Bump the ruby-deps group with 20 updates #1510

dependabot · 2026-01-01T15:05:09Z

Bumps the ruby-deps group with 20 updates:

Package	From	To
sassc-embedded	`1.80.6`	`1.80.8`
aws-sdk-s3	`1.208.0`	`1.209.0`
aws-partitions	`1.1196.0`	`1.1200.0`
concurrent-ruby	`1.3.5`	`1.3.6`
connection_pool	`2.5.5`	`3.0.2`
contracts	`0.17.2`	`0.17.3`
dotenv	`3.1.8`	`3.2.0`
ffi	`1.17.2`	`1.17.3`
google-protobuf	`4.33.1`	`4.33.2`
haml	`7.0.2`	`7.1.0`
hashie	`5.0.0`	`5.1.0`
http_parser.rb	`0.8.0`	`0.8.1`
i18n	`1.14.7`	`1.14.8`
json	`2.16.0`	`2.18.0`
minitest	`5.26.2`	`6.0.1`
nokogiri	`1.18.10`	`1.19.0`
pdf-reader	`2.15.0`	`2.15.1`
rackup	`2.2.1`	`2.3.1`
sass-embedded	`1.94.2`	`1.97.1`
zeitwerk	`2.7.3`	`2.7.4`

Updates sassc-embedded from 1.80.6 to 1.80.8

Commits

5a41070 v1.80.8
261eea3 Update unnecessary .flat_map to .map
660f08f Update minitest requirement from ~> 5.26.0 to ~> 5.27.0 (#146)
8acadbd v1.80.7
c1bd32f Replace JSON.fast_generate with JSON.generate
b29718f Bump actions/checkout from 5 to 6 (#145)
See full diff in compare view

Updates aws-sdk-s3 from 1.208.0 to 1.209.0

Changelog

Sourced from aws-sdk-s3's changelog.

1.209.0 (2025-12-23)

Feature - Add additional validation to Outpost bucket names.

Commits

See full diff in compare view

Updates aws-partitions from 1.1196.0 to 1.1200.0

Changelog

Sourced from aws-partitions's changelog.

1.1200.0 (2025-12-30)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1199.0 (2025-12-26)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1198.0 (2025-12-19)

Feature - Added support for enumerating regions for Aws::Wickr.

1.1197.0 (2025-12-18)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

Commits

See full diff in compare view

Updates concurrent-ruby from 1.3.5 to 1.3.6

Release notes

Sourced from concurrent-ruby's releases.

v1.3.6

What's Changed

Run tests without the C extension in CI by @eregon in ruby-concurrency/concurrent-ruby#1081

Fix typo in Promise docs by @danieldiekmeier in ruby-concurrency/concurrent-ruby#1083

Correct word in readme by @wwahammy in ruby-concurrency/concurrent-ruby#1084

Fix mistakes in MVar documentation by @trinistr in ruby-concurrency/concurrent-ruby#1087

Fix multi require concurrent/executor/cached_thread_pool by @OuYangJinTing in ruby-concurrency/concurrent-ruby#1085

Use typed data APIs by @nobu in ruby-concurrency/concurrent-ruby#1096

Add Joshua Young to the list of maintainers by @eregon in ruby-concurrency/concurrent-ruby#1097

Asynchronous pruning for RubyThreadPoolExecutor by @joshuay03 in ruby-concurrency/concurrent-ruby#1082

Mark RubySingleThreadExecutor as a SerialExecutorService by @meineerde in ruby-concurrency/concurrent-ruby#1070

Allow TimerTask to be safely restarted after shutdown and avoid duplicate tasks by @bensheldon in ruby-concurrency/concurrent-ruby#1001

Flaky test fix: allow ThreadPool to shutdown before asserting completed_task_count by @bensheldon in ruby-concurrency/concurrent-ruby#1098

ThreadPoolExecutor#kill will wait_for_termination in JRuby; ensure TimerSet timer thread shuts down cleanly by @bensheldon in ruby-concurrency/concurrent-ruby#1044

New Contributors

@danieldiekmeier made their first contribution in ruby-concurrency/concurrent-ruby#1083

@wwahammy made their first contribution in ruby-concurrency/concurrent-ruby#1084

@trinistr made their first contribution in ruby-concurrency/concurrent-ruby#1087

@OuYangJinTing made their first contribution in ruby-concurrency/concurrent-ruby#1085

@nobu made their first contribution in ruby-concurrency/concurrent-ruby#1096

@joshuay03 made their first contribution in ruby-concurrency/concurrent-ruby#1082

Full Changelog: ruby-concurrency/concurrent-ruby@v1.3.5...v1.3.6

Changelog

Sourced from concurrent-ruby's changelog.

Release v1.3.6 (13 December 2025)

concurrent-ruby:

See the release notes on GitHub.

Commits

dba7766 Release 1.3.6
49b7552 Exclude dependabot updates from release notes
048f5d0 ThreadPoolExecutor kill will wait_for_termination in JRuby; ensure TimerS...
4e340ed Flaky test fix: allow ThreadPool to shutdown before asserting completed_task_...
4dc8de3 Allow TimerTask to be safely restarted after shutdown and avoid duplicate tas...
47cf3a1 Mark RubySingleThreadExecutor as a SerialExecutorService
572d44c Asynchronous pruning for RubyThreadPoolExecutor (#1082)
e25e34c Add Joshua Young to the list of maintainers (#1097)
978eed6 Use typed data APIs
eacd77a Use stdatomic.h on recent macOS
Additional commits viewable in compare view

Updates connection_pool from 2.5.5 to 3.0.2

Changelog

Sourced from connection_pool's changelog.

3.0.2

Support :name keyword for backwards compatibility #210

3.0.1

Add missing fork.rb to gemspec.

3.0.0

BREAKING CHANGES ConnectionPool and ConnectionPool::TimedStack now use keyword arguments rather than positional arguments everywhere. Expected impact is minimal as most people use the with API, which is unchanged.
pool = ConnectionPool.new(size: 5, timeout: 5)
pool.checkout(1) # 2.x
pool.reap(30)    # 2.x
pool.checkout(timeout: 1) # 3.x
pool.reap(idle_seconds: 30) # 3.x
Dropped support for Ruby <3.2.0

Commits

78bc41e bump, changes
955c64f Support :name keyword arg for backwards compat, #210
0dae4dd Fix missing fork.rb
f0d6dd2 docs
84a66b9 refactor idle reaping for readability
e7825d6 fix CI warning
9e03836 fork refactoring
6213bf5 ci tuning
5d3f6c1 Connection Pool 3.0 (#209)
949f950 Add benchmark to validate fast path performance
See full diff in compare view

Updates contracts from 0.17.2 to 0.17.3

Changelog

Sourced from contracts's changelog.

[v0.17.3]

Relax required_ruby_version to support Ruby 4.0

Bump cucumber, rubocop, actions/checkout

Commits

70e63c8 v0.17.3
e4dd7c4 Merge pull request #312 from taketo1113/relax-require-ruby
87ea8d3 Merge pull request #313 from egonSchiele/dependabot/github_actions/actions/ch...
02fadfb Bump actions/checkout from 5 to 6
b88e79c Relax required_ruby_version to support Ruby 4.0
cf96d0e Merge pull request #311 from egonSchiele/dependabot/github_actions/actions/ch...
edce779 Bump actions/checkout from 4 to 5
0756711 $ Remove now not needed rubocop cop disable comment
f9f9d2f * Update rubocop config to use plugins instead of require
4ffd358 * Use new released version of cucumber 9 for ruby 3.4 instead of git
Additional commits viewable in compare view

Updates dotenv from 3.1.8 to 3.2.0

Release notes

Sourced from dotenv's releases.

v3.2.0

What's Changed

Boost app startup time by removing to_sentence usage by @ThomasCrambert in bkeepers/dotenv#534

Handle parentheses in variables in commands by @i7an in bkeepers/dotenv#540

allow warning when a env var was not overwritten by @grosser in bkeepers/dotenv#531

fix a few small issues by @grosser in bkeepers/dotenv#532

New Contributors

@ThomasCrambert made their first contribution in bkeepers/dotenv#534

@i7an made their first contribution in bkeepers/dotenv#540

Full Changelog: bkeepers/dotenv@v3.1.8...v3.2.0

Commits

34156bf Prepare for 3.2.0 release
ab47820 Merge pull request #531 from grosser/grosser/warn
fae6120 Merge branch 'main' into grosser/warn
4f510f4 Merge pull request #532 from grosser/grosser/fixes
959e1da Merge pull request #539 from bkeepers/dependabot/github_actions/actions/check...
041451e Update spec message
b300f26 Bump actions/checkout from 4 to 6
5f4ca01 Merge branch 'main' into grosser/warn
209dca4 Merge pull request #540 from i7an/handle-parentheses
48c4956 Merge branch 'main' into handle-parentheses
Additional commits viewable in compare view

Updates ffi from 1.17.2 to 1.17.3

Changelog

Sourced from ffi's changelog.

1.17.3 / 2025-12-29

Fixed:

Opt-in for MFA requirement explicitly. #1159

Fix type signature for FFI::AutoPointer#initialize, FFI::StructByReference#native_type and FFI::Struct#auto_ptr . #1158

Fix function signature of function_call in FFI trampoline. #1154 It failed on aarch64-mingw-ucrt.

Add workaround for segmentation faults on aarch64-mingw-ucrt. #1154

Call super in Library#freeze . #1154

Deny duplication of AutoPointer per #dup and #clone . #1173 They led to double free before.

Added:

Add binary gems for Ruby-4.0, now providing binary gems for Ruby-3.0 to 4.0.

Add msys2_mingw_dependencies for Windows Mingw for automatic installation of libffi. #1143

Mark callback dispatcher thread as fork safe for Puma. #1156

Add missing FFI::Platform module and LastError signatures. #1169

Removed:

Drop fat binary gems for Ruby < 3.0

Remove FFI::TypesGenerator from distributed gems. #1164

Remove libffi build dir after install, safing some install space. #1157

Commits

68f4d3b Bump VERSION to ffi-1.17.3 and add release notes
38d298e Update libffi to latest master branch
77f9033 Merge pull request #1108 from lloeki/add-steep
9cce647 Add ffi.gemspec to Gemfile
42b2382 Fix newly introduced rbs signatures for FFI::Platform
6e76f7f Add CI check for RBS files
b1fdbe1 Add Steep to check RBS files
6076fab Merge pull request #1173 from ffi/fix-1155
195f9e9 Merge pull request #1143 from johnnyshields/patch-2
0ff4cb3 Binary gems don't need libffi header+lib files
Additional commits viewable in compare view

Updates google-protobuf from 4.33.1 to 4.33.2

Commits

See full diff in compare view

Updates haml from 7.0.2 to 7.1.0

Release notes

Sourced from haml's releases.

v7.1.0

What's Changed

Support xhtml format for boolean nested data attributes by @risen in haml/haml#1200

New Contributors

@risen made their first contribution in haml/haml#1200

Full Changelog: haml/haml@v7.0.2...v7.1.0

Changelog

Sourced from haml's changelog.

7.1.0

Support xhtml format for boolean nested data attributes haml/haml#1200

Commits

2417298 Version 7.1.0
16ea650 Support xhtml format for boolean nested data attributes (#1198) (#1200)
See full diff in compare view

Updates hashie from 5.0.0 to 5.1.0

Release notes

Sourced from hashie's releases.

v5.1.0

What's Changed

Include example of Dash's lazy evaluation feature by @njakobsen in hashie/hashie#557

Add Ruby 3.1 to CI by @petergoldstein in hashie/hashie#558

Run CI on all branches. by @dblock in hashie/hashie#561

Add dependabot for GitHub Actions by @petergoldstein in hashie/hashie#564

Bump actions/checkout from 2 to 3 by @dependabot[bot] in hashie/hashie#565

Fix: Make Danger happy with the CHANGELOG. by @dblock in hashie/hashie#570

new integration spec for rails 7 exhibiting failure when executing de… by @aflansburg in hashie/hashie#569

Add Ruby 3.2 to the CI matrix by @petergoldstein in hashie/hashie#571

Bump actions/checkout from 3 to 4 by @dependabot[bot] in hashie/hashie#577

Fix: integration tests in CI. by @dblock in hashie/hashie#581

Fix typos by @kianmeng in hashie/hashie#580

Add Ruby 3.3 & 3.4 to the CI matrix by @btalayeminaei in hashie/hashie#582

Add logger as a runtime dependency by @Earlopain in hashie/hashie#583

Requires Ruby 2.7+ and upgraded Rubocop to 1.82.0 by @sue445 in hashie/hashie#589

Bump actions/checkout from 4 to 6 by @dependabot[bot] in hashie/hashie#588

New Contributors

@njakobsen made their first contribution in hashie/hashie#557

@dependabot[bot] made their first contribution in hashie/hashie#565

@aflansburg made their first contribution in hashie/hashie#569

@kianmeng made their first contribution in hashie/hashie#580

@btalayeminaei made their first contribution in hashie/hashie#582

@Earlopain made their first contribution in hashie/hashie#583

@sue445 made their first contribution in hashie/hashie#589

Full Changelog: hashie/hashie@v5.0.0...v5.1.0

Changelog

Sourced from hashie's changelog.

5.1.0 - 2025-12-24

Added

#569: Added support for Rails 7 - @aflansburg.

Changed

#571: Test with Ruby 3.2 - @petergoldstein.

#558: Test with Ruby 3.1 - @petergoldstein.

#582: Test with Ruby 3.3 and 3.4 - @btalayeminaei.

#589: Requires Ruby 2.7+ and upgraded Rubocop to 1.82.0 - @sue445.

Fixed

#583: Fix a warning about the logger gem on Ruby 3.4 - @earlopain.

Commits

ce22262 Preparing for release, 5.1.0.
db14062 Fixup RELEASING.md.
b0dd1b8 Merge pull request #588 from hashie/dependabot/github_actions/actions/checkout-6
cb62aa8 Bump actions/checkout from 4 to 6
777c7e9 Requires Ruby 2.7+ and upgraded Rubocop to 1.82.0 (#589)
6d9ad8c Add logger as a runtime dependency (#583)
7351055 Merge pull request #582 from btalayeminaei/test-with-ruby-3.3
cd3db28 Test with Ruby 3.4
cd2f2e0 Test with Ruby 3.3
d07b2a3 Merge pull request #580 from kianmeng/fix-typos
Additional commits viewable in compare view

Updates http_parser.rb from 0.8.0 to 0.8.1

Commits

944979d v0.8.1
9656252 Merge pull request #87 from nobu/typed-data
c95152c Use typed data APIs
beb0c7f Merge pull request #86 from mtasaka/ruby35-ractor-fix
cb05cdb CI: Add ruby head
84cdc69 bugfix: support ruby3.5.0dev Ractor change
7aeb7a2 Merge pull request #83 from kenhys/ci-update
3dd5faa CI: Drop Ruby 2.7 & 3.0
35f3a77 ci: Use latest actions/checkout@v4 for CI
4f19d11 ci: Add missing Ruby 3.3/3.4 for CI
Additional commits viewable in compare view

Updates i18n from 1.14.7 to 1.14.8

Release notes

Sourced from i18n's releases.

v1.14.8

Full Changelog: ruby-i18n/i18n@v1.14.7...v1.14.8

What's Changed

Remove unused cgi require for Ruby 3.5 compatibility by @Earlopain in ruby-i18n/i18n#713

Explicitly require pathname by @voxik in ruby-i18n/i18n#708

CI: Add Ruby 3.4 to CI Matrix by @taketo1113 in ruby-i18n/i18n#722

Fix: I18n.locale reset in Fiber context by using Thread#thread_variable by @lee266 in ruby-i18n/i18n#724

CI: Use actions/checkout@v5 by @olleolleolle in ruby-i18n/i18n#721

Fix compatibility with --enable-frozen-string-literal by @byroot in ruby-i18n/i18n#726

New Contributors

@Earlopain made their first contribution in ruby-i18n/i18n#713

@taketo1113 made their first contribution in ruby-i18n/i18n#722

@lee266 made their first contribution in ruby-i18n/i18n#724

@byroot made their first contribution in ruby-i18n/i18n#726

Full Changelog: ruby-i18n/i18n@v1.14.7...v1.14.8

Commits

f2fb6a5 Bump to 1.14.9
ef62253 Merge pull request #726 from byroot/fstr-compat
0022013 Merge branch 'master' into fstr-compat
dee96b6 Remove testing for EOL Rubies 3.1 + 3.0
c6873f9 Merge remote-tracking branch 'olleolleolle/patch-1'
2134338 Merge pull request #724 from lee266/fix/i18n-locale-thread-variable
3f9ae64 Fix compatibility with --enable-frozen-string-literal
d64a88d Merge pull request #722 from taketo1113/ci-ruby-3.4
0e5484f CI: Fix rails version specification in gemfiles to run with the specified min...
960ab2b CI: Add ruby 3.4 to CI Matrix
Additional commits viewable in compare view

Updates json from 2.16.0 to 2.18.0

Release notes

Sourced from json's releases.

v2.18.0

What's Changed

Add :allow_control_characters parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).

Full Changelog: ruby/json@v2.17.1...v2.18.0

v2.17.1

What's Changed

Fix a regression in parsing of unicode surogate pairs (\uXX\uXX) that could cause an invalid string to be returned.

Full Changelog: ruby/json@v2.17.0...v2.17.1

v2.17.0

What's Changed

Improve JSON.load and JSON.unsafe_load to allow passing options as second argument.

Fix the parser to no longer ignore invalid escapes in strings. Only \", \\, \b, \f, \n, \r, \t and \u are valid JSON escapes.

Fixed JSON::Coder to use the depth it was initialized with.

On TruffleRuby, fix the generator to not call to_json on the return value of as_json for Float::NAN.

Fixed handling of state.depth: when to_json changes state.depth but does not restore it, it is reset automatically to its initial value. In particular, when a NestingError is raised, depth is no longer equal to max_nesting after the call to generate, and is reset to its initial value. Similarly when to_json raises an exception.

Full Changelog: ruby/json@v2.16.0...v2.17.0

Changelog

Sourced from json's changelog.

2025-12-11 (2.18.0)

Add :allow_control_characters parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).

2025-12-04 (2.17.1)

Fix a regression in parsing of unicode surogate pairs (\uXX\uXX) that could cause an invalid string to be returned.

2025-12-03 (2.17.0)

Improve JSON.load and JSON.unsafe_load to allow passing options as second argument.

Fix the parser to no longer ignore invalid escapes in strings. Only \", \\, \b, \f, \n, \r, \t and \u are valid JSON escapes.

Fixed JSON::Coder to use the depth it was initialized with.

On TruffleRuby, fix the generator to not call to_json on the return value of as_json for Float::NAN.

Fixed handling of state.depth: when to_json changes state.depth but does not restore it, it is reset automatically to its initial value. In particular, when a NestingError is raised, depth is no longer equal to max_nesting after the call to generate, and is reset to its initial value. Similarly when to_json raises an exception.

Commits

1cdd212 Release 2.18.0
3459499 Add allow_control_characters parsing option
1da3fd9 Add a specific error for unescaped newlines
cf3993c Remove dead code from JSON::TruffleRuby::Generator
4218a42 Remove dead code in benchmark/encoder.rb
e5e4fd5 Release 2.17.1
0fce370 Fix a regression in parsing of unicode surogate pairs
4bdb2d1 Release 2.17.0
ccca602 Fix handling of depth
7b62fac Fix duplicated test_unsafe_load_with_options test case
Additional commits viewable in compare view

Updates minitest from 5.26.2 to 6.0.1

Changelog

Sourced from minitest's changelog.

=== 6.0.1 / 2025-12-26

1 minor enhancement:

Added new rake task test:fu to Minitest::TestTask, to only run tests with FU (focused units?) in their name. This should mostly obviate the need for the minitest-focus plugin.

5 bug fixes:

Fixed --help and --version exiting 1. (grosser)

Fixed method signature of Minitest::Benchmark.run. (flavorjones)

Flush stdout/stderr before exit./bin/minitest -Ilib ./bug1046.rb:1 < /dev/null (grosser)

Improved usage banner output by reordering and reformatting.

Normalize paths while processing file.rb:line args.

=== 6.0.0 / 2025-12-17

This is a major release. Read this.

Please give feedback here: minitest/minitest#1040

Oh god... here we go... (again)

8 deaths in the family(!!):

Deleted MiniTest and MiniTest::Unit::TestCase compatibility namespaces.

Deleted all use of Marshal for serialization.

Deleted maglev? and rubinius? guard methods. LOL.

Deleted all minitest/spec expectations from Object. Use _/value/expect.

Dropped minitest/mock.rb. This has been extracted to the minitest-mock gem.

assert_equal(nil, value) no longer allowed. Use assert_nil to be explicit.

Removed assert_send. Use assert_predicate or assert_operator.

Removed Minitest::Test#class_name.

7 major (oft incompatible) changes:

Big: Major refactored MT6's run path!

Minitest.__run -> Minitest.run_all_suites

Runnable.run -> Runnable.run_suite & Runnable.filter_runnable_methods

Runnable.run_one_method -> Runnable.run

Removed Minitest.run_one_method (might bring it back to raise?)

Removed deprecated ENV["N"] to specify number of parallel tests. Use MT_CPU.

