Skip to content

chore(deps): bump the ruby group with 5 updates#1149

Merged
mergify[bot] merged 1 commit intomainfrom
dependabot/bundler/ruby-7fe0119bde
May 4, 2026
Merged

chore(deps): bump the ruby group with 5 updates#1149
mergify[bot] merged 1 commit intomainfrom
dependabot/bundler/ruby-7fe0119bde

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Bumps the ruby group with 5 updates:

Package From To
html2rss 4f83ace 60326f9
io-stream 0.11.1 0.13.0
json 2.19.4 2.19.5
nokogiri 1.19.2 1.19.3
puppeteer-ruby 0.52.0 0.52.1

Updates html2rss from 4f83ace to 60326f9

Commits
  • 60326f9 chore(deps-dev): bump yard from 0.9.38 to 0.9.42 (#355)
  • 0bed9d0 chore(deps-dev): bump erb from 6.0.1 to 6.0.1.1 (#360)
  • e6bede9 chore(master): release 0.19.1 (#364)
  • dcff670 ci: resolve release PR branch without label race (#365)
  • bdd7a93 fix: restore RubyGems release provenance (#363)
  • c0241ec chore(master): release 0.19.0 (#361)
  • bd16ad2 ci: refresh release PR lockfile (#362)
  • 75a721c ci: release gem via release-please (#349)
  • 416d000 feat: make strategy optional + default to :auto with fallback selection & r...
  • See full diff in compare view

Updates io-stream from 0.11.1 to 0.13.0

Release notes

Sourced from io-stream's releases.

v0.13.0

  • IO::Stream::Duplex(io) is equivalent to IO::Stream(io).

v0.12.0

  • Introduce IO::Stream::Duplex as a low-level duplex transport for composing separate input and output endpoints.
  • Add IO::Stream::Duplex(input, output) as a convenient constructor that returns a buffered stream wrapping a duplex transport.
  • Add a timeout compatibility shim for StringIO so duplex streams composed from in-memory endpoints can participate in the timeout interface consistently.
  • Remove old OpenSSL method shims.
Changelog

Sourced from io-stream's changelog.

v0.13.0

  • IO::Stream::Duplex(io) is equivalent to IO::Stream(io).

v0.12.0

  • Introduce IO::Stream::Duplex as a low-level duplex transport for composing separate input and output endpoints.
  • Add IO::Stream::Duplex(input, output) as a convenient constructor that returns a buffered stream wrapping a duplex transport.
  • Add a timeout compatibility shim for StringIO so duplex streams composed from in-memory endpoints can participate in the timeout interface consistently.
  • Remove old OpenSSL method shims.

v0.11.0

  • Introduce class IO::Stream::ConnectionResetError < Errno::ECONNRESET to standardize connection reset error handling across different IO types.
    • OpenSSL::SSL::SSLSocket raises OpenSSL::SSL::SSLError on connection reset, while other IO types raise Errno::ECONNRESET. SSLError is now rescued and re-raised as IO::Stream::ConnectionResetError for consistency.

v0.10.0

  • Rename done? to finished? for clarity and consistency.

v0.9.1

  • Fix EOF behavior to match Ruby IO semantics: read() returns empty string "" at EOF while read(size) returns nil at EOF.

v0.9.0

  • Add support for buffer parameter in read, read_exactly, and read_partial methods to allow reading into a provided buffer.

v0.8.0

  • On Ruby v3.3+, use IO#write directly instead of IO#write_nonblock, for better performance.
  • Introduce support for Readable#discard_until method to discard data until a specific pattern is found.

v0.7.0

  • Split stream functionality into separate Readable and Writable modules for better modularity and composition.
  • Remove unused timeout shim functionality.
  • 100% documentation coverage.

v0.6.1

  • Fix compatibility with Ruby v3.3.0 - v3.3.6 where broken @io.close could hang.

v0.6.0

  • Improve compatibility of gets implementation to better match Ruby's IO#gets behavior.

v0.5.0

  • Add support for read_until(limit:) parameter to limit the amount of data read.

... (truncated)

Commits

Updates json from 2.19.4 to 2.19.5

Release notes

Sourced from json's releases.

v2.19.5

What's Changed

  • Cap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.

Full Changelog: ruby/json@v2.19.4...v2.19.5

Changelog

Sourced from json's changelog.

2026-05-04 (2.19.5)

  • Cap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.
Commits
  • 4a1a4a4 Release 2.19.5
  • f6ca597 Avoid spamming too many deprecations while parsing
  • fa0671c Test TruffleRuby release in CI for improved stability
  • cfbe356 Force ensure_valid_encoding to be inlined.
  • 4ef7a45 Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...
  • 7dd6b63 Fix typo in changelog
  • See full diff in compare view

Updates nokogiri from 1.19.2 to 1.19.3

Release notes

Sourced from nokogiri's releases.

v1.19.3 / 2026-04-27

Fixed / Security

  • Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
  • [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.
46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem
8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem
3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem
9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem
71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem
40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem
8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem
77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem
2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem
248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem
78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem
Changelog

Sourced from nokogiri's changelog.

v1.19.3 / 2026-04-27

Fixed / Security

  • Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
  • [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.
Commits
  • c139a3d version bump to v1.19.3
  • 7501a63 fix: backtracking in CSS tokenizer rules (v1.19.x backport) (#3627)
  • 03e7968 test: skip CSS tokenizer benchmarks on JRuby
  • b984b7e fix: ReDoS in CSS tokenizer ident rule
  • 0092623 fix: ReDoS in CSS tokenizer STRING rule
  • ee17d33 fix: memory leak in XSLT transform (backport to v1.19.x) (#3624)
  • ce188a3 doc: update CHANGELOG
  • caeaac4 fix: memory leak in XSLT transform
  • 25220bf dep(test): test against libxml-ruby v6 (#3618)
  • 0caeb21 doc: add security warnings for untrusted XSLT stylesheets
  • See full diff in compare view

Updates puppeteer-ruby from 0.52.0 to 0.52.1

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the ruby group with 5 updates
975f187 
Bumps the ruby group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [html2rss](https://github.com/html2rss/html2rss) | ``4f83ace`` | ``60326f9`` |
| [io-stream](https://github.com/socketry/io-stream) | `0.11.1` | `0.13.0` |
| [json](https://github.com/ruby/json) | `2.19.4` | `2.19.5` |
| [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.19.2` | `1.19.3` |
| [puppeteer-ruby](https://github.com/YusukeIwaki/puppeteer-ruby) | `0.52.0` | `0.52.1` |


Updates `html2rss` from `4f83ace` to `60326f9`
- [Release notes](https://github.com/html2rss/html2rss/releases)
- [Commits](html2rss/html2rss@4f83ace...60326f9)

Updates `io-stream` from 0.11.1 to 0.13.0
- [Release notes](https://github.com/socketry/io-stream/releases)
- [Changelog](https://github.com/socketry/io-stream/blob/main/releases.md)
- [Commits](socketry/io-stream@v0.11.1...v0.13.0)

Updates `json` from 2.19.4 to 2.19.5
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v2.19.4...v2.19.5)

Updates `nokogiri` from 1.19.2 to 1.19.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.19.2...v1.19.3)

Updates `puppeteer-ruby` from 0.52.0 to 0.52.1
- [Commits](YusukeIwaki/puppeteer-ruby@0.52.0...0.52.1)

---
updated-dependencies:
- dependency-name: html2rss
  dependency-version: 60326f9b1590b8263646c692bdfeed90ac9af979
  dependency-type: direct:production
  dependency-group: ruby
- dependency-name: io-stream
  dependency-version: 0.13.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: ruby
- dependency-name: json
  dependency-version: 2.19.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: ruby
- dependency-name: nokogiri
  dependency-version: 1.19.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: ruby
- dependency-name: puppeteer-ruby
  dependency-version: 0.52.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: ruby
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 4, 2026
@mergify mergify Bot added the queued label May 4, 2026
@mergify
Copy link
Copy Markdown
Contributor

mergify Bot commented May 4, 2026
edited
Loading

Merge Queue Status

This pull request spent 2 minutes 43 seconds in the queue, including 1 minute 53 seconds running CI.

Required conditions to merge

mergify Bot added a commit that referenced this pull request May 4, 2026
@mergify
Merge of #1149
52bf836
@mergify mergify Bot mentioned this pull request May 4, 2026
Closed
4 tasks
@mergify mergify Bot merged commit 14309b8 into main May 4, 2026
6 checks passed
@mergify mergify Bot deleted the dependabot/bundler/ruby-7fe0119bde branch May 4, 2026 08:09
@mergify mergify Bot removed the queued label May 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants