Skip to content

chore(deps): bump the bundler group with 2 updates#238

Merged
tschaefer merged 1 commit into
mainfrom
dependabot/bundler/bundler-811b94185f
May 27, 2026
Merged

chore(deps): bump the bundler group with 2 updates#238
tschaefer merged 1 commit into
mainfrom
dependabot/bundler/bundler-811b94185f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 27, 2026

Bumps the bundler group with 2 updates: puma and rubocop-rails.

Updates puma from 8.0.1 to 8.0.2

Release notes

Sourced from puma's releases.

v8.0.2

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)

Security advisories

Changelog

Sourced from puma's changelog.

8.0.2 / 2026-05-27

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)
Commits

Updates rubocop-rails from 2.35.2 to 2.35.3

Release notes

Sourced from rubocop-rails's releases.

RuboCop Rails v2.35.3

Bug fixes

  • #1630: Fix a false positive in Rails/StrongParametersExpect when negating params[:key] with !, such as !params[:key]. (@​koic)
  • #1629: Fix false positives in Rails/StrongParametersExpect when using the safe navigation operator (&.) on params[:key]. Autocorrecting params[:key]&.downcase to params.expect(:key).downcase silently changes behavior — a missing param goes from returning nil to raising ActionController::ParameterMissing. (@​lucasmazza)
Changelog

Sourced from rubocop-rails's changelog.

2.35.3 (2026-05-27)

Bug fixes

  • #1630: Fix a false positive in Rails/StrongParametersExpect when negating params[:key] with !, such as !params[:key]. ([@​koic][])
  • #1629: Fix false positives in Rails/StrongParametersExpect when using the safe navigation operator (&.) on params[:key]. Autocorrecting params[:key]&.downcase to params.expect(:key).downcase silently changes behavior — a missing param goes from returning nil to raising ActionController::ParameterMissing. ([@​lucasmazza][])
Commits
  • 944f6f5 Cut 2.35.3
  • 7f93b76 Update Changelog
  • 3e9d4a5 Merge pull request #1631 from koic/fix_false_positive_for_rails_strong_parame...
  • 3529b8d [Fix #1630] Fix a false positive in Rails/StrongParametersExpect
  • dbb2e27 Merge pull request #1629 from lucasmazza/fix/strong-parameters-expect-safe-na...
  • 0ea9fbc Fix Rails/StrongParametersExpect to allow safe navigation operator on optiona...
  • 5d4154d Reset the docs version
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the bundler group with 2 updates
2315090 
Bumps the bundler group with 2 updates: [puma](https://github.com/puma/puma) and [rubocop-rails](https://github.com/rubocop/rubocop-rails).


Updates `puma` from 8.0.1 to 8.0.2
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](puma/puma@v8.0.1...v8.0.2)

Updates `rubocop-rails` from 2.35.2 to 2.35.3
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop-rails@v2.35.2...v2.35.3)

---
updated-dependencies:
- dependency-name: puma
  dependency-version: 8.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bundler
- dependency-name: rubocop-rails
  dependency-version: 2.35.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bundler
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 27, 2026
@dependabot dependabot Bot requested a review from tschaefer as a code owner May 27, 2026 12:22
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 27, 2026
@tschaefer tschaefer merged commit da8121d into main May 27, 2026
4 checks passed
@dependabot dependabot Bot deleted the dependabot/bundler/bundler-811b94185f branch May 27, 2026 12:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tschaefer tschaefer tschaefer approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tschaefer