Skip to content

chore(deps-dev): bump the development-dependencies group across 1 directory with 3 updates#79

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/development-dependencies-c24ab5d11b
Open

chore(deps-dev): bump the development-dependencies group across 1 directory with 3 updates#79
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/development-dependencies-c24ab5d11b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the development-dependencies group with 3 updates in the / directory: brakeman, rubocop and cucumber.

Updates brakeman from 8.0.4 to 8.0.5

Release notes

Sourced from brakeman's releases.

8.0.5

Changelog

Sourced from brakeman's changelog.

8.0.5 - 2026-06-12

  • Add quote_schema_name to safe quote method list (Zsolt Kozaroczy)
  • Fix SQL injection false positive for compact_blank/compact on permitted params (Arpit Jain)
  • Fix inline render false positive for local named text (Arpit Jain)
  • Fix HAML crash on .raw calls (Federico Franco)
  • Fix Ruby version parsing - especially for non-CRuby versions (Chris Southerland Jr)
  • Fix TemplateAliasProcessor#template_name arity (viralpraxis)
  • Reduce false positives when using shell escaping
Commits
  • 104443e Bump to 8.0.5
  • 8e61e2a Update CHANGES
  • f014c15 Merge pull request #2028 from kiskoza/fix/quote_schema_name
  • 9227822 Merge pull request #2027 from arpitjain099/fix/brakeman-1915-render-partial-t...
  • 6788d28 Merge pull request #2025 from arpitjain099/fix/sql-fp-compact-blank
  • b7c3906 Add quote_schema_name to safe quote method list
  • f95c500 test: update line number for still-warns SQL injection case after fixture shift
  • 4fba779 base_processor: skip hash render-type extraction when type set positionally
  • 1e63a41 Fix SQL injection false positive for compact_blank/compact on permitted params
  • 7ff9e49 Merge pull request #2023 from FFederi/fix-haml-chained-raw-crash
  • Additional commits viewable in compare view

Updates rubocop from 1.86.1 to 1.87.0

Release notes

Sourced from rubocop's releases.

RuboCop v1.87.0

New features

  • #15167: Add --enable-all-cops and --disable-all-cops command line options that override AllCops/EnabledByDefault and AllCops/DisabledByDefault in configuration files. (@​koic)
  • #15185: Make Layout/EmptyLineAfterGuardClause accept the new # simplecov:disable and # simplecov:enable directive comments. (@​koic)
  • #15173: Add optional Rubydex integration via AllCops/UseProjectIndex to enable cross-file detection in Lint/ConstantReassignment (experimental). (@​koic)

Bug fixes

  • #15168: Fix false positives in Lint/ParenthesesAsGroupedExpression when the first argument is a call-like expression with its own parentheses, such as yield(...). (@​koic)
  • #15188: Fix false positives in Style/YodaCondition when one side is an array or hash literal containing non-literal elements. (@​koic)
  • #15182: Fix incorrect autocorrect for Style/Alias causing a syntax error when the return value of alias_method is used, such as an argument to public, private, protected, or module_function, or the right-hand side of an assignment. (@​koic)
  • #15174: Fix incorrect autocorrect for Style/ClassAndModuleChildren causing a syntax error when the namespace contains a method call (e.g., class self.class::Foo; end). (@​koic)
  • #15180: Fix incorrect autocorrect for Style/FileWrite causing a syntax error when the written heredoc is chained with another method call. (@​koic)
  • #15186: Fix incorrect autocorrect for Style/HashConversion causing a syntax error when Hash[...] is passed an anonymous splat (*). (@​koic)
  • #15192: Fix incorrect autocorrect for Style/StructInheritance causing a syntax error when the inherited Struct.new is called without parentheses. (@​koic)
  • #15170: Fix an infinite loop for Layout/RedundantLineBreak when a single-line block is chained with a safe navigation method call. (@​koic)
  • #15175: Fix Layout/IndentationWidth to indent block bodies relative to the method selector for trailing-dot multi-line method chains when EnforcedStyleAlignWith is relative_to_receiver. (@​ddbrendan)
  • #15135: Fix incorrect autocorrect for Style/RedundantParentheses that swallowed chained method calls into a trailing inline comment on the line above the closing parenthesis. (@​hammadxcm)
  • #15184: Fix various typos and grammar mistakes in documentation and cop descriptions. (@​bbatsov)

Changes

  • #15171: Cache FilePatterns#match? results per path so cops sharing the same Include/Exclude configuration do not each repeat File.fnmatch? work on every file. (@​Darhazer)

RuboCop v1.86.2

New features

Bug fixes

  • #15156: Fix an error for Style/HashLookupMethod when chaining fetch (or []) calls on the same expression. (@​koic)
  • #15161: Fix an error for Style/ReduceToHash when nested each_with_object/inject/reduce calls would build hashes. (@​koic)
  • #15144: Fix an error in Style/SoleNestedConditional when autocorrecting nested conditionals containing comments. (@​koic)
  • #15040: Exclude constants from Style/ModuleMemberExistenceCheck. ([@​t-daisuke][])
  • #15155: Fix false negatives in Style/RedundantSelf when an explicit self receiver in one scope matches the LHS of an ||=, &&=, or op_asgn in another scope. (@​koic)
  • #15107: Fix false positives in Lint/RequireRelativeSelfPath when a non-.rb file uses require_relative with its own basename. (@​koic)
  • #15137: Fix incorrect "does not support IndentationWidth parameter" warning for Layout/ClosingParenthesisIndentation and Layout/CommentIndentation. (@​koic)
  • #15148: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in rescue or ensure bodies. (@​koic)
  • #15147: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in the body of unless. (@​koic)
  • #15163: Fix false positives in Style/Copyright when Notice pattern starts with \A#, uses \s metacharacters, or has multiple spaces after #. (@​koic)
  • #10179: Fix false positives in Style/DocumentDynamicEvalDefinition when the heredoc contains an escaped interpolation (\#{...}). ([@​eyupcanakman][])
  • #15154: Fix bug where specifying --out disables parallelization. ([@​deivid-rodriguez][])

... (truncated)

Changelog

Sourced from rubocop's changelog.

1.87.0 (2026-05-30)

New features

  • #15167: Add --enable-all-cops and --disable-all-cops command line options that override AllCops/EnabledByDefault and AllCops/DisabledByDefault in configuration files. ([@​koic][])
  • #15185: Make Layout/EmptyLineAfterGuardClause accept the new # simplecov:disable and # simplecov:enable directive comments. ([@​koic][])
  • #15173: Add optional Rubydex integration via AllCops/UseProjectIndex to enable cross-file detection in Lint/ConstantReassignment (experimental). ([@​koic][])

Bug fixes

  • #15168: Fix false positives in Lint/ParenthesesAsGroupedExpression when the first argument is a call-like expression with its own parentheses, such as yield(...). ([@​koic][])
  • #15188: Fix false positives in Style/YodaCondition when one side is an array or hash literal containing non-literal elements. ([@​koic][])
  • #15182: Fix incorrect autocorrect for Style/Alias causing a syntax error when the return value of alias_method is used, such as an argument to public, private, protected, or module_function, or the right-hand side of an assignment. ([@​koic][])
  • #15174: Fix incorrect autocorrect for Style/ClassAndModuleChildren causing a syntax error when the namespace contains a method call (e.g., class self.class::Foo; end). ([@​koic][])
  • #15180: Fix incorrect autocorrect for Style/FileWrite causing a syntax error when the written heredoc is chained with another method call. ([@​koic][])
  • #15186: Fix incorrect autocorrect for Style/HashConversion causing a syntax error when Hash[...] is passed an anonymous splat (*). ([@​koic][])
  • #15192: Fix incorrect autocorrect for Style/StructInheritance causing a syntax error when the inherited Struct.new is called without parentheses. ([@​koic][])
  • #15170: Fix an infinite loop for Layout/RedundantLineBreak when a single-line block is chained with a safe navigation method call. ([@​koic][])
  • #15175: Fix Layout/IndentationWidth to indent block bodies relative to the method selector for trailing-dot multi-line method chains when EnforcedStyleAlignWith is relative_to_receiver. ([@​ddbrendan][])
  • #15135: Fix incorrect autocorrect for Style/RedundantParentheses that swallowed chained method calls into a trailing inline comment on the line above the closing parenthesis. ([@​hammadxcm][])
  • #15184: Fix various typos and grammar mistakes in documentation and cop descriptions. ([@​bbatsov][])

Changes

  • #15171: Cache FilePatterns#match? results per path so cops sharing the same Include/Exclude configuration do not each repeat File.fnmatch? work on every file. ([@​Darhazer][])

1.86.2 (2026-05-14)

New features

Bug fixes

  • #15156: Fix an error for Style/HashLookupMethod when chaining fetch (or []) calls on the same expression. ([@​koic][])
  • #15161: Fix an error for Style/ReduceToHash when nested each_with_object/inject/reduce calls would build hashes. ([@​koic][])
  • #15144: Fix an error in Style/SoleNestedConditional when autocorrecting nested conditionals containing comments. ([@​koic][])
  • #15040: Exclude constants from Style/ModuleMemberExistenceCheck. ([@​t-daisuke][])
  • #15155: Fix false negatives in Style/RedundantSelf when an explicit self receiver in one scope matches the LHS of an ||=, &&=, or op_asgn in another scope. ([@​koic][])
  • #15107: Fix false positives in Lint/RequireRelativeSelfPath when a non-.rb file uses require_relative with its own basename. ([@​koic][])
  • #15137: Fix incorrect "does not support IndentationWidth parameter" warning for Layout/ClosingParenthesisIndentation and Layout/CommentIndentation. ([@​koic][])
  • #15148: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in rescue or ensure bodies. ([@​koic][])
  • #15147: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in the body of unless. ([@​koic][])
  • #15163: Fix false positives in Style/Copyright when Notice pattern starts with \A#, uses \s metacharacters, or has multiple spaces after #. ([@​koic][])
  • #10179: Fix false positives in Style/DocumentDynamicEvalDefinition when the heredoc contains an escaped interpolation (\#{...}). ([@​eyupcanakman][])
  • #15154: Fix bug where specifying --out disables parallelization. ([@​deivid-rodriguez][])
  • #15106: Fix TargetFinder to work correctly inside hidden parent directories. ([@​alpaca-tc][])
  • #15102: Fix FrozenError in DisabledConfigFormatter for frozen array config parameters. ([@​koic][])
  • #15141: Fix incorrect autocorrect for Gemspec/RequireMFA causing an infinite loop when rubygems_mfa_required metadata uses a symbol key. ([@​koic][])
  • #15142: Fix infinite loop for --disable-uncorrectable and offense near heredoc. ([@​jonas054][])

... (truncated)

Commits
  • e5b788d Cut 1.87
  • 65aece8 Update Changelog
  • 810c790 Fix incorrect autocorrect for Style/StructInheritance cop
  • 1ec0554 [Fix #15185] Make Layout/EmptyLineAfterGuardClause accept new SimpleCov dir...
  • 11cd569 Merge pull request #15190 from koic/fix_false_positives_in_style_yoda_condition
  • ceff136 [Fix #15188] Fix false positives for Style/YodaCondition
  • 4a12596 Fix incorrect autocorrect for Style/HashConversion cop
  • 4801e9d Merge pull request #15184 from rubocop/fix-typos-and-grammar-in-docs
  • bfe7dc5 Fix various typos and grammar mistakes in documentation
  • 6988aa4 Merge pull request #15182 from koic/fix_incorrect_autocorrect_for_style_alias...
  • Additional commits viewable in compare view

Updates cucumber from 11.0.0 to 11.1.0

Release notes

Sourced from cucumber's releases.

v11.1.0

Added

  • Print thread backtraces on SIGINFO/SIGPWR (#1830) sobrinho
  • Added Suggestion messages that will show all the snippets for all message based formatters (#1870) luke-hill

Changed

  • Heavy refactor to the internals for message building (Used in formatters - should be no noticeable change) (#1853 luke-hill)
  • Simplify attachment handling in the MessageBuilder and #attach method

Fixed

  • When someone calls #attach with a hashified output (Instead of JSON); call #to_json before attaching as a stringified JSON response to avoid errors (#1787 luke-hill)
  • Altered the concept of how BeforeAll and AfterAll hooks would run. They now attempt to all run before continuing test execution (#1857 brasmusson)
  • Internal refactor to MessageBuilder class to send envelopes through event bus (Should be no noticeable change)
  • Updated cucumber-compatibility-kit to v24
  • This has only been partially completed so far (With approx 20% of all events refactored)
  • Internal refactor to emit direct message envelopes instead of building messages and then converting them to envelopes (Should be no noticeable change)
  • Introduced new base events class which is slightly more intuitive and leans less on old ruby standards (Should be no noticeable change)
Changelog

Sourced from cucumber's changelog.

[11.1.0] - 2026-06-02

Added

  • Print thread backtraces on SIGINFO/SIGPWR (#1830) sobrinho
  • Added Suggestion messages that will show all the snippets for all message based formatters (#1870) luke-hill

Changed

  • Heavy refactor to the internals for message building (Used in formatters - should be no noticeable change) (#1853 luke-hill)
  • Simplify attachment handling in the MessageBuilder and #attach method

Fixed

  • When someone calls #attach with a hashified output (Instead of JSON); call #to_json before attaching as a stringified JSON response to avoid errors (#1787 luke-hill)
  • Altered the concept of how BeforeAll and AfterAll hooks would run. They now attempt to all run before continuing test execution (#1857 brasmusson)
  • Internal refactor to MessageBuilder class to send envelopes through event bus (Should be no noticeable change)
  • Updated cucumber-compatibility-kit to v24
  • This has only been partially completed so far (With approx 20% of all events refactored)
  • Internal refactor to emit direct message envelopes instead of building messages and then converting them to envelopes (Should be no noticeable change)
  • Introduced new base events class which is slightly more intuitive and leans less on old ruby standards (Should be no noticeable change)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): bump the development-dependencies group across 1 dir…
14c3e46 
…ectory with 3 updates

Bumps the development-dependencies group with 3 updates in the / directory: [brakeman](https://github.com/presidentbeef/brakeman), [rubocop](https://github.com/rubocop/rubocop) and [cucumber](https://github.com/cucumber/cucumber-ruby).


Updates `brakeman` from 8.0.4 to 8.0.5
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](presidentbeef/brakeman@v8.0.4...v8.0.5)

Updates `rubocop` from 1.86.1 to 1.87.0
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop@v1.86.1...v1.87.0)

Updates `cucumber` from 11.0.0 to 11.1.0
- [Release notes](https://github.com/cucumber/cucumber-ruby/releases)
- [Changelog](https://github.com/cucumber/cucumber-ruby/blob/main/CHANGELOG.md)
- [Commits](cucumber/cucumber-ruby@v11.0.0...v11.1.0)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-version: 8.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: rubocop
  dependency-version: 1.87.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: cucumber
  dependency-version: 11.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants