Skip to content

Bump the "app-dependencies" group with 1 updates across multiple ecosystems #147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the "app-dependencies" group with 1 updates across multiple ecosystems #147

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 1, 2026

Bumps the app-dependencies group with 6 updates:

Package From To
httparty 0.23.2 0.24.0
nokogiri 1.18.10 1.19.0
multi_json 1.17.0 1.19.1
standard 1.51.1 1.52.0
bigdecimal 3.3.1 4.0.1
rack 3.2.3 3.2.4

Updates httparty from 0.23.2 to 0.24.0

Release notes

Sourced from httparty's releases.

v0.24.0

What's Changed

Full Changelog: jnunemaker/httparty@v0.23.2...v0.24.0

Commits
  • 55ec76e Release 0.24.0
  • ddfbc8d Merge pull request #830 from jnunemaker/fix-ssrf-base-uri-bypass
  • 0529bcd fix: prevent SSRF via absolute URL bypassing base_uri (GHSA-hm5p-x4rq-38w4)
  • 05f38fd Merge pull request #829 from jnunemaker/memory
  • 8901c23 feat: stream multipart file uploads to reduce memory usage
  • 091bd6a Merge pull request #828 from jnunemaker/issue-826
  • 59c0ac5 feat: set Content-Type for Hash body in requests
  • 5c8b45e Merge pull request #823 from jnunemaker/mixed-encodings
  • 6419cb3 Force binary encoding throughout
  • See full diff in compare view

Updates nokogiri from 1.18.10 to 1.19.0

Release notes

Sourced from nokogiri's releases.

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem
eb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem
572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem
23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem
0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem
5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem
05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem
1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem
f482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem
1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem
e304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem
Changelog

Sourced from nokogiri's changelog.

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

Commits
  • d77bfb6 version bump to v1.19.0
  • 1eb5c2c dev: convert scripts/test-gem-set to use mise
  • 88a120f dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (#3592)
  • f8c8f74 Skip the parser compression test for Windows system libs
  • e91c0fc ci: temporarily pin to setup-ruby with windows ruby 4
  • 1b08acc dep: update to minitest 6
  • 404487d dep: require JRuby >= 10.0
  • 19b22ea dep: add support for native Ruby 4.0 gem
  • ec57d11 ci: bump versions in CI images
  • f7b640f ci: avoid bundler collisions in downstream tests
  • Additional commits viewable in compare view

Updates multi_json from 1.17.0 to 1.19.1

Changelog

Sourced from multi_json's changelog.

1.19.1

1.19.0

1.18.0

Commits
  • c5fa9fc Version 1.19.1
  • c1b91f3 Update changelog for 1.19.1
  • c5bf2fc Fix encode/decode methods being inaccessible in 1.19.0
  • f876d45 Version 1.19.0
  • 20b8aad Remove steep dependency, rake task, Steepfile and workflow
  • eccd3e2 Fix JRuby/Windows encoding error in OkJson adapter
  • 194b95e Refactor tests
  • 90e5200 Revert "Drop support for Ruby 3.0, Ruby 3.1 and JRuby 9.4 in the next release"
  • 4047e21 Document adapters
  • abfa810 Capture test warnings/errors
  • Additional commits viewable in compare view

Updates standard from 1.51.1 to 1.52.0

Changelog

Sourced from standard's changelog.

1.52.0

Commits
  • 6d338ae 🐭 v1.52.0
  • d88e772 Merge pull request #767 from standardrb/updates-2025-11-18
  • 6a4f3f8 Updates changelog
  • 6c9c0a9 Update Gemfile.lock
  • 146b20d Updates config for rubocop 1.81.7
  • abaf288 Merge pull request #764 from standardrb/dependabot/github_actions/step-securi...
  • eba5dec Merge pull request #763 from standardrb/dependabot/bundler/minitest-5.26.1
  • 4f137e6 Bump step-security/harden-runner from 2.13.1 to 2.13.2
  • 5c26a00 Bump minitest from 5.26.0 to 5.26.1
  • 4d1e9c0 Update rubocop requirement from ~> 1.80.2 to >= 1.80.2, < 1.82.0
  • Additional commits viewable in compare view

Updates bigdecimal from 3.3.1 to 4.0.1

Release notes

Sourced from bigdecimal's releases.

v4.0.1

What's Changed

Full Changelog: ruby/bigdecimal@v4.0.0...v4.0.1

v4.0.0

What's Changed

New Contributors

Full Changelog: ruby/bigdecimal@v3.3.1...v4.0.0

Changelog

Sourced from bigdecimal's changelog.

4.0.1

4.0.0

Commits
  • 6d01c36 Bump version to v4.0.1 (#477)
  • 4914cc3 Remove "Which version should you select" section (#476)
  • 4120325 Remove unused variable (and add test for it) (#475)
  • f0bf63f Merge pull request #474 from ruby/exclude-dependabot-update
  • d93ef2b Exclude dependabot updates from release note
  • d9914c9 Bump version to v4.0.0 (#472)
  • 45d203a Deprecate ludcmp, jacobian and newton (#471)
  • 8146336 Remove deprecated method BigDecimal#precs (#470)
  • b7e93bf Better rounding of BigMath.atan(nearly_one, prec) (#469)
  • cef76eb Merge pull request #468 from ruby/dependabot/github_actions/step-security/har...
  • Additional commits viewable in compare view

Updates rack from 3.2.3 to 3.2.4

Changelog

Sourced from rack's changelog.

[3.2.4] - 2025-11-03

Fixed

  • Multipart parser: limit MIME header size check to the unread buffer region to avoid false multipart mime part header too large errors when previously read data accumulates in the scan buffer. (#2392, @​alpaca-tc, @​willnet, @​krororo)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Monthly dependency updates: Bump the app-dependencies group with 6 up…
90e5c6f 
…dates

Bumps the app-dependencies group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [httparty](https://github.com/jnunemaker/httparty) | `0.23.2` | `0.24.0` |
| [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.18.10` | `1.19.0` |
| [multi_json](https://github.com/sferik/multi_json) | `1.17.0` | `1.19.1` |
| [standard](https://github.com/standardrb/standard) | `1.51.1` | `1.52.0` |
| [bigdecimal](https://github.com/ruby/bigdecimal) | `3.3.1` | `4.0.1` |
| [rack](https://github.com/rack/rack) | `3.2.3` | `3.2.4` |


Updates `httparty` from 0.23.2 to 0.24.0
- [Release notes](https://github.com/jnunemaker/httparty/releases)
- [Changelog](https://github.com/jnunemaker/httparty/blob/main/Changelog.md)
- [Commits](jnunemaker/httparty@v0.23.2...v0.24.0)

Updates `nokogiri` from 1.18.10 to 1.19.0
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.18.10...v1.19.0)

Updates `multi_json` from 1.17.0 to 1.19.1
- [Changelog](https://github.com/sferik/multi_json/blob/main/CHANGELOG.md)
- [Commits](sferik/multi_json@v1.17.0...v1.19.1)

Updates `standard` from 1.51.1 to 1.52.0
- [Release notes](https://github.com/standardrb/standard/releases)
- [Changelog](https://github.com/standardrb/standard/blob/main/CHANGELOG.md)
- [Commits](standardrb/standard@v1.51.1...v1.52.0)

Updates `bigdecimal` from 3.3.1 to 4.0.1
- [Release notes](https://github.com/ruby/bigdecimal/releases)
- [Changelog](https://github.com/ruby/bigdecimal/blob/master/CHANGES.md)
- [Commits](ruby/bigdecimal@v3.3.1...v4.0.1)

Updates `rack` from 3.2.3 to 3.2.4
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@v3.2.3...v3.2.4)

---
updated-dependencies:
- dependency-name: httparty
  dependency-version: 0.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
- dependency-name: nokogiri
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
- dependency-name: multi_json
  dependency-version: 1.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
- dependency-name: standard
  dependency-version: 1.52.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
- dependency-name: bigdecimal
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: app-dependencies
- dependency-name: rack
  dependency-version: 3.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: app-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jan 1, 2026
@dependabot dependabot bot requested a review from bertrama as a code owner January 1, 2026 11:22
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jan 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bertrama bertrama Awaiting requested review from bertrama bertrama is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant