Skip to content

build(deps): bump the bundler group across 1 directory with 9 updates#338

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/bundler-20030f292c
Closed

build(deps): bump the bundler group across 1 directory with 9 updates#338
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/bundler-20030f292c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown

Bumps the bundler group with 6 updates in the / directory:

Package From To
rubocop 1.87.0 1.88.0
auth-sanitizer 0.2.1 0.2.2
concurrent-ruby 1.3.6 1.3.7
faraday 2.14.2 2.14.3
i18n 1.14.8 1.15.1
oauth2 2.0.22 2.0.24

Updates rubocop from 1.87.0 to 1.88.0

Release notes

Sourced from rubocop's releases.

RuboCop v1.88.0

New features

  • #15166: Add a new Recursive option to Style/MutableConstant. When enabled, the cop checks and freezes mutable literals nested inside arrays and hashes. The option is disabled by default to preserve existing behavior. ([@​paracycle][])

Bug fixes

  • #15220: Fix a bad autocorrect for Lint/RedundantSplatExpansion when splatting an empty literal (e.g. when *[] or rescue *[]), which expanded to invalid or semantically different code. ([@​bbatsov][])
  • #15221: Fix a bad autocorrect for Lint/RegexpAsCondition when the regexp literal is negated (e.g. if !/foo/), which inverted the condition. ([@​bbatsov][])
  • #15242: Fix a bad autocorrect for Lint/SymbolConversion when the receiver is an interpolated string containing an embedded double quote (e.g. "foo#{bar}\"qux".to_sym), which produced a syntax error. ([@​bbatsov][])
  • #15270: Fix a crash for Style/CombinableLoops when a for loop has an empty body, and stop autocorrecting consecutive for loops whose iteration variables differ (which produced code referencing an undefined variable). ([@​bbatsov][])
  • #15272: Fix a crash for Style/ConstantVisibility when a visibility declaration has a numeric literal argument (e.g. private_constant 42). ([@​bbatsov][])
  • #15215: Fix a false negative for Lint/OrderedMagicComments when an encoding magic comment is preceded by a magic comment other than frozen_string_literal (e.g. shareable_constant_value). ([@​bbatsov][])
  • #15228: Fix a false negative for Lint/RedundantWithIndex when the block takes no arguments (e.g. ary.each_with_index { do_something }). ([@​bbatsov][])
  • #15230: Fix a false negative for Lint/RequireRelativeSelfPath when requiring the current file by name with its extension (e.g. require_relative 'foo.rb') and the file path is absolute. ([@​bbatsov][])
  • #15229: Fix a false negative for Lint/SafeNavigationChain when an ordinary method is chained after a parenthesized safe navigation call (e.g. (x&.foo).bar). ([@​bbatsov][])
  • #15225: Fix a false negative for Lint/SafeNavigationWithEmpty when the receiver of &.empty? is a local variable, instance variable, constant, or other non-method-call expression. ([@​bbatsov][])
  • #15231: Fix a false negative for Lint/SendWithMixinArgument when send/public_send/__send__ is called with no explicit receiver or with a self receiver (e.g. send(:include, Bar)). ([@​bbatsov][])
  • #15248: Fix a false negative for Lint/ToEnumArguments when more positional arguments are passed than the method accepts (e.g. def m(x); to_enum(:m, x, extra); end), which raises ArgumentError when the enumerator is used. ([@​bbatsov][])
  • #15249: Fix a false negative for Lint/UnescapedBracketInRegexp when an unescaped ] is preceded by an escaped backslash (e.g. /abc\\]123/). ([@​bbatsov][])
  • #15267: Fix a false positive for Style/ArrayIntersectWithSingleElement with a splat argument (e.g. array.intersect?([*foo])), which is not a single element and was incorrectly rewritten to array.include?(*foo). ([@​bbatsov][])
  • #15272: Fix a false positive for Style/ColonMethodCall with chained JRuby interop calls (e.g. Java::com::something_method). ([@​bbatsov][])
  • #15271: Fix a false positive for Style/ConditionalAssignment with EnforcedStyle: assign_inside_condition when assigning an unless without an else branch (e.g. x = unless cond; 1; end), which was rewritten to move the assignment inside the unless and changed behavior when the condition was true. ([@​bbatsov][])
  • #14401: Fix a false positive for Layout/BlockAlignment with EnforcedStyleAlignWith: start_of_line when a block is passed as a method argument. ([@​augustocbx][])
  • #15216: Fix a false positive for Lint/RaiseException when raise Exception is used inside a module nested within an allowed implicit namespace (e.g. Gem). ([@​bbatsov][])
  • #15219: Fix a false positive for Lint/RedundantDirGlobSort when sort is given a comparator block or a block-pass argument, which is not redundant with the default sorting. ([@​bbatsov][])
  • #15224: Fix a false positive for Lint/ShadowingOuterLocalVariable when a block argument has the same name as a pattern variable from a different in branch of the same case. ([@​bbatsov][])
  • #15239: Fix a false positive for Lint/SuppressedExceptionInNumberConversion when the numeric constructor already passes exception: false (e.g. Integer(arg, exception: false) rescue nil), which also produced an autocorrect with a duplicate exception: false keyword. ([@​bbatsov][])
  • #15243: Fix a false positive for Lint/TopLevelReturnWithArgument when a return with an argument is inside a numbered-parameter block or an it block. ([@​bbatsov][])
  • #15245: Fix a false positive for Lint/UselessRuby2Keywords when ruby2_keywords in a nested class or module refers to a method of the same name defined in an outer scope. ([@​bbatsov][])
  • #15246: Fix a false positive for Lint/UselessSetterCall when a multiple assignment uses nested destructuring (e.g. (a, b), c = arg, other_arg), which misaligned variables with the right-hand side values. ([@​bbatsov][])
  • #15125: Fix a false positive for Style/ZeroLengthPredicate when File::Stat.new(...).size.zero? is used. ([@​augustocbx][])
  • #15196: Fix --start-server to wait until the server is running before returning, which fixes a flaky --restart-server spec and a race for commands run right after starting the server. ([@​koic][])
  • #15272: Fix Style/Alias not detecting block scope for numbered-parameter and it blocks, which caused a false positive for alias_method and a false negative for alias inside such blocks. ([@​bbatsov][])
  • #15281: Fix an incorrect autocorrect when Style/IfUnlessModifier and Style/Next correct the same conditional. ([@​fynsta][])
  • #15260: Fix an error for Style/FileWrite when a literal or variable is passed to write in the block form. ([@​koic][])
  • #15276: Fix an error for Style/RedundantFormat when the format string is a heredoc with format arguments. ([@​fynsta][])
  • #15270: Fix an incorrect autocorrect for Style/AndOr when an operand is next, break, or yield with an argument (e.g. foo and next 1), which produced invalid Ruby like foo && next 1. ([@​bbatsov][])
  • #15267: Fix an incorrect autocorrect for Style/ArrayFirstLast when arr[0]/arr[-1] is the target of a compound assignment (e.g. arr[0] += 1), which produced arr.first += 1 and raised NoMethodError. ([@​bbatsov][])
  • #15267: Fix an incorrect autocorrect for Style/ArrayIntersect where a negated predicate on a safe-navigation chain (e.g. a&.intersection(b)&.none?) was rewritten to !a&.intersect?(b), flipping the result when the receiver is nil. ([@​bbatsov][])
  • #15273: Fix an incorrect autocorrect for Style/BlockDelimiters that converted a single-line do...end block containing a block-level rescue or ensure to {...}, producing invalid Ruby. ([@​bbatsov][])
  • #15268: Fix an incorrect autocorrect for Style/CaseEquality when the argument is an operator or unary expression (e.g. Array === a + b), which produced mis-parsed code like a + b.is_a?(Array). ([@​bbatsov][])
  • #15268: Fix an incorrect autocorrect for Style/ClassEqualityComparison inside a namespace when the class name string is already fully qualified (e.g. bar.class.name == '::Bar'), which produced instance_of?(::::Bar) and was a syntax error. ([@​bbatsov][])
  • #15268: Fix an incorrect autocorrect for Style/ClassEqualityComparison when comparing Class itself to a string literal (e.g. var.class == 'Date'), which produced var.instance_of?('Date') and raised TypeError; such comparisons are no longer autocorrected. ([@​bbatsov][])
  • #15274: Fix an incorrect autocorrect for Style/ClassMethodsDefinitions that corrupted a preceding comment containing def <name> and left the method undefined as a class method. ([@​bbatsov][])
  • #15270: Fix an incorrect autocorrect for Style/ComparableClamp when the clamped value is an operator expression (e.g. a + b), which produced mis-parsed code like a + b.clamp(low, high). ([@​bbatsov][])
  • #15267: Fix an incorrect autocorrect for Style/ConcatArrayLiterals with an empty array literal argument (e.g. arr.concat([], [b])), which produced invalid Ruby like arr.push(, b). ([@​bbatsov][])
  • #15274: Fix an incorrect autocorrect for Style/DigChain that duplicated a trailing comment and dropped indentation when the chain was inside a method or block. ([@​bbatsov][])
  • #15288: Fix an incorrect autocorrect for Lint/UselessTimes when a 1.times block takes a single destructured (|(a, b)|) or splat (|*a|) argument, which produced a body referencing an undefined variable. ([@​bbatsov][])
  • #15280: Fix an incorrect autocorrect for Style/ConditionalAssignment with EnforcedStyle: assign_inside_condition and a single-line case. ([@​fynsta][])

... (truncated)

Changelog

Sourced from rubocop's changelog.

1.88.0 (2026-06-16)

New features

  • #15166: Add a new Recursive option to Style/MutableConstant. When enabled, the cop checks and freezes mutable literals nested inside arrays and hashes. The option is disabled by default to preserve existing behavior. ([@​paracycle][])

Bug fixes

  • #15220: Fix a bad autocorrect for Lint/RedundantSplatExpansion when splatting an empty literal (e.g. when *[] or rescue *[]), which expanded to invalid or semantically different code. ([@​bbatsov][])
  • #15221: Fix a bad autocorrect for Lint/RegexpAsCondition when the regexp literal is negated (e.g. if !/foo/), which inverted the condition. ([@​bbatsov][])
  • #15242: Fix a bad autocorrect for Lint/SymbolConversion when the receiver is an interpolated string containing an embedded double quote (e.g. "foo#{bar}\"qux".to_sym), which produced a syntax error. ([@​bbatsov][])
  • #15270: Fix a crash for Style/CombinableLoops when a for loop has an empty body, and stop autocorrecting consecutive for loops whose iteration variables differ (which produced code referencing an undefined variable). ([@​bbatsov][])
  • #15272: Fix a crash for Style/ConstantVisibility when a visibility declaration has a numeric literal argument (e.g. private_constant 42). ([@​bbatsov][])
  • #15215: Fix a false negative for Lint/OrderedMagicComments when an encoding magic comment is preceded by a magic comment other than frozen_string_literal (e.g. shareable_constant_value). ([@​bbatsov][])
  • #15228: Fix a false negative for Lint/RedundantWithIndex when the block takes no arguments (e.g. ary.each_with_index { do_something }). ([@​bbatsov][])
  • #15230: Fix a false negative for Lint/RequireRelativeSelfPath when requiring the current file by name with its extension (e.g. require_relative 'foo.rb') and the file path is absolute. ([@​bbatsov][])
  • #15229: Fix a false negative for Lint/SafeNavigationChain when an ordinary method is chained after a parenthesized safe navigation call (e.g. (x&.foo).bar). ([@​bbatsov][])
  • #15225: Fix a false negative for Lint/SafeNavigationWithEmpty when the receiver of &.empty? is a local variable, instance variable, constant, or other non-method-call expression. ([@​bbatsov][])
  • #15231: Fix a false negative for Lint/SendWithMixinArgument when send/public_send/__send__ is called with no explicit receiver or with a self receiver (e.g. send(:include, Bar)). ([@​bbatsov][])
  • #15248: Fix a false negative for Lint/ToEnumArguments when more positional arguments are passed than the method accepts (e.g. def m(x); to_enum(:m, x, extra); end), which raises ArgumentError when the enumerator is used. ([@​bbatsov][])
  • #15249: Fix a false negative for Lint/UnescapedBracketInRegexp when an unescaped ] is preceded by an escaped backslash (e.g. /abc\\]123/). ([@​bbatsov][])
  • #15267: Fix a false positive for Style/ArrayIntersectWithSingleElement with a splat argument (e.g. array.intersect?([*foo])), which is not a single element and was incorrectly rewritten to array.include?(*foo). ([@​bbatsov][])
  • #15272: Fix a false positive for Style/ColonMethodCall with chained JRuby interop calls (e.g. Java::com::something_method). ([@​bbatsov][])
  • #15271: Fix a false positive for Style/ConditionalAssignment with EnforcedStyle: assign_inside_condition when assigning an unless without an else branch (e.g. x = unless cond; 1; end), which was rewritten to move the assignment inside the unless and changed behavior when the condition was true. ([@​bbatsov][])
  • #14401: Fix a false positive for Layout/BlockAlignment with EnforcedStyleAlignWith: start_of_line when a block is passed as a method argument. ([@​augustocbx][])
  • #15216: Fix a false positive for Lint/RaiseException when raise Exception is used inside a module nested within an allowed implicit namespace (e.g. Gem). ([@​bbatsov][])
  • #15219: Fix a false positive for Lint/RedundantDirGlobSort when sort is given a comparator block or a block-pass argument, which is not redundant with the default sorting. ([@​bbatsov][])
  • #15224: Fix a false positive for Lint/ShadowingOuterLocalVariable when a block argument has the same name as a pattern variable from a different in branch of the same case. ([@​bbatsov][])
  • #15239: Fix a false positive for Lint/SuppressedExceptionInNumberConversion when the numeric constructor already passes exception: false (e.g. Integer(arg, exception: false) rescue nil), which also produced an autocorrect with a duplicate exception: false keyword. ([@​bbatsov][])
  • #15243: Fix a false positive for Lint/TopLevelReturnWithArgument when a return with an argument is inside a numbered-parameter block or an it block. ([@​bbatsov][])
  • #15245: Fix a false positive for Lint/UselessRuby2Keywords when ruby2_keywords in a nested class or module refers to a method of the same name defined in an outer scope. ([@​bbatsov][])
  • #15246: Fix a false positive for Lint/UselessSetterCall when a multiple assignment uses nested destructuring (e.g. (a, b), c = arg, other_arg), which misaligned variables with the right-hand side values. ([@​bbatsov][])
  • #15125: Fix a false positive for Style/ZeroLengthPredicate when File::Stat.new(...).size.zero? is used. ([@​augustocbx][])
  • #15196: Fix --start-server to wait until the server is running before returning, which fixes a flaky --restart-server spec and a race for commands run right after starting the server. ([@​koic][])
  • #15272: Fix Style/Alias not detecting block scope for numbered-parameter and it blocks, which caused a false positive for alias_method and a false negative for alias inside such blocks. ([@​bbatsov][])
  • #15281: Fix an incorrect autocorrect when Style/IfUnlessModifier and Style/Next correct the same conditional. ([@​fynsta][])
  • #15260: Fix an error for Style/FileWrite when a literal or variable is passed to write in the block form. ([@​koic][])
  • #15276: Fix an error for Style/RedundantFormat when the format string is a heredoc with format arguments. ([@​fynsta][])
  • #15270: Fix an incorrect autocorrect for Style/AndOr when an operand is next, break, or yield with an argument (e.g. foo and next 1), which produced invalid Ruby like foo && next 1. ([@​bbatsov][])
  • #15267: Fix an incorrect autocorrect for Style/ArrayFirstLast when arr[0]/arr[-1] is the target of a compound assignment (e.g. arr[0] += 1), which produced arr.first += 1 and raised NoMethodError. ([@​bbatsov][])
  • #15267: Fix an incorrect autocorrect for Style/ArrayIntersect where a negated predicate on a safe-navigation chain (e.g. a&.intersection(b)&.none?) was rewritten to !a&.intersect?(b), flipping the result when the receiver is nil. ([@​bbatsov][])
  • #15273: Fix an incorrect autocorrect for Style/BlockDelimiters that converted a single-line do...end block containing a block-level rescue or ensure to {...}, producing invalid Ruby. ([@​bbatsov][])
  • #15268: Fix an incorrect autocorrect for Style/CaseEquality when the argument is an operator or unary expression (e.g. Array === a + b), which produced mis-parsed code like a + b.is_a?(Array). ([@​bbatsov][])
  • #15268: Fix an incorrect autocorrect for Style/ClassEqualityComparison inside a namespace when the class name string is already fully qualified (e.g. bar.class.name == '::Bar'), which produced instance_of?(::::Bar) and was a syntax error. ([@​bbatsov][])
  • #15268: Fix an incorrect autocorrect for Style/ClassEqualityComparison when comparing Class itself to a string literal (e.g. var.class == 'Date'), which produced var.instance_of?('Date') and raised TypeError; such comparisons are no longer autocorrected. ([@​bbatsov][])
  • #15274: Fix an incorrect autocorrect for Style/ClassMethodsDefinitions that corrupted a preceding comment containing def <name> and left the method undefined as a class method. ([@​bbatsov][])
  • #15270: Fix an incorrect autocorrect for Style/ComparableClamp when the clamped value is an operator expression (e.g. a + b), which produced mis-parsed code like a + b.clamp(low, high). ([@​bbatsov][])
  • #15267: Fix an incorrect autocorrect for Style/ConcatArrayLiterals with an empty array literal argument (e.g. arr.concat([], [b])), which produced invalid Ruby like arr.push(, b). ([@​bbatsov][])
  • #15274: Fix an incorrect autocorrect for Style/DigChain that duplicated a trailing comment and dropped indentation when the chain was inside a method or block. ([@​bbatsov][])
  • #15288: Fix an incorrect autocorrect for Lint/UselessTimes when a 1.times block takes a single destructured (|(a, b)|) or splat (|*a|) argument, which produced a body referencing an undefined variable. ([@​bbatsov][])

... (truncated)

Commits
  • 37bf5ad Cut 1.88
  • cd0c2e3 Update Changelog
  • b7af64a [Fix #12276] Record pending cops options in the auto-gen-config command
  • bbd7ff2 Add hk integration docs
  • 117e40a Merge pull request #15293 from RedZapdos123/fix-literal-interp-hash-symbol
  • 4d95141 [Fix #15291] Fix hash symbol interpolation
  • 0347d27 Add Recursive option to Style/MutableConstant
  • f0d92b4 Fix incorrect autocorrects for Style/FileWrite with heredocs
  • 32df346 Fix an incorrect autocorrect for Style/Semicolon with heredocs
  • 4c221fb [Fix #15269] Fix a false positive where cop Include patterns matched parent...
  • Additional commits viewable in compare view

Updates auth-sanitizer from 0.2.1 to 0.2.2

Release notes

Sourced from auth-sanitizer's releases.

v0.2.2

0.2.2 - 2026-06-18

  • TAG: v0.2.2
  • COVERAGE: 100.00% -- 145/145 lines in 6 files
  • BRANCH COVERAGE: 100.00% -- 28/28 branches in 6 files
  • 84.62% documented

Changed

  • Documented the released anonymous_loader gem as the preferred reusable helper for zero-auth-sanitizer-namespace loading.

Fixed

  • Documented the $LOAD_PATH fallback needed by isolated loader consumers when Bundler standalone setup provides auth_sanitizer/loader.rb without a matching Gem.loaded_specs or GEM_PATH entry.

Official Discord 👉️ Live Chat on Discord

Many paths lead to being a sponsor or a backer of this project. Are you on such a path?

OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal

Buy me a coffee Donate on Polar Donate to my FLOSS efforts at ko-fi.com Donate to my FLOSS efforts using Patreon

Changelog

Sourced from auth-sanitizer's changelog.

[0.2.2] - 2026-06-18

  • TAG: [v0.2.2][0.2.2t]
  • COVERAGE: 100.00% -- 145/145 lines in 6 files
  • BRANCH COVERAGE: 100.00% -- 28/28 branches in 6 files
  • 84.62% documented

Changed

  • Documented the released anonymous_loader gem as the preferred reusable helper for zero-auth-sanitizer-namespace loading.

Fixed

  • Documented the $LOAD_PATH fallback needed by isolated loader consumers when Bundler standalone setup provides auth_sanitizer/loader.rb without a matching Gem.loaded_specs or GEM_PATH entry.
Commits
  • b43c584 🔖 Prepare release v0.2.2
  • ce05777 📝 Document anonymous_loader usage
  • 29371b1 📝 Document standalone loader fallback
  • bc31e2e 💸 Thanks 🙏 to our new backers 🎒 and subscribers 📜
  • 66d050b 🔒️ Checksums for v0.2.1
  • See full diff in compare view

Updates concurrent-ruby from 1.3.6 to 1.3.7

Release notes

Sourced from concurrent-ruby's releases.

v1.3.7

There are 3 security fixes in this release, so updating is recommended. These security vulnerabilities are not very likely to be hit in practice and have a corresponding Low severity score.

What's Changed

New Contributors

Full Changelog: ruby-concurrency/concurrent-ruby@v1.3.6...v1.3.7

Changelog

Sourced from concurrent-ruby's changelog.

Release v1.3.7 (16 June 2026)

concurrent-ruby:

Commits
  • 4c8fc28 Release 1.3.7
  • d91ca94 Fix AtomicReference#update livelock when stored value is Float::NAN on JRuby ...
  • 7e4d711 Fix ReentrantReadWriteLock read hold overflow into write-lock bit
  • 6e37e06 Fix AtomicReference#update livelock when stored value is Float::NAN
  • 2825cfa Cleanup spec
  • 3fd4932 Fix ReadWriteLock wrong-thread write release and stray read release
  • 1974b47 Add Ruby 4.0 in CI
  • df8706d Add SECURITY.md (#1104)
  • 7a1b789 Bump actions/upload-pages-artifact from 4 to 5
  • 9b2dbf7 Bump actions/deploy-pages from 4 to 5
  • Additional commits viewable in compare view

Updates faraday from 2.14.2 to 2.14.3

Release notes

Sourced from faraday's releases.

v2.14.3

Security Note

This release contains a security fix, we recommend all users to upgrade as soon as possible. A Security Advisory with more details will be posted shortly.

What's Changed

New Contributors

Full Changelog: lostisland/faraday@v2.14.2...v2.14.3

Commits

Updates i18n from 1.14.8 to 1.15.1

Release notes

Sourced from i18n's releases.

v1.15.1

What's Changed

New Contributors

Full Changelog: ruby-i18n/i18n@v1.15.0...v1.15.1

v1.15.0

What's Changed

New Contributors

Full Changelog: ruby-i18n/i18n@v1.14.8...v1.15.0

Commits

Updates json from 2.19.8 to 2.19.9

Release notes

Sourced from json's releases.

v2.19.9

  • Fix buffer overflow that could lead to a crash when writing JSON directly into an IO with JSON.generate(object, io). [CVE-2026-54696].

Full Changelog: ruby/json@v2.19.8...v2.19.9

Changelog

Sourced from json's changelog.

2026-06-11 (2.19.9)

  • Fix buffer overflow that could lead to a crash when writing JSON directly into an IO with JSON.generate(object, io). [CVE-2026-54696].
Commits

Updates oauth2 from 2.0.22 to 2.0.24

Release notes

Sourced from oauth2's releases.

v2.0.24

2.0.24 - 2026-06-18

  • TAG: v2.0.24
  • COVERAGE: 100.00% -- 558/558 lines in 15 files
  • BRANCH COVERAGE: 97.89% -- 186/190 branches in 15 files
  • 88.35% documented

Changed

  • Raised the anonymous_loader runtime dependency floor to >= 0.1.1.
  • Raised the auth-sanitizer runtime dependency floor to >= 0.2.2 and switched isolated sanitizer loading to the released anonymous_loader gem, including local workspace wiring for the new runtime dependency.

Fixed

  • Fixed isolated auth-sanitizer loading when Bundler standalone setup makes auth_sanitizer/loader.rb available on $LOAD_PATH without adding auth-sanitizer to Gem.loaded_specs or GEM_PATH.

Official Discord 👉️ [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite]

Many paths lead to being a sponsor or a backer of this project. Are you on such a path?

OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal

Buy me a coffee Donate on Polar Donate to my FLOSS efforts at ko-fi.com Donate to my FLOSS efforts using Patreon

... (truncated)

Changelog

Sourced from oauth2's changelog.

[2.0.24] - 2026-06-18

  • TAG: [v2.0.24][2.0.24t]
  • COVERAGE: 100.00% -- 558/558 lines in 15 files
  • BRANCH COVERAGE: 97.89% -- 186/190 branches in 15 files
  • 88.35% documented

Changed

  • Raised the anonymous_loader runtime dependency floor to >= 0.1.1.
  • Raised the auth-sanitizer runtime dependency floor to >= 0.2.2 and switched isolated sanitizer loading to the released anonymous_loader gem, including local workspace wiring for the new runtime dependency.

Fixed

  • Fixed isolated auth-sanitizer loading when Bundler standalone setup makes auth_sanitizer/loader.rb available on $LOAD_PATH without adding auth-sanitizer to Gem.loaded_specs or GEM_PATH.

[2.0.23] - 2026-06-13

  • TAG: [v2.0.23][2.0.23t]
  • COVERAGE: 100.00% -- 562/562 lines in 15 files
  • BRANCH COVERAGE: 97.89% -- 186/190 branches in 15 files
  • 88.35% documented

Changed

  • Upgraded to snaky_hash v2.0.6 by @​pboling
  • Refreshed generated GHA workflow action SHA pins by @​pboling

Fixed

  • Addressed Reek code-quality checks with targeted cleanup and documented compatibility exclusions by @​pboling
  • Fixed deprecation warning from MultiXML by @​robzolkos
  • Fixed head appraisal dependency conflicts and Ruby 2.4 protocol-relative redirect handling by @​pboling
Commits
  • 4f239dc 🧪 Fix head and old TruffleRuby CI appraisals
  • de0636f 📝 Prune internal changelog entries
  • 2f643a5 🧪 Isolate auth sanitizer subprocess environment
  • 21deed4 📝 Update CHANGELOG.md
  • 844f143 🧪 Disable RubyGems prelude in auth sanitizer load spec
  • 7064cc5 📝 Update CHANGELOG.md
  • e0858bd 🧪 Isolate auth sanitizer load path spec from Bundler
  • 7032b58 🔖 Prepare release v2.0.24
  • bf06b5f 🧩 Regenerate anonymous loader template output
  • f46551c ⬆️ Raise anonymous_loader floor to 0.1.1
  • Additional commits viewable in compare view

Updates snaky_hash from 2.0.5 to 2.0.6

Release notes

Sourced from snaky_hash's releases.

v2.0.6

2.0.6 - 2026-06-11

  • TAG: v2.0.6
  • COVERAGE: 100.00% -- 133/133 lines in 7 files
  • BRANCH COVERAGE: 100.00% -- 38/38 branches in 7 files
  • 92.86% documented

Fixed

  • Restored docs/CNAME so the generated documentation site keeps its custom domain.
  • Removed stale legacy CI workflows and duplicate extracted-stdlib gem declarations from generated Appraisal gemfiles.

Official Discord 👉️ Live Chat on Discord

Many paths lead to being a sponsor or a backer of this project. Are you on such a path?

OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal

Buy me a coffee Donate on Polar Donate to my FLOSS efforts at ko-fi.com Donate to my FLOSS efforts using Patreon

Changelog

Sourced from snaky_hash's changelog.

[2.0.6] - 2026-06-11

  • TAG: [v2.0.6][2.0.6t]
  • COVERAGE: 100.00% -- 133/133 lines in 7 files
  • BRANCH COVERAGE: 100.00% -- 38/38 branches in 7 files
  • 92.86% documented

Fixed

  • Restored docs/CNAME so the generated documentation site keeps its custom domain.
  • Removed stale legacy CI workflows and duplicate extracted-stdlib gem declarations from generated Appraisal gemfiles.
Commits

Bumps the bundler group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [rubocop](https://github.com/rubocop/rubocop) | `1.87.0` | `1.88.0` |
| [auth-sanitizer](https://github.com/ruby-oauth/auth-sanitizer) | `0.2.1` | `0.2.2` |
| [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby) | `1.3.6` | `1.3.7` |
| [faraday](https://github.com/lostisland/faraday) | `2.14.2` | `2.14.3` |
| [i18n](https://github.com/ruby-i18n/i18n) | `1.14.8` | `1.15.1` |
| [oauth2](https://github.com/ruby-oauth/oauth2) | `2.0.22` | `2.0.24` |



Updates `rubocop` from 1.87.0 to 1.88.0
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop@v1.87.0...v1.88.0)

Updates `auth-sanitizer` from 0.2.1 to 0.2.2
- [Release notes](https://github.com/ruby-oauth/auth-sanitizer/releases)
- [Changelog](https://github.com/ruby-oauth/auth-sanitizer/blob/main/CHANGELOG.md)
- [Commits](ruby-oauth/auth-sanitizer@v0.2.1...v0.2.2)

Updates `concurrent-ruby` from 1.3.6 to 1.3.7
- [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases)
- [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md)
- [Commits](ruby-concurrency/concurrent-ruby@v1.3.6...v1.3.7)

Updates `faraday` from 2.14.2 to 2.14.3
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](lostisland/faraday@v2.14.2...v2.14.3)

Updates `i18n` from 1.14.8 to 1.15.1
- [Release notes](https://github.com/ruby-i18n/i18n/releases)
- [Changelog](https://github.com/ruby-i18n/i18n/blob/master/CHANGELOG.md)
- [Commits](ruby-i18n/i18n@v1.14.8...v1.15.1)

Updates `json` from 2.19.8 to 2.19.9
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v2.19.8...v2.19.9)

Updates `oauth2` from 2.0.22 to 2.0.24
- [Release notes](https://github.com/ruby-oauth/oauth2/releases)
- [Changelog](https://github.com/ruby-oauth/oauth2/blob/main/CHANGELOG.md)
- [Commits](ruby-oauth/oauth2@v2.0.22...v2.0.24)

Updates `snaky_hash` from 2.0.5 to 2.0.6
- [Release notes](https://github.com/ruby-oauth/snaky_hash/releases)
- [Changelog](https://github.com/ruby-oauth/snaky_hash/blob/main/CHANGELOG.md)
- [Commits](ruby-oauth/snaky_hash@v2.0.5...v2.0.6)

Updates `version_gem` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/ruby-oauth/version_gem/releases)
- [Changelog](https://github.com/ruby-oauth/version_gem/blob/main/CHANGELOG.md)
- [Commits](ruby-oauth/version_gem@v1.1.11...v1.1.12)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-version: 1.88.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bundler
- dependency-name: auth-sanitizer
  dependency-version: 0.2.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: bundler
- dependency-name: concurrent-ruby
  dependency-version: 1.3.7
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: bundler
- dependency-name: faraday
  dependency-version: 2.14.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: bundler
- dependency-name: i18n
  dependency-version: 1.15.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: bundler
- dependency-name: json
  dependency-version: 2.19.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: bundler
- dependency-name: oauth2
  dependency-version: 2.0.24
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: bundler
- dependency-name: snaky_hash
  dependency-version: 2.0.6
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: bundler
- dependency-name: version_gem
  dependency-version: 1.1.12
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: bundler
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jun 19, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 23, 2026
@dependabot dependabot Bot deleted the dependabot/bundler/bundler-20030f292c branch June 23, 2026 06:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants