Skip to content

Bump the prod-dependencies group across 2 directories with 16 updates#14878

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/prod-dependencies-45751e2916
Open

Bump the prod-dependencies group across 2 directories with 16 updates#14878
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/prod-dependencies-45751e2916

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026
edited
Loading

Bumps the prod-dependencies group with 10 updates in the / directory:

Package From To
aws-sdk-codecommit 1.96.0 1.97.0
aws-sdk-ecr 1.122.0 1.126.0
commonmarker 2.6.3 2.8.1
docker_registry2 1.18.2 1.19.0
excon 1.3.2 1.4.2
json 2.18.1 2.19.5
nokogiri 1.19.1 1.19.3
parser 3.3.10.2 3.3.11.1
sorbet-runtime 0.6.12977 0.6.13189
toml-rb 4.1.0 4.2.0

Bumps the prod-dependencies group with 16 updates in the /updater directory:

Package From To
aws-sdk-codecommit 1.96.0 1.97.0
aws-sdk-ecr 1.122.0 1.126.0
commonmarker 2.6.3 2.8.1
docker_registry2 1.18.2 1.19.0
excon 1.3.2 1.4.2
json 2.18.1 2.19.5
nokogiri 1.19.1 1.19.3
parser 3.3.10.2 3.3.11.1
sorbet-runtime 0.6.12977 0.6.13189
toml-rb 4.1.0 4.2.0
opentelemetry-instrumentation-excon 0.28.0 0.29.1
opentelemetry-instrumentation-faraday 0.32.0 0.33.0
opentelemetry-instrumentation-http 0.29.0 0.30.0
opentelemetry-instrumentation-net_http 0.28.0 0.29.0
opentelemetry-logs-sdk 0.5.0 0.5.1
opentelemetry-metrics-sdk 0.13.0 0.13.1

Updates aws-sdk-codecommit from 1.96.0 to 1.97.0

Changelog

Sourced from aws-sdk-codecommit's changelog.

1.97.0 (2026-03-18)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.
Commits

Updates aws-sdk-ecr from 1.122.0 to 1.126.0

Changelog

Sourced from aws-sdk-ecr's changelog.

1.126.0 (2026-04-29)

  • Feature - Removes support for registry policy V1

1.125.0 (2026-04-08)

  • Feature - Add UnableToListUpstreamImageReferrersException in ListImageReferrers

1.124.0 (2026-03-18)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.123.0 (2026-03-12)

  • Feature - Add Chainguard to PTC upstreamRegistry enum
Commits

Updates commonmarker from 2.6.3 to 2.8.1

Release notes

Sourced from commonmarker's releases.

v2.8.1

What's Changed

Full Changelog: gjtorikian/commonmarker@v2.8.0...v2.8.1

v2.8.0

What's Changed

New Contributors

Full Changelog: gjtorikian/commonmarker@v2.7.0...v2.8.0

v2.7.0

What's Changed

New Contributors

Full Changelog: gjtorikian/commonmarker@v2.6.3...v2.7.0

Changelog

Sourced from commonmarker's changelog.

[v2.8.1] - 14-04-2026

What's Changed

Full Changelog: gjtorikian/commonmarker@v2.8.0...v2.8.1

[v2.8.0] - 12-04-2026

What's Changed

New Contributors

Full Changelog: gjtorikian/commonmarker@v2.7.0...v2.8.0

[v2.7.0] - 14-03-2026

What's Changed

New Contributors

Full Changelog: gjtorikian/commonmarker@v2.6.3...v2.7.0

Commits
  • 31016cf Merge pull request #457 from gjtorikian/release/v2.8.1
  • 8087370 [skip test] update changelog
  • 6da0eef Merge pull request #456 from gjtorikian/new-fix-release
  • bc2c4c4 fix: re-release 2.8.1 due to publishing error
  • 3ad6390 Merge pull request #454 from gjtorikian/release/v2.8.0
  • 72f3e61 [skip test] update changelog
  • 69192fe Merge pull request #450 from gjtorikian/dependabot/cargo/comrak-0.52.0
  • 13729a4 Add build.rs to fix Windows mingw Oniguruma symbol collision
  • a5044e2 Fix Windows mingw build: allow multiple Oniguruma definitions
  • 66ed2e1 Merge branch 'main' into dependabot/cargo/comrak-0.52.0
  • Additional commits viewable in compare view

Updates docker_registry2 from 1.18.2 to 1.19.0

Changelog

Sourced from docker_registry2's changelog.

v1.19.0, 19 March 2026

  • Replace the rest-client transport with Faraday while keeping http_options compatibility for proxy, timeout, SSL, and mTLS settings
  • Follow redirects for blob downloads and tag writes without forwarding authorization headers across hosts
  • Retry manifest requests with the legacy schema-v1 Accept header when newer registries return HTTP 500 for legacy manifests
  • Raise DockerRegistry2::RegistryHTTPException for unexpected HTTP errors instead of attempting to parse error responses as registry payloads
  • Update the development and CI matrix to Ruby 3.2 through 4.0, and pin schema-v1 integration coverage to registry:2.8.3

v1.7.1, 13 July 2019

  • Add application/json to the list of acceptable response formats from registries to fix Artifactory returning 406 Not Acceptable errors when application/vnd.docker.distribution.manifest.v2+json is requested on the tags endpoint

v1.7.0, 18 June 2019

  • Add auto_paginate option to DockerRegistry2::Registry#tags. When set to true (as a keyword argument) the client will automatically paginate through responses from the client to return a list of all tags

v1.3.3, 18 December 2017

  • Use DockerRegistry2::NotFound in unauthenticated request calls

v1.3.2, 15 December 2017

  • Use DockerRegistry2::NotFound in basic request calls (as well as bearer ones)

v1.3.1, 15 December 2017

  • New DockerRegistry2::NotFound exceptions

v1.3.0, 22 October 2017

v1.2.0, 15 October 2017

  • Add shorter default timeouts. Previously, the RestClient default of 60 seconds was used for both open_timeout and read_timeout. Now, those values are set at 2 seconds and 5 seconds, respectively.

v1.1.0, 13 October 2017

... (truncated)

Commits

Updates excon from 1.3.2 to 1.4.2

Changelog

Sourced from excon's changelog.

1.4.1 2026-03-18

  • change cgi require to cgi/escape for ruby 4.0+

1.4.0 2026-03-02

  • fixes for ruby4
  • add ruby 4.0 and drop 3.2 from ci
  • add user-configurable global resolver factory
  • add SOCK5 proxy support
Commits

Updates json from 2.18.1 to 2.19.5

Release notes

Sourced from json's releases.

v2.19.5

What's Changed

  • Cap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.

Full Changelog: ruby/json@v2.19.4...v2.19.5

v2.19.4

What's Changed

  • Fix parsing of out of range floats (very large exponents that lead to either 0.0 or Inf).

Full Changelog: ruby/json@v2.19.2...v2.19.4

v2.19.3

  • Fix handling of unescaped control characters preceeded by a backslash.

Full Changelog: ruby/json@v2.19.2...v2.19.3

v2.19.2

What's Changed

  • Fix a format string injection vulnerability in JSON.parse(doc, allow_duplicate_key: false). CVE-2026-33210

Full Changelog: ruby/json@v2.19.1...v2.19.2

v2.19.1

What's Changed

  • Fix a compiler dependent GC bug introduced in 2.18.0.

Full Changelog: ruby/json@v2.19.0...v2.19.1

v2.19.0

What's Changed

  • Fix allow_blank parsing option to no longer allow invalid types (e.g. load([], allow_blank: true) now raise a type error).
  • Add allow_invalid_escape parsing option to ignore backslashes that aren't followed by one of the valid escape characters.

Full Changelog: ruby/json@v2.18.1...v2.19.0

Changelog

Sourced from json's changelog.

2026-05-04 (2.19.5)

  • Cap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.

2026-04-19 (2.19.4)

  • Fix parsing of out of range floats (very large exponents that lead to either 0.0 or Inf).

2026-03-25 (2.19.3)

  • Fix handling of unescaped control characters preceeded by a backslash.

2026-03-18 (2.19.2)

  • Fix a format string injection vulnerability in JSON.parse(doc, allow_duplicate_key: false). CVE-2026-33210.

2026-03-08 (2.19.1)

  • Fix a compiler dependent GC bug introduced in 2.18.0.

2026-03-06 (2.19.0)

  • Fix allow_blank parsing option to no longer allow invalid types (e.g. load([], allow_blank: true) now raise a type error).
  • Add allow_invalid_escape parsing option to ignore backslashes that aren't followed by one of the valid escape characters.
Commits
  • 4a1a4a4 Release 2.19.5
  • f6ca597 Avoid spamming too many deprecations while parsing
  • fa0671c Test TruffleRuby release in CI for improved stability
  • cfbe356 Force ensure_valid_encoding to be inlined.
  • 4ef7a45 Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...
  • 7dd6b63 Fix typo in changelog
  • 6688a81 Release 2.19.4
  • f1e6163 Fix references to NAN and INFINITY in documentation comments
  • 18d5475 Reduce warnings
  • 1072482 Fix parsing of negative out of bound floats.
  • Additional commits viewable in compare view

Updates nokogiri from 1.19.1 to 1.19.3

Release notes

Sourced from nokogiri's releases.

v1.19.3 / 2026-04-27

Fixed / Security

  • Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
  • [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.
46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem
8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem
3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem
9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem
71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem
40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem
8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem
77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem
2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem
248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem
78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem

v1.19.2 / 2026-03-19

Dependencies

  • [JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. #3611 @​flavorjones

SHA256 Checksums

c34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem
7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem
b7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem
61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem
58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem
e9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem
8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem
7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem
fa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem
93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem
38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem

Full Changelog: sparklemotion/nokogiri@v1.19.1...v1.19.2

Changelog

Sourced from nokogiri's changelog.

v1.19.3 / 2026-04-27

Fixed / Security

  • Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
  • [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.

v1.19.2 / 2026-03-19

Dependencies

  • [JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. #3611 @​flavorjones
Commits
  • c139a3d version bump to v1.19.3
  • 7501a63 fix: backtracking in CSS tokenizer rules (v1.19.x backport) (#3627)
  • 03e7968 test: skip CSS tokenizer benchmarks on JRuby
  • b984b7e fix: ReDoS in CSS tokenizer ident rule
  • 0092623 fix: ReDoS in CSS tokenizer STRING rule
  • ee17d33 fix: memory leak in XSLT transform (backport to v1.19.x) (#3624)
  • ce188a3 doc: update CHANGELOG
  • caeaac4 fix: memory leak in XSLT transform
  • 25220bf dep(test): test against libxml-ruby v6 (#3618)
  • 0caeb21 doc: add security warnings for untrusted XSLT stylesheets
  • Additional commits viewable in compare view

Updates parser from 3.3.10.2 to 3.3.11.1

Changelog

Sourced from parser's changelog.

v3.3.11.1 (2026-03-27)

API modifications:

  • Bump maintenance branches to 3.2.11 (#1089) (Koichi ITO)

v3.3.11.0 (2026-03-26)

API modifications:

  • Bump maintenance branches to 3.3.11 (#1088) (Koichi ITO)
Commits

Updates sorbet-runtime from 0.6.12977 to 0.6.13189

Release notes

Sourced from sorbet-runtime's releases.

sorbet 0.6.13188.20260505135628-105b2ae39

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13188', :group => :development
gem 'sorbet-runtime', '0.6.13188'

sorbet 0.6.13185.20260501120119-ba6a3e7fb

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13185', :group => :development
gem 'sorbet-runtime', '0.6.13185'

sorbet 0.6.13184.20260430201551-e3d73d008

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13184', :group => :development
gem 'sorbet-runtime', '0.6.13184'

sorbet 0.6.13182.20260429152943-66faf9aad

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13182', :group => :development
gem 'sorbet-runtime', '0.6.13182'

sorbet 0.6.13181.20260429134228-370a13143

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13181', :group => :development
gem 'sorbet-runtime', '0.6.13181'

sorbet 0.6.13180.20260429133332-5aeb0865e

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13180', :group => :development
gem 'sorbet-runtime', '0.6.13180'

sorbet 0.6.13179.20260429121833-c970d59c9

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13179', :group => :development
gem 'sorbet-runtime', '0.6.13179'

sorbet 0.6.13178.20260429105831-c277a406c

... (truncated)

Commits

Updates toml-rb from 4.1.0 to 4.2.0

Release notes

Sourced from toml-rb's releases.

v4.2.0

What's Changed

Full Changelog: emancu/toml-rb@v4.1.0...v4.2.0

Commits
  • 686fcc3 Bump v4.2.0
  • 86d0c9b Merge pull request #165 from emancu/161/multiline-inline-tables
  • 5b97c83 Support multi-line inline tables and trailing commas (#161)
  • 3035059 Merge pull request #164 from emancu/remove-ruby-warnings
  • 2b7cbad Remove Ruby warnings from encoding tests
  • 481d22e Merge pull request #163 from emancu/160/quoted-dotted-keys
  • 6519f71 Fix ValueOverwriteError on quoted keys containing dots (#160)
  • de6a986 Merge pull request #162 from emancu/overdue-updates
  • 32793fa Bunch of updates and maintenance
  • See full diff in compare view

Updates aws-sdk-codecommit from 1.96.0 to 1.97.0

Changelog

Sourced from aws-sdk-codecommit's changelog.

1.97.0 (2026-03-18)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.
Commits

Updates aws-sdk-ecr from 1.122.0 to 1.126.0

Changelog

Sourced from aws-sdk-ecr's changelog.

1.126.0 (2026-04-29)

  • Feature - Removes support for registry policy V1

1.125.0 (2026-04-08)

  • Feature - Add UnableToListUpstreamImageReferrersException in ListImageReferrers

1.124.0 (2026-03-18)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.123.0 (2026-03-12)

  • Feature - Add Chainguard to PTC upstreamRegistry enum
Commits

Updates commonmarker from 2.6.3 to 2.8.1

Release notes

Sourced from commonmarker's releases.

v2.8.1

What's Changed

Full Changelog: gjtorikian/commonmarker@v2.8.0...v2.8.1

v2.8.0

What's Changed

New Contributors

Full Changelog: gjtorikian/commonmarker@v2.7.0...v2.8.0

v2.7.0

What's Changed

New Contributors

Full Changelog: gjtorikian/commonmarker@v2.6.3...v2.7.0

Changelog

Sourced from commonmarker's changelog.

[v2.8.1] - 14-04-2026

What's Changed

Full Changelog: gjtorikian/commonmarker@v2.8.0...v2.8.1

[v2.8.0] - 12-04-2026

What's Changed

New Contributors

Full Changelog: gjtorikian/commonmarker@v2.7.0...v2.8.0

[v2.7.0] - 14-03-2026

What's Changed

New Contributors

Full Changelog: gjtorikian/commonmarker@v2.6.3...v2.7.0

Commits
  • 31016cf Merge pull request #457 from gjtorikian/release/v2.8.1
  • 8087370 [skip test] update changelog
  • 6da0eef Merge pull request #456 from gjtorikian/new-fix-release
  • bc2c4c4 fix: re-release 2.8.1 due to publishing error
  • 3ad6390 Merge pull request #454 from gjtorikian/release/v2.8.0
  • 72f3e61 [skip test] update changelog
  • 69192fe Merge pull request #450 from gjtorikian/dependabot/cargo/comrak-0.52.0
  • 13729a4 Add build.rs to fix Windows mingw Oniguruma symbol collision
  • a5044e2 Fix Windows mingw build: allow multiple Oniguruma definitions
  • 66ed2e1 Merge branch 'main' into dependabot/cargo/comrak-0.52.0
  • Additional commits viewable in compare view

Updates docker_registry2 from 1.18.2 to 1.19.0

Changelog

Sourced from docker_registry2's changelog.

v1.19.0, 19 March 2026

  • Replace the rest-client transport with Faraday while keeping http_options compatibility for proxy, timeout, SSL, and mTLS settings
  • Follow redirects for blob downloads and tag writes without forwarding authorization headers across hosts
  • Retry manifest requests with the legacy schema-v1 Accept header when newer registries return HTTP 500 for legacy manifests
  • Raise DockerRegistry2::RegistryHTTPException for unexpected HTTP errors instead of attempting to parse error responses as registry payloads
  • Update the development and CI matrix to Ruby 3.2 through 4.0, and pin schema-v1 integration coverage to registry:2.8.3

v1.7.1, 13 July 2019

  • Add application/json to the list of acceptable response formats from registries to fix Artifactory returning 406 Not Acceptable errors when application/vnd.docker.distribution.manifest.v2+json is requested on the tags endpoint

v1.7.0, 18 June 2019

  • Add auto_paginate option to DockerRegistry2::Registry#tags. When set to true (as a keyword argument) the client will automatically paginate through responses from the client to return a list of all tags

v1.3.3, 18 December 2017

  • Use DockerRegistry2::NotFound in unauthenticated request calls

v1.3.2, 15 December 2017

  • Use DockerRegistry2::NotFound in basic request calls (as well as bearer ones)

v1.3.1, 15 December 2017

  • New DockerRegistry2::NotFound exceptions

v1.3.0, 22 October 2017

v1.2.0, 15 October 2017

  • Add shorter default timeouts. Previously, the RestClient default of 60 seconds was used for both open_timeout and read_timeout. Now, those values are set at 2 seconds and 5 seconds, respectively.

v1.1.0, 13 October 2017

... (truncated)

Commits

Updates excon from 1.3.2 to 1.4.2

Changelog

Sourced from excon's changelog.

1.4.1 2026-03-18

  • change cgi require to cgi/escape for ruby 4.0+

1.4.0 2026-03-02

  • fixes for ruby4
  • add ruby 4.0 and drop 3.2 from ci
  • add user-configurable global resolver factory
  • add SOCK5 proxy support
Commits

Updates json from 2.18.1 to 2.19.5

Release notes

Sourced from json's releases.

v2.19.5

What's Changed

  • Cap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.

Full Changelog: ruby/json@v2.19.4...v2.19.5

v2.19.4

What's Changed

  • Fix parsing of out of range floats (very large exponents that lead to either 0.0 or Inf).

Full Changelog: ruby/json@v2.19.2...v2.19.4

v2.19.3

  • Fix handling of unescaped control characters preceeded by a backslash.

Full Changelog: ruby/json@v2.19.2...v2.19.3

v2.19.2

What's Changed

  • Fix a format string injection vulnerability in JSON.parse(doc, allow_duplicate_key: false). CVE-2026-33210

Full Changelog: ruby/json@v2.19.1...v2.19.2

v2.19.1

What's Changed

  • Fix a compiler dependent GC bug introduced in 2.18.0.

Full Changelog: ruby/json@v2.19.0...v2.19.1

v2.19.0

What's Changed

  • Fix allow_blank parsing option to no longer allow invalid types (e.g. load([], allow_blank: true) now raise a type error).
  • Add allow_invalid_escape parsing option to ignore backslashes that aren't followed by one of the valid escape characters.

Full Changelog: ruby/json@v2.18.1...v2.19.0

Changelog

Sourced from json's changelog.

2026-05-04 (2.19.5)

  • Cap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.

2026-04-19 (2.19.4)

  • Fix parsing of out of range floats (very large exponents that lead to either 0.0 or Inf).

2026-03-25 (2.19.3)

  • Fix handling of unescaped control characters preceeded by a backslash.

2026-03-18 (2.19.2)

  • Fix a format string injection vulnerability in JSON.parse(doc, allow_duplicate_key: false). CVE-2026-33210.

2026-03-08 (2.19.1)

  • Fix a compiler dependent GC bug introduced in 2.18.0.

2026-03-06 (2.19.0)

  • Fix allow_blank parsing option to no longer allow invalid types (e.g. load([], allow_blank: true) now raise a type error).
  • Add allow_invalid_escape parsing option to ignore backslashes that aren't followed by one of the valid escape characters.
Commits
  • 4a1a4a4 Release 2.19.5
  • f6ca597 Avoid spamming too many deprecations while parsing
  • fa0671c Test TruffleRuby release in CI for improved stability
  • cfbe356 Force ensure_valid_encoding to be inlined.
  • 4ef7a45 Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...
  • 7dd6b63 Fix typo in changelog
  • 6688a81 Release 2.19.4
  • f1e6163 Fix references to NAN and INFINITY in documentation comments
  • 18d5475 Reduce warnings
  • 1072482 Fix parsing of negative out of bound floats.
  • Additional commits viewable in compare view

Updates nokogiri from 1.19.1 to 1.19.3

Release notes

Sourced from nokogiri's releases.

v1.19.3 / 2026-04-27

Fixed / Security

  • Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
  • [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.
46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem
8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem
3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1....

Description has been truncated

@dependabot dependabot Bot added dependencies ruby Dependabot pull requests that update Ruby code labels Apr 30, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 30, 2026 16:08
@dependabot dependabot Bot force-pushed the dependabot/bundler/prod-dependencies-45751e2916 branch from ed9fc9b to aa43c6a Compare May 3, 2026 16:20
@pavera
Copy link
Copy Markdown
Contributor

pavera commented May 5, 2026

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/bundler/prod-dependencies-45751e2916 branch 2 times, most recently from 6831d37 to 4e9f9e8 Compare May 6, 2026 11:20
@dependabot
Bump the prod-dependencies group across 2 directories with 16 updates
b6c60c6 
Bumps the prod-dependencies group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [aws-sdk-codecommit](https://github.com/aws/aws-sdk-ruby) | `1.96.0` | `1.97.0` |
| [aws-sdk-ecr](https://github.com/aws/aws-sdk-ruby) | `1.122.0` | `1.126.0` |
| [commonmarker](https://github.com/gjtorikian/commonmarker) | `2.6.3` | `2.8.1` |
| [docker_registry2](https://github.com/deitch/docker_registry2) | `1.18.2` | `1.19.0` |
| [excon](https://github.com/excon/excon) | `1.3.2` | `1.4.2` |
| [json](https://github.com/ruby/json) | `2.18.1` | `2.19.5` |
| [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.19.1` | `1.19.3` |
| [parser](https://github.com/whitequark/parser) | `3.3.10.2` | `3.3.11.1` |
| [sorbet-runtime](https://github.com/sorbet/sorbet) | `0.6.12977` | `0.6.13189` |
| [toml-rb](https://github.com/emancu/toml-rb) | `4.1.0` | `4.2.0` |

Bumps the prod-dependencies group with 16 updates in the /updater directory:

| Package | From | To |
| --- | --- | --- |
| [aws-sdk-codecommit](https://github.com/aws/aws-sdk-ruby) | `1.96.0` | `1.97.0` |
| [aws-sdk-ecr](https://github.com/aws/aws-sdk-ruby) | `1.122.0` | `1.126.0` |
| [commonmarker](https://github.com/gjtorikian/commonmarker) | `2.6.3` | `2.8.1` |
| [docker_registry2](https://github.com/deitch/docker_registry2) | `1.18.2` | `1.19.0` |
| [excon](https://github.com/excon/excon) | `1.3.2` | `1.4.2` |
| [json](https://github.com/ruby/json) | `2.18.1` | `2.19.5` |
| [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.19.1` | `1.19.3` |
| [parser](https://github.com/whitequark/parser) | `3.3.10.2` | `3.3.11.1` |
| [sorbet-runtime](https://github.com/sorbet/sorbet) | `0.6.12977` | `0.6.13189` |
| [toml-rb](https://github.com/emancu/toml-rb) | `4.1.0` | `4.2.0` |
| [opentelemetry-instrumentation-excon](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.28.0` | `0.29.1` |
| [opentelemetry-instrumentation-faraday](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.32.0` | `0.33.0` |
| [opentelemetry-instrumentation-http](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.29.0` | `0.30.0` |
| [opentelemetry-instrumentation-net_http](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.28.0` | `0.29.0` |
| [opentelemetry-logs-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.5.0` | `0.5.1` |
| [opentelemetry-metrics-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.13.0` | `0.13.1` |



Updates `aws-sdk-codecommit` from 1.96.0 to 1.97.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-codecommit/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `aws-sdk-ecr` from 1.122.0 to 1.126.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-ecr/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `commonmarker` from 2.6.3 to 2.8.1
- [Release notes](https://github.com/gjtorikian/commonmarker/releases)
- [Changelog](https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md)
- [Commits](gjtorikian/commonmarker@v2.6.3...v2.8.1)

Updates `docker_registry2` from 1.18.2 to 1.19.0
- [Changelog](https://github.com/deitch/docker_registry2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/deitch/docker_registry2/commits)

Updates `excon` from 1.3.2 to 1.4.2
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](excon/excon@v1.3.2...v1.4.2)

Updates `json` from 2.18.1 to 2.19.5
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v2.18.1...v2.19.5)

Updates `nokogiri` from 1.19.1 to 1.19.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.19.1...v1.19.3)

Updates `parser` from 3.3.10.2 to 3.3.11.1
- [Changelog](https://github.com/whitequark/parser/blob/master/CHANGELOG.md)
- [Commits](whitequark/parser@v3.3.10.2...v3.3.11.1)

Updates `sorbet-runtime` from 0.6.12977 to 0.6.13189
- [Release notes](https://github.com/sorbet/sorbet/releases)
- [Commits](https://github.com/sorbet/sorbet/commits)

Updates `toml-rb` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/emancu/toml-rb/releases)
- [Commits](emancu/toml-rb@v4.1.0...v4.2.0)

Updates `aws-sdk-codecommit` from 1.96.0 to 1.97.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-codecommit/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `aws-sdk-ecr` from 1.122.0 to 1.126.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-ecr/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `commonmarker` from 2.6.3 to 2.8.1
- [Release notes](https://github.com/gjtorikian/commonmarker/releases)
- [Changelog](https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md)
- [Commits](gjtorikian/commonmarker@v2.6.3...v2.8.1)

Updates `docker_registry2` from 1.18.2 to 1.19.0
- [Changelog](https://github.com/deitch/docker_registry2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/deitch/docker_registry2/commits)

Updates `excon` from 1.3.2 to 1.4.2
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](excon/excon@v1.3.2...v1.4.2)

Updates `json` from 2.18.1 to 2.19.5
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v2.18.1...v2.19.5)

Updates `nokogiri` from 1.19.1 to 1.19.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.19.1...v1.19.3)

Updates `parser` from 3.3.10.2 to 3.3.11.1
- [Changelog](https://github.com/whitequark/parser/blob/master/CHANGELOG.md)
- [Commits](whitequark/parser@v3.3.10.2...v3.3.11.1)

Updates `sorbet-runtime` from 0.6.12977 to 0.6.13189
- [Release notes](https://github.com/sorbet/sorbet/releases)
- [Commits](https://github.com/sorbet/sorbet/commits)

Updates `toml-rb` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/emancu/toml-rb/releases)
- [Commits](emancu/toml-rb@v4.1.0...v4.2.0)

Updates `aws-sdk-codecommit` from 1.96.0 to 1.97.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-codecommit/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `aws-sdk-ecr` from 1.122.0 to 1.126.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-ecr/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `commonmarker` from 2.6.3 to 2.8.1
- [Release notes](https://github.com/gjtorikian/commonmarker/releases)
- [Changelog](https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md)
- [Commits](gjtorikian/commonmarker@v2.6.3...v2.8.1)

Updates `docker_registry2` from 1.18.2 to 1.19.0
- [Changelog](https://github.com/deitch/docker_registry2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/deitch/docker_registry2/commits)

Updates `excon` from 1.3.2 to 1.4.2
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](excon/excon@v1.3.2...v1.4.2)

Updates `json` from 2.18.1 to 2.19.5
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v2.18.1...v2.19.5)

Updates `nokogiri` from 1.19.1 to 1.19.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.19.1...v1.19.3)

Updates `parser` from 3.3.10.2 to 3.3.11.1
- [Changelog](https://github.com/whitequark/parser/blob/master/CHANGELOG.md)
- [Commits](whitequark/parser@v3.3.10.2...v3.3.11.1)

Updates `sorbet-runtime` from 0.6.12977 to 0.6.13189
- [Release notes](https://github.com/sorbet/sorbet/releases)
- [Commits](https://github.com/sorbet/sorbet/commits)

Updates `toml-rb` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/emancu/toml-rb/releases)
- [Commits](emancu/toml-rb@v4.1.0...v4.2.0)

Updates `opentelemetry-instrumentation-excon` from 0.28.0 to 0.29.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases)
- [Commits](open-telemetry/opentelemetry-ruby-contrib@opentelemetry-instrumentation-excon/v0.28.0...opentelemetry-instrumentation-excon/v0.29.1)

Updates `opentelemetry-instrumentation-faraday` from 0.32.0 to 0.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases)
- [Commits](open-telemetry/opentelemetry-ruby-contrib@opentelemetry-instrumentation-faraday/v0.32.0...opentelemetry-instrumentation-faraday/v0.33.0)

Updates `opentelemetry-instrumentation-http` from 0.29.0 to 0.30.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases)
- [Commits](open-telemetry/opentelemetry-ruby-contrib@opentelemetry-instrumentation-http/v0.29.0...opentelemetry-instrumentation-http/v0.30.0)

Updates `opentelemetry-instrumentation-net_http` from 0.28.0 to 0.29.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases)
- [Commits](open-telemetry/opentelemetry-ruby-contrib@opentelemetry-instrumentation-net_http/v0.28.0...opentelemetry-instrumentation-net_http/v0.29.0)

Updates `opentelemetry-logs-sdk` from 0.5.0 to 0.5.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-ruby/blob/main/logs_sdk/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-ruby@opentelemetry-logs-sdk/v0.5.0...opentelemetry-logs-sdk/v0.5.1)

Updates `opentelemetry-metrics-sdk` from 0.13.0 to 0.13.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-ruby/blob/main/metrics_sdk/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-ruby@opentelemetry-metrics-sdk/v0.13.0...opentelemetry-metrics-sdk/v0.13.1)

Updates `aws-sdk-codecommit` from 1.96.0 to 1.97.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-codecommit/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `aws-sdk-ecr` from 1.122.0 to 1.126.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-ecr/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `commonmarker` from 2.6.3 to 2.8.1
- [Release notes](https://github.com/gjtorikian/commonmarker/releases)
- [Changelog](https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md)
- [Commits](gjtorikian/commonmarker@v2.6.3...v2.8.1)

Updates `docker_registry2` from 1.18.2 to 1.19.0
- [Changelog](https://github.com/deitch/docker_registry2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/deitch/docker_registry2/commits)

Updates `excon` from 1.3.2 to 1.4.2
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](excon/excon@v1.3.2...v1.4.2)

Updates `json` from 2.18.1 to 2.19.5
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v2.18.1...v2.19.5)

Updates `nokogiri` from 1.19.1 to 1.19.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.19.1...v1.19.3)

Updates `parser` from 3.3.10.2 to 3.3.11.1
- [Changelog](https://github.com/whitequark/parser/blob/master/CHANGELOG.md)
- [Commits](whitequark/parser@v3.3.10.2...v3.3.11.1)

Updates `sorbet-runtime` from 0.6.12977 to 0.6.13189
- [Release notes](https://github.com/sorbet/sorbet/releases)
- [Commits](https://github.com/sorbet/sorbet/commits)

Updates `toml-rb` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/emancu/toml-rb/releases)
- [Commits](emancu/toml-rb@v4.1.0...v4.2.0)

---
updated-dependencies:
- dependency-name: aws-sdk-codecommit
  dependency-version: 1.97.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: aws-sdk-codecommit
  dependency-version: 1.97.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: aws-sdk-codecommit
  dependency-version: 1.97.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: aws-sdk-codecommit
  dependency-version: 1.97.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: aws-sdk-ecr
  dependency-version: 1.126.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: aws-sdk-ecr
  dependency-version: 1.126.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: aws-sdk-ecr
  dependency-version: 1.126.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: aws-sdk-ecr
  dependency-version: 1.126.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: commonmarker
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: commonmarker
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: commonmarker
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: commonmarker
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: docker_registry2
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: docker_registry2
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: docker_registry2
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: docker_registry2
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: excon
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: excon
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: excon
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: excon
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: json
  dependency-version: 2.19.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: json
  dependency-version: 2.19.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: json
  dependency-version: 2.19.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: json
  dependency-version: 2.19.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: nokogiri
  dependency-version: 1.19.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: nokogiri
  dependency-version: 1.19.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: nokogiri
  dependency-version: 1.19.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: nokogiri
  dependency-version: 1.19.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: opentelemetry-instrumentation-excon
  dependency-version: 0.29.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: opentelemetry-instrumentation-faraday
  dependency-version: 0.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: opentelemetry-instrumentation-http
  dependency-version: 0.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: opentelemetry-instrumentation-net_http
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: opentelemetry-logs-sdk
  dependency-version: 0.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: opentelemetry-metrics-sdk
  dependency-version: 0.13.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: parser
  dependency-version: 3.3.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: parser
  dependency-version: 3.3.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: parser
  dependency-version: 3.3.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: parser
  dependency-version: 3.3.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: sorbet-runtime
  dependency-version: 0.6.13169
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: sorbet-runtime
  dependency-version: 0.6.13169
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: sorbet-runtime
  dependency-version: 0.6.13169
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: sorbet-runtime
  dependency-version: 0.6.13169
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: toml-rb
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: toml-rb
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: toml-rb
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: toml-rb
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/prod-dependencies-45751e2916 branch from 4e9f9e8 to b6c60c6 Compare May 6, 2026 14:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies ruby Dependabot pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pavera