1.2.x: Bump the ruby-deps group across 4 directories with 12 updates #355

dependabot · 2025-10-07T15:50:22Z

Bumps the ruby-deps group with 1 update in the / directory: rack.
Bumps the ruby-deps group with 3 updates in the /examples/camping directory: rack, rexml and rubyzip.
Bumps the ruby-deps group with 8 updates in the /examples/rails7 directory:

Package	From	To
rack	`2.2.18`	`2.2.19`
bigdecimal	`3.2.3`	`3.3.0`
globalid	`1.2.1`	`1.3.0`
marcel	`1.0.4`	`1.1.0`
net-imap	`0.5.10`	`0.5.12`
nokogiri	`1.18.9`	`1.18.10`
pp	`0.6.2`	`0.6.3`
rdoc	`6.14.2`	`6.15.0`

Bumps the ruby-deps group with 2 updates in the /examples/sinatra directory: rack and sinatra.

Updates rack from 2.2.18 to 2.2.19

Changelog

Sourced from rack's changelog.

[2.2.19] - 2025-10-07

Security

CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

Commits

4c4ea29 Bump patch version.
c370dcd Limit amount of retained data when parsing multipart requests
d869fed Fix denial of service vulnerbilties in multipart parsing
See full diff in compare view

Updates rack from 2.2.18 to 2.2.19

Changelog

Sourced from rack's changelog.

[2.2.19] - 2025-10-07

Security

CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

Commits

4c4ea29 Bump patch version.
c370dcd Limit amount of retained data when parsing multipart requests
d869fed Fix denial of service vulnerbilties in multipart parsing
See full diff in compare view

Updates rack from 2.2.18 to 2.2.19

Changelog

Sourced from rack's changelog.

[2.2.19] - 2025-10-07

Security

CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

Commits

4c4ea29 Bump patch version.
c370dcd Limit amount of retained data when parsing multipart requests
d869fed Fix denial of service vulnerbilties in multipart parsing
See full diff in compare view

Updates rack from 2.2.18 to 2.2.19

Changelog

Sourced from rack's changelog.

[2.2.19] - 2025-10-07

Security

CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

Commits

4c4ea29 Bump patch version.
c370dcd Limit amount of retained data when parsing multipart requests
d869fed Fix denial of service vulnerbilties in multipart parsing
See full diff in compare view

Updates rack from 2.2.18 to 2.2.19

Changelog

Sourced from rack's changelog.

[2.2.19] - 2025-10-07

Security

CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

Commits

4c4ea29 Bump patch version.
c370dcd Limit amount of retained data when parsing multipart requests
d869fed Fix denial of service vulnerbilties in multipart parsing
See full diff in compare view

Updates rack from 2.2.18 to 2.2.19

Changelog

Sourced from rack's changelog.

[2.2.19] - 2025-10-07

Security

CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

Commits

4c4ea29 Bump patch version.
c370dcd Limit amount of retained data when parsing multipart requests
d869fed Fix denial of service vulnerbilties in multipart parsing
See full diff in compare view

Updates rexml from 3.4.3 to 3.4.4

Release notes

Sourced from rexml's releases.

REXML 3.4.4 - 2025-09-10

Improvement

Accept REXML::Document.new("") for backward compatibility

GH-296

GH-295

Patch by NAITOH Jun

Reported by Joe Rafaniello

Thanks

NAITOH Jun

Joe Rafaniello

Changelog

Sourced from rexml's changelog.

3.4.4 - 2025-09-10 {#version-3-4-4}

Improvement

Accept REXML::Document.new("") for backward compatibility

GH-296

GH-295

Patch by NAITOH Jun

Reported by Joe Rafaniello

Thanks

NAITOH Jun

Joe Rafaniello

Commits

4f32ea3 Add 3.4.4 entry (#297)
37cde3f Accept REXML::Document.new("") for backward compatibility (#295)
4ffe211 Bump version
See full diff in compare view

Updates rubyzip from 3.1.0 to 3.1.1

Release notes

Sourced from rubyzip's releases.

v3.1.1

Version 3.1.1

The 3.1.x line adds AES decryption.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

Changelog

Sourced from rubyzip's changelog.

3.1.1 (2025-09-26)

Improve the IO pipeline when decompressing. #649 (which also fixes #647)

Tooling/internal:

Improve the DecryptedIo class with various updates and optimizations.

Remove the NullDecrypter class.

Properly convert the test suite to use minitest.

Move all test helper code into separate files.

Updates to the Actions CI, including new OS versions.

Update rubocop versions and fix resultant cop failures. #646

Commits

f87340d Update version number and Changelog for release.
813d96d Add a Rubocop badge to the README.
61c25b0 Reduce the number of YJIT test runs in CI.
69dcb8e Allow Windows CI builds to fail.
da44b2c Update OS versions in the Actions CI.
fd78455 Use require_relative when pulling in test_helper.
78848c5 Only require test helpers where they are needed.
e55f7c9 Move all test helper code into separate files.
5f1fcb2 Remove unnecessary perms from gentestfiles.rb.
ceabd03 Remove unnecessary requires from test_helper.rb.
Additional commits viewable in compare view

Updates rack from 2.2.18 to 2.2.19

Changelog

Sourced from rack's changelog.

[2.2.19] - 2025-10-07

Security

CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

Commits

4c4ea29 Bump patch version.
c370dcd Limit amount of retained data when parsing multipart requests
d869fed Fix denial of service vulnerbilties in multipart parsing
See full diff in compare view

Updates rexml from 3.4.3 to 3.4.4

Release notes

Sourced from rexml's releases.

REXML 3.4.4 - 2025-09-10

Improvement

Accept REXML::Document.new("") for backward compatibility

GH-296

GH-295

Patch by NAITOH Jun

Reported by Joe Rafaniello

Thanks

NAITOH Jun

Joe Rafaniello

Changelog

Sourced from rexml's changelog.

3.4.4 - 2025-09-10 {#version-3-4-4}

Improvement

Accept REXML::Document.new("") for backward compatibility

GH-296

GH-295

Patch by NAITOH Jun

Reported by Joe Rafaniello

Thanks

NAITOH Jun

Joe Rafaniello

Commits

4f32ea3 Add 3.4.4 entry (#297)
37cde3f Accept REXML::Document.new("") for backward compatibility (#295)
4ffe211 Bump version
See full diff in compare view

Updates rubyzip from 3.1.0 to 3.1.1

Release notes

Sourced from rubyzip's releases.

v3.1.1

Version 3.1.1

The 3.1.x line adds AES decryption.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

Changelog

Sourced from rubyzip's changelog.

3.1.1 (2025-09-26)

Improve the IO pipeline when decompressing. #649 (which also fixes #647)

Tooling/internal:

Improve the DecryptedIo class with various updates and optimizations.

Remove the NullDecrypter class.

Properly convert the test suite to use minitest.

Move all test helper code into separate files.

Updates to the Actions CI, including new OS versions.

Update rubocop versions and fix resultant cop failures. #646

Commits

f87340d Update version number and Changelog for release.
813d96d Add a Rubocop badge to the README.
61c25b0 Reduce the number of YJIT test runs in CI.
69dcb8e Allow Windows CI builds to fail.
da44b2c Update OS versions in the Actions CI.
fd78455 Use require_relative when pulling in test_helper.
78848c5 Only require test helpers where they are needed.
e55f7c9 Move all test helper code into separate files.
5f1fcb2 Remove unnecessary perms from gentestfiles.rb.
ceabd03 Remove unnecessary requires from test_helper.rb.
Additional commits viewable in compare view

Updates rack from 2.2.18 to 2.2.19

Changelog

Sourced from rack's changelog.

[2.2.19] - 2025-10-07

Security

CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

Commits

4c4ea29 Bump patch version.
c370dcd Limit amount of retained data when parsing multipart requests
d869fed Fix denial of service vulnerbilties in multipart parsing
See full diff in compare view

Updates rexml from 3.4.3 to 3.4.4

Release notes

Sourced from rexml's releases.

REXML 3.4.4 - 2025-09-10

Improvement

Accept REXML::Document.new("") for backward compatibility

GH-296

GH-295

Patch by NAITOH Jun

Reported by Joe Rafaniello

Thanks

NAITOH Jun

Joe Rafaniello

Changelog

Sourced from rexml's changelog.

3.4.4 - 2025-09-10 {#version-3-4-4}

Improvement

Accept REXML::Document.new("") for backward compatibility

GH-296

GH-295

Patch by NAITOH Jun

Reported by Joe Rafaniello

Thanks

NAITOH Jun

Joe Rafaniello

Commits

4f32ea3 Add 3.4.4 entry (#297)
37cde3f Accept REXML::Document.new("") for backward compatibility (#295)
4ffe211 Bump version
See full diff in compare view

Updates rubyzip from 3.1.0 to 3.1.1

Release notes

Sourced from rubyzip's releases.

v3.1.1

Version 3.1.1

The 3.1.x line adds AES decryption.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

Changelog

Sourced from rubyzip's changelog.

3.1.1 (2025-09-26)

Improve the IO pipeline when decompressing. #649 (which also fixes #647)

Tooling/internal:

Improve the DecryptedIo class with various updates and optimizations.

Remove the NullDecrypter class.

Properly convert the test suite to use minitest.

Move all test helper code into separate files.

Updates to the Actions CI, including new OS versions.

Update rubocop versions and fix resultant cop failures. #646

Commits

f87340d Update version number and Changelog for release.
813d96d Add a Rubocop badge to the README.
61c25b0 Reduce the number of YJIT test runs in CI.
69dcb8e Allow Windows CI builds to fail.
da44b2c Update OS versions in the Actions CI.
fd78455 Use require_relative when pulling in test_helper.
78848c5 Only require test helpers where they are needed.
e55f7c9 Move all test helper code into separate files.
5f1fcb2 Remove unnecessary perms from gentestfiles.rb.
ceabd03 Remove unnecessary requires from test_helper.rb.
Additional commits viewable in compare view

Updates rack from 2.2.18 to 2.2.19

Changelog

Sourced from rack's changelog.

[2.2.19] - 2025-10-07

Security

CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

Commits

4c4ea29 Bump patch version.
c370dcd Limit amount of retained data when parsing multipart requests
d869fed Fix denial of service vulnerbilties in multipart parsing
See full diff in compare view

Updates rack from 2.2.18 to 2.2.19

Changelog

Sourced from rack's changelog.

[2.2.19] - 2025-10-07

Security

CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

Commits

4c4ea29 Bump patch version.
c370dcd Limit amount of retained data when parsing multipart requests
d869fed Fix denial of service vulnerbilties in multipart parsing
See full diff in compare view

Updates rack from 2.2.18 to 2.2.19

Changelog

Sourced from rack's changelog.

[2.2.19] - 2025-10-07

Security

CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

Commits

4c4ea29 Bump patch version.
c370dcd Limit amount of retained data when parsing multipart requests
d869fed Fix denial of service vulnerbilties in multipart parsing
See full diff in compare view

Updates bigdecimal from 3.2.3 to 3.3.0

Release notes

Sourced from bigdecimal's releases.

v3.3.0

What's Changed

Allow calling Rational#to_d without arguments by @fsateler in ruby/bigdecimal#421

Fix test_no_memory_leak failure by @tompng in ruby/bigdecimal#424

Change BigMath.sin and cos to always calculate in relative precision. by @tompng in ruby/bigdecimal#422

Faster exp calculation by @tompng in ruby/bigdecimal#399

Rename assert_relative_precision to assert_converge_in_precision by @tompng in ruby/bigdecimal#425

Add support for tangent function by @rhannequin in ruby/bigdecimal#231

Make bigdecimal.rb work in JRuby by @tompng in ruby/bigdecimal#420

BigMath methods common interface: coerce x, validate prec, check nan error by @tompng in ruby/bigdecimal#415

Round result of sqrt and BigMath methods by @tompng in ruby/bigdecimal#427

Update example calculation result in BigMath document by @tompng in ruby/bigdecimal#428

BigMath.log(0,n)==-Infinity just like Math.log(0) by @tompng in ruby/bigdecimal#430

Fix divmod and modulo by infinity to match Float#divmod and Float#modulo by @tompng in ruby/bigdecimal#429

Bump step-security/harden-runner from 2.13.0 to 2.13.1 by @dependabot[bot] in ruby/bigdecimal#431

Make internal BigMath method a private method by @tompng in ruby/bigdecimal#432

Improve performance of x**y when y is a huge value by @tompng in ruby/bigdecimal#438

Fix precision of x.power(y, prec) when the result is nearly infinity by @tompng in ruby/bigdecimal#439

Bump version to 3.3.0 by @tompng in ruby/bigdecimal#437

New Contributors

@fsateler made their first contribution in ruby/bigdecimal#421

Full Changelog: ruby/bigdecimal@v3.2.3...v3.3.0

Changelog

Sourced from bigdecimal's changelog.

3.3.0

Allow calling to_d without arguments GH-421

@fsateler

Calculate BigMath.sin and cos in relative precision GH-422

@tompng

Add support for tangent function GH-231

@rhannequin

BigMath methods accepts numeric as an argument GH-415

@tompng

Round result of sqrt and BigMath methods GH-427

@tompng

Commits

0aa97bb Bump version to 3.3.0 (#437)
f718178 Fix precision of x.power(y, prec) when the result is nearly infinity (#439)
a267ca7 Improve performance of x**y when y is a huge value (#438)
cb2458b Add newline at EOF [ci skip]
d93b542 Make internal BigMath method a private method (#432)
f107735 Merge pull request #431 from ruby/dependabot/github_actions/step-security/har...
6682fd8 Bump step-security/harden-runner from 2.13.0 to 2.13.1
8ca3249 Fix divmod and modulo by infinity to match Float#divmod and Float#modulo (#429)
34e60a7 BigMath.log(0,n)==-Infinity just like Math.log(0) (#430)
07696bc Update example calculation result in BigMath document (#428)
Additional commits viewable in compare view

Updates globalid from 1.2.1 to 1.3.0

Release notes

Sourced from globalid's releases.

v1.3.0

What's Changed

Set required ruby version to 2.7.0 and up by @risen in rails/globalid#169

Keep using URI RFC2396 parser by @voxik in rails/globalid#192

Make DEFAULT_LOCATOR Configurable by @heka1024 in rails/globalid#179

New Contributors

@risen made their first contribution in rails/globalid#169

@biow0lf made their first contribution in rails/globalid#167

@duffuniverse made their first contribution in rails/globalid#180

@berkos made their first contribution in rails/globalid#170

@elia made their first contribution in rails/globalid#195

@Earlopain made their first contribution in rails/globalid#188

@stevenharman made their first contribution in rails/globalid#173

@voxik made their first contribution in rails/globalid#192

@m-nakamura145 made their first contribution in rails/globalid#175

@heka1024 made their first contribution in rails/globalid#179

@tylerwillingham made their first contribution in rails/globalid#200

Full Changelog: rails/globalid@v1.2.1...v1.3.0

Commits

a101021 Prepare for 1.3.0
40b6cd5 Remove deprecation message
26cdc63 Fix test
446a491 Upgrade development dependencies
db9b467 Add release workflow
497bf21 Merge pull request #200 from tylerwillingham/twilling/locate-arity-warning-fix
b4b3f49 Resolve deprecation warning around #locate arity for custom locator test
8666784 Merge pull request #179 from heka1024/configurable-base-locator
460279d Merge pull request #198 from Earlopain/uri-parser-memo
42ead60 Move uri parser to constant
Additional commits viewable in compare view

Updates marcel from 1.0.4 to 1.1.0

Release notes

Sourced from marcel's releases.

v1.1.0

What's Changed

Identify Sony and Canon raw images as subtypes of image/tiff by @afcapel in rails/marcel#89

Fix frozen string literal warning in magic detection by @FrancescoK in rails/marcel#123

Update tika definitions to latest version by @MarcelEeken in rails/marcel#114

Fix detection of AV1 in WebM as video/webm by @alexandergitter in rails/marcel#104

New Contributors

@afcapel made their first contribution in rails/marcel#89

@FrancescoK made their first contribution in rails/marcel#123

@MarcelEeken made their first contribution in rails/marcel#114

@Mth0158 made their first contribution in rails/marcel#108

@mark-young-atg made their first contribution in rails/marcel#105

@alexandergitter made their first contribution in rails/marcel#104

@rafaelfranca made their first contribution in rails/marcel#126

Full Changelog: rails/marcel@v1.0.4...v1.1.0

Commits

3d3c5dc Prepare for version 1.1.0
8730c0a Add release workflow
bf9056b Merge pull request #127 from rails/update-tika
db67956 Merge pull request #126 from rails/ci
85a6e2e Update tika tables
4ea7fcd Test with Ruby 3.3 and 3.4
7e9dea7 Add devcontainer configuration
b7cda87 Merge pull request #104 from alexandergitter/fix-av1-webm
a056565 Merge pull request #105 from mark-young-atg/provide_changelog_link_on_rubygems
2b1cc0f Merge pull request #108 from Mth0158/remove-duplicate-method
Additional commits viewable in compare view

Updates net-imap from 0.5.10 to 0.5.12

Release notes

Sourced from net-imap's releases.

v0.5.12

What's Changed

TruffleRuby is not (yet) "officially supported" but it seems to work (with a few small caveats). Several tests are still marked as pending, but the rest all pass. #528 protects us from merging PRs that break TruffleRuby and (in some cases) JRuby.

Fixed

🐛 Fix loading of net/imap for JRuby/TruffleRuby by @nevans in ruby/net-imap#530

Miscellaneous

✅ Test overriding inherited ::Data methods by @nevans in ruby/net-imap#531

✅ Add TruffleRuby to CI by @nevans in ruby/net-imap#528

Full Changelog: ruby/net-imap@v0.5.11...v0.5.12

v0.5.11

What's Changed

Added

✨ Add ESearchResult#to_sequence_set by @nevans in ruby/net-imap#511

✨ Add ESearchResult#each by @nevans in ruby/net-imap#513

✨ Add VanishedData#each, delegated to #uids.each_number by @nevans in ruby/net-imap#522

support new Ractor.shareable_proc by @ko1 in ruby/net-imap#525

Fixed

🐛 Fix SearchResult#== for LHS with no modseq by @nevans in ruby/net-imap#514

Other Changes

✨ Allow obj.to_sequence_set => nil in try_convert by @nevans in ruby/net-imap#512

♻️ Allow VanishedData#uids to be SequenceSet.empty by @nevans in ruby/net-imap#517

🥅 Raise ArgumentError for #fetch with partial by @nevans in ruby/net-imap#521

Documentation

📚 Fix rdoc call-seq for uid_expunge by @nevans in ruby/net-imap#516

📚 Add QRESYNC to #enable (docs only) by @nevans in ruby/net-imap#518

Miscellaneous

✅ Organize test files by @nevans in ruby/net-imap#515

✅ Fix flaky tests with FakeServer#Connection#close mutex by @nevans in ruby/net-imap#520

Bump step-security/harden-runner from 2.13.0 to 2.13.1 by @dependabot[bot] in ruby/net-imap#524

New Contributors

@ko1 made their first contribution in ruby/net-imap#525

Full Changelog: ruby/net-imap@v0.5.10...v0.5.11

Commits

bab9dfb 🔖 Bump version to 0.5.12
4ec0f83 🔀 Merge pull request #528 from ruby/add-truffleruby-to-ci
ad5eb96 ✅🚧 Run CI with TruffleRuby (experimental for now)
50f83b8 ✅🚧 Mark 2 ConnectionState tests as pending for TruffleRuby
6d42c16 ✅🚧 Mark 1 ::Data test as pending for TruffleRuby
9b9a89c ✅ Add TruffleRuby/JRuby pend/omit test helpers
c7a6b43 ✅ Skip simplecov for non-CRuby engines
cb4a646 ✅ Test overriding inherited ::Data methods
8c282c0 🐛 Fix loading of Net::IMAP::Config for JRuby
b97b414 🔖 Bump version to 0.5.11
Additional commits viewable in compare view

Updates nokogiri from 1.18.9 to 1.18.10

Release notes

Sourced from nokogiri's releases.

v1.18.10 / 2025-09-15

Dependencies

[CRuby] Vendored libxml2 is updated to v2.13.9. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.
[CRuby] [Windows and MacOS] Vendored libiconv is updated to v1.18

7fb87235d729c74a2be635376d82b1d459230cc17c50300f8e4fcaabc6195344  nokogiri-1.18.10-aarch64-linux-gnu.gem
7e74e58314297cc8a8f1b533f7212d1999dbe2639a9ee6d97b483ea2acc18944  nokogiri-1.18.10-aarch64-linux-musl.gem
51f4f25ab5d5ba1012d6b16aad96b840a10b067b93f35af6a55a2c104a7ee322  nokogiri-1.18.10-arm-linux-gnu.gem
1c6ea754e51cecc85c30ee8ab1e6aa4ce6b6e134d01717e9290e79374a9e00aa  nokogiri-1.18.10-arm-linux-musl.gem
c2b0de30770f50b92c9323fa34a4e1cf5a0af322afcacd239cd66ee1c1b22c85  nokogiri-1.18.10-arm64-darwin.gem
cd431a09c45d84a2f870ba0b7e8f571199b3727d530f2b4888a73639f76510b5  nokogiri-1.18.10-java.gem
64f40d4a41af9f7f83a4e236ad0cf8cca621b97e31f727b1bebdae565a653104  nokogiri-1.18.10-x64-mingw-ucrt.gem
536e74bed6db2b5076769cab5e5f5af0cd1dccbbd75f1b3e1fa69d1f5c2d79e2  nokogiri-1.18.10-x86_64-darwin.gem
ff5ba26ba2dbce5c04b9ea200777fd225061d7a3930548806f31db907e500f72  nokogiri-1.18.10-x86_64-linux-gnu.gem
0651fccf8c2ebbc2475c8b1dfd7ccac3a0a6d09f8a41b72db8c21808cb483385  nokogiri-1.18.10-x86_64-linux-musl.gem
d5cc0731008aa3b3a87b361203ea3d19b2069628cb55e46ac7d84a0445e69cc1  nokogiri-1.18.10.gem

Changelog

Sourced from nokogiri's changelog.

v1.18.10 / 2025-09-15

Dependencies

[CRuby] Vendored libxml2 is updated to v2.13.9. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.

[CRuby] [Windows and MacOS] Vendored libiconv is updated to v1.18

Commits

6803740 version bump to v1.18.10
93337de dep: bump vendored libxml2 to v2.13.9 (#3555)
15dde17 ci: work around repeated bundler deadlocks
9906071 dep: bump vendored libxml2 to v2.13.9
adf72e3 [v1.18.x] backport libiconv upgrade to v1.18 (#3550)
92cab09 dep: update vendored libiconv to 1.18
f1c5ea8 Use mirror site to download libiconv
dcd2721 ci: stop testing Ruby 3.1 windows source builds
cf856e6 ci: fix the aarch64 segfault by using a more modern qemu
6d77443 Fix errors building Ruby 3.1 on windows
Additional commits viewable in compare view

Updates pp from 0.6.2 to 0.6.3

Release notes

Sourced from pp's releases.

v0.6.3

What's Changed

Bump rubygems/release-gem from 1.1.0 to 1.1.1 by @dependabot[bot] in ruby/pp#34

Bump step-security/harden-runner from 2.10.2 to 2.10.3 by @dependabot[bot] in ruby/pp#35

Bump step-security/harden-runner from 2.10.3 to 2.10.4 by @dependabot[bot] in ruby/pp#36

Bump step-security/harden-runner from 2.10.4 to 2.11.0 by @dependabot[bot] in ruby/pp#37

Ensure the thread local state is always set up. by @ioquatix in ruby/pp...
Description has been truncated

Bumps the ruby-deps group with 1 update in the / directory: [rack](https://github.com/rack/rack). Bumps the ruby-deps group with 3 updates in the /examples/camping directory: [rack](https://github.com/rack/rack), [rexml](https://github.com/ruby/rexml) and [rubyzip](https://github.com/rubyzip/rubyzip). Bumps the ruby-deps group with 8 updates in the /examples/rails7 directory: | Package | From | To | | --- | --- | --- | | [rack](https://github.com/rack/rack) | `2.2.18` | `2.2.19` | | [bigdecimal](https://github.com/ruby/bigdecimal) | `3.2.3` | `3.3.0` | | [globalid](https://github.com/rails/globalid) | `1.2.1` | `1.3.0` | | [marcel](https://github.com/rails/marcel) | `1.0.4` | `1.1.0` | | [net-imap](https://github.com/ruby/net-imap) | `0.5.10` | `0.5.12` | | [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.18.9` | `1.18.10` | | [pp](https://github.com/ruby/pp) | `0.6.2` | `0.6.3` | | [rdoc](https://github.com/ruby/rdoc) | `6.14.2` | `6.15.0` | Bumps the ruby-deps group with 2 updates in the /examples/sinatra directory: [rack](https://github.com/rack/rack) and [sinatra](https://github.com/sinatra/sinatra). Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rexml` from 3.4.3 to 3.4.4 - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](ruby/rexml@v3.4.3...v3.4.4) Updates `rubyzip` from 3.1.0 to 3.1.1 - [Release notes](https://github.com/rubyzip/rubyzip/releases) - [Changelog](https://github.com/rubyzip/rubyzip/blob/main/Changelog.md) - [Commits](rubyzip/rubyzip@v3.1.0...v3.1.1) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rexml` from 3.4.3 to 3.4.4 - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](ruby/rexml@v3.4.3...v3.4.4) Updates `rubyzip` from 3.1.0 to 3.1.1 - [Release notes](https://github.com/rubyzip/rubyzip/releases) - [Changelog](https://github.com/rubyzip/rubyzip/blob/main/Changelog.md) - [Commits](rubyzip/rubyzip@v3.1.0...v3.1.1) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rexml` from 3.4.3 to 3.4.4 - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](ruby/rexml@v3.4.3...v3.4.4) Updates `rubyzip` from 3.1.0 to 3.1.1 - [Release notes](https://github.com/rubyzip/rubyzip/releases) - [Changelog](https://github.com/rubyzip/rubyzip/blob/main/Changelog.md) - [Commits](rubyzip/rubyzip@v3.1.0...v3.1.1) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `bigdecimal` from 3.2.3 to 3.3.0 - [Release notes](https://github.com/ruby/bigdecimal/releases) - [Changelog](https://github.com/ruby/bigdecimal/blob/master/CHANGES.md) - [Commits](ruby/bigdecimal@v3.2.3...v3.3.0) Updates `globalid` from 1.2.1 to 1.3.0 - [Release notes](https://github.com/rails/globalid/releases) - [Commits](rails/globalid@v1.2.1...v1.3.0) Updates `marcel` from 1.0.4 to 1.1.0 - [Release notes](https://github.com/rails/marcel/releases) - [Commits](rails/marcel@v1.0.4...v1.1.0) Updates `net-imap` from 0.5.10 to 0.5.12 - [Release notes](https://github.com/ruby/net-imap/releases) - [Commits](ruby/net-imap@v0.5.10...v0.5.12) Updates `nokogiri` from 1.18.9 to 1.18.10 - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.18.9...v1.18.10) Updates `pp` from 0.6.2 to 0.6.3 - [Release notes](https://github.com/ruby/pp/releases) - [Commits](ruby/pp@v0.6.2...v0.6.3) Updates `rdoc` from 6.14.2 to 6.15.0 - [Release notes](https://github.com/ruby/rdoc/releases) - [Changelog](https://github.com/ruby/rdoc/blob/master/History.rdoc) - [Commits](ruby/rdoc@v6.14.2...v6.15.0) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rack` from 2.2.18 to 2.2.19 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `sinatra` from 3.2.0 to 4.1.1 - [Changelog](https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md) - [Commits](sinatra/sinatra@v3.2.0...v4.1.1) Updates `rack` from 2.2.19 to 3.2.2 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rack` from 2.2.18 to 3.2.2 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.18...v2.2.19) Updates `rack-protection` from 3.2.0 to 4.1.1 - [Changelog](https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md) - [Commits](sinatra/sinatra@v3.2.0...v4.1.1) --- updated-dependencies: - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rexml dependency-version: 3.4.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rubyzip dependency-version: 3.1.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rexml dependency-version: 3.4.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rubyzip dependency-version: 3.1.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rexml dependency-version: 3.4.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rubyzip dependency-version: 3.1.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: bigdecimal dependency-version: 3.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: globalid dependency-version: 1.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: marcel dependency-version: 1.1.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: net-imap dependency-version: 0.5.12 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: nokogiri dependency-version: 1.18.10 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: pp dependency-version: 0.6.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rdoc dependency-version: 6.15.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: rack dependency-version: 2.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: sinatra dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: ruby-deps - dependency-name: rack dependency-version: 3.2.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: ruby-deps - dependency-name: rack dependency-version: 3.2.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: ruby-deps - dependency-name: rack-protection dependency-version: 4.1.1 dependency-type: indirect update-type: version-update:semver-major dependency-group: ruby-deps ... Signed-off-by: dependabot[bot] <[email protected]>

chadlwilson · 2025-10-07T15:51:27Z

@dependabot ignore sinatra major version

dependabot · 2025-10-07T15:51:30Z

OK, I won't notify you about version 4.x.x of sinatra again, unless you unignore it.

dependabot · 2025-10-07T15:56:36Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Oct 7, 2025

dependabot bot closed this Oct 7, 2025

dependabot bot deleted the dependabot/bundler/1.2-stable/ruby-deps-65de4d95dc branch October 7, 2025 15:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

1.2.x: Bump the ruby-deps group across 4 directories with 12 updates #355

1.2.x: Bump the ruby-deps group across 4 directories with 12 updates #355

Uh oh!

dependabot bot commented on behalf of github Oct 7, 2025 •

edited

Loading

Uh oh!

chadlwilson commented Oct 7, 2025

Uh oh!

dependabot bot commented on behalf of github Oct 7, 2025

Uh oh!

dependabot bot commented on behalf of github Oct 7, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

1.2.x: Bump the ruby-deps group across 4 directories with 12 updates #355

1.2.x: Bump the ruby-deps group across 4 directories with 12 updates #355

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

[2.2.19] - 2025-10-07

Security

[2.2.19] - 2025-10-07

Security

[2.2.19] - 2025-10-07

Security

[2.2.19] - 2025-10-07

Security

[2.2.19] - 2025-10-07

Security

[2.2.19] - 2025-10-07

Security

REXML 3.4.4 - 2025-09-10

Improvement

Thanks

3.4.4 - 2025-09-10 {#version-3-4-4}

Improvement

Thanks

v3.1.1

3.1.1 (2025-09-26)

[2.2.19] - 2025-10-07

Security

REXML 3.4.4 - 2025-09-10

Improvement

Thanks

3.4.4 - 2025-09-10 {#version-3-4-4}

Improvement

Thanks

v3.1.1

3.1.1 (2025-09-26)

[2.2.19] - 2025-10-07

Security

REXML 3.4.4 - 2025-09-10

Improvement

Thanks

3.4.4 - 2025-09-10 {#version-3-4-4}

Improvement

Thanks

v3.1.1

3.1.1 (2025-09-26)

[2.2.19] - 2025-10-07

Security

[2.2.19] - 2025-10-07

Security

[2.2.19] - 2025-10-07

Security

v3.3.0

What's Changed

New Contributors

3.3.0

v1.3.0

What's Changed

New Contributors

v1.1.0

What's Changed

New Contributors

v0.5.12

What's Changed

Fixed

Miscellaneous

v0.5.11

What's Changed

Added

Fixed

Other Changes

Documentation

Miscellaneous

New Contributors

v1.18.10 / 2025-09-15

Dependencies

v1.18.10 / 2025-09-15

Dependencies

v0.6.3

What's Changed

dependabot bot commented on behalf of github Oct 7, 2025 •

edited

Loading