Skip to content

Bump the ruby-dependencies group across 1 directory with 2 updates #182

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump the ruby-dependencies group across 1 directory with 2 updates #182

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2025
edited
Loading

Bumps the ruby-dependencies group with 2 updates in the / directory: rails and spring.

Updates rails from 7.1.3.2 to 7.2.2.1

Release notes

Sourced from rails's releases.

7.2.2.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead.

    [CVE-2024-54133]

    Gannon McGibbon

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

... (truncated)

Commits
  • 33beb0a Preparing for 7.2.2.1 release
  • d4b2a61 Update vendored trix version to 2.1.10
  • 3da2479 Add CSP directive validation
  • d0dcb8f Preparing for 7.2.2 release
  • 9f24f75 Add yarn.lock allowed dirty files
  • ad485aa Merge pull request #52951 from Ridhwana/Ridhwana/active-record-validations [c...
  • f6916e7 Merge pull request #53494 from zzak/re-53492
  • a7858b5 Merge pull request #53472 from p8/activerecord/improve-attributes-for-inspect...
  • e6a8acd Merge pull request #53475 from p8/activerecord/show-all-attributes-in-console
  • 91aac4a Merge pull request #53484 from zzak/query_cache-config-disable
  • Additional commits viewable in compare view

Updates spring from 4.2.1 to 4.3.0

Changelog

Sourced from spring's changelog.

4.3.0

  • Fix reloading issue in Ruby 3.3.
  • Fixed compatibility with --enable-frozen-string-literal.
  • Add embeded engines to default reload matcher.
Commits
  • e5fc6b2 Release 4.3.0
  • 1821287 Merge pull request #732 from Shopify/drop_3_1_edge_in_ci
  • e7e6b65 Remove 3.1 + edge from CI
  • 457416d Merge pull request #730 from thomasmarshall/fix-restart
  • 4bdb337 Merge pull request #719 from chaadow/patch-1
  • 4105015 Fix reloading in Ruby 3.3
  • eefc42d Merge pull request #723 from Shopify/booted-load-hook
  • 6c60916 Add embedded engine initializers to spring watcher
  • 1ed51d0 Fix compatibility with --frozen-string-literal
  • See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
rails [>= 8.a, < 9]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Apr 1, 2025
@dependabot dependabot bot requested a review from schneems as a code owner April 1, 2025 03:35
@dependabot
Bump the ruby-dependencies group across 1 directory with 2 updates
ef8a34b 
Bumps the ruby-dependencies group with 2 updates in the / directory: [rails](https://github.com/rails/rails) and [spring](https://github.com/rails/spring).


Updates `rails` from 7.1.3.2 to 7.2.2.1
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](rails/rails@v7.1.3.2...v7.2.2.1)

Updates `spring` from 4.2.1 to 4.3.0
- [Release notes](https://github.com/rails/spring/releases)
- [Changelog](https://github.com/rails/spring/blob/main/CHANGELOG.md)
- [Commits](rails/spring@v4.2.1...v4.3.0)

---
updated-dependencies:
- dependency-name: rails
  dependency-version: 7.2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ruby-dependencies
- dependency-name: spring
  dependency-version: 4.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: ruby-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/bundler/ruby-dependencies-85a30902f9 branch from 9b7de3d to ef8a34b Compare May 1, 2025 03:23
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 2, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jul 2, 2025
@dependabot dependabot bot deleted the dependabot/bundler/ruby-dependencies-85a30902f9 branch July 2, 2025 23:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@schneems schneems Awaiting requested review from schneems schneems is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants