Skip to content

Bump the ruby-deps group with 11 updates#1302

Merged
chadlwilson merged 1 commit into
masterfrom
dependabot/bundler/ruby-deps-920bbfbd2c
Jul 1, 2026
Merged

Bump the ruby-deps group with 11 updates#1302
chadlwilson merged 1 commit into
masterfrom
dependabot/bundler/ruby-deps-920bbfbd2c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the ruby-deps group with 11 updates:

Package From To
sassc-embedded 1.80.8 1.80.9
aws-sdk-s3 1.224.0 1.226.0
async 2.39.0 2.41.0
aws-partitions 1.1255.0 1.1263.0
aws-sdk-core 3.250.0 3.252.0
console 1.35.1 1.36.0
google-protobuf 4.35.0 4.35.1
io-event 1.16.1 1.19.1
json 2.19.7 2.20.0
mime-types-data 3.2026.0414 3.2026.0701
sass-embedded 1.100.0 1.101.0

Updates sassc-embedded from 1.80.8 to 1.80.9

Commits
  • 14b7095 v1.80.9
  • 1c5b83d Update rubocop requirement from ~> 1.86.0 to ~> 1.87.0 (#160)
  • 00247ca Bump vendor/github.com/rails/sprockets from b01f6e6 to 3b9eeb4 (#159)
  • d77c946 Refactor Uri
  • 475a9b9 Improve backtrace for custom function and importer errors
  • c49f1ce Handle value conversion errors like SassC
  • 7b09ca9 Bump vendor/github.com/rails/sprockets from 35c34e6 to b01f6e6 (#157)
  • 3a1aa4f Bump rubygems/configure-rubygems-credentials from 1.0.0 to 2.0.0 (#156)
  • 7d98096 Fix lint
  • f5c209d Update rubocop requirement from ~> 1.85.0 to ~> 1.86.0 (#155)
  • Additional commits viewable in compare view

Updates aws-sdk-s3 from 1.224.0 to 1.226.0

Changelog

Sourced from aws-sdk-s3's changelog.

1.226.0 (2026-06-16)

  • Feature - Added support for annotations. You can now attach up to 1000 annotations (up to 1 MB each) directly to objects and create, retrieve, list, and delete them using new annotation APIs. Also added support for configuring an annotation table in S3 Metadata.

  • Feature - Multipart copies now support tags_directive, annotations_directive, and metadata_directive options for controlling which source properties are copied to the destination.

  • Issue - Fix error when performing cross-region multipart copies with copy_source_region.

1.225.1 (2026-06-10)

  • Issue - Fix download_file single-request mode not writing to a temporary file when given a String/Pathname destination.

1.225.0 (2026-06-02)

  • Feature - Adding new BDD representation of endpoint ruleset
Commits

Updates async from 2.39.0 to 2.41.0

Release notes

Sourced from async's releases.

v2.41.0

  • Fixed: Protect initial task from Interrupt exceptions.

v2.40.0

  • Introduce Async::Condition#waiting_count. This allows you to see how many tasks are currently waiting on the condition, which can be useful for debugging and monitoring purposes.
Changelog

Sourced from async's changelog.

v2.41.0

  • Fixed: Protect initial task from Interrupt exceptions.

v2.40.0

  • Introduce Async::Condition#waiting_count. This allows you to see how many tasks are currently waiting on the condition, which can be useful for debugging and monitoring purposes.
Commits

Updates aws-partitions from 1.1255.0 to 1.1263.0

Changelog

Sourced from aws-partitions's changelog.

1.1263.0 (2026-06-30)

  • Feature - Added support for enumerating regions for Aws::SupportAuthZ.

1.1262.0 (2026-06-22)

  • Feature - Added support for enumerating regions for Aws::LambdaMicrovms.

  • Feature - Added support for enumerating regions for Aws::LambdaCore.

1.1261.0 (2026-06-16)

  • Feature - Updated the partitions source data that determines the AWS service regions and endpoints.

1.1260.0 (2026-06-12)

  • Feature - Updated the partitions source data that determines the AWS service regions and endpoints.

1.1259.0 (2026-06-09)

  • Feature - Updated the partitions source data that determines the AWS service regions and endpoints.

1.1258.0 (2026-06-05)

  • Feature - Updated the partitions source data that determines the AWS service regions and endpoints.

1.1257.0 (2026-06-03)

  • Feature - Updated the partitions source data that determines the AWS service regions and endpoints.

1.1256.0 (2026-06-02)

  • Feature - Added support for enumerating regions for Aws::SagemakerJobRuntime.
Commits

Updates aws-sdk-core from 3.250.0 to 3.252.0

Changelog

Sourced from aws-sdk-core's changelog.

3.252.0 (2026-06-10)

  • Feature - Updated Aws::Signin::Client with the latest API changes.

  • Feature - AWS Sign-In now allows customers to control access to the AWS Management Console using resource-based policies. With this release customers can restrict console access based on network perimeters such as VPC IDs, VPC endpoints, and IP addresses.

3.251.0 (2026-06-02)

  • Feature - Adding new BDD representation of endpoint ruleset
Commits

Updates console from 1.35.1 to 1.36.0

Release notes

Sourced from console's releases.

v1.36.0

  • Add a size_limit to Console::Format::Safe (default 16KiB) which rebuilds oversized records field-by-field, keeping as many top-level fields as fit within the limit.
  • Degraded fields are recorded in a truncated object that maps each field name to why it was truncated: true (dropped for size) or the error (the value could not be serialized directly and a safe representation was kept in its place).
  • Rename Console::Format::Safe's limit: to depth_limit: (with a deprecated limit: alias) to clarify its purpose alongside the new size_limit:.
Changelog

Sourced from console's changelog.

v1.36.0

  • Add a size_limit to Console::Format::Safe (default 16KiB) which rebuilds oversized records field-by-field, keeping as many top-level fields as fit within the limit.
  • Degraded fields are recorded in a truncated object that maps each field name to why it was truncated: true (dropped for size) or the error (the value could not be serialized directly and a safe representation was kept in its place).
  • Rename Console::Format::Safe's limit: to depth_limit: (with a deprecated limit: alias) to clarify its purpose alongside the new size_limit:.

v1.35.0

  • Fix handling of Errno::ENODEV errors when calculating the width of a terminal that was been re-opened to File::NULL.

v1.34.1

  • Add process_id to serialized output records for clarity (pid is still included for backwards compatibility).
    • Add object_id to serialized output records only when the subject is not a string or class/module.

v1.34.0

  • Allow Console::Compatible::Logger#add to accept **options.

v1.32.0

  • Add fiber_id to serialized output records to help identify which fiber logged the message.
  • Ractor support appears broken in older Ruby versions, so we now require Ruby 3.4 or later for Ractor compatibility, if you need Ractor support.

v1.31.0

Ractor compatibility.

The console library now works correctly with Ruby's Ractor concurrency model. Previously, attempting to use console logging within Ractors would fail with errors about non-shareable objects. This has been fixed by ensuring the default configuration is properly frozen.

# This now works without errors:
ractor = Ractor.new do
	require "console"
	Console.info("Hello from Ractor!")
	"Ractor completed successfully"
end
result = ractor.take
puts result # => 'Ractor completed successfully'

The fix is minimal and maintains full backward compatibility while enabling safe parallel logging across multiple Ractors.

Symbol log level compatibility.

Previously, returning symbols from custom log_level methods in configuration files would cause runtime errors like "comparison of Integer with :debug failed". This has been fixed to properly convert symbols to their corresponding integer values.

# config/console.rb - This now works correctly:
</tr></table> 

... (truncated)

Commits

Updates google-protobuf from 4.35.0 to 4.35.1

Commits

Updates io-event from 1.16.1 to 1.19.1

Release notes

Sourced from io-event's releases.

v1.19.1

  • Fix Process.waitall / Process.detach under the URing selector: when io_uring's waitid reported an error (e.g. ECHILD when there are no more children), the process_wait hook raised instead of returning the error as a Process::Status, so callers that expect waitpid to report "no more children" rather than raise would fail.

v1.19.0

  • Use io_uring_prep_waitid for process_wait in the URing selector (Linux 6.7+), waiting for child exit directly in the ring instead of polling on a pidfd. The child is reaped via rb_process_status_wait (using WEXITED | WNOWAIT) to construct a correct Process::Status, and process_wait(-1, ...) / process_wait(0, ...) are now supported.
  • Support waiting for any child or a process group (pid <= 0) on all selectors. The EPoll (pidfd_open) and KQueue (EVFILT_PROC) selectors can only watch a specific process, so these cases now fall back to a blocking wait on a dedicated thread; joining it is fiber-scheduler aware, so the reactor keeps running.

v1.18.0

  • Fixed: Avoid entering a blocking native selector wait when an interrupt is already pending for the current thread.

v1.17.0

  • Report inherited selector objects as closed after fork, and avoid closing descriptors they no longer own.

v1.16.4

  • Correctly implement Interrupt#signal so that it is robust enough to be called by Scheduler#unblock.

v1.16.3

  • Handle IOError raised while shutting down the pure Ruby interrupt pipe, so IO::Event::Interrupt#close does not leak expected shutdown errors from the interrupt fiber.

v1.16.2

  • Improve timer heap performance by batching scheduled timer insertion, compacting cancelled timers during flush, and avoiding unnecessary heap rebuilds for small incremental inserts.
Changelog

Sourced from io-event's changelog.

v1.19.1

  • Fix Process.waitall / Process.detach under the URing selector: when io_uring's waitid reported an error (e.g. ECHILD when there are no more children), the process_wait hook raised instead of returning the error as a Process::Status, so callers that expect waitpid to report "no more children" rather than raise would fail.

v1.19.0

  • Use io_uring_prep_waitid for process_wait in the URing selector (Linux 6.7+), waiting for child exit directly in the ring instead of polling on a pidfd. The child is reaped via rb_process_status_wait (using WEXITED | WNOWAIT) to construct a correct Process::Status, and process_wait(-1, ...) / process_wait(0, ...) are now supported.
  • Support waiting for any child or a process group (pid <= 0) on all selectors. The EPoll (pidfd_open) and KQueue (EVFILT_PROC) selectors can only watch a specific process, so these cases now fall back to a blocking wait on a dedicated thread; joining it is fiber-scheduler aware, so the reactor keeps running.

v1.18.0

  • Fixed: Avoid entering a blocking native selector wait when an interrupt is already pending for the current thread.

v1.17.0

  • Report inherited selector objects as closed after fork, and avoid closing descriptors they no longer own.

v1.16.4

  • Correctly implement Interrupt#signal so that it is robust enough to be called by Scheduler#unblock.

v1.16.3

  • Handle IOError raised while shutting down the pure Ruby interrupt pipe, so IO::Event::Interrupt#close does not leak expected shutdown errors from the interrupt fiber.

v1.16.2

  • Improve timer heap performance by batching scheduled timer insertion, compacting cancelled timers during flush, and avoiding unnecessary heap rebuilds for small incremental inserts.
Commits
  • e246f86 Bump patch version.
  • 3c518a3 Fix Process.waitall/detach under URing selector when no children remain. ...
  • 3f519d1 Bump minor version.
  • e0ebac3 Modernize code.
  • 6d73079 Support process_wait for any child / process group (pid <= 0) on all select...
  • 9eeec11 Use io_uring_prep_waitid for process_wait in URing selector. (#154)
  • fecf88c Bump minor version.
  • 0e880f3 Avoid blocking selectors with pending interrupts. (#197)
  • 217ec56 Clarify selector result handling. (#198)
  • 34e60dd Bump minor version.
  • Additional commits viewable in compare view

Updates json from 2.19.7 to 2.20.0

Release notes

Sourced from json's releases.

v2.20.0

What's Changed

  • Both C and Java parsers are no longer recursive, so parsing very deep documents with max_nesting: false will no longer result in SystemStackError stack level too deep errors.
    • The :max_nesting option still defaults to 100.
  • Optimized floating point number parsing further by replacing the ryu algorithm by a port of Eisel-Lemire Fast Float.
  • Added JSON::ResumableParser to parse streams of JSON documents. Not yet available on JRuby.
  • Deprecate default support of JavaScript comments in the parser and add allow_comments: true parsing option.
  • Integrate with Ruby 4.1 ruby_sized_xfree.

Full Changelog: ruby/json@v2.19.8...v2.20.0

v2.19.9

  • Fix buffer overflow that could lead to a crash when writing JSON directly into an IO with JSON.generate(object, io). [CVE-2026-54696].

Full Changelog: ruby/json@v2.19.8...v2.19.9

v2.19.8

What's Changed

  • Fix 1-byte buffer overread on EOS errors.
  • Handle invalid types passed as max_nesting option.

Full Changelog: ruby/json@v2.19.7...v2.19.8

Changelog

Sourced from json's changelog.

2026-06-23 (2.20.0)

  • Both C and Java parsers are no longer recursive, so parsing very deep documents with max_nesting: false will no longer result in SystemStackError stack level too deep errors.
    • The :max_nesting option still defaults to 100.
  • Optimized floating point number parsing further by replacing the ryu algorithm by a port of Eisel-Lemire Fast Float.
  • Added JSON::ResumableParser to parse streams of JSON documents. Not yet available on JRuby.
  • Deprecate default support of JavaScript comments in the parser and add allow_comments: true parsing option.
  • Integrate with Ruby 4.1 ruby_sized_xfree.

2026-06-11 (2.19.9)

  • Fix buffer overflow that could lead to a crash when writing JSON directly into an IO with JSON.generate(object, io). [CVE-2026-54696].

2026-06-03 (2.19.8)

  • Fix 1-byte buffer overread on EOS errors.
  • Handle invalid types passed as max_nesting option.
Commits
  • 1316292 Release 2.20.0
  • 1443265 Remove useless executable bits
  • 532065c Preserve UTF-8 encoding when reallocating a frozen ResumableParser buffer
  • 7c8af4b Update extconf.rb guard to use RUBY_ENGINE_VERSION
  • 2afd1a9 Cleanup the rb_catch_obj workaround
  • 9892514 Simplify parser_config_init
  • b30a8f8 ResumableParser: eagerly drop the buffer when reaching EOS
  • f08c663 ResumableParser: accept only keyword arguments
  • 9d8efcb Workaround TruffleRuby buggy rb_catch_obj implementation
  • 4bd1e9b ResumableParser: use throw rather than raise for handled EOS
  • Additional commits viewable in compare view

Updates mime-types-data from 3.2026.0414 to 3.2026.0701

Changelog

Sourced from mime-types-data's changelog.

3.2026.0701 / 2026-07-01

  • Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional] and the [Apache Tika media registry][tika] as of the release date.

  • Upgraded hoe-halostatue to ensure reproducible builds.

3.2026.0421 / 2026-04-21

  • Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional] and the [Apache Tika media registry][tika] as of the release date.
Commits
  • 3c813a3 chore: Fix release flags for 3.2026.0701
  • de3e506 chore: Reproducibility and data update 3.2026.0701
  • 4caf68a Update mime-types-data 3.2026.0421 / 2026-04-21
  • See full diff in compare view

Updates sass-embedded from 1.100.0 to 1.101.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the ruby-deps group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [sassc-embedded](https://github.com/sass-contrib/sassc-embedded-shim-ruby) | `1.80.8` | `1.80.9` |
| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.224.0` | `1.226.0` |
| [async](https://github.com/socketry/async) | `2.39.0` | `2.41.0` |
| [aws-partitions](https://github.com/aws/aws-sdk-ruby) | `1.1255.0` | `1.1263.0` |
| [aws-sdk-core](https://github.com/aws/aws-sdk-ruby) | `3.250.0` | `3.252.0` |
| [console](https://github.com/socketry/console) | `1.35.1` | `1.36.0` |
| [google-protobuf](https://github.com/protocolbuffers/protobuf) | `4.35.0` | `4.35.1` |
| [io-event](https://github.com/socketry/io-event) | `1.16.1` | `1.19.1` |
| [json](https://github.com/ruby/json) | `2.19.7` | `2.20.0` |
| [mime-types-data](https://github.com/mime-types/mime-types-data) | `3.2026.0414` | `3.2026.0701` |
| [sass-embedded](https://github.com/sass-contrib/sass-embedded-host-ruby) | `1.100.0` | `1.101.0` |


Updates `sassc-embedded` from 1.80.8 to 1.80.9
- [Commits](sass-contrib/sassc-embedded-shim-ruby@v1.80.8...v1.80.9)

Updates `aws-sdk-s3` from 1.224.0 to 1.226.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `async` from 2.39.0 to 2.41.0
- [Release notes](https://github.com/socketry/async/releases)
- [Changelog](https://github.com/socketry/async/blob/main/releases.md)
- [Commits](socketry/async@v2.39.0...v2.41.0)

Updates `aws-partitions` from 1.1255.0 to 1.1263.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-partitions/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `aws-sdk-core` from 3.250.0 to 3.252.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-core/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `console` from 1.35.1 to 1.36.0
- [Release notes](https://github.com/socketry/console/releases)
- [Changelog](https://github.com/socketry/console/blob/main/releases.md)
- [Commits](socketry/console@v1.35.1...v1.36.0)

Updates `google-protobuf` from 4.35.0 to 4.35.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `io-event` from 1.16.1 to 1.19.1
- [Release notes](https://github.com/socketry/io-event/releases)
- [Changelog](https://github.com/socketry/io-event/blob/main/releases.md)
- [Commits](socketry/io-event@v1.16.1...v1.19.1)

Updates `json` from 2.19.7 to 2.20.0
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v2.19.7...v2.20.0)

Updates `mime-types-data` from 3.2026.0414 to 3.2026.0701
- [Changelog](https://github.com/mime-types/mime-types-data/blob/main/CHANGELOG.md)
- [Commits](mime-types/mime-types-data@v3.2026.0414...v3.2026.0701)

Updates `sass-embedded` from 1.100.0 to 1.101.0
- [Commits](sass-contrib/sass-embedded-host-ruby@v1.100.0...v1.101.0)

---
updated-dependencies:
- dependency-name: sassc-embedded
  dependency-version: 1.80.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: aws-sdk-s3
  dependency-version: 1.226.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: async
  dependency-version: 2.41.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: aws-partitions
  dependency-version: 1.1263.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: aws-sdk-core
  dependency-version: 3.252.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: console
  dependency-version: 1.36.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: google-protobuf
  dependency-version: 4.35.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: io-event
  dependency-version: 1.19.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: json
  dependency-version: 2.20.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: mime-types-data
  dependency-version: 3.2026.0701
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: sass-embedded
  dependency-version: 1.101.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jul 1, 2026
@chadlwilson chadlwilson merged commit 2c7cb1f into master Jul 1, 2026
1 check passed
@dependabot dependabot Bot deleted the dependabot/bundler/ruby-deps-920bbfbd2c branch July 1, 2026 14:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant