Skip to content

Build(deps-dev): bump curb from 1.3.1 to 1.3.2#3556

Merged
github-actions[bot] merged 1 commit intomasterfrom
dependabot/bundler/curb-1.3.2
Apr 24, 2026
Merged

Build(deps-dev): bump curb from 1.3.1 to 1.3.2#3556
github-actions[bot] merged 1 commit intomasterfrom
dependabot/bundler/curb-1.3.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 24, 2026

Bumps curb from 1.3.1 to 1.3.2.

Changelog

Sourced from curb's changelog.

1.3.2

  • Fix Curl::PostField GC marking so block-backed content fields remain valid across GC and compaction.
  • Fix upload read/seek callbacks to preserve Ruby exceptions, avoid unsafe unwinds through libcurl, and reject reads larger than libcurl's supplied buffer.
  • Fix multipart POST/PATCH/PUT cleanup so partially built native forms are freed when form construction raises.
  • Restore Curl::Easy#last_error after Easy#close by reattaching the libcurl error buffer to the reinitialized handle.
  • Fix Curl::Easy#clone with put_data so upload callbacks and upload state belong to the clone instead of the original handle.
  • Add regression coverage for native callback, multipart cleanup, clone upload, close/error-buffer, and PostField GC safety.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Build(deps-dev): bump curb from 1.3.1 to 1.3.2
17882ca 
Bumps [curb](https://github.com/taf2/curb) from 1.3.1 to 1.3.2.
- [Changelog](https://github.com/taf2/curb/blob/master/ChangeLog.md)
- [Commits](https://github.com/taf2/curb/commits)

---
updated-dependencies:
- dependency-name: curb
  dependency-version: 1.3.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests for Ruby compatibility labels Apr 24, 2026
@github-actions github-actions Bot added the safe_to_test Label to trigger tests on PR label Apr 24, 2026
@github-actions github-actions Bot merged commit 2c4c572 into master Apr 24, 2026
8 checks passed
@dependabot dependabot Bot deleted the dependabot/bundler/curb-1.3.2 branch April 24, 2026 13:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests for Ruby compatibility safe_to_test Label to trigger tests on PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants