dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.74k stars 1.03k forks source link

Bump the prod-dependencies group across 1 directory with 21 updates #10983

Closed dependabot[bot] closed 4 days ago

dependabot[bot] commented 1 week ago

Bumps the prod-dependencies group with 19 updates in the /updater directory:

Package From To
http 5.1.1 5.2.0
opentelemetry-exporter-otlp-metrics 0.1.0 0.2.0
opentelemetry-instrumentation-excon 0.22.0 0.22.4
opentelemetry-instrumentation-http 0.23.2 0.23.4
opentelemetry-instrumentation-net_http 0.22.4 0.22.7
opentelemetry-metrics-sdk 0.2.0 0.4.0
sentry-opentelemetry 5.16.1 5.21.0
aws-sdk-codecommit 1.63.0 1.80.0
aws-sdk-ecr 1.68.0 1.88.0
faraday 2.7.11 2.12.1
faraday-retry 2.2.0 2.2.1
gitlab 5.0.0 5.1.0
json 2.6.3 2.8.2
nokogiri 1.16.5 1.16.7
parser 3.3.5.0 3.3.6.0
psych 5.1.2 5.2.0
sorbet-runtime 0.5.11577 0.5.11647
stackprof 0.2.25 0.2.26
parseconfig 1.0.8 1.1.2

Updates http from 5.1.1 to 5.2.0

Changelog

Sourced from http's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

Removed

  • BREAKING Drop Ruby 2.x support
Commits
  • bb754c7 Release v5.2.0
  • de1e319 ci: Cleanup and update workflow
  • 02e66b0 ci: Add Ruby 3.3 to the test matrix
  • 81d281e SECURITY.md: use private vulnerability reporting feature (#772)
  • 03370c6 Fix changelog uri in gemspec
  • f7e16c8 Add support for the PURGE HTTP method. (#757)
  • 8b802bf Do more conservative URL normalization (#758)
  • 65276d7 Prevent CRLF injection due to broken URL normalizer (#765)
  • 3b7133c fix: close sockets on initialize timeout (#762)
  • 4060ccd not_found requires two arguments (#761)
  • Additional commits viewable in compare view


Updates opentelemetry-exporter-otlp-metrics from 0.1.0 to 0.2.0

Release notes

Sourced from opentelemetry-exporter-otlp-metrics's releases.

opentelemetry-exporter-otlp-metrics 0.2.0

v0.2.0 / 2024-11-19

  • ADDED: Add basic metrics view
  • FIXED: Remove Metrics OTLP exporter Util#measure_request_duration and duplicate files
  • FIXED: Add mTLS for metrics exporter
Changelog

Sourced from opentelemetry-exporter-otlp-metrics's changelog.

v0.2.0 / 2024-11-19

  • ADDED: Add basic metrics view
  • FIXED: Remove Metrics OTLP exporter Util#measure_request_duration and duplicate files
  • FIXED: Add mTLS for metrics exporter
Commits


Updates opentelemetry-instrumentation-excon from 0.22.0 to 0.22.4

Release notes

Sourced from opentelemetry-instrumentation-excon's releases.

opentelemetry-instrumentation-excon 0.22.4

v0.22.4 / 2024-07-23

  • DOCS: Add cspell to CI

opentelemetry-instrumentation-excon 0.22.3

v0.22.3 / 2024-06-18

  • FIXED: Relax otel common gem constraints
  • FIXED: Add http.url to Excon instrumentation
Changelog

Sourced from opentelemetry-instrumentation-excon's changelog.

v0.22.4 / 2024-07-23

  • DOCS: Add cspell to CI

v0.22.3 / 2024-06-18

  • FIXED: Relax otel common gem constraints
  • FIXED: Add http.url to Excon instrumentation

v0.22.2 / 2024-05-09

  • FIXED: Untrace entire request

v0.22.1 / 2024-04-30

  • FIXED: Bundler conflict warnings
Commits


Updates opentelemetry-instrumentation-http from 0.23.2 to 0.23.4

Release notes

Sourced from opentelemetry-instrumentation-http's releases.

opentelemetry-instrumentation-http 0.23.4

v0.23.4 / 2024-07-23

  • DOCS: Add cspell to CI
Changelog

Sourced from opentelemetry-instrumentation-http's changelog.

v0.23.4 / 2024-07-23

  • DOCS: Add cspell to CI

v0.23.3 / 2024-04-30

  • FIXED: Bundler conflict warnings
Commits


Updates opentelemetry-instrumentation-net_http from 0.22.4 to 0.22.7

Release notes

Sourced from opentelemetry-instrumentation-net_http's releases.

opentelemetry-instrumentation-net_http 0.22.7

v0.22.7 / 2024-07-23

  • DOCS: Add cspell to CI

opentelemetry-instrumentation-net_http 0.22.6

v0.22.6 / 2024-06-18

  • FIXED: Relax otel common gem constraints
Changelog

Sourced from opentelemetry-instrumentation-net_http's changelog.

v0.22.7 / 2024-07-23

  • DOCS: Add cspell to CI

v0.22.6 / 2024-06-18

  • FIXED: Relax otel common gem constraints

v0.22.5 / 2024-05-09

  • FIXED: Untrace entire request
Commits


Updates opentelemetry-metrics-sdk from 0.2.0 to 0.4.0

Release notes

Sourced from opentelemetry-metrics-sdk's releases.

opentelemetry-metrics-sdk 0.4.0

v0.4.0 / 2024-11-19

  • ADDED: Update metrics configuration patch

opentelemetry-metrics-sdk 0.3.0

v0.3.0 / 2024-10-22

  • ADDED: Add basic metrics view
  • FIXED: Coerce aggregation_temporality to symbol
  • FIXED: Add warning if invalid meter name given
Changelog

Sourced from opentelemetry-metrics-sdk's changelog.

v0.4.0 / 2024-11-19

  • ADDED: Update metrics configuration patch

v0.3.0 / 2024-10-22

  • ADDED: Add basic metrics view
  • FIXED: Coerce aggregation_temporality to symbol
  • FIXED: Add warning if invalid meter name given
Commits


Updates sentry-opentelemetry from 5.16.1 to 5.21.0

Release notes

Sourced from sentry-opentelemetry's releases.

5.21.0

Features

  • Experimental support for multi-threaded profiling using Vernier (#2372)

    You can have much better profiles if you're using multi-threaded servers like Puma now by leveraging Vernier. To use it, first add vernier to your Gemfile and make sure it is loaded before sentry-ruby.

    # Gemfile
    

    gem 'vernier'
    gem 'sentry-ruby'

    Then, set a profiles_sample_rate and the new profiler_class configuration in your sentry initializer to use the new profiler.

    # config/initializers/sentry.rb
    

    Sentry.init do |config|

    ...

    config.profiles_sample_rate = 1.0
    config.profiler_class = Sentry::Vernier::Profiler
    end

Internal

  • Profile items have bigger size limit now (#2421)
  • Consistent string freezing (#2422)

5.20.1

Bug Fixes

  • Skip rubocop.yml in spec.files (#2420)

5.20.0

  • Add support for $SENTRY_DEBUG and $SENTRY_SPOTLIGHT (#2374)
  • Support human readable intervals in sidekiq-cron (#2387)
  • Set default app dirs pattern (#2390)
  • Add new strip_backtrace_load_path boolean config (default true) to enable disabling load path stripping (#2409)

Bug Fixes

  • Fix error events missing a DSC when there's an active span (#2408)
  • Verifies presence of client before adding a breadcrumb (#2394)
  • Fix Net:HTTP integration for non-ASCII URI's (#2417)
  • Prevent Hub from having nil scope and client (#2402)

... (truncated)

Changelog

Sourced from sentry-opentelemetry's changelog.

5.21.0

Features

  • Experimental support for multi-threaded profiling using Vernier (#2372)

    You can have much better profiles if you're using multi-threaded servers like Puma now by leveraging Vernier. To use it, first add vernier to your Gemfile and make sure it is loaded before sentry-ruby.

    # Gemfile
    

    gem 'vernier'
    gem 'sentry-ruby'

    Then, set a profiles_sample_rate and the new profiler_class configuration in your sentry initializer to use the new profiler.

    # config/initializers/sentry.rb
    

    Sentry.init do |config|

    ...

    config.profiles_sample_rate = 1.0
    config.profiler_class = Sentry::Vernier::Profiler
    end

Internal

  • Profile items have bigger size limit now (#2421)
  • Consistent string freezing (#2422)

5.20.1

Bug Fixes

  • Skip rubocop.yml in spec.files (#2420)

5.20.0

  • Add support for $SENTRY_DEBUG and $SENTRY_SPOTLIGHT (#2374)
  • Support human readable intervals in sidekiq-cron (#2387)
  • Set default app dirs pattern (#2390)
  • Add new strip_backtrace_load_path boolean config (default true) to enable disabling load path stripping (#2409)

Bug Fixes

  • Fix error events missing a DSC when there's an active span (#2408)
  • Verifies presence of client before adding a breadcrumb (#2394)

... (truncated)

Commits


Updates sentry-ruby from 5.16.1 to 5.21.0

Changelog

Sourced from sentry-ruby's changelog.

5.21.0

Features

  • Experimental support for multi-threaded profiling using Vernier (#2372)

    You can have much better profiles if you're using multi-threaded servers like Puma now by leveraging Vernier. To use it, first add vernier to your Gemfile and make sure it is loaded before sentry-ruby.

    # Gemfile
    

    gem 'vernier'
    gem 'sentry-ruby'

    Then, set a profiles_sample_rate and the new profiler_class configuration in your sentry initializer to use the new profiler.

    # config/initializers/sentry.rb
    

    Sentry.init do |config|

    ...

    config.profiles_sample_rate = 1.0
    config.profiler_class = Sentry::Vernier::Profiler
    end

Internal

  • Profile items have bigger size limit now (#2421)
  • Consistent string freezing (#2422)

5.20.1

Bug Fixes

  • Skip rubocop.yml in spec.files (#2420)

5.20.0

  • Add support for $SENTRY_DEBUG and $SENTRY_SPOTLIGHT (#2374)
  • Support human readable intervals in sidekiq-cron (#2387)
  • Set default app dirs pattern (#2390)
  • Add new strip_backtrace_load_path boolean config (default true) to enable disabling load path stripping (#2409)

Bug Fixes

  • Fix error events missing a DSC when there's an active span (#2408)
  • Verifies presence of client before adding a breadcrumb (#2394)

... (truncated)

Commits
  • d56c2bb release: 5.21.0
  • 5b1b558 Consistent string freezing (#2422)
  • 8dc3d2d Experimental support for multi-threaded profiling using Vernier (#2372)
  • a070e08 Generalize size limits based on envelope item type (#2421)
  • 84bf2cf release: 5.20.1
  • d96e8e1 Ignore rubocop file in spec files (#2420)
  • 34ba320 release: 5.20.0
  • af8fcdd Prevent Hub from having nil scope and client (#2402)
  • 152eb5e fix: Unable to use sentry when URI contains non-ascii symbols on Net::HTTP tr...
  • 0c875e4 Skip concurrent threaded test on jruby (#2415)
  • Additional commits viewable in compare view


Updates aws-sdk-codecommit from 1.63.0 to 1.80.0

Changelog

Sourced from aws-sdk-codecommit's changelog.

1.80.0 (2024-11-18)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.79.0 (2024-10-18)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.78.0 (2024-09-24)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.77.0 (2024-09-23)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.76.0 (2024-09-20)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.75.0 (2024-09-11)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.74.0 (2024-09-10)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.73.0 (2024-09-03)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.72.0 (2024-07-25)

  • Feature - CreateRepository API now throws OperationNotAllowedException when the account has been restricted from creating a repository.

1.71.0 (2024-07-02)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

... (truncated)

Commits


Updates aws-sdk-ecr from 1.68.0 to 1.88.0

Changelog

Sourced from aws-sdk-ecr's changelog.

1.88.0 (2024-10-18)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.87.0 (2024-09-24)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.86.0 (2024-09-23)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.85.0 (2024-09-20)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.84.0 (2024-09-17)

  • Feature - The DescribeImageScanning API now includes fixAvailable, exploitAvailable, and fixedInVersion fields to provide more detailed information about the availability of fixes, exploits, and fixed versions for identified image vulnerabilities.

1.83.0 (2024-09-11)

  • Feature - Added KMS_DSSE to EncryptionType

1.82.0 (2024-09-10)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.81.0 (2024-09-03)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.80.0 (2024-08-05)

  • Feature - Released two new APIs along with documentation updates. The GetAccountSetting API is used to view the current basic scan type version setting for your registry, while the PutAccountSetting API is used to update the basic scan type version for your registry.

1.79.0 (2024-07-25)

  • Feature - API and documentation updates for Amazon ECR, adding support for creating, updating, describing and deleting ECR Repository Creation Template.

... (truncated)

Commits


Updates faraday from 2.7.11 to 2.12.1

Release notes

Sourced from faraday's releases.

v2.12.1

What's Changed

New Contributors

Full Changelog: https://github.com/lostisland/faraday/compare/v2.12.0...v2.12.1

v2.12.0

What's Changed

New features ✨

Fixes 🐞

Misc/Docs 📄

New Contributors

Full Changelog: https://github.com/lostisland/faraday/compare/v2.11.0...v2.12.0

v2.11.0

What's Changed

This release adds support for the ciphers SSL option (currently supported by the net_http adapter in v3.3+), as well as taking advantage of the support of chained certificates introduced in the net_http adapter in v3.2. Also, it adds a new ParallelManager#execute interface that improves on the existing one and makes it easier for adapters to support parallel requests. This is currently used by the async-http adapter.

New features ✨

Misc/Docs 📄

New Contributors

Full Changelog: https://github.com/lostisland/faraday/compare/v2.10.1...v2.11.0

v2.10.1

What's Changed

... (truncated)

Commits


Updates faraday-retry from 2.2.0 to 2.2.1

Release notes

Sourced from faraday-retry's releases.

v2.2.1

What's Changed

New Contributors

Full Changelog: https://github.com/lostisland/faraday-retry/compare/v2.2.0...v2.2.1

Changelog

Sourced from faraday-retry's changelog.

v2.2.1 (2024-04-15)

Commits
  • 7506f91 v2.2.1
  • 1a7ae96 CHANGELOG.md: Add unreleased code [ci skip]
  • 8056d24 Bump actions/checkout from 3 to 4
  • 2b3fba5 CI: Tell dependabot to update GH Actions
  • ce15807 Check for Faraday::UploadIO while rewinding
  • f1929d9 Add instructions on how to inherit the default exceptions to the README
  • 0b769c4 Add missing default exceptions
  • 1be9551 Add Ruby 3.3 to CI matrix
  • 6b1419f Update docs reference to RaiseError middleware (#32)
  • 41b7ea2 Document "methods" type as symbols [ci skip] (#30)
  • See full diff in compare view


Updates gitlab from 5.0.0 to 5.1.0

Release notes

Sourced from gitlab's releases.

v5.1.0

General improvements

  • Added base64 to dependencies #697

Bugfixes

  • Fixed masking short and known private tokens #692
  • Fixed pagination options for merge request discussions #694

New features

  • Added support for programming languages used in a project #695
  • Added support for merge request dependencies #698
  • Added support for pipelines triggered by a pipeline schedule in a project #699
  • Added support for using CI/CD job token for authentication #700
  • Added support for project access tokens API #701
Commits
  • bcfeb45 Release v5.1.0
  • 6ca8f7a Merge pull request #701 from balasankarc/support-access-token-endpoint
  • 64896ab Add Project Access Token related endpoints
  • 26edb1b Merge pull request #700 from balasankarc/support-ci-job-token
  • 0bfb77c Support using CI_JOB_TOKEN for authentication
  • 579bcda Merge pull request #699 from caiconkhicon/dattang/add-pipeline_schedule_get_p...
  • a9da2e9 Remove verb from method name
  • 100e256 Add get_pipelines_by_pipeline_schedule method
  • f3bd928 Merge pull request #698 from ddieulivol/ddieulivol-merge_request_dependencies
  • 5e31a2d Merge branch 'master' into ddieulivol-merge_request_dependencies
  • Additional commits viewable in compare view


Updates json from 2.6.3 to 2.8.2

Release notes

Sourced from json's releases.

v2.8.2

What's Changed

  • JSON.load_file: explictly load the file as UTF-8

Full Changelog: https://github.com/ruby/json/compare/v2.8.1...v2.8.2

v2.8.1

  • Fix the java version of the package to include the extension implementation. Only concerns JRuby.

Full Changelog: https://github.com/ruby/json/compare/v2.8.0...v2.8.1

v2.8.0

What's Changed

  • Emit a deprecation warning when JSON.load create custom types without the create_additions option being explictly enabled.
    • Prefer to use JSON.unsafe_load(string) or JSON.load(string, create_additions: true).
  • Emit a deprecation warning when serializing valid UTF-8 strings encoded in ASCII_8BIT aka BINARY.
  • Bump required Ruby version to 2.7.
  • Add support for optionally parsing trailing commas, via allow_trailing_comma: true, which in cunjunction with the pre-existing support for comments, make it suitable to parse jsonc documents.
  • Many performance improvements to JSON.parse and JSON.load, up to 1.7x faster on real world documents.
  • Some minor performance improvements to JSON.dump and JSON.generate.

Parsing performance

Parsing performance is improved by 50-70% on realistic benchmarks, and even more on micro-benchmarks: https://gist.github.com/casperisfine/cf4b3a0594fae24b7d0eb93daaf3841a

== Parsing activitypub.json (58160 bytes)
ruby 3.4.0dev (2024-11-06T07:59:09Z precompute-hash-wh.. 7943f98a8a) +YJIT +PRISM [arm64-darwin24]
Warming up --------------------------------------
          json 2.7.2   638.000 i/100ms
                  oj   798.000 i/100ms
          Oj::Parser   948.000 i/100ms
           rapidjson   631.000 i/100ms
Calculating -------------------------------------
          json 2.7.2      6.423k (± 1.3%) i/s  (155.70 μs/i) -     32.538k in   5.067149s
                  oj      7.989k (± 1.0%) i/s  (125.17 μs/i) -     40.698k in   5.094544s
          Oj::Parser      9.472k (± 1.3%) i/s  (105.58 μs/i) -     47.400k in   5.005119s
           rapidjson      6.354k (± 1.1%) i/s  (157.37 μs/i) -     32.181k in   5.064962s

Comparison: json 2.8.0: 9510.0 i/s Oj::Parser: 9471.9 i/s - same-ish: difference falls within error oj: 7989.4 i/s - 1.19x slower json 2.7.2: 6422.5 i/s - 1.48x slower rapidjson: 6354.5 i/s - 1.50x slower

</tr></table>

... (truncated)

Changelog

Sourced from json's changelog.

2024-11-14 (2.8.2)

  • JSON.load_file explictly read the file as UTF-8.

2024-11-06 (2.8.1)

  • Fix the java packages to include the extension.

2024-11-06 (2.8.0)

  • Emit a deprecation warning when JSON.load create custom types without the create_additions option being explictly enabled.
    • Prefer to use JSON.unsafe_load(string) or JSON.load(string, create_additions: true).
  • Emit a deprecation warning when serializing valid UTF-8 strings encoded in ASCII_8BIT aka BINARY.
  • Bump required Ruby version to 2.7.
  • Add support for optionally parsing trailing commas, via allow_trailing_comma: true, which in cunjunction with the pre-existing support for comments, make it suitable to parse jsonc documents.
  • Many performance improvements to JSON.parse and JSON.load, up to 1.7x faster on real world documents.
  • Some minor performance improvements to JSON.dump and JSON.generate.

2024-11-04 (2.7.6)

  • Fix a regression in JSON.generate when dealing with Hash keys that are string subclasses, call to_json on them.

2024-10-25 (2.7.5)

  • Fix a memory leak when #to_json methods raise an exception.
  • Gracefully handle formatting configs being set to nil instead of "".
  • Workaround another issue caused by conflicting versions of both json_pure and json being loaded.

2024-10-25 (2.7.4)

  • Workaround a bug in 3.4.8 and older rubygems/rubygems#6490. This bug would cause some gems with native extension to fail during compilation.
  • Workaround different versions of json and json_pure being loaded (not officially supported).
  • Make json_pure Ractor compatible.

2024-10-24 (2.7.3)

  • Numerous performance optimizations in JSON.generate and JSON.dump (up to 2 times faster).
  • Limit the size of ParserError exception messages, only include up to 32 bytes of the unparseable source.
  • Fix json-pure's Object#to_json to accept non state arguments
  • Fix multiline comment support in json-pure.
  • Fix JSON.parse to no longer mutate the argument encoding when p... _Description has been truncated_
dependabot[bot] commented 4 days ago

Superseded by #11006.