🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
#12877: Fix an infinite loop error for Layout/FirstArgumentIndentation when specifying EnforcedStyle: with_fixed_indentation of Layout/ArrayAlignment. (@koic)
#12873: Fix an error for Metrics/BlockLength when the CountAsOne config is invalid. (@koic)
#12881: Fix incorrect autocorrect when Style/NumericPredicate is used with negations. (@fatkodima)
#12882: Fix Layout/CommentIndentation for comment-only pattern matching. (@nekketsuuu)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.
All Depfu comment commands
@depfu rebase
Rebases against your default branch and redoes this update
@depfu recreate
Recreates this PR, overwriting any edits that you've made to it
@depfu merge
Merges this PR once your tests are passing and conflicts are resolved
@depfu cancel merge
Cancels automatic merging of this PR
@depfu close
Closes this PR and deletes the branch
@depfu reopen
Restores the branch and reopens this PR (if it's closed)
@depfu pause
Ignores all future updates for this dependency and closes this PR
@depfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR
@depfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)
stevieing
commented
3 months ago
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ rubocop (1.63.4 → 1.63.5) · Repo · Changelog
Release Notes
1.63.5
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 22 commits:
Cut 1.63.5Update ChangelogMerge pull request #12890 from koic/add_ostruct_to_gemfileWorkaround for Ruby's warning in YARDMerge pull request #12886 from koic/suppress_interrupt_exception_for_lspFix a build errorFix docs for `Style/SpecialGlobalVars` `use_builtin_english_names`Suppress `Interrupt` exception for LSPCorrect some example descriptionsMerge pull request #12882 from nekketsuuu/nekketsuuu-case-in-commentMerge pull request #12881 from fatkodima/fix-numeric_predicate-autocorrectFix `Layout/CommentIndentation` for comment-only pattern matchingFix incorrect autocorrect when `Style/NumericPredicate` is used with negationsAdd documentation and log information for enabling YJIT in LSPAdd a forgotten period at the end of some offense messageMerge pull request #12877 from koic/fix_an_error_for_layout_first_array_element_indentationFix an infinite loop error for `Layout/FirstArgumentIndentation`Merge pull request #12874 from koic/fix_an_error_for_metrics_block_length[Fix #12873] Fix an error for `Metrics/BlockLength`[Docs] Tweak cops_layout_footer.adocUse `require_relative`Reset the docs version↗️ racc (indirect, 1.7.3 → 1.8.0) · Repo · Changelog
Release Notes
1.8.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 29 commits:
Merge pull request #268 from yui-knk/v1.8.0Bump up v1.8.0Merge pull request #262 from yui-knk/support_expect_bangSupport `error_on_expect_mismatch` declaration in Racc grammar fileMerge pull request #266 from ydah/fix-readme-jaMerge pull request #267 from ydah/change-encodeChange encode EUC-JP to UTF-8Update Racc link in README.ja.rdocChange Requirement to match README.rdocMerge pull request #265 from nobu/optionsSimplify `--runtime-version` optionMake `--help` successOmit the default exit valueAbort instead of puts and exitMerge pull request #264 from nobu/drop-ruby1.6Merge pull request #263 from nobu/old-version-on-macosExclude 2.5 on macos-latestDrop code for Ruby 1.6Merge pull request #222 from nurse/add-more-grammarsMerge pull request #259 from zenspider/zenspider/stdinReformat the rdoc so it renders correctly both locally and on github.Allow racc cmdline to read from stdin if no path specified.Merge pull request #260 from ruby/try-to-fix-3-3Don't use bundle exec to avoid warning of Ruby 3.3Ignore jar artifactRemove stale codeMerge pull request #257 from ydah/fix-typosFix trivial typosMerge pull request #255 from nobu/build-java↗️ regexp_parser (indirect, 2.9.0 → 2.9.2) · Repo · Changelog
Release Notes
2.9.2 (from changelog)
2.9.1 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 10 commits:
Release v2.9.2Merge pull request #91 from tagliala/security/opt-in-for-mfaOpt-in for MFA requirement explicitlyMerge pull request #92 from tagliala/chore/fix-typosFix typosRelease v2.9.1Unify CHANGELOG formattingSimplify path slightlyMerge pull request #90 from koic/use_require_relativeUse `require_relative` in the Regexp::Parser codebase↗️ rexml (indirect, 3.2.6 → 3.2.8) · Repo · Changelog
Security Advisories 🚨
🚨 REXML contains a denial of service vulnerability
Release Notes
3.2.8
3.2.7
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 33 commits:
Add 3.2.8 entryRemove an unused variable (#128)Suppress a warningci: install only gems required for running tests (#129)Add missing Thanks sectionBump versionAdd 3.2.7 entryRead quoted attributes in chunks (#126)Exclude older than 2.6 on macos-14Move development dependencies to Gemfile (#124)Fix a problem that parse exception message can't be generated for invalid encoding XML (#123)xpath: Fix wrong position with nested path (#122)Change `attribute.has_key?(name)` to ` attributes[name]`. (#121)Optimize the parse_attributes method to use `Source#match` to parse XML. (#119)Make the test suite compatible with `--enable-frozen-string-literal` (#120)Separate `IOSource#ensure_buffer` from `IOSource#match`. (#118)Remove `Source#string=` method (#117)source: Remove unnecessary string length comparisons in the case of string comparisons (#116)Use more StringScanner based API to parse XML (#114)test: Fix invalid XML with spaces before the XML declaration (#115)Stop specifying the gem version of strscan in benchmarks. (#113)Remove unnecessary checks in baseparser (#112)xpath: Fix normalize_space(array) case (#111)Change loop in parse_attributes to `while true`. (#109)Reduce calls to StringScanner.new() (#108)Use `@scanner << readline` instead of `@scanner.string = @scanner.rest + readline` (#107)Reduce calls to `Source#buffer`(`StringScanner#rest`) (#106)Use string scanner with baseparser (#105)Add parse benchmark (#104)Use reusing workflow for Ruby versions (#103)CI: Add ruby-3.3 (#102)build(deps): bump actions/checkout from 3 to 4 (#101)Bump version🆕 strscan (added, 3.1.0)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands