Skip to content

chore(deps): bump the ruby group with 4 updates #972

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 13, 2025
Merged

chore(deps): bump the ruby group with 4 updates #972

merged 1 commit into from
Oct 13, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 13, 2025

Bumps the ruby group with 4 updates: html2rss, bigdecimal, json and uri.

Updates html2rss from 29660a7 to f722d9d

Commits
  • f722d9d perf: parallelize auto source scraper extraction (#303)
  • 1000d13 fix(faraday): empty response body due to missing compression support (#304)
  • 680028a spec: add comprehensive examples & fix revealed bugs (#285)
  • 8fb01ee perf(media_renderer): reduce allocations for media table#299 (#300)
  • b49ff7d feat(auto_source): add JsonState to scrape SPA state (#291)
  • 507195d feat: add a set of default request headers (#289)
  • d06c1c0 docs: add AGENTS.md and refine copilot-instructions.md (#287)
  • See full diff in compare view

Updates bigdecimal from 3.2.3 to 3.3.1

Release notes

Sourced from bigdecimal's releases.

v3.3.1

What's Changed

Full Changelog: ruby/bigdecimal@v3.3.0...v3.3.1

v3.3.0

What's Changed

New Contributors

Full Changelog: ruby/bigdecimal@v3.2.3...v3.3.0

Changelog

Sourced from bigdecimal's changelog.

3.3.1

  • All BigMath methods converts non integer precision with to_int

    @​tompng

3.3.0

Commits
  • 2d932f4 Bump version to 3.3.1 (#443)
  • 8f34991 Unify all precision validation to be consistent with BigDecimal#add (#442)
  • a831065 Fix modulo/remainder of negative zero (#441)
  • 0aa97bb Bump version to 3.3.0 (#437)
  • f718178 Fix precision of x.power(y, prec) when the result is nearly infinity (#439)
  • a267ca7 Improve performance of x**y when y is a huge value (#438)
  • cb2458b Add newline at EOF [ci skip]
  • d93b542 Make internal BigMath method a private method (#432)
  • f107735 Merge pull request #431 from ruby/dependabot/github_actions/step-security/har...
  • 6682fd8 Bump step-security/harden-runner from 2.13.0 to 2.13.1
  • Additional commits viewable in compare view

Updates json from 2.15.0 to 2.15.1

Release notes

Sourced from json's releases.

v2.15.1

What's Changed

  • Fix incorrect escaping in the JRuby extension when encoding shared strings.

Full Changelog: ruby/json@v2.15.0...v2.15.1

Changelog

Sourced from json's changelog.

2025-10-07 (2.15.1)

  • Fix incorrect escaping in the JRuby extension when encoding shared strings.
Commits

Updates uri from 1.0.3 to 1.0.4

Release notes

Sourced from uri's releases.

v1.0.4

Security fixes

Full Changelog: ruby/uri@v1.0.3...v1.0.4

Commits
  • e507473 Bump up to v1.0.4
  • d3116ca Merge branch 'CVE-2025-61594-3-4' into HEAD
  • 6c6449e Add authority accessor
  • 5cec76b Clear user info totally at setting any of authority info
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the ruby group with 4 updates
8b9a170 
Bumps the ruby group with 4 updates: [html2rss](https://github.com/html2rss/html2rss), [bigdecimal](https://github.com/ruby/bigdecimal), [json](https://github.com/ruby/json) and [uri](https://github.com/ruby/uri).


Updates `html2rss` from `29660a7` to `f722d9d`
- [Release notes](https://github.com/html2rss/html2rss/releases)
- [Commits](html2rss/html2rss@29660a7...f722d9d)

Updates `bigdecimal` from 3.2.3 to 3.3.1
- [Release notes](https://github.com/ruby/bigdecimal/releases)
- [Changelog](https://github.com/ruby/bigdecimal/blob/master/CHANGES.md)
- [Commits](ruby/bigdecimal@v3.2.3...v3.3.1)

Updates `json` from 2.15.0 to 2.15.1
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v2.15.0...v2.15.1)

Updates `uri` from 1.0.3 to 1.0.4
- [Release notes](https://github.com/ruby/uri/releases)
- [Commits](ruby/uri@v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: html2rss
  dependency-version: f722d9d556ab5351744be216d009e8205272c8bc
  dependency-type: direct:production
  dependency-group: ruby
- dependency-name: bigdecimal
  dependency-version: 3.3.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: ruby
- dependency-name: json
  dependency-version: 2.15.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: ruby
- dependency-name: uri
  dependency-version: 1.0.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: ruby
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Oct 13, 2025
@mergify mergify bot added the queued label Oct 13, 2025
mergify bot added a commit that referenced this pull request Oct 13, 2025
@mergify
Merge of #972
16f7622
@mergify mergify bot mentioned this pull request Oct 13, 2025
Closed
4 tasks
@mergify mergify bot merged commit 19d7138 into main Oct 13, 2025
6 checks passed
@mergify mergify bot deleted the dependabot/bundler/ruby-20abeeb3cb branch October 13, 2025 07:08
@mergify mergify bot removed the queued label Oct 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants