Skip to content

Bump yard from 0.9.42 to 0.9.44#119

Merged
whitby3001 merged 1 commit into
masterfrom
dependabot/bundler/yard-0.9.44
Jun 30, 2026
Merged

Bump yard from 0.9.42 to 0.9.44#119
whitby3001 merged 1 commit into
masterfrom
dependabot/bundler/yard-0.9.44

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps yard from 0.9.42 to 0.9.44.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [yard](https://yardoc.org) from 0.9.42 to 0.9.44.

---
updated-dependencies:
- dependency-name: yard
  dependency-version: 0.9.44
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 29, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 29, 2026 13:23
@sonarqubecloud

Copy link
Copy Markdown

@whitby3001

Copy link
Copy Markdown
Contributor

Copilot summary:

I reviewed the upstream YARD changes from 0.9.42 to 0.9.44 against how fac/hermod uses the gem, and this looks safe to merge.

  • In this repo, yard is only present as an indirect development dependency via pry-doc in Gemfile.lock; it is not declared directly in Gemfile, not used in the Rakefile, and I couldn't find any code, tasks, or config in this repo that call YARD APIs or yard server.
  • Upstream 0.9.43/0.9.44 changes are limited to:
    • a fix for RBS attribute registration,
    • a yard server path traversal fix when --docroot/--cache are used together,
    • HybridMarkup/HTML entity handling improvements,
    • TypesExplainer parsing improvements for literals / nested hash keys.
  • None of those areas overlap with how this repository is using dependencies today, so I don’t see a compatibility risk for hermod.
  • The security fix in 0.9.44 is a net positive, even though this repo does not appear to use yard server.

Based on that, I’m comfortable with this being merged.

@whitby3001 whitby3001 merged commit a859b00 into master Jun 30, 2026
2 checks passed
@whitby3001 whitby3001 deleted the dependabot/bundler/yard-0.9.44 branch June 30, 2026 10:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant