uses \s metacharacters, or has multiple spaces after #. (@​koic)
  • #10179: Fix false positives in Style/DocumentDynamicEvalDefinition when the heredoc contains an escaped interpolation (\#{...}). (@​eyupcanakman)
  • #15154: Fix bug where specifying --out disables parallelization. (@​deivid-rodriguez)
  • #15106: Fix TargetFinder to work correctly inside hidden parent directories. (@​alpaca-tc)
  • #15102: Fix FrozenError in DisabledConfigFormatter for frozen array config parameters. (@​koic)
  • #15141: Fix incorrect autocorrect for Gemspec/RequireMFA causing an infinite loop when rubygems_mfa_required metadata uses a symbol key. (@​koic)
  • #15142: Fix infinite loop for --disable-uncorrectable and offense near heredoc. (@​jonas054)
  • #15054: Fix false positive for Layout/MultilineMethodCallIndentation when a dot-aligned method chain is inside a hash pair value. (@​nicolas-finary)
  • #15136: Fix false positive for Lint/MissingCopEnableDirective when # rubocop:disable is wrapped in a # rubocop:push / # rubocop:pop block. (@​koic)
  • #15115: Fix an incorrect autocorrect in Style/RegexpLiteral when the regexp contains unbalanced braces that conflict with the preferred %r delimiters. (@​koic)
  • #15130: Fix incorrect autocorrect in Style/Copyright when AutocorrectNotice lacks a # prefix or Notice pattern starts with ^#. (@​koic)
  • #14821: Fix Style/IfInsideElse autocorrect moving comments into the wrong branch when a comment precedes the nested if in an else. (@​hammadxcm)
  • #14583: Fix template extractor applying only the last fragment's autocorrection. (@​zeronosu77108)
  • #14971: Fix false positive for Style/WhileUntilModifier when the body is a conditional. (@​fujitanisora)
Changelog

Sourced from rubocop's changelog.

1.86.2 (2026-05-14)

New features

Bug fixes

  • #15156: Fix an error for Style/HashLookupMethod when chaining fetch (or []) calls on the same expression. ([@​koic][])
  • #15161: Fix an error for Style/ReduceToHash when nested each_with_object/inject/reduce calls would build hashes. ([@​koic][])
  • #15144: Fix an error in Style/SoleNestedConditional when autocorrecting nested conditionals containing comments. ([@​koic][])
  • #15040: Exclude constants from Style/ModuleMemberExistenceCheck. ([@​t-daisuke][])
  • #15155: Fix false negatives in Style/RedundantSelf when an explicit self receiver in one scope matches the LHS of an ||=, &&=, or op_asgn in another scope. ([@​koic][])
  • #15107: Fix false positives in Lint/RequireRelativeSelfPath when a non-.rb file uses require_relative with its own basename. ([@​koic][])
  • #15137: Fix incorrect "does not support IndentationWidth parameter" warning for Layout/ClosingParenthesisIndentation and Layout/CommentIndentation. ([@​koic][])
  • #15148: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in rescue or ensure bodies. ([@​koic][])
  • #15147: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in the body of unless. ([@​koic][])
  • #15163: Fix false positives in Style/Copyright when Notice pattern starts with \A#, uses \s metacharacters, or has multiple spaces after #. ([@​koic][])
  • #10179: Fix false positives in Style/DocumentDynamicEvalDefinition when the heredoc contains an escaped interpolation (\#{...}). ([@​eyupcanakman][])
  • #15154: Fix bug where specifying --out disables parallelization. ([@​deivid-rodriguez][])
  • #15106: Fix TargetFinder to work correctly inside hidden parent directories. ([@​alpaca-tc][])
  • #15102: Fix FrozenError in DisabledConfigFormatter for frozen array config parameters. ([@​koic][])
  • #15141: Fix incorrect autocorrect for Gemspec/RequireMFA causing an infinite loop when rubygems_mfa_required metadata uses a symbol key. ([@​koic][])
  • #15142: Fix infinite loop for --disable-uncorrectable and offense near heredoc. ([@​jonas054][])
  • #15054: Fix false positive for Layout/MultilineMethodCallIndentation when a dot-aligned method chain is inside a hash pair value. ([@​nicolas-finary][])
  • #15136: Fix false positive for Lint/MissingCopEnableDirective when # rubocop:disable is wrapped in a # rubocop:push / # rubocop:pop block. ([@​koic][])
  • #15115: Fix an incorrect autocorrect in Style/RegexpLiteral when the regexp contains unbalanced braces that conflict with the preferred %r delimiters. ([@​koic][])
  • #15130: Fix incorrect autocorrect in Style/Copyright when AutocorrectNotice lacks a # prefix or Notice pattern starts with ^#. ([@​koic][])
  • #14821: Fix Style/IfInsideElse autocorrect moving comments into the wrong branch when a comment precedes the nested if in an else. ([@​hammadxcm][])
  • #14583: Fix template extractor applying only the last fragment's autocorrection. ([@​zeronosu77108][])
  • #14971: Fix false positive for Style/WhileUntilModifier when the body is a conditional. ([@​fujitanisora][])
Commits
  • e513d33 Cut 1.86.2
  • 5fea1b5 Update Changelog
  • 2a3dfcd Don't use Registry#to_h
  • 836b275 Simplify registry internals
  • 90348d5 Fix false positives in Style/Copyright
  • 7419163 Fix extension suggestion documentation link
  • e467335 Merge pull request #15161 from koic/fix_an_error_for_style_reduce_to_hash.md
  • bd48b6b Merge pull request #15160 from lovro-bikic/autoload-mixins
  • b9cda61 Autoload mixins instead of requiring them
  • 55a8278 Fix an error for Style/ReduceToHash cop
  • Additional commits viewable in compare view

Updates sorbet-runtime from 0.6.13219 to 0.6.13252

Release notes

Sourced from sorbet-runtime's releases.

sorbet 0.6.13251.20260526140041-355cee007

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13251', :group => :development
gem 'sorbet-runtime', '0.6.13251'

sorbet 0.6.13250.20260525170522-8685789ed

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13250', :group => :development
gem 'sorbet-runtime', '0.6.13250'

sorbet 0.6.13249.20260523080214-2b2fc1eb3

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13249', :group => :development
gem 'sorbet-runtime', '0.6.13249'

sorbet 0.6.13248.20260522145033-4cc7008a8

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13248', :group => :development
gem 'sorbet-runtime', '0.6.13248'

sorbet 0.6.13247.20260522173800-0faec1f8f

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13247', :group => :development
gem 'sorbet-runtime', '0.6.13247'

sorbet 0.6.13246.20260522131428-576e7cf45

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13246', :group => :development
gem 'sorbet-runtime', '0.6.13246'

sorbet 0.6.13245.20260522112225-c76ad9d60

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13245', :group => :development
gem 'sorbet-runtime', '0.6.13245'

sorbet 0.6.13244.20260521150422-7fc6ddf0e

... (truncated)

Commits

Updates zeitwerk from 2.7.5 to 2.8.2

Changelog

Sourced from zeitwerk's changelog.

2.8.2 (23 May 2026)

  • on_load and on_unload accept constant paths with leading colons. For example:

    loader.on_load('::User') { ... }

  • on_load and on_unload validate that their input is a constant path. For example:

    loader.on_load(':User') { ... }

    raises NameError.

2.8.1 (19 May 2026)

  • Replace anonymous block parameters with regular named ones.

    Ruby 3.3.0 has a bug: it does not parse anonymous block parameters, which were introduced in Ruby 3.1.

    While this is a Ruby bug and people could upgrade to 3.3.1, I prefer users just do not hit this. At the end of the day, it is cosmetic.

2.8.0 (18 May 2026)

  • Adds support for namespace files, nsfiles for short.

    If a loader has an nsfile configured (nil by default):

    loader.nsfile = 'ns.rb' # must be set before setup

    explicit namespaces can be defined by such special file inside their directories:

    my_component/ns.rb     # MyComponent
my_component/widget.rb # MyComponent::Widget

    This may be handy for self-contained units for which a my_component.rb file in the parent directory would feel unnatural.

    If an nsfile is set, you can still define explicit namespaces as always. Both styles can coexist in the project. However, it is an error condition to try to define the same namespace using both conventions.

... (truncated)

Commits
  • 76f0790 Ready for 2.8.2
  • 14cff5e Refactor cpath validation for TruffleRuby
  • 8c26393 on_load and on_unload validate their input is a constant path
  • ea55f02 Add a constant path validator
  • 80e925b Let on_load/on_unload use a sentinel for 0 args
  • 2a25bce Add RuboCop to CI
  • 198fe83 Linting
  • 27b9a58 Merge pull request #335 from Shopify/on_load_qualifier
  • 14e4143 Ready for 2.8.1
  • 94d607d Remove anonymous blocks
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
DEPS: Bump the gems group across 1 directory with 7 updates
c6f2694 
Bumps the gems group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [benchmark-ips](https://github.com/evanphx/benchmark-ips) | `2.14.0` | `2.15.1` |
| [lefthook](https://github.com/evilmartians/lefthook) | `2.1.6` | `2.1.8` |
| [puma](https://github.com/puma/puma) | `8.0.1` | `8.0.2` |
| [dry-configurable](https://github.com/dry-rb/dry-configurable) | `1.3.0` | `1.4.0` |
| [rubocop](https://github.com/rubocop/rubocop) | `1.86.1` | `1.86.2` |
| [sorbet-runtime](https://github.com/sorbet/sorbet) | `0.6.13219` | `0.6.13252` |



Updates `benchmark-ips` from 2.14.0 to 2.15.1
- [Release notes](https://github.com/evanphx/benchmark-ips/releases)
- [Changelog](https://github.com/evanphx/benchmark-ips/blob/master/History.md)
- [Commits](evanphx/benchmark-ips@v2.14.0...v2.15.1)

Updates `lefthook` from 2.1.6 to 2.1.8
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](evilmartians/lefthook@v2.1.6...v2.1.8)

Updates `puma` from 8.0.1 to 8.0.2
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](puma/puma@v8.0.1...v8.0.2)

Updates `dry-configurable` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/dry-rb/dry-configurable/releases)
- [Changelog](https://github.com/dry-rb/dry-configurable/blob/main/CHANGELOG.md)
- [Commits](dry-rb/dry-configurable@v1.3.0...v1.4.0)

Updates `rubocop` from 1.86.1 to 1.86.2
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop@v1.86.1...v1.86.2)

Updates `sorbet-runtime` from 0.6.13219 to 0.6.13252
- [Release notes](https://github.com/sorbet/sorbet/releases)
- [Commits](https://github.com/sorbet/sorbet/commits)

Updates `zeitwerk` from 2.7.5 to 2.8.2
- [Changelog](https://github.com/fxn/zeitwerk/blob/main/CHANGELOG.md)
- [Commits](fxn/zeitwerk@v2.7.5...v2.8.2)

---
updated-dependencies:
- dependency-name: benchmark-ips
  dependency-version: 2.15.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gems
- dependency-name: lefthook
  dependency-version: 2.1.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gems
- dependency-name: puma
  dependency-version: 8.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gems
- dependency-name: dry-configurable
  dependency-version: 1.4.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: gems
- dependency-name: rubocop
  dependency-version: 1.86.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: gems
- dependency-name: sorbet-runtime
  dependency-version: 0.6.13252
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: gems
- dependency-name: zeitwerk
  dependency-version: 2.8.2
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: gems
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels May 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants