Bump the ruby-deps group with 18 updates #1273

dependabot · 2025-10-01T07:03:39Z

Bumps the ruby-deps group with 18 updates:

Package	From	To
aws-sdk-s3	`1.198.0`	`1.199.1`
activesupport	`8.0.2.1`	`8.0.3`
async	`2.28.1`	`2.33.0`
aws-partitions	`1.1153.0`	`1.1168.0`
aws-sdk-core	`3.232.0`	`3.233.0`
aws-sdk-kms	`1.112.0`	`1.113.0`
bigdecimal	`3.2.2`	`3.2.3`
connection_pool	`2.5.3`	`2.5.4`
console	`1.33.0`	`1.34.0`
google-protobuf	`4.32.0`	`4.32.1`
io-event	`1.13.0`	`1.14.0`
json	`2.13.2`	`2.15.0`
metrics	`0.14.0`	`0.15.0`
mime-types-data	`3.2025.0826`	`3.2025.0924`
nokogiri	`1.18.9`	`1.18.10`
rexml	`3.4.2`	`3.4.4`
sass-embedded	`1.91.0`	`1.93.2`
traces	`0.18.1`	`0.18.2`

Updates aws-sdk-s3 from 1.198.0 to 1.199.1

Changelog

Sourced from aws-sdk-s3's changelog.

1.199.1 (2025-09-25)

Issue - Update TransferManager#download_file and Object#download_file documentation regarding temporary file usage and failure handling for different destination types.

1.199.0 (2025-09-08)

Feature - This release includes backward compatibility work on the "Expires" parameter.

Commits

See full diff in compare view

Updates activesupport from 8.0.2.1 to 8.0.3

Release notes

Sourced from activesupport's releases.

8.0.3

Active Support
ActiveSupport::FileUpdateChecker does not depend on Time.now to prevent unnecessary reloads with time travel test helpers

Jan Grodowski

Fix ActiveSupport::BroadcastLogger from executing a block argument for each logger (tagged, info, etc.).

Jared Armstrong

Make ActiveSupport::Logger #freeze-friendly.

Joshua Young

Fix ActiveSupport::HashWithIndifferentAccess#transform_keys! removing defaults.

Hartley McGuire
Fix ActiveSupport::HashWithIndifferentAccess#tranform_keys! to handle collisions.

If the transformation would result in a key equal to another not yet transformed one, it would result in keys being lost.

Before:
>> {a: 1, b: 2}.with_indifferent_access.transform_keys!(&:succ)
=> {"c" => 1}
After:
>> {a: 1, b: 2}.with_indifferent_access.transform_keys!(&:succ)
=> {"c" => 1, "d" => 2}
Jason T Johnson, Jean Boussier
Fix ActiveSupport::Cache::MemCacheStore#read_multi to handle network errors.

This method specifically wasn't handling network errors like other codepaths.

Alessandro Dal Grande

Fix configuring RedisCacheStore with raw: true.

fatkodima

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 8.0.3 (September 22, 2025)
ActiveSupport::FileUpdateChecker does not depend on Time.now to prevent unnecessary reloads with time travel test helpers

Jan Grodowski

Fix ActiveSupport::BroadcastLogger from executing a block argument for each logger (tagged, info, etc.).

Jared Armstrong

Make ActiveSupport::Logger #freeze-friendly.

Joshua Young

Fix ActiveSupport::HashWithIndifferentAccess#transform_keys! removing defaults.

Hartley McGuire
Fix ActiveSupport::HashWithIndifferentAccess#tranform_keys! to handle collisions.

If the transformation would result in a key equal to another not yet transformed one, it would result in keys being lost.

Before:
>> {a: 1, b: 2}.with_indifferent_access.transform_keys!(&:succ)
=> {"c" => 1}
After:
>> {a: 1, b: 2}.with_indifferent_access.transform_keys!(&:succ)
=> {"c" => 1, "d" => 2}
Jason T Johnson, Jean Boussier
Fix ActiveSupport::Cache::MemCacheStore#read_multi to handle network errors.

This method specifically wasn't handling network errors like other codepaths.

Alessandro Dal Grande

Fix configuring RedisCacheStore with raw: true.

fatkodima

Fix Enumerable#sole for infinite collections.

... (truncated)

Commits

529f933 Preparing for 8.0.3 release
0160f42 Sync CHANGELOGs
78fe965 Merge pull request #55710 from Shopify/grodowski/file-update-checker-time-tra...
830363a Merge pull request #55688 from Shopify/drop-active-support-benchmar-extension
5456941 Return early when column are empty in WhereClause#except_predicates
c9a82e2 BigDecimal now works with floats without precision
b2ad417 Merge security patches in 8-0-stable
ae1aa38 Merge pull request #53093 from armstrjare/broadcast-logger-with-block
f5a0c11 Use comment for example return values [ci-skip]
5f3b209 Replace "mailing list" with "forum" [ci-skip]
Additional commits viewable in compare view

Updates async from 2.28.1 to 2.33.0

Changelog

Sourced from async's changelog.

v2.33.0

Introduce Async::Promise.fulfill for optional promise resolution.

v2.32.1

Fix typo in documentation.

v2.32.0

Introduce Queue#waiting_count and PriorityQueue#waiting_count. Generally for statistics/testing purposes only.

v2.31.0

Introduce Async::Deadline for precise timeout management in compound operations.

v2.30.0

Add timeout support to Async::Queue#dequeue and Async::Queue#pop methods.

Add timeout support to Async::PriorityQueue#dequeue and Async::PriorityQueue#pop methods.

Add closed? method to Async::PriorityQueue for full queue interface compatibility.

Support non-blocking operations using timeout: 0 parameter.

v2.29.0

This release introduces thread-safety as a core concept of Async. Many core classes now have thread-safe guarantees, allowing them to be used safely across multiple threads.

Thread-safe Async::Condition and Async::Notification, implemented using Thread::Queue.

Thread-safe Async::Queue and Async::LimitedQueue, implemented using Thread::Queue and Thread::LimitedQueue respectively.

Async::Variable is deprecated in favor of Async::Promise.

Introduce Async::Promise

This release introduces the new Async::Promise class and refactors Async::Task to use promises for state management internally. This architectural improvement achieves the design goal that "a task should be a promise with attached computation and cancellation handling."

Thread-safe promise implementation with immutable state transitions.

Consistent state management using symbols: :completed, :failed, :cancelled.

Promise cancellation with cancel() method and Cancel exception class.

Comprehensive test coverage with 47 new test cases covering all edge cases.
require 'async/promise'
Basic promise usage - works independently of Async framework
promise = Async::Promise.new
In another thread or fiber, resolve the promise
Thread.new do
</tr></table>

... (truncated)

Commits

eb873e4 Bump minor version.
76e3d40 Introduce Async::Promise.fulfill.
5331c2d Bump patch version.
a336463 Fix typo in documentation.
46c458c Fix formatting issue in best practices guide.
f93cdb2 RuboCop: fix Async::Clock tests.
34e1074 Updated thread safety guide.
f9f49c2 Bump minor version.
b0491bf Introduce Queue#waiting_count and PriorityQueue#waiting_count.
8617afa Bump minor version.
Additional commits viewable in compare view

Updates aws-partitions from 1.1153.0 to 1.1168.0

Changelog

Sourced from aws-partitions's changelog.

1.1168.0 (2025-09-30)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1167.0 (2025-09-29)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1166.0 (2025-09-26)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1165.0 (2025-09-25)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1164.0 (2025-09-23)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1163.0 (2025-09-22)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1162.0 (2025-09-19)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1161.0 (2025-09-16)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1160.0 (2025-09-15)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1159.0 (2025-09-11)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

... (truncated)

Commits

See full diff in compare view

Updates aws-sdk-core from 3.232.0 to 3.233.0

Changelog

Sourced from aws-sdk-core's changelog.

3.233.0 (2025-09-23)

Feature - Updated Aws::SSOOIDC::Client with the latest API changes.

Feature - This release includes exception definition and documentation updates.

Commits

See full diff in compare view

Updates aws-sdk-kms from 1.112.0 to 1.113.0

Changelog

Sourced from aws-sdk-kms's changelog.

1.113.0 (2025-09-24)

Feature - Documentation only updates for KMS.

Commits

See full diff in compare view

Updates bigdecimal from 3.2.2 to 3.2.3

Release notes

Sourced from bigdecimal's releases.

v3.2.3

What's Changed

Fix sign of bigdecimal**bigint by @tompng in ruby/bigdecimal#341

Fix BigMath.atan precision safe margin by @tompng in ruby/bigdecimal#320

Fix typo in BigDecimal#scale comment by @timcraft in ruby/bigdecimal#348

Allow BigDecimal accept Float without precision by @mrzasa in ruby/bigdecimal#314

Fix edgecase segfault of BigDecimal#remainder by @tompng in ruby/bigdecimal#349

Fix precision of BigMath.sin(x,prec) and BigMath.cos(x,prec) for large x by @tompng in ruby/bigdecimal#346

Fix wrong converge check in VpSqrt by @tompng in ruby/bigdecimal#353

Bump step-security/harden-runner from 2.12.0 to 2.12.1 by @dependabot[bot] in ruby/bigdecimal#356

Ensure BigMath.sin and BigMath.cos to be within -1..1 by @tompng in ruby/bigdecimal#317

Remove BigDecimal_divremain(which has a bug) and use BigDecimal_DoDivmod instead by @tompng in ruby/bigdecimal#351

Bump step-security/harden-runner from 2.12.1 to 2.12.2 by @dependabot[bot] in ruby/bigdecimal#359

Remove back pointer from Real to VALUE by @tompng in ruby/bigdecimal#344

Update docs for #to_d core extensions by @dduugg in ruby/bigdecimal#360

Fix compiling issue (when BIGDECIMAL_DEBUG is 1) by @tompng in ruby/bigdecimal#363

Use a correct term: engineering notation -> scientific notation by @mame in ruby/bigdecimal#365

Fix to_f underflow check when DECDIG is uint16_t by @tompng in ruby/bigdecimal#364

Fix VpNumOfChars calculation for the longest case by @tompng in ruby/bigdecimal#366

Fix a bug that exponent overflow is ignored in add, sub, mult and div operation by @tompng in ruby/bigdecimal#367

Fix dump/load bigdecimal with few or large precs by @tompng in ruby/bigdecimal#362

Refactor AddExponent overflow/underflow check by @tompng in ruby/bigdecimal#368

Strict BigDecimal("0.1e#{exponent}") exponent overflow/underflow check by @tompng in ruby/bigdecimal#369

Add DECDIG=16bit CI workflow by @tompng in ruby/bigdecimal#370

Fix wrong multiplying BASE_FIG in precision calculation by @tompng in ruby/bigdecimal#372

Remove debug print by @tompng in ruby/bigdecimal#375

Remove unused #define macros by @tompng in ruby/bigdecimal#376

VpDivd bugfix by @tompng in ruby/bigdecimal#374

Fix VpDivd to fully use quotient array by @tompng in ruby/bigdecimal#377

Add RB_GC_GUARD to test-only methods by @tompng in ruby/bigdecimal#378

Use minimum necessary division precision in BigDecimal_DoDivmod by @tompng in ruby/bigdecimal#371

Remove dead code and ineffective optimization path form VpDivd by @tompng in ruby/bigdecimal#379

Implement exp, log, power and ** in ruby by @tompng in ruby/bigdecimal#347

Remove unused "# define" macros by @tompng in ruby/bigdecimal#382

Bump step-security/harden-runner from 2.12.2 to 2.13.0 by @dependabot[bot] in ruby/bigdecimal#383

VpFormatSt O(n^2) to O(n) by @tompng in ruby/bigdecimal#384

Ignore ndigits passed to BigDecimal(string, ndigits) by @tompng in ruby/bigdecimal#385

Better error message for negative**intinite and zero-converge case fix by @tompng in ruby/bigdecimal#386

Refactor truncate floor and ceil duplicated part by @tompng in ruby/bigdecimal#387

Fix exp log power to raise "Computation results in Infinity/NaN" in EXCEPTION_INFINITY/EXCEPTION_NaN mode by @tompng in ruby/bigdecimal#389

Reduce guard obj by @tompng in ruby/bigdecimal#390

Remove ENTER and GUARD_OBJ macro by @tompng in ruby/bigdecimal#391

Coerce to bigdecimal refactor by @tompng in ruby/bigdecimal#392

Coerce rational with the given prec in exp, log and power calculation by @tompng in ruby/bigdecimal#393

Unify coerce prec calculation by @tompng in ruby/bigdecimal#394

Use bool instead of Qtrue/Qfalse for normal c boolish value by @tompng in ruby/bigdecimal#395

Fix adjusting x to 0.3..3 in log calculation by @tompng in ruby/bigdecimal#397

missing.h cleanup by @tompng in ruby/bigdecimal#396

Hide internal method of BigMath into BigDecimal::Internal by @tompng in ruby/bigdecimal#400

Remove gc_compaction test by @tompng in ruby/bigdecimal#401

... (truncated)

Changelog

Sourced from bigdecimal's changelog.

3.2.3

Allow BigDecimal accept Float without precision GH-314

@mrzasa

Ruby implementation pow, log, exp and sqrt GH-347 GH-381

@tompng

Update document GH-348 GH-360 GH-365

@timcraft @dduugg @mame

Lots of bug fixes and refactoring

Commits

dd7738c Bump version to 3.2.3 (#419)
b458f94 Add JRuby minimum ci (#418)
6177f46 In JRuby, don't add sqrt, exp, log, power implemented in ruby (#417)
b946e79 Implement BigDecimal#_decimal_shift for internal use (#324)
6253bef Update bigdecimal version used in benchmark from 3.0.0 to 3.1.1 (#416)
3d8b9be Rewrite BigDecimal#sqrt in ruby with improved Newton's method (#381)
99cc2d5 Add BigMath::E and BigMath::PI precision test (#414)
4fe723c Simplify to_i logic (#413)
f6bfd2f Calculate exp, log, pow with the given prec even if prec limit is set (#411)
c18bacb Fix x / y precision when prec limit is huge (#412)
Additional commits viewable in compare view

Updates connection_pool from 2.5.3 to 2.5.4

Changelog

Sourced from connection_pool's changelog.

2.5.4

Add ability to remove a broken connection from the pool [Bump aws-partitions from 1.206.0 to 1.208.0 #204, womblep]

Commits

0dfef64 Add optional argument to discard_current_connection (#205)
23fe03a doc, bump
55f3913 Add the ability to discard the current connection (#204)
d641937 Bump actions/checkout from 4 to 5 (#203)
See full diff in compare view

Updates console from 1.33.0 to 1.34.0

Updates google-protobuf from 4.32.0 to 4.32.1

Commits

See full diff in compare view

Updates io-event from 1.13.0 to 1.14.0

Changelog

Sourced from io-event's changelog.

v1.14.0

Enhanced IO::Event::PriorityHeap with deletion and bulk insertion methods

The {ruby IO::Event::PriorityHeap} now supports efficient element removal and bulk insertion:

delete(element): Remove a specific element from the heap in O(n) time

delete_if(&block): Remove elements matching a condition with O(n) amortized bulk deletion

concat(elements): Add multiple elements efficiently in O(n) time
heap = IO::Event::PriorityHeap.new
Efficient bulk insertion - O(n) instead of O(n log n)
heap.concat([5, 2, 8, 1, 9, 3])
Remove specific element
removed = heap.delete(5)  # Returns 5, heap maintains order
Bulk removal with condition
count = heap.delete_if{|x| x.even?}  # Removes 2, 8 efficiently
The delete_if and concat methods are particularly efficient for bulk operations, using bottom-up heapification to maintain the heap property in O(n) time. This provides significant performance improvements:

Bulk insertion: O(n log n) → O(n) for adding multiple elements

Bulk deletion: O(k×n) → O(n) for removing k elements

Both methods maintain the heap invariant and include comprehensive test coverage with edge case validation.

v1.11.2

Fix Windows build.

v1.11.1

Fix read_nonblock when using the URing selector, which was not handling zero-length reads correctly. This allows reading available data without blocking.

v1.11.0

Introduce IO::Event::WorkerPool for off-loading blocking operations.

The {ruby IO::Event::WorkerPool} provides a mechanism for executing blocking operations on separate OS threads while properly integrating with Ruby's fiber scheduler and GVL (Global VM Lock) management. This enables true parallelism for CPU-intensive or blocking operations that would otherwise block the event loop.
# Fiber scheduler integration via blocking_operation_wait hook
class MyScheduler
	def initialize
</tr></table> 

... (truncated)

Commits

0b3c7ed Bump minor version.
ebe6554 Introduce IO::Event::PriorityHeap bulk insert and delete.
See full diff in compare view

Updates json from 2.13.2 to 2.15.0

Release notes

Sourced from json's releases.

v2.15.0

What's Changed

JSON::Coder callback now receive a second argument to convey whether the object is a hash key.

Tuned the floating point number generator to not use scientific notation as aggressively.

Full Changelog: ruby/json@v2.14.1...v2.15.0

v2.14.1

What's Changed

Fix IndexOutOfBoundsException in the JRuby extension when encoding shared strings.

Full Changelog: ruby/json@v2.14.0...v2.14.1

v2.14.0

What's Changed
Add new allow_duplicate_key generator options. By default a warning is now emitted when a duplicated key is encountered. In json 3.0 an error will be raised.
>> Warning[:deprecated] = true
>> puts JSON.generate({ foo: 1, "foo" => 2 })
(irb):2: warning: detected duplicate key "foo" in {foo: 1, "foo" => 2}.
This will raise an error in json 3.0 unless enabled via `allow_duplicate_key: true`
{"foo":1,"foo":2}
>> JSON.generate({ foo: 1, "foo" => 2 }, allow_duplicate_key: false)
detected duplicate key "foo" in {foo: 1, "foo" => 2} (JSON::GeneratorError)
Fix JSON.generate strict: true mode to also restrict hash keys.

Fix JSON::Coder to also invoke block for hash keys that aren't strings nor symbols.

Fix JSON.unsafe_load usage with proc

Fix the parser to more consistently reject invalid UTF-16 surogate pairs.

Stop defining String.json_create, String#to_json_raw, String#to_json_raw_object when json/add isn't loaded.
Full Changelog: ruby/json@v2.13.2...v2.14.0

Changelog

Sourced from json's changelog.

2025-09-22 (2.15.0)

JSON::Coder callback now receive a second argument to convey whether the object is a hash key.

Tuned the floating point number generator to not use scientific notation as aggressively.

2025-09-18 (2.14.1)

Fix IndexOutOfBoundsException in the JRuby extension when encoding shared strings.

2025-09-18 (2.14.0)
Add new allow_duplicate_key generator options. By default a warning is now emitted when a duplicated key is encountered. In json 3.0 an error will be raised.
>> Warning[:deprecated] = true
>> puts JSON.generate({ foo: 1, "foo" => 2 })
(irb):2: warning: detected duplicate key "foo" in {foo: 1, "foo" => 2}.
This will raise an error in json 3.0 unless enabled via `allow_duplicate_key: true`
{"foo":1,"foo":2}
>> JSON.generate({ foo: 1, "foo" => 2 }, allow_duplicate_key: false)
detected duplicate key "foo" in {foo: 1, "foo" => 2} (JSON::GeneratorError)
Fix JSON.generate strict: true mode to also restrict hash keys.

Fix JSON::Coder to also invoke block for hash keys that aren't strings nor symbols.

Fix JSON.unsafe_load usage with proc

Fix the parser to more consistently reject invalid UTF-16 surogate pairs.

Stop defining String.json_create, String#to_json_raw, String#to_json_raw_object when json/add isn't loaded.

Commits

4abfad0 Release 2.15.0
bb5db85 Merge pull request #866 from headius/jruby_rakefile_fixes
e809fab Merge pull request #865 from samyron/sm/swar-better-bounds-fix
3d1ed18 Add macos platform for JRuby CI
b1cc126 Use --release flag on Java 9+
a2aa1cb Add JRuby build output to CLEAN and CLOBBER
0a9478a implement a better fix for an out of bounds exception
efd67e7 Update changelog
3a98832 Merge pull request #864 from byroot/as-json-key
4d9068c Refactor Truffle generator type checks
Additional commits viewable in compare view

Updates metrics from 0.14.0 to 0.15.0

Changelog

Sourced from metrics's changelog.

v0.15.0

Add into = nil parameter to Metrics::Tags.normalize(tags, into = nil) to allow reusing an existing array.

Commits

2883b0a Bump minor version.
c99f671 Improved Metrics::Tags.normalize(tags, into = nil).
f6a92cb Bump patch version.
915d1a3 Modernize code.
See full diff in compare view

Updates mime-types-data from 3.2025.0826 to 3.2025.0924

Changelog

Sourced from mime-types-data's changelog.

3.2025.0924 / 2025-09-24

Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional] and the [Apache Tika media registry][tika] as of the release date.

NEXT / YYYY-MM—DD

Removed the [Apache httpd media registry][httpd] from automatic updates. It is currently failing and no longer provides useful data compared to other sources.

3.2025.0916 / 2025-09-16

Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional], the [Apache httpd media registry][httpd], and the [Apache Tika media registry][tika] as of the release date.

3.2025.0909 / 2025-09-09

Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional], the [Apache httpd media registry][httpd], and the [Apache Tika media registry][tika] as of the release date.

3.2025.0902 / 2025-09-02

Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional], the [Apache httpd media registry][httpd], and the [Apache Tika media registry][tika] as of the release date.

Commits

85ac1a5 Update mime-types-data 3.2025.0924 / 2025-09-24
3f857ea fix: Remove Apache httpd type data from automated update
a854234 deps: Bump ruby/setup-ruby from 1.257.0 to 1.262.0
a3d677b deps: Bump step-security/harden-runner from 2.13.0 to 2.13.1
2252e5d deps: Bump astral-sh/setup-uv from 6.6.1 to 6.7.0
69fb79b deps: Bump reviewdog/action-actionlint from 1.66.1 to 1.67.0
d43cc75 deps: Bump github/codeql-action from 3.30.1 to 3.30.3
e1e5012 Update mime-types-data 3.2025.0916 / 2025-09-16
72bc62c Update mime-types-data 3.2025.0909 / 2025-09-09
b5a3e92 deps: Bump astral-sh/setup-uv from 6.6.0 to 6.6.1
Additional commits viewable in compare view

Updates nokogiri from 1.18.9 to 1.18.10

Release notes

Sourced from nokogiri's releases.

v1.18.10 / 2025-09-15

Dependencies

[CRuby] Vendored libxml2 is updated to v2.13.9. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.
[CRuby] [Windows and MacOS] Vendored libiconv is updated to v1.18

7fb87235d729c74a2be635376d82b1d459230cc17c50300f8e4fcaabc6195344  nokogiri-1.18.10-aarch64-linux-gnu.gem
7e74e58314297cc8a8f1b533f7212d1999dbe2639a9ee6d97b483ea2acc18944  nokogiri-1.18.10-aarch64-linux-musl.gem
51f4f25ab5d5ba1012d6b16aad96b840a10b067b93f35af6a55a2c104a7ee322  nokogiri-1.18.10-arm-linux-gnu.gem
1c6ea754e51cecc85c30ee8ab1e6aa4ce6b6e134d01717e9290e79374a9e00aa  nokogiri-1.18.10-arm-linux-musl.gem
c2b0de30770f50b92c9323fa34a4e1cf5a0af322afcacd239cd66ee1c1b22c85  nokogiri-1.18.10-arm64-darwin.gem
cd431a09c45d84a2f870ba0b7e8f571199b3727d530f2b4888a73639f76510b5  nokogiri-1.18.10-java.gem
64f40d4a41af9f7f83a4e236ad0cf8cca621b97e31f727b1bebdae565a653104  nokogiri-1.18.10-x64-mingw-ucrt.gem
536e74bed6db2b5076769cab5e5f5af0cd1dccbbd75f1b3e1fa69d1f5c2d79e2  nokogiri-1.18.10-x86_64-darwin.gem
ff5ba26ba2dbce5c04b9ea200777fd225061d7a3930548806f31db907e500f72  nokogiri-1.18.10-x86_64-linux-gnu.gem
0651fccf8c2ebbc2475c8b1dfd7ccac3a0a6d09f8a41b72db8c21808cb483385  nokogiri-1.18.10-x86_64-linux-musl.gem
d5cc0731008aa3b3a87b361203ea3d19b2069628cb55e46ac7d84a0445e69cc1  nokogiri-1.18.10.gem

Changelog

Sourced from nokogiri's changelog.

v1.18.10 / 2025-09-15

Dependencies

[CRuby] Vendored libxml2 is updated to v2.13.9. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.

[CRuby] [Windows and MacOS] Vendored libiconv is updated to v1.18

Commits

6803740 version bump to v1.18.10
93337de dep: bump vendored libxml2 to v2.13.9 (#3555)
15dde17 ci: work around repeated bundler deadlocks
9906071 dep: bump vendored libxml2 to v2.13.9
adf72e3 [v1.18.x] backport libiconv upgrade to v1.18 (#3550)
92cab09 dep: update vendored libiconv to 1.18
f1c5ea8 Use mirror site to download libiconv
dcd2721 ci: stop testing Ruby 3.1 windows source builds
cf856e6 ci: fix the aarch64 segfault by using a more modern qemu
6d77443 Fix errors building Ruby 3.1 on windows
Additional commits viewable in compare view

Updates rexml from 3.4.2 to 3.4.4

Release notes

Sourced from rexml's releases.

REXML 3.4.4 - 2025-09-10

Improvement

Accept REXML::Document.new("") for backward compatibility

GH-296

GH-295

Patch by NAITOH Jun

Reported by Joe Rafaniello

Thanks

NAITOH Jun

Joe Rafaniello

REXML 3.4.3 - 2025-09-07

Improvement

Reject no root element XML as an invalid XML

GH-289

GH-291

Patch by NAITOH Jun

Reported by Sutou Kouhei

Fixes

Fixed an issue with IOSource#read_until when reaching the end of a file

GH-287

GH-288

Patch by NAITOH Jun

Reported by Jason Thomas

Thanks

NAITOH Jun

Sutou Kouhei

Jason Thomas

Changelog

Sourced from rexml's changelog.

3.4.4 - 2025-09-10 {#version-3-4-4}

Improvement

Accept REXML::Document.new("") for backward compatibility

GH-296

GH-295

Patch by NAITOH Jun

Reported by Joe Rafaniello

Thanks

NAITOH Jun

Joe Rafaniello

3.4.3 - 2025-09-07 {#version-3-4-3}

Improvement

Reject no root element XML as an invalid XML

GH-289

GH-291

Patch by NAITOH Jun

Reported by Sutou Kouhei

Fixes

Fixed an issue with IOSource#read_until when reaching the end of a file

GH-287

GH-288

Patch by NAITOH Jun

Reported by Jason Thomas

Thanks

NAITOH Jun

Sutou Kouhei

Jason Thomas

Commits

4f32ea3 Add 3.4.4 entry (#297)
37cde3f Accept REXML::Document.new("") for backward compatibility (#295)
4ffe211 Bump version
822530c Add 3.4.3 entry (#293)
6ba286c Reject no root element XML as an invalid XML (#291)
b5b148e The Zlib::GzipReader in JRuby does not behave as expected with REXML, so the ...
1531862 Fixed an issue with IOSource#read_until when reaching the end of a file (#288)
185bdc7 Bump version
See full diff in compare view

Updates sass-embedded from 1.91.0 to 1.93.2

Commits

54c0e3c v1.93.2
8958ebd Bump sass from 1.93.1 to 1.93.2 in /ext/sass (#334)
f647b91 v1.93.1
10ce663 Bump sass from 1.93.0 to 1.93.1 in /ext/sass (#333)
8dbc037 v1.93.0
e05dc91 Bump sass from 1.92.1 to 1.93.0 in /ext/sass (#332)
d63d7ea Improve nodejs detection
dac77b8 Improve dart-devtools support
37a92ba Update rubocop-performance requirement from ~> 1.25.0 to ~> 1.26.0 (#331)
b2a9ad5 v1.92.1
Additional commits viewable in compare view

Updates traces from 0.18.1 to 0.18.2

Changelog

Sourced from traces's changelog.

Releases

Commits

b171847 Bump patch version.
d940196 Modernize code.
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the ruby-deps group with 18 updates: | Package | From | To | | --- | --- | --- | | [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.198.0` | `1.199.1` | | [activesupport](https://github.com/rails/rails) | `8.0.2.1` | `8.0.3` | | [async](https://github.com/socketry/async) | `2.28.1` | `2.33.0` | | [aws-partitions](https://github.com/aws/aws-sdk-ruby) | `1.1153.0` | `1.1168.0` | | [aws-sdk-core](https://github.com/aws/aws-sdk-ruby) | `3.232.0` | `3.233.0` | | [aws-sdk-kms](https://github.com/aws/aws-sdk-ruby) | `1.112.0` | `1.113.0` | | [bigdecimal](https://github.com/ruby/bigdecimal) | `3.2.2` | `3.2.3` | | [connection_pool](https://github.com/mperham/connection_pool) | `2.5.3` | `2.5.4` | | [console](https://socketry.github.io/console) | `1.33.0` | `1.34.0` | | [google-protobuf](https://github.com/protocolbuffers/protobuf) | `4.32.0` | `4.32.1` | | [io-event](https://github.com/socketry/io-event) | `1.13.0` | `1.14.0` | | [json](https://github.com/ruby/json) | `2.13.2` | `2.15.0` | | [metrics](https://github.com/socketry/metrics) | `0.14.0` | `0.15.0` | | [mime-types-data](https://github.com/mime-types/mime-types-data) | `3.2025.0826` | `3.2025.0924` | | [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.18.9` | `1.18.10` | | [rexml](https://github.com/ruby/rexml) | `3.4.2` | `3.4.4` | | [sass-embedded](https://github.com/sass-contrib/sass-embedded-host-ruby) | `1.91.0` | `1.93.2` | | [traces](https://github.com/socketry/traces) | `0.18.1` | `0.18.2` | Updates `aws-sdk-s3` from 1.198.0 to 1.199.1 - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) Updates `activesupport` from 8.0.2.1 to 8.0.3 - [Release notes](https://github.com/rails/rails/releases) - [Changelog](https://github.com/rails/rails/blob/v8.0.3/activesupport/CHANGELOG.md) - [Commits](rails/rails@v8.0.2.1...v8.0.3) Updates `async` from 2.28.1 to 2.33.0 - [Release notes](https://github.com/socketry/async/releases) - [Changelog](https://github.com/socketry/async/blob/main/releases.md) - [Commits](socketry/async@v2.28.1...v2.33.0) Updates `aws-partitions` from 1.1153.0 to 1.1168.0 - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-partitions/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) Updates `aws-sdk-core` from 3.232.0 to 3.233.0 - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-core/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) Updates `aws-sdk-kms` from 1.112.0 to 1.113.0 - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-kms/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) Updates `bigdecimal` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/ruby/bigdecimal/releases) - [Changelog](https://github.com/ruby/bigdecimal/blob/master/CHANGES.md) - [Commits](ruby/bigdecimal@v3.2.2...v3.2.3) Updates `connection_pool` from 2.5.3 to 2.5.4 - [Changelog](https://github.com/mperham/connection_pool/blob/main/Changes.md) - [Commits](mperham/connection_pool@v2.5.3...v2.5.4) Updates `console` from 1.33.0 to 1.34.0 Updates `google-protobuf` from 4.32.0 to 4.32.1 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](https://github.com/protocolbuffers/protobuf/commits) Updates `io-event` from 1.13.0 to 1.14.0 - [Release notes](https://github.com/socketry/io-event/releases) - [Changelog](https://github.com/socketry/io-event/blob/main/releases.md) - [Commits](socketry/io-event@v1.13.0...v1.14.0) Updates `json` from 2.13.2 to 2.15.0 - [Release notes](https://github.com/ruby/json/releases) - [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md) - [Commits](ruby/json@v2.13.2...v2.15.0) Updates `metrics` from 0.14.0 to 0.15.0 - [Release notes](https://github.com/socketry/metrics/releases) - [Changelog](https://github.com/socketry/metrics/blob/main/releases.md) - [Commits](socketry/metrics@v0.14.0...v0.15.0) Updates `mime-types-data` from 3.2025.0826 to 3.2025.0924 - [Changelog](https://github.com/mime-types/mime-types-data/blob/main/CHANGELOG.md) - [Commits](mime-types/mime-types-data@v3.2025.0826...v3.2025.0924) Updates `nokogiri` from 1.18.9 to 1.18.10 - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.18.9...v1.18.10) Updates `rexml` from 3.4.2 to 3.4.4 - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](ruby/rexml@v3.4.2...v3.4.4) Updates `sass-embedded` from 1.91.0 to 1.93.2 - [Commits](sass-contrib/sass-embedded-host-ruby@v1.91.0...v1.93.2) Updates `traces` from 0.18.1 to 0.18.2 - [Changelog](https://github.com/socketry/traces/blob/main/releases.md) - [Commits](socketry/traces@v0.18.1...v0.18.2) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-version: 1.199.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: activesupport dependency-version: 8.0.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: async dependency-version: 2.33.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: aws-partitions dependency-version: 1.1168.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: aws-sdk-core dependency-version: 3.233.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: aws-sdk-kms dependency-version: 1.113.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: bigdecimal dependency-version: 3.2.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: connection_pool dependency-version: 2.5.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: console dependency-version: 1.34.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: google-protobuf dependency-version: 4.32.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: io-event dependency-version: 1.14.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: json dependency-version: 2.15.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: metrics dependency-version: 0.15.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: mime-types-data dependency-version: 3.2025.0924 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: nokogiri dependency-version: 1.18.10 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rexml dependency-version: 3.4.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: sass-embedded dependency-version: 1.93.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: traces dependency-version: 0.18.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Oct 1, 2025

chadlwilson merged commit b81c95c into master Oct 1, 2025
1 check passed

dependabot bot deleted the dependabot/bundler/ruby-deps-48544fbaf2 branch October 1, 2025 07:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the ruby-deps group with 18 updates #1273

Bump the ruby-deps group with 18 updates #1273

Uh oh!

dependabot bot commented on behalf of github Oct 1, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the ruby-deps group with 18 updates #1273

Bump the ruby-deps group with 18 updates #1273

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 1, 2025

1.199.1 (2025-09-25)

1.199.0 (2025-09-08)

8.0.3

Active Support

Rails 8.0.3 (September 22, 2025)

v2.33.0

v2.32.1

v2.32.0

v2.31.0

v2.30.0

v2.29.0

Introduce Async::Promise

1.1168.0 (2025-09-30)

1.1167.0 (2025-09-29)

1.1166.0 (2025-09-26)

1.1165.0 (2025-09-25)

1.1164.0 (2025-09-23)

1.1163.0 (2025-09-22)

1.1162.0 (2025-09-19)

1.1161.0 (2025-09-16)

1.1160.0 (2025-09-15)

1.1159.0 (2025-09-11)

3.233.0 (2025-09-23)

1.113.0 (2025-09-24)

v3.2.3

What's Changed

3.2.3

2.5.4

v1.14.0

Enhanced IO::Event::PriorityHeap with deletion and bulk insertion methods

v1.11.2

v1.11.1

v1.11.0

Introduce IO::Event::WorkerPool for off-loading blocking operations.

v2.15.0

What's Changed

v2.14.1

What's Changed

v2.14.0

What's Changed

2025-09-22 (2.15.0)

2025-09-18 (2.14.1)

2025-09-18 (2.14.0)

v0.15.0

3.2025.0924 / 2025-09-24

NEXT / YYYY-MM—DD

3.2025.0916 / 2025-09-16

3.2025.0909 / 2025-09-09

3.2025.0902 / 2025-09-02

v1.18.10 / 2025-09-15

Dependencies

v1.18.10 / 2025-09-15

Dependencies

REXML 3.4.4 - 2025-09-10

Improvement

Thanks

REXML 3.4.3 - 2025-09-07

Improvement

Fixes

Thanks

3.4.4 - 2025-09-10 {#version-3-4-4}

Improvement

Thanks

3.4.3 - 2025-09-07 {#version-3-4-3}

Improvement

Fixes

Thanks

Releases

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Introduce `Async::Promise`

Enhanced `IO::Event::PriorityHeap` with deletion and bulk insertion methods

Introduce `IO::Event::WorkerPool` for off-loading blocking operations.