Skip to content

Bump the bundler group across 3 directories with 3 updates#231

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/bundler-2a03042084
Open

Bump the bundler group across 3 directories with 3 updates#231
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/bundler-2a03042084

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps the bundler group with 3 updates in the / directory: concurrent-ruby, css_parser and faraday.
Bumps the bundler group with 2 updates in the /ruby directory: concurrent-ruby and css_parser.
Bumps the bundler group with 1 update in the /test directory: concurrent-ruby.

Updates concurrent-ruby from 1.3.6 to 1.3.7

Release notes

Sourced from concurrent-ruby's releases.

v1.3.7

There are 3 security fixes in this release, so updating is recommended. These security vulnerabilities are not very likely to be hit in practice and have a corresponding Low severity score.

What's Changed

New Contributors

Full Changelog: ruby-concurrency/concurrent-ruby@v1.3.6...v1.3.7

Changelog

Sourced from concurrent-ruby's changelog.

Release v1.3.7 (16 June 2026)

concurrent-ruby:

Commits
  • 4c8fc28 Release 1.3.7
  • d91ca94 Fix AtomicReference#update livelock when stored value is Float::NAN on JRuby ...
  • 7e4d711 Fix ReentrantReadWriteLock read hold overflow into write-lock bit
  • 6e37e06 Fix AtomicReference#update livelock when stored value is Float::NAN
  • 2825cfa Cleanup spec
  • 3fd4932 Fix ReadWriteLock wrong-thread write release and stray read release
  • 1974b47 Add Ruby 4.0 in CI
  • df8706d Add SECURITY.md (#1104)
  • 7a1b789 Bump actions/upload-pages-artifact from 4 to 5
  • 9b2dbf7 Bump actions/deploy-pages from 4 to 5
  • Additional commits viewable in compare view

Updates css_parser from 1.21.1 to 1.22.0

Changelog

Sourced from css_parser's changelog.

Ruby CSS Parser CHANGELOG

Unreleased

Version 3.0.0

  • Harden read_remote_file, use allow_local_network: true and allow_file_uris: true to bypass

Version 2.2.0

  • Accept CSS <number> values with an omitted integer part (e.g. .1) inside rgb()/rgba()/hsl()/hsla(). Previously RE_COLOUR_NUMERIC and RE_COLOUR_NUMERIC_ALPHA required at least one digit before the decimal point, which caused colours such as rgba(0,0,0,.1) to be silently dropped during shorthand expansion (background-color from background:, border-*-color from border:).

Version 2.1.0

  • Validate ssl when pulling files via https

Version 2.0.0

  • Drop ruby <3.2, fix a memory leak
Commits

Updates faraday from 2.14.1 to 2.14.3

Release notes

Sourced from faraday's releases.

v2.14.3

Security Note

This release contains a security fix, we recommend all users to upgrade as soon as possible. A Security Advisory with more details will be posted shortly.

What's Changed

New Contributors

Full Changelog: lostisland/faraday@v2.14.2...v2.14.3

v2.14.2

Security Note

This release contains a security fix, we recommend all users to upgrade as soon as possible. A Security Advisory with more details will be posted shortly.

What's Changed

New Contributors

Full Changelog: lostisland/faraday@v2.14.1...v2.14.2

Commits

Updates concurrent-ruby from 1.3.6 to 1.3.7

Release notes

Sourced from concurrent-ruby's releases.

v1.3.7

There are 3 security fixes in this release, so updating is recommended. These security vulnerabilities are not very likely to be hit in practice and have a corresponding Low severity score.

What's Changed

New Contributors

Full Changelog: ruby-concurrency/concurrent-ruby@v1.3.6...v1.3.7

Changelog

Sourced from concurrent-ruby's changelog.

Release v1.3.7 (16 June 2026)

concurrent-ruby:

Commits
  • 4c8fc28 Release 1.3.7
  • d91ca94 Fix AtomicReference#update livelock when stored value is Float::NAN on JRuby ...
  • 7e4d711 Fix ReentrantReadWriteLock read hold overflow into write-lock bit
  • 6e37e06 Fix AtomicReference#update livelock when stored value is Float::NAN
  • 2825cfa Cleanup spec
  • 3fd4932 Fix ReadWriteLock wrong-thread write release and stray read release
  • 1974b47 Add Ruby 4.0 in CI
  • df8706d Add SECURITY.md (#1104)
  • 7a1b789 Bump actions/upload-pages-artifact from 4 to 5
  • 9b2dbf7 Bump actions/deploy-pages from 4 to 5
  • Additional commits viewable in compare view

Updates css_parser from 1.21.1 to 1.22.0

Changelog

Sourced from css_parser's changelog.

Ruby CSS Parser CHANGELOG

Unreleased

Version 3.0.0

  • Harden read_remote_file, use allow_local_network: true and allow_file_uris: true to bypass

Version 2.2.0

  • Accept CSS <number> values with an omitted integer part (e.g. .1) inside rgb()/rgba()/hsl()/hsla(). Previously RE_COLOUR_NUMERIC and RE_COLOUR_NUMERIC_ALPHA required at least one digit before the decimal point, which caused colours such as rgba(0,0,0,.1) to be silently dropped during shorthand expansion (background-color from background:, border-*-color from border:).

Version 2.1.0

  • Validate ssl when pulling files via https

Version 2.0.0

  • Drop ruby <3.2, fix a memory leak
Commits

Updates concurrent-ruby from 1.3.6 to 1.3.7

Release notes

Sourced from concurrent-ruby's releases.

v1.3.7

There are 3 security fixes in this release, so updating is recommended. These security vulnerabilities are not very likely to be hit in practice and have a corresponding Low severity score.

What's Changed

New Contributors

Full Changelog: ruby-concurrency/concurrent-ruby@v1.3.6...v1.3.7

Changelog

Sourced from concurrent-ruby's changelog.

Release v1.3.7 (16 June 2026)

concurrent-ruby:

Commits
  • 4c8fc28 Release 1.3.7
  • d91ca94 Fix AtomicReference#update livelock when stored value is Float::NAN on JRuby ...
  • 7e4d711 Fix ReentrantReadWriteLock read hold overflow into write-lock bit
  • 6e37e06 Fix AtomicReference#update livelock when stored value is Float::NAN
  • 2825cfa Cleanup spec
  • 3fd4932 Fix ReadWriteLock wrong-thread write release and stray read release
  • 1974b47 Add Ruby 4.0 in CI
  • df8706d Add SECURITY.md (#1104)
  • 7a1b789 Bump actions/upload-pages-artifact from 4 to 5
  • 9b2dbf7 Bump actions/deploy-pages from 4 to 5
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the bundler group with 3 updates in the / directory: [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby), [css_parser](https://github.com/premailer/css_parser) and [faraday](https://github.com/lostisland/faraday).
Bumps the bundler group with 2 updates in the /ruby directory: [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby) and [css_parser](https://github.com/premailer/css_parser).
Bumps the bundler group with 1 update in the /test directory: [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby).


Updates `concurrent-ruby` from 1.3.6 to 1.3.7
- [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases)
- [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md)
- [Commits](ruby-concurrency/concurrent-ruby@v1.3.6...v1.3.7)

Updates `css_parser` from 1.21.1 to 1.22.0
- [Changelog](https://github.com/premailer/css_parser/blob/master/CHANGELOG.md)
- [Commits](premailer/css_parser@v1.21.1...v1.22.0)

Updates `faraday` from 2.14.1 to 2.14.3
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](lostisland/faraday@v2.14.1...v2.14.3)

Updates `concurrent-ruby` from 1.3.6 to 1.3.7
- [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases)
- [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md)
- [Commits](ruby-concurrency/concurrent-ruby@v1.3.6...v1.3.7)

Updates `css_parser` from 1.21.1 to 1.22.0
- [Changelog](https://github.com/premailer/css_parser/blob/master/CHANGELOG.md)
- [Commits](premailer/css_parser@v1.21.1...v1.22.0)

Updates `concurrent-ruby` from 1.3.6 to 1.3.7
- [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases)
- [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md)
- [Commits](ruby-concurrency/concurrent-ruby@v1.3.6...v1.3.7)

---
updated-dependencies:
- dependency-name: concurrent-ruby
  dependency-version: 1.3.7
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: css_parser
  dependency-version: 1.22.0
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: faraday
  dependency-version: 2.14.3
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: concurrent-ruby
  dependency-version: 1.3.7
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: css_parser
  dependency-version: 1.22.0
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: concurrent-ruby
  dependency-version: 1.3.7
  dependency-type: indirect
  dependency-group: bundler
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants