From 453faf32baad2cee6cf66f78299493a2de9e0723 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 May 2026 08:38:21 +0900
Subject: [PATCH 1/2] Bump step-security/harden-runner from 2.19.3 to 2.19.4
(#1720)
Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.19.3 to 2.19.4.
Release notes
Sourced from step-security/harden-runner's
releases.
v2.19.4
What's Changed
- Improvements for HTTPS Monitoring for the Enterprise tier of Harden
Runner
Full Changelog: https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/push_gem.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/push_gem.yml b/.github/workflows/push_gem.yml
index 60218ee4d9..5c5d2c567a 100644
--- a/.github/workflows/push_gem.yml
+++ b/.github/workflows/push_gem.yml
@@ -23,7 +23,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3
+ uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit
From 213cde1969c501efb754d78fc175b0173052b5e0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 May 2026 08:38:33 +0900
Subject: [PATCH 2/2] Bump ruby/setup-ruby from 1.308.0 to 1.310.0 (#1721)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.308.0
to 1.310.0.
Release notes
Sourced from ruby/setup-ruby's
releases.
v1.310.0
What's Changed
Full Changelog: https://github.com/ruby/setup-ruby/compare/v1.309.0...v1.310.0
v1.309.0
What's Changed
Full Changelog: https://github.com/ruby/setup-ruby/compare/v1.308.0...v1.309.0
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/cloudflare-preview.yml | 2 +-
.github/workflows/gh-pages.yml | 2 +-
.github/workflows/lint.yml | 2 +-
.github/workflows/push_gem.yml | 2 +-
.github/workflows/ri-backward-compat.yml | 2 +-
.github/workflows/ruby-core.yml | 2 +-
.github/workflows/test.yml | 4 ++--
7 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/.github/workflows/cloudflare-preview.yml b/.github/workflows/cloudflare-preview.yml
index 6714579a36..5c056b85d9 100644
--- a/.github/workflows/cloudflare-preview.yml
+++ b/.github/workflows/cloudflare-preview.yml
@@ -19,7 +19,7 @@ jobs:
ref: ${{ github.event.client_payload.pr_head_sha }}
- name: Setup Ruby
- uses: ruby/setup-ruby@97ecb7b512899eb71ab1bf2310a624c6f1589ac6 # v1.308.0
+ uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
with:
ruby-version: '3.4'
bundler-cache: true
diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml
index 1eb08d18b1..256940bd63 100644
--- a/.github/workflows/gh-pages.yml
+++ b/.github/workflows/gh-pages.yml
@@ -22,7 +22,7 @@ jobs:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Ruby
- uses: ruby/setup-ruby@97ecb7b512899eb71ab1bf2310a624c6f1589ac6 # v1.308.0
+ uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
with:
ruby-version: '3.2'
bundler-cache: true
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index fce170afc9..720b61c8d7 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -21,7 +21,7 @@ jobs:
- if: ${{ matrix.os == 'ubuntu-latest' }}
run: sudo apt install libyaml-dev
- name: Set up Ruby
- uses: ruby/setup-ruby@97ecb7b512899eb71ab1bf2310a624c6f1589ac6 # v1.308.0
+ uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
with:
ruby-version: 3.3
bundler-cache: true
diff --git a/.github/workflows/push_gem.yml b/.github/workflows/push_gem.yml
index 5c5d2c567a..c659c0fe2f 100644
--- a/.github/workflows/push_gem.yml
+++ b/.github/workflows/push_gem.yml
@@ -30,7 +30,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Ruby
- uses: ruby/setup-ruby@97ecb7b512899eb71ab1bf2310a624c6f1589ac6 # v1.308.0
+ uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
with:
bundler-cache: true
ruby-version: ruby
diff --git a/.github/workflows/ri-backward-compat.yml b/.github/workflows/ri-backward-compat.yml
index 4fc42454dc..9b1e6aec1f 100644
--- a/.github/workflows/ri-backward-compat.yml
+++ b/.github/workflows/ri-backward-compat.yml
@@ -23,7 +23,7 @@ jobs:
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Ruby
- uses: ruby/setup-ruby@97ecb7b512899eb71ab1bf2310a624c6f1589ac6 # v1.308.0
+ uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
with:
# Must use Ruby 3.x — on Ruby 4.0, Heading is always a Class while old
# RDoc versions serialized it as a Struct, so the test would always fail
diff --git a/.github/workflows/ruby-core.yml b/.github/workflows/ruby-core.yml
index 0df9fce8a4..b291ec28b0 100644
--- a/.github/workflows/ruby-core.yml
+++ b/.github/workflows/ruby-core.yml
@@ -22,7 +22,7 @@ jobs:
timeout-minutes: 30
steps:
- name: Set up latest ruby head
- uses: ruby/setup-ruby@97ecb7b512899eb71ab1bf2310a624c6f1589ac6 # v1.308.0
+ uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
with:
ruby-version: head
bundler: none
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 676acd7ad9..a9a3b3d929 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -39,7 +39,7 @@ jobs:
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Ruby
- uses: ruby/setup-ruby@97ecb7b512899eb71ab1bf2310a624c6f1589ac6 # v1.308.0
+ uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true # 'bundle install' and cache
@@ -67,7 +67,7 @@ jobs:
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Ruby
- uses: ruby/setup-ruby@97ecb7b512899eb71ab1bf2310a624c6f1589ac6 # v1.308.0
+ uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
with:
ruby-version: ${{ fromJson(needs.ruby-versions.outputs.latest) }}
bundler-cache: true