🚨 [security] Update rubocop-rspec 2.25.0 → 3.0.2 (major)

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ rubocop-rspec (2.25.0 → 3.0.2) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

✳️ rubocop (1.57.2 → 1.64.1) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ json (indirect, 2.6.3 → 2.7.2) · Repo · Changelog

Release Notes

2.7.2

What's Changed

Use rb_sym2str instead of SYM2ID by @jhawthorn in #561

Fix memory leak when exception is raised during JSON generation by @peterzhu2118 in #574

Remove references to "19" methods in JRuby by @headius in #576

Make OpenStruct support as optional by @hsbt in #565

Autoload JSON::GenericObject to avoid require ostruct warning in Ruby 3.4 by @tompng in #577

Warn to install ostruct if json couldn't load it by @hsbt in #578

New Contributors

@mperham made their first contribution in #571

@peterzhu2118 made their first contribution in #574

Full Changelog: v2.7.1...v2.7.2

2.7.1

What's Changed

Improved

[DOC] RDoc for additions by @BurdetteLamar in #557

Fixed

JSON.dump: handle unenclosed hashes regression by @casperisfine in #554

Overload kwargs in JSON.dump by @k0kubun in #556

Fix JSON.dump overload combination by @tompng in #558

Misc

Remove needless encodings by @hsbt in #559

Unify versions by @hsbt in #560

New Contributors

@k0kubun made their first contribution in #556

@tompng made their first contribution in #558

Full Changelog: v2.7.0...v2.7.1

2.7.0

What's Changed

Improved

Perf. improvements to Hash#to_json in pure implementation generator. by @vipulnsward in #203

Remove unnecessary initialization of create_id in JSON.parse() by @Watson1978 in #454

Added

Call super in included hook by @paracycle in #486

Rename escape_slash in script_safe and also escape E+2028 and E+2029 by @casperisfine in #525

Add a strict option to Generator by @casperisfine in #519

Fixed

Fix homepage url in gemspec by @unasuke in #508

Fix dead link to Ragel in README by @okuramasafumi in #509

[DOC] Fix yet another dead link to Ragel by @nobu in #510

Fix "unexpected token" offset for Infinity by @jhawthorn in #507

Use ruby_xfree to free buffers by @casperisfine in #518

Compatibility changes

JRuby requires a minimum of Java 8 by @headius in #516

Rename JSON::ParseError to JSON:ParserError by @dalizard in #530

Removed code for Ruby 1.8 by @hsbt in #540

alias_method is private on Ruby 2.3 and 2.4 by @hsbt in #541

remove_method of Module is private at Ruby 2.3 and 2.4 by @hsbt in #544

[jruby] avoid using deprecated BigDecimal.new by @kares in #546

Always indent even if empty by @headius in #517

Misc

Update CI matrix by @hsbt in #521

Add missing changelog entries for 1.8.5 and 1.8.6 by @r7kamura in #520

Actions workflow - Add new OS's, Ruby 3.1, Ruby master, Windows by @MSP-Greg in #491

Skip unsupported test on JRuby by @nobu in #532

Skip BigDecimal tests when it's missing to load by @hsbt in #533

Simplify by @nobu in #531

Load extension ('json/ext') consistently in test_ext by @aeroastro in #536

Use test-unit-ruby-core gem by @hsbt in #539

[CI] Add Windows mswin job by @MSP-Greg in #545

Exclude truffleruby-head from Actions by @hsbt in #551

tests/ractor_test.rb: make assert_separately available by @lucaskanashiro in #506

Added changes for 2.7.0 and restore entries to 2.6.3 and 2.6.2 by @hsbt in #552

New Contributors

@unasuke made their first contribution in #508

@okuramasafumi made their first contribution in #509

@r7kamura made their first contribution in #520

@MSP-Greg made their first contribution in #491

@paracycle made their first contribution in #486

@dalizard made their first contribution in #530

@aeroastro made their first contribution in #536

@jhawthorn made their first contribution in #507

@lucaskanashiro made their first contribution in #506

@Watson1978 made their first contribution in #454

Full Changelog: v2.6.3...v2.7.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ parallel (indirect, 1.23.0 → 1.25.1) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ parser (indirect, 3.2.2.4 → 3.3.3.0) · Repo · Changelog

Release Notes

3.3.3.0 (from changelog)

API modifications:

Bump maintenance branches to 3.3.3 (#1023) (Koichi ITO)

Bump Racc to 1.8.0 (#1018) (Koichi ITO)

3.3.2.0 (from changelog)

API modifications:

Bump 3.3 branch to 3.3.2 (Ilya Bylich)

Bump 3.1 branch to 3.1.6 (#1014) (Koichi ITO)

3.3.1.0 (from changelog)

API modifications:

Bump parser branches to 3.0.7, 3.1.5, 3.2.4, 3.3.1 (#1011) (Ilya Bylich)

Use require_relative in the Parser codebase (#1003) (Koichi ITO)

Features implemented:

ruby{33,34}.y: allow blocks inherit anonymous args. (#1010) (Ilya Bylich)

Raise a more specific error when encountering an unknown magic comment encoding (#999) (Earlopain)

3.3.0.5 (from changelog)

API modifications:

Bump 3.2 branch to 3.2.3 (#993) (Koichi ITO)

3.3.0.4 (from changelog)

Features implemented:

Register a Ruby 3.4 parser (#991) (Jean byroot Boussier)

3.3.0.3 (from changelog)

Bugs fixed:

lexer.rl: accept tabs before closing heredoc delimiter (#990) (Ilya Bylich)

3.3.0.2 (from changelog)

Bugs fixed:

Fix an error when using heredoc with non-word delimiters (#987) (Koichi ITO)

3.3.0.1 (from changelog)

Bugs fixed:

Supports Ruby 2.0+ runtime (#986) (Koichi ITO)

3.3.0.0 (from changelog)

API modifications:

current.rb: mark 3.3 branch as stable (#984) (Ilya Bylich)

ruby33.y: extract string_dend (#969) (Ilya Bylich)

lexer.rl: treat numparams as locals (#968) (Ilya Bylich)

ruby33.y: extract words_sep (#967) (Ilya Bylich)

literal.rb: match heredoc identifier from end of line (#965) (Ilya Bylich)

ruby33.y: extract {endless_command,endless_arg} rules (#964) (Ilya Bylich)

Bump Racc to 1.7.3 (#954) (Koichi ITO)

Features implemented:

ruby33.y: reject ambiguous anonymous arguments (#983) (Ilya Bylich)

ruby33.y: extract arg_splat rule. (#981) (Ilya Bylich)

builder.rb: warn it in a block with no ordinary params. (#980) (Ilya Bylich)

builder.rb: extract named captures only from static regexes. (#979) (Ilya Bylich)

ruby33.y: accept expr_value in sclass definition. (#978) (Ilya Bylich)

ruby33.y: extract p_in_kwarg (#977) (Ilya Bylich)

ruby33.y: extract p_assoc and p_in rules (#976) (Ilya Bylich)

ruby33.y: reject invalid gvar as symbol (#974) (Ilya Bylich)

ruby33.y: properly restore in_defined flag, extract begin_defined rule (#973) (Ilya Bylich)

builder.rb: reject multi-char gvar names starting with 0 (#972) (Ilya Bylich)

ruby33.y: allow semicolon in parenthesis at the first argument of command call (#971) (Ilya Bylich)

ruby33.y: parse qualified const with brace block as a method call (#970) (Ilya Bylich)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ racc (indirect, 1.7.3 → 1.8.0) · Repo · Changelog

Release Notes

1.8.0

What's Changed

Generate jar to build gem by @nobu in #255

Fix trivial typos by @ydah in #257

Try to fix test failure with Ruby 3.3 by @hsbt in #260

Reformat the rdoc so it renders correctly both locally and on github. by @zenspider in #258

Allow racc cmdline to read from stdin if no path specified. by @zenspider in #259

Add more grammars by @nurse in #222

Exclude 2.5 on macos-latest by @nobu in #263

Drop code for Ruby 1.6 by @nobu in #264

Refactor command line options by @nobu in #265

Change encode EUC-JP to UTF-8 by @ydah in #267

Organize README.ja.rdoc by @ydah in #266

Support error_on_expect_mismatch declaration in Racc grammar file by @yui-knk in #262

Bump up v1.8.0 by @yui-knk in #268

New Contributors

@ydah made their first contribution in #257

@nurse made their first contribution in #222

Full Changelog: v1.7.3...v1.8.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ regexp_parser (indirect, 2.8.2 → 2.9.2) · Repo · Changelog

Release Notes

2.9.2 (from changelog)

Fixed

made the MFA requirement for changes to this gem visible on rubygems

thanks to Geremia Taglialatela

2.9.1 (from changelog)

Fixed

fixed unnecessary $LOAD_PATH searches at load time

thanks to Koichi ITO

2.9.0 (from changelog)

Added

all expressions now respond to #negative? / #negated?

previously only sets, props, and posix classes did

implemented #negative? / #negated? for more applicable expressions

\B, \D, \H, \S, \W, (?!...), (?<!...)

Fixed

fixed missing support for grapheme cluster break unicode properties

e.g. /\p{Grapheme_Cluster_Break=Extend}/

2.8.3 (from changelog)

Fixed

fixed scanner errors for insignificant leading zeros in numerical group refs

e.g. (a)\k<01>, (a)\g<-01>, (a)?(?(01)b|c)

thanks to Markus Schirp for the report

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rexml (indirect, 3.2.6 → 3.3.1) · Repo · Changelog

Security Advisories 🚨

🚨 REXML contains a denial of service vulnerability

Impact

The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many <s in an attribute value.

If you need to parse untrusted XMLs, you many be impacted to this vulnerability.

Patches

The REXML gem 3.2.7 or later include the patch to fix this vulnerability.

Workarounds

Don't parse untrusted XMLs.

References

https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/

Release Notes

3.3.1

Improvements

Added support for detecting malformed top-level comments.

GH-145

Patch by Hiroya Fujinami.

Improved REXML::Element#attribute performance.

GH-146

Patch by Hiroya Fujinami.

Added support for detecting malformed <!--> comments.

GH-147

Patch by Hiroya Fujinami.

Added support for detecting unclosed DOCTYPE.

GH-152

Patch by Hiroya Fujinami.

Added changlog_uri metadata to gemspec.

GH-156

Patch by fynsta.

Improved parse performance.

GH-157

GH-158

Patch by NAITOH Jun.

Fixes

Fixed a bug that large XML can't be parsed.

GH-154

Patch by NAITOH Jun.

Fixed a bug that private constants are visible.

GH-155

Patch by NAITOH Jun.

Thanks

Hiroya Fujinami

NAITOH Jun

fynsta

3.3.0

Improvements

Added support for strscan 0.7.0 installed with Ruby 2.6.

GH-142

Reported by Fernando Trigoso.

Thanks

Fernando Trigoso

3.2.9

Improvements

Added support for old strscan.

GH-132

Reported by Adam

Improved attribute value parse performance.

GH-135

Patch by NAITOH Jun.

Improved REXML::Node#each_recursive performance.

GH-134

GH-139

Patch by Hiroya Fujinami.

Improved text parse performance.

Reported by mprogrammer.

Thanks

Adam

NAITOH Jun

Hiroya Fujinami

mprogrammer

3.2.8

Fixes

Suppressed a warning

3.2.7

Improvements

Improve parse performance by using StringScanner.

GH-106

GH-107

GH-108

GH-109

GH-112

GH-113

GH-114

GH-115

GH-116

GH-117

GH-118

GH-119

GH-121

Patch by NAITOH Jun.

Improved parse performance when an attribute has many <s.

GH-124

Fixes

XPath: Fixed a bug of normalize_space(array).

GH-110

GH-111

Patch by flatisland.

XPath: Fixed a bug that wrong position is used with nested path.

GH-110

GH-122

Reported by jcavalieri.

Patch by NAITOH Jun.

Fixed a bug that an exception message can't be generated for
invalid encoding XML.

GH-29

GH-123

Reported by DuKewu.

Patch by NAITOH Jun.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rubocop-ast (indirect, 1.30.0 → 1.31.3) · Repo · Changelog

Release Notes

1.31.3 (from changelog)

Bug fixes

#289: Fix an error during parsing when encountering unknown encodings in the encoding magic comment. (@Earlopain)

1.31.2 (from changelog)

Bug fixes

#286: Improve error message for invalid parser_engine value. (@Earlopain)

1.31.1 (from changelog)

Changes

#282: Remove Prism from runtime dependency. (@koic)

1.31.0 (from changelog)

New features

#277: Support Prism as a Ruby parser (experimental). (@koic)

#276: Support Parser::Ruby34 for Ruby 3.4 parser (experimental). (@koic)

Changes

#279: (Compatibility) Drop Ruby 2.6 runtime support. (@koic)

#272: Make Node#left_curly_brace? aware of lambda brace. (@koic)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

🆕 strscan (added, 3.1.0)

🗑️ rubocop-capybara (removed)

🗑️ rubocop-factory_bot (removed)

Depfu Status

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@depfu rebase
Rebases against your default branch and redoes this update

@depfu recreate
Recreates this PR, overwriting any edits that you've made to it

@depfu merge
Merges this PR once your tests are passing and conflicts are resolved

@depfu cancel merge
Cancels automatic merging of this PR

@depfu close
Closes this PR and deletes the branch

@depfu reopen
Restores the branch and reopens this PR (if it's closed)

@depfu pause
Ignores all future updates for this dependency and closes this PR

@depfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR

@depfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)

5fpro / rails-template