Renamed +options[:filter]+ to +options[:include]+, added --include cmdline option.

--name is still handled, but that will be removed in the future.

Renamed Minitest::Runnable#test_order to #run_order.

If #message is passed a proc then that proc overrides all other output.

They are no longer chained!

And it does less for formatting of your output.

Removed reporter arg from with_info_handler as it has never(?) been used. (HACK?)

... (truncated)

Commits

edd37ce prepped for release
248c9e2 - Fixed method signature of Minitest::Benchmark.run. (flavorjones)
18bbdb1 - Flush stdout/stderr before exit./bin/minitest -Ilib ./bug1046.rb:1 < /dev/n...
50a1b1f - Normalize paths while processing file.rb:line args.
372b997 - Fixed --help and --version exiting 1. (grosser)
c05a898 - Improved usage banner output by reordering and reformatting.
692c2e7 + Added new rake task test:fu to Minitest::TestTask, to only run tests with...
5bbab5c Fix format of History.rdoc. (y-yagi)
2f3d88e prepped for release
756f965 Add Hoe's :cov plugin and start to look at gaps
Additional commits viewable in compare view

Updates nokogiri from 1.18.10 to 1.19.0

Release notes

Sourced from nokogiri's releases.

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

Introduce native gem support for Ruby 4.0. #3590
End support for Ruby 3.1, for which upstream support ended 2025-03-26.
End support for JRuby 9.4 (which targets Ruby 3.1 compatibility).

11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem
eb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem
572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem
23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem
0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem
5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem
05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem
1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem
f482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem
1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem
e304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem

Changelog

Sourced from nokogiri's changelog.

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

Introduce native gem support for Ruby 4.0. #3590

End support for Ruby 3.1, for which upstream support ended 2025-03-26.

End support for JRuby 9.4 (which targets Ruby 3.1 compatibility).

Commits

d77bfb6 version bump to v1.19.0
1eb5c2c dev: convert scripts/test-gem-set to use mise
88a120f dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (#3592)
f8c8f74 Skip the parser compression test for Windows system libs
e91c0fc ci: temporarily pin to setup-ruby with windows ruby 4
1b08acc dep: update to minitest 6
404487d dep: require JRuby >= 10.0
19b22ea dep: add support for native Ruby 4.0 gem
ec57d11 ci: bump versions in CI images
f7b640f ci: avoid bundler collisions in downstream tests
Additional commits viewable in compare view

Updates pdf-reader from 2.15.0 to 2.15.1

Changelog

Sourced from pdf-reader's changelog.

v2.15.1 (28th December 2025)

Add ruby 4.0 to the CI matrix (yob/pdf-reader#575)

Avoiding raising an error when ToUnicode poins to the wrong object type (yob/pdf-reader#573)

Skip invalid UTF-16 surrogate pairs in CMaps (yob/pdf-reader#574)

Commits

544a01c Update tapioca to the latest version
03ad935 prepare for release
14e7215 Merge pull request #576 from yob/gem.coop
fa87d75 Have another go at using gem.coop
a9bfe1b Merge pull request #575 from yob/ruby-4-ci
ae59321 Add ruby 4.0 to the CI matrix
3bc2510 Merge pull request #574 from yob/invalid-cmap-surrogate
f0f1a61 Skip invalid UTF-16 surrogate pairs in CMaps
42988a5 Merge pull request #573 from yob/tounicode-fix
25f5642 Solve non-stream ToUnicode in a slightly different way
Additional commits viewable in compare view

Updates rackup from 2.2.1 to 2.3.1

Changelog

Sourced from rackup's changelog.

Releases

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Commits

f3fa1d6 Bump patch version.
583c7dc Fix WEBrick SERVER_PORT handling.
adc9596 Bump minor version.
8e538be Update the webrick handler to support OPTIONS * requests. (#40)
7a3e190 Update workflows.
5d18f5a Update spec_server.rb
c6cdd47 Fix references from Rack::Server to Rackup::Server in comments
e3df7cb Provide a 'Changelog' link on rubygems.org/gems/rackup
39d5226 Documentation for how to access handlers programatically.
301b6dd Update releases.md - fixes #29.
See full diff in compare view

Updates sass-embedded from 1.94.2 to 1.97.1

Commits

5005b82 v1.97.1
fd6ce91 Bump sass from 1.97.0 to 1.97.1 in /ext/sass (#362)
22ae5dc Update rubocop requirement from ~> 1.81.0 to ~> 1.82.0 (

Bumps the ruby-deps group with 20 updates: | Package | From | To | | --- | --- | --- | | [sassc-embedded](https://github.com/sass-contrib/sassc-embedded-shim-ruby) | `1.80.6` | `1.80.8` | | [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.208.0` | `1.209.0` | | [aws-partitions](https://github.com/aws/aws-sdk-ruby) | `1.1196.0` | `1.1200.0` | | [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby) | `1.3.5` | `1.3.6` | | [connection_pool](https://github.com/mperham/connection_pool) | `2.5.5` | `3.0.2` | | [contracts](https://github.com/egonSchiele/contracts.ruby) | `0.17.2` | `0.17.3` | | [dotenv](https://github.com/bkeepers/dotenv) | `3.1.8` | `3.2.0` | | [ffi](https://github.com/ffi/ffi) | `1.17.2` | `1.17.3` | | [google-protobuf](https://github.com/protocolbuffers/protobuf) | `4.33.1` | `4.33.2` | | [haml](https://github.com/haml/haml) | `7.0.2` | `7.1.0` | | [hashie](https://github.com/hashie/hashie) | `5.0.0` | `5.1.0` | | [http_parser.rb](https://github.com/tmm1/http_parser.rb) | `0.8.0` | `0.8.1` | | [i18n](https://github.com/ruby-i18n/i18n) | `1.14.7` | `1.14.8` | | [json](https://github.com/ruby/json) | `2.16.0` | `2.18.0` | | [minitest](https://github.com/minitest/minitest) | `5.26.2` | `6.0.1` | | [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.18.10` | `1.19.0` | | [pdf-reader](https://github.com/yob/pdf-reader) | `2.15.0` | `2.15.1` | | [rackup](https://github.com/rack/rackup) | `2.2.1` | `2.3.1` | | [sass-embedded](https://github.com/sass-contrib/sass-embedded-host-ruby) | `1.94.2` | `1.97.1` | | [zeitwerk](https://github.com/fxn/zeitwerk) | `2.7.3` | `2.7.4` | Updates `sassc-embedded` from 1.80.6 to 1.80.8 - [Commits](sass-contrib/sassc-embedded-shim-ruby@v1.80.6...v1.80.8) Updates `aws-sdk-s3` from 1.208.0 to 1.209.0 - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) Updates `aws-partitions` from 1.1196.0 to 1.1200.0 - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-partitions/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) Updates `concurrent-ruby` from 1.3.5 to 1.3.6 - [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases) - [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md) - [Commits](ruby-concurrency/concurrent-ruby@v1.3.5...v1.3.6) Updates `connection_pool` from 2.5.5 to 3.0.2 - [Changelog](https://github.com/mperham/connection_pool/blob/main/Changes.md) - [Commits](mperham/connection_pool@v2.5.5...v3.0.2) Updates `contracts` from 0.17.2 to 0.17.3 - [Changelog](https://github.com/egonSchiele/contracts.ruby/blob/master/CHANGELOG.markdown) - [Commits](egonSchiele/contracts.ruby@v0.17.2...v0.17.3) Updates `dotenv` from 3.1.8 to 3.2.0 - [Release notes](https://github.com/bkeepers/dotenv/releases) - [Changelog](https://github.com/bkeepers/dotenv/blob/main/Changelog.md) - [Commits](bkeepers/dotenv@v3.1.8...v3.2.0) Updates `ffi` from 1.17.2 to 1.17.3 - [Changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md) - [Commits](ffi/ffi@v1.17.2...v1.17.3) Updates `google-protobuf` from 4.33.1 to 4.33.2 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Commits](https://github.com/protocolbuffers/protobuf/commits) Updates `haml` from 7.0.2 to 7.1.0 - [Release notes](https://github.com/haml/haml/releases) - [Changelog](https://github.com/haml/haml/blob/main/CHANGELOG.md) - [Commits](haml/haml@v7.0.2...v7.1.0) Updates `hashie` from 5.0.0 to 5.1.0 - [Release notes](https://github.com/hashie/hashie/releases) - [Changelog](https://github.com/hashie/hashie/blob/master/CHANGELOG.md) - [Commits](hashie/hashie@v5.0.0...v5.1.0) Updates `http_parser.rb` from 0.8.0 to 0.8.1 - [Commits](tmm1/http_parser.rb@v0.8.0...v0.8.1) Updates `i18n` from 1.14.7 to 1.14.8 - [Release notes](https://github.com/ruby-i18n/i18n/releases) - [Changelog](https://github.com/ruby-i18n/i18n/blob/master/CHANGELOG.md) - [Commits](ruby-i18n/i18n@v1.14.7...v1.14.8) Updates `json` from 2.16.0 to 2.18.0 - [Release notes](https://github.com/ruby/json/releases) - [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md) - [Commits](ruby/json@v2.16.0...v2.18.0) Updates `minitest` from 5.26.2 to 6.0.1 - [Changelog](https://github.com/minitest/minitest/blob/master/History.rdoc) - [Commits](minitest/minitest@v5.26.2...v6.0.1) Updates `nokogiri` from 1.18.10 to 1.19.0 - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.18.10...v1.19.0) Updates `pdf-reader` from 2.15.0 to 2.15.1 - [Changelog](https://github.com/yob/pdf-reader/blob/main/CHANGELOG) - [Commits](yob/pdf-reader@v2.15.0...v2.15.1) Updates `rackup` from 2.2.1 to 2.3.1 - [Release notes](https://github.com/rack/rackup/releases) - [Changelog](https://github.com/rack/rackup/blob/main/releases.md) - [Commits](rack/rackup@v2.2.1...v2.3.1) Updates `sass-embedded` from 1.94.2 to 1.97.1 - [Commits](sass-contrib/sass-embedded-host-ruby@v1.94.2...v1.97.1) Updates `zeitwerk` from 2.7.3 to 2.7.4 - [Changelog](https://github.com/fxn/zeitwerk/blob/main/CHANGELOG.md) - [Commits](https://github.com/fxn/zeitwerk/commits) --- updated-dependencies: - dependency-name: sassc-embedded dependency-version: 1.80.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: aws-sdk-s3 dependency-version: 1.209.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: aws-partitions dependency-version: 1.1200.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: concurrent-ruby dependency-version: 1.3.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: connection_pool dependency-version: 3.0.2 dependency-type: indirect update-type: version-update:semver-major dependency-group: ruby-deps - dependency-name: contracts dependency-version: 0.17.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: dotenv dependency-version: 3.2.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: ffi dependency-version: 1.17.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: google-protobuf dependency-version: 4.33.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: haml dependency-version: 7.1.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: hashie dependency-version: 5.1.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: http_parser.rb dependency-version: 0.8.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: i18n dependency-version: 1.14.8 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: json dependency-version: 2.18.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: minitest dependency-version: 6.0.1 dependency-type: indirect update-type: version-update:semver-major dependency-group: ruby-deps - dependency-name: nokogiri dependency-version: 1.19.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: pdf-reader dependency-version: 2.15.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rackup dependency-version: 2.3.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: sass-embedded dependency-version: 1.97.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: zeitwerk dependency-version: 2.7.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jan 1, 2026

chadlwilson merged commit e92c540 into master Jan 1, 2026
1 check passed

dependabot bot deleted the dependabot/bundler/ruby-deps-2fb5618bb8 branch January 1, 2026 16:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the ruby-deps group with 20 updates #1510

Bump the ruby-deps group with 20 updates #1510

Uh oh!

dependabot bot commented on behalf of github Jan 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the ruby-deps group with 20 updates #1510

Bump the ruby-deps group with 20 updates #1510

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 1, 2026

1.209.0 (2025-12-23)

1.1200.0 (2025-12-30)

1.1199.0 (2025-12-26)

1.1198.0 (2025-12-19)

1.1197.0 (2025-12-18)

v1.3.6

What's Changed

New Contributors

Release v1.3.6 (13 December 2025)

3.0.2

3.0.1

3.0.0

[v0.17.3]

v3.2.0

What's Changed

New Contributors

1.17.3 / 2025-12-29

v7.1.0

What's Changed

New Contributors

7.1.0

v5.1.0

What's Changed

New Contributors

5.1.0 - 2025-12-24

Added

Changed

Fixed

v1.14.8

What's Changed

New Contributors

v2.18.0

What's Changed

v2.17.1

What's Changed

v2.17.0

What's Changed

2025-12-11 (2.18.0)

2025-12-04 (2.17.1)

2025-12-03 (2.17.0)

v1.19.0 / 2025-12-28

Ruby

v1.19.0 / 2025-12-28

Ruby

Releases

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants