Skip to content

Bump the ruby-deps group with 6 updates#1333

Merged
chadlwilson merged 1 commit into
masterfrom
dependabot/bundler/ruby-deps-e3187df163
Apr 10, 2026
Merged

Bump the ruby-deps group with 6 updates#1333
chadlwilson merged 1 commit into
masterfrom
dependabot/bundler/ruby-deps-e3187df163

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 10, 2026

Bumps the ruby-deps group with 6 updates:

Package From To
selenium-webdriver 4.41.0 4.42.0
multi_json 1.19.1 1.20.0
bigdecimal 4.1.0 4.1.1
http-cookie 1.1.0 1.1.4
mime-types-data 3.2026.0331 3.2026.0407
regexp_parser 2.11.3 2.12.0

Updates selenium-webdriver from 4.41.0 to 4.42.0

Release notes

Sourced from selenium-webdriver's releases.

Selenium 4.42.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

What's Changed

... (truncated)

Changelog

Sourced from selenium-webdriver's changelog.

4.42.0 (2026-04-08)

  • Support CDP versions: v144, v145, v146
Commits

Updates multi_json from 1.19.1 to 1.20.0

Changelog

Sourced from multi_json's changelog.

1.20.0

  • Drop the UnannotatedEmptyCollection Steep diagnostic override by inline-annotating Options::EMPTY_OPTIONS with #: options and routing MultiJson.current_adapter's ||= fallback through that constant. Also enable rubocop's Layout/LeadingCommentSpace AllowSteepAnnotation / AllowRBSInlineAnnotation so future inline #: casts don't need a per-line disable.
  • Hoist the block_given? check in MutexStore#fetch outside @mutex.synchronize so the no-block read path runs the check once per call instead of inside the critical section.
  • Short-circuit Adapter.blank? on inputs that start with { or [ so the dominant JSON object and array load paths skip the blank-pattern regex entirely.
  • Drop the (...) argument forwarding in MultiJson::Options#load_options, dump_options, resolve_options, and invoke_callable in favor of explicit *args so the signatures document that they forward positional arguments to a callable provider and nothing else.
  • Collapse the five MultiJson::Concurrency.synchronize_* wrapper methods into a single Concurrency.synchronize(name, &block) keyed by symbol, with the mutex catalog in a MUTEXES hash. The synchronization surface is now one method instead of five and adding a new mutex is a one-line entry.
  • Walk the superclass chain manually in Adapter.walk_default_options instead of allocating an ancestors array on every call. The dump/load hot path no longer pays for an iteration over the (mostly module) ancestor list when looking up an adapter's defaults.
  • Add a # frozen_string_literal: true magic comment to every Ruby file in lib/ and test/, and flip the Style/FrozenStringLiteralComment rubocop cop to EnforcedStyle: always so future files inherit the freeze.
  • Include the original exception's class name in MultiJson::AdapterError.build's formatted message so a downstream consumer reading just the wrapped error can distinguish a LoadError from a validator ArgumentError without having to inspect error.cause separately.
  • Mark the five MultiJson::Concurrency mutex constants as private_constant and add matching synchronize_* wrapper methods so callers don't reach into the module's internals.
  • DRY up lib/multi_json/deprecated.rb with a small deprecate_alias / deprecate_method DSL so adding or removing a deprecation is a one-liner instead of a 4-line copy of the warn-then-delegate template.
  • Hoist a shared Gson::Decoder and Gson::Encoder to handle the empty-options case in the JRuby Gson adapter so the dominant MultiJson.load(json) / MultiJson.dump(obj) call path no longer allocates a fresh decoder/encoder per call.
  • Memoize the per-adapter ParseError lookup in MultiJson.parse_error_class_for so the constant resolution runs at most once per adapter, instead of on every MultiJson.load call.
  • Walk the superclass chain in Adapter.default_load_options / default_dump_options instead of copying the parent's defaults into the subclass at inheritance time, so a parent calling defaults :load, ... after a subclass has been defined now propagates to the subclass.
  • Hold @eviction_mutex around ConcurrentStore#reset's @cache.clear so a JRuby fetcher in the middle of its evict-then-insert sequence cannot interleave with a concurrent reset, mirroring MutexStore#reset's mutex usage.
  • Collect the five process-wide mutexes that protect MultiJson's lazy initializers and adapter swap into a new MultiJson::Concurrency module so the library's concurrency surface is documented in one place.
  • Replace the per-adapter loaded lambdas in AdapterSelector::ADAPTERS with constant name strings, walked through Object.const_defined? directly. The lookup table is half as large and no longer holds six closure objects whose only job was to call defined?.
  • Wrap AdapterSelector#default_adapter_excluding in DEFAULT_ADAPTER_MUTEX so concurrent callers can't both walk the detection chain and double-fire fallback_adapter's one-time warning.
  • Raise a clear MultiJson::AdapterError when a custom adapter passed to MultiJson.load does not define a ParseError constant, instead of letting the bare NameError from the rescue clause propagate.
  • Drop the duplicate Adapter::EMPTY_OPTIONS constant in favor of the MultiJson::Options::EMPTY_OPTIONS it was shadowing.
  • Defer the fast_jsonparser adapter's dump-delegate resolution until the first dump call instead of locking it in at file load time. The adapter no longer inherits from another adapter, so loading multi_json/adapters/fast_jsonparser before oj no longer locks the dump path to whichever adapter happened to be available at that moment.
  • Make the lazy default_load_options and default_dump_options initializers in MultiJson::Options thread-safe so two threads accessing an adapter's defaults for the first time can't both run the ||= initializer.
  • Make AdapterSelector#default_adapter's lazy ||= initializer thread-safe so two threads racing past the unset @default_adapter ivar can't both run detection (and double-emit the fallback warning in the no-adapters-installed branch).
  • Wrap MultiJson.use's OptionsCache.reset and @adapter swap in a mutex so two threads calling use concurrently can't interleave their cache reset and adapter assignment.
  • Stop relying on Oj::ParseError's ::SyntaxError ancestor when matching exceptions in Oj::ParseError.===. Walk the exception's ancestor chain by class name instead, so a future Oj release that re-parents its error class doesn't silently break our rescue clauses.
  • Improve AdapterSelector#load_adapter's error message for unrecognized adapter specs so it names the expected types and shows the offender's inspect output instead of just to_s.
  • Validate the value argument in Adapter.defaults so a non-Hash (e.g. defaults :load, "oops") raises ArgumentError at definition time instead of crashing later in the merge path.
  • Skip String#scrub in Adapter.blank? when the input is already valid UTF-8 so the common load path no longer allocates a scrubbed copy on every call.
  • Move Oj#load's :symbolize_keys translation into a private translate_load_options helper that drops the redundant :symbolize_keys passthrough alongside :symbol_keys, mirroring the cleanup already in JsonGem#load.
  • Skip the per-call hash merge in JsonGem#dump when pretty: true is the only option, passing PRETTY_STATE_PROTOTYPE directly.
  • Type-check the Yajl, JrJackson, and Gson adapter wrappers under Steep, with stubbed RBS sigs for the underlying libraries living in sig/external_libraries.rbs.
  • Unify LOADED_ADAPTER_DETECTORS and REQUIREMENT_MAP in AdapterSelector into a single ADAPTERS source-of-truth so the require path and detection lambda for each adapter live in one place.
  • Extract deprecated public API (decode, encode, engine, engine=, default_engine, with_engine, default_options, default_options=, cached_options, reset_cached_options!) into lib/multi_json/deprecated.rb and drop the matching Style/Documentation, Style/ModuleFunction, and Style/OpenStructUse rubocop opt-outs.
  • Validate the action argument in Adapter.defaults so a typo (e.g. defaults :encode, ...) raises ArgumentError at definition time instead of silently producing a no-op default.
  • Drop the stale ok_json reference from the fast_jsonparser adapter's docstring.
  • Remove the MultiJson::REQUIREMENT_MAP legacy alias; the canonical map already lives on MultiJson::AdapterSelector.
  • Drop the dead JrJackson dump arity branch (and its SimpleCov filter). JrJackson 0.4.18+ accepts an options hash as the second argument to Json.dump.
  • Drop the redundant options.except(:adapter) allocation in JsonGem#dump; Adapter.merged_dump_options already strips :adapter before the cached hash reaches the adapter.
  • Forward all merged options through Yajl#load instead of honoring only :symbolize_keys.
  • Tighten Adapter.blank? so it scrubs invalid UTF-8 bytes up front instead of swallowing every ArgumentError from the underlying String calls.
  • Guard ConcurrentStore eviction against a TOCTOU race so two concurrent JRuby threads cannot both pass the size check and briefly exceed OptionsCache.max_cache_size.
  • Synchronize warn_deprecation_once so concurrent fibers and threads cannot race past the membership check and emit the same one-time deprecation warning twice.
  • Stop resetting OptionsCache when MultiJson.use raises so a failed use(:nonexistent) no longer discards the cached entries belonging to the still-active previous adapter.
  • Stop mutating cached options in JsonGem#load, mirroring the cache-pollution fix already in place for Oj#load.
  • Empty the mutant ignore list. The Gson and JrJackson ignores were dead — those adapters ship in the java-platform gem and aren't present when mutant runs on MRI — and Store#reset's mutex wrapper is now directly tested by stubbing Mutex#synchronize.
  • Remove the vendored ok_json adapter. The json gem has been a Ruby default gem since 1.9, so an external pure-Ruby fallback is no longer needed on any supported Ruby version. The last-resort fallback when no other JSON library can be loaded is now json_gem. The ConvertibleHashKeys helper module, which only ok_json used, is also removed.
  • Surface parse error locations as error.line and error.column on MultiJson::ParseError, extracted from the underlying adapter's message for adapters that include one (Oj, the json gem).
  • Make MultiJson::OptionsCache.max_cache_size configurable so applications that generate many distinct option hashes can raise the cache ceiling at runtime.
  • Reorganize lib/multi_json.rb into clearer sections and document why both the module_function and singleton-only definition patterns coexist.
  • Restructure OptionsCache backend selection so MRI and JRuby execute the same physical require_relative line, restoring JRuby's line coverage threshold to 100%.

... (truncated)

Commits
  • f262be6 Work around sigstore-ruby JRuby signing failure
  • 8cc1f09 Version 1.20.0
  • 2fe0169 Drop the UnannotatedEmptyCollection Steep override
  • 6e8ed17 Hoist block_given? out of MutexStore#fetch's critical section
  • 9fe1255 Short-circuit Adapter.blank? on JSON object and array sigils
  • ccc6425 Replace (...) forwarding with explicit *args in Options
  • 1760acb Collapse Concurrency wrappers into a single synchronize(name)
  • 05669e6 Walk superclass chain manually in Adapter.walk_default_options
  • 2e4a9ac Freeze string literals across the lib and test trees
  • dc67097 Pin concurrent-ruby in the development Gemfile
  • Additional commits viewable in compare view

Updates bigdecimal from 4.1.0 to 4.1.1

Release notes

Sourced from bigdecimal's releases.

v4.1.1

What's Changed

New Contributors

Full Changelog: ruby/bigdecimal@v4.1.0...v4.1.1

Changelog

Sourced from bigdecimal's changelog.

4.1.1

Commits

Updates http-cookie from 1.1.0 to 1.1.4

Release notes

Sourced from http-cookie's releases.

1.1.3 (2026-04-06)

  • Restore compatibility with Ruby 2.6.

Full Changelog: sparklemotion/http-cookie@v1.1.2...v1.1.3

1.1.2

What's Changed

Full Changelog: sparklemotion/http-cookie@v1.1.1...v1.1.2

1.1.1

What's Changed

New Contributors

Full Changelog: sparklemotion/http-cookie@v1.1.0...v1.1.1

Changelog

Sourced from http-cookie's changelog.

1.1.4 (2026-04-07)

  • Fix require "http/cookie_jar" raising NameError: uninitialized constant HTTP. (#61)

1.1.3 (2026-04-06)

  • Restore compatibility with Ruby 2.6.

1.1.2 (2026-04-06)

  • Stop requiring sqlite3 at load time by changing MozillaStore::Database from inheritance to composition.

1.1.1 (2026-04-06)

  • Fix thread-unsafe runtime requires. (#43 by @​brasic, #57)
  • Replace require 'cgi' with require 'cgi/escape' to suppress Ruby 4.0 warning. (#56 by @​dominion525)
  • Do not define MozillaStore on JRuby; leave the constant undefined instead.
  • Relax sqlite3 development dependency to >= 1.3.
Commits
  • 2673919 Bump version to 1.1.4
  • bdb2c4d Require http/cookie/version from http/cookie_jar so it is directly loadable
  • 483ee5e Bump version to 1.1.3
  • e1ffa5c Test on Ruby 2.6
  • 621fbee Fix syntax error on Ruby 2.6
  • 78767e1 Bump version to 1.1.2
  • d230111 Stop requiring sqlite3 at load time (#59)
  • e321252 Stop requiring sqlite3 at load time
  • 21729e5 Relax sqlite3 version constraint to >= 1.3
  • a3d1e7f Bump version to 1.1.1
  • Additional commits viewable in compare view

Updates mime-types-data from 3.2026.0331 to 3.2026.0407

Changelog

Sourced from mime-types-data's changelog.

3.2026.0407 / 2026-04-07

  • Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional] and the [Apache Tika media registry][tika] as of the release date.
Commits
  • cdd6e72 Update mime-types-data 3.2026.0407 / 2026-04-07
  • 1bcba11 deps: bump the actions group with 2 updates
  • See full diff in compare view

Updates regexp_parser from 2.11.3 to 2.12.0

Changelog

Sourced from regexp_parser's changelog.

[2.12.0] - 2026-04-04 - Janosch Müller

Added

  • support for new unicode properties of Ruby 4.0.0
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the ruby-deps group with 6 updates
4d0fa13 
Bumps the ruby-deps group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [selenium-webdriver](https://github.com/SeleniumHQ/selenium) | `4.41.0` | `4.42.0` |
| [multi_json](https://github.com/sferik/multi_json) | `1.19.1` | `1.20.0` |
| [bigdecimal](https://github.com/ruby/bigdecimal) | `4.1.0` | `4.1.1` |
| [http-cookie](https://github.com/sparklemotion/http-cookie) | `1.1.0` | `1.1.4` |
| [mime-types-data](https://github.com/mime-types/mime-types-data) | `3.2026.0331` | `3.2026.0407` |
| [regexp_parser](https://github.com/ammar/regexp_parser) | `2.11.3` | `2.12.0` |


Updates `selenium-webdriver` from 4.41.0 to 4.42.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](SeleniumHQ/selenium@selenium-4.41.0...selenium-4.42.0)

Updates `multi_json` from 1.19.1 to 1.20.0
- [Changelog](https://github.com/sferik/multi_json/blob/main/CHANGELOG.md)
- [Commits](sferik/multi_json@v1.19.1...v1.20.0)

Updates `bigdecimal` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/ruby/bigdecimal/releases)
- [Changelog](https://github.com/ruby/bigdecimal/blob/master/CHANGES.md)
- [Commits](ruby/bigdecimal@v4.1.0...v4.1.1)

Updates `http-cookie` from 1.1.0 to 1.1.4
- [Release notes](https://github.com/sparklemotion/http-cookie/releases)
- [Changelog](https://github.com/sparklemotion/http-cookie/blob/master/CHANGELOG.md)
- [Commits](sparklemotion/http-cookie@v1.1.0...v1.1.4)

Updates `mime-types-data` from 3.2026.0331 to 3.2026.0407
- [Changelog](https://github.com/mime-types/mime-types-data/blob/main/CHANGELOG.md)
- [Commits](mime-types/mime-types-data@v3.2026.0331...v3.2026.0407)

Updates `regexp_parser` from 2.11.3 to 2.12.0
- [Changelog](https://github.com/ammar/regexp_parser/blob/master/CHANGELOG.md)
- [Commits](ammar/regexp_parser@v2.11.3...v2.12.0)

---
updated-dependencies:
- dependency-name: selenium-webdriver
  dependency-version: 4.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: multi_json
  dependency-version: 1.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: bigdecimal
  dependency-version: 4.1.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: http-cookie
  dependency-version: 1.1.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: mime-types-data
  dependency-version: 3.2026.0407
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: regexp_parser
  dependency-version: 2.12.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Apr 10, 2026
@chadlwilson chadlwilson merged commit 8654583 into master Apr 10, 2026
@dependabot dependabot Bot deleted the dependabot/bundler/ruby-deps-e3187df163 branch April 10, 2026 04:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chadlwilson