Skip to content

Bump the bundler group across 1 directory with 4 updates#10

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/bundler/bundler-c933f20611
Open

Bump the bundler group across 1 directory with 4 updates#10
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/bundler/bundler-c933f20611

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown

Bumps the bundler group with 3 updates in the / directory: activesupport, aws-sdk-s3 and webrick.

Updates activesupport from 6.1.6 to 7.2.3.1

Release notes

Sourced from activesupport's releases.

7.2.3.1

Active Support

  • Reject scientific notation in NumberConverter

    [CVE-2026-33176]

    Jean Boussier

  • Fix SafeBuffer#% to preserve unsafe status

    [CVE-2026-33170]

    Jean Boussier

  • Improve performance of NumberToDelimitedConverter

    [CVE-2026-33169]

    Jean Boussier

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • Skip blank attribute names in tag helpers to avoid generating invalid HTML.

    [CVE-2026-33168]

    Mike Dalessio

Action Pack

  • No changes.

Active Job

  • No changes.

... (truncated)

Commits
  • ba76fca Preparing for 7.2.3.1 release
  • 8a379f4 Update changelog
  • b54a4b3 Improve performance of NumberToDelimitedConverter
  • c1ad0e8 Fix SafeBuffer#% to preserve unsafe status
  • ebd6be1 NumberConverter: reject scientific notation
  • 4a155f1 Lock some dependencies
  • bb2bdef Preparing for 7.2.3 release
  • fe41a9f Merge pull request #55840 from zzak/asup-xml-mini-bigdecimal-float-precision
  • 12040a3 Merge pull request #55808 from olivier-thatch/fix-enum-sole
  • 58630e1 Merge pull request #55794 from rails/fix-55513
  • Additional commits viewable in compare view

Updates aws-sdk-s3 from 1.114.0 to 1.208.0

Changelog

Sourced from aws-sdk-s3's changelog.

1.208.0 (2025-12-16)

  • Feature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.

1.207.0 (2025-12-15)

  • Feature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.

1.206.0 (2025-12-02)

  • Feature - New S3 Storage Class FSX_ONTAP

1.205.0 (2025-11-20)

  • Feature - Enable / Disable ABAC on a general purpose bucket.

1.204.0 (2025-11-19)

  • Feature - Adds support for blocking SSE-C writes to general purpose buckets.

1.203.1 (2025-11-10)

  • Issue - Deprecated :checksum_mode parameter in FileDownloader#download. When set to "DISABLED", a deprecation warning is issued and the parameter is ignored. Use :response_checksum_validation on the S3 client instead to control checksum validation behavior.

1.203.0 (2025-11-05)

  • Feature - Launch IPv6 dual-stack support for S3 Express

1.202.0 (2025-10-28)

  • Feature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.

1.201.0 (2025-10-21)

  • Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

  • Issue - Fix multipart upload to respect request_checksum_calculation when_required mode.

1.200.0 (2025-10-15)

... (truncated)

Commits

Updates concurrent-ruby from 1.1.10 to 1.3.7

Release notes

Sourced from concurrent-ruby's releases.

v1.3.7

There are 3 security fixes in this release, so updating is recommended. These security vulnerabilities are not very likely to be hit in practice and have a corresponding Low severity score.

What's Changed

New Contributors

Full Changelog: ruby-concurrency/concurrent-ruby@v1.3.6...v1.3.7

v1.3.6

What's Changed

New Contributors

Full Changelog: ruby-concurrency/concurrent-ruby@v1.3.5...v1.3.6

... (truncated)

Changelog

Sourced from concurrent-ruby's changelog.

Release v1.3.7 (16 June 2026)

concurrent-ruby:

Release v1.3.6 (13 December 2025)

concurrent-ruby:

Release v1.3.5, edge v0.7.2 (15 January 2025)

concurrent-ruby:

  • (#1062) Remove dependency on logger.

concurrent-ruby-edge:

  • (#1062) Remove dependency on logger.

Release v1.3.4 (10 August 2024)

  • (#1060) Fix bug with return value of Concurrent.available_processor_count when cpu.cfs_quota_us is -1.
  • (#1058) Add Concurrent.cpu_shares that is cgroups aware.

Release v1.3.3 (9 June 2024)

  • (#1053) Improve the speed of Concurrent.physical_processor_count on Windows.

Release v1.3.2, edge v0.7.1 (7 June 2024)

concurrent-ruby:

  • (#1051) Remove dependency on win32ole.

concurrent-ruby-edge:

  • (#1052) Fix dependency on concurrent-ruby to allow the latest release.

Release v1.3.1 (29 May 2024)

  • Release 1.3.0 was broken when pushed to RubyGems. 1.3.1 is a packaging fix.

Release v1.3.0 (28 May 2024)

  • (#1042) Align Java Executor Service behavior for shuttingdown?, shutdown?
  • (#1038) Add Concurrent.available_processor_count that is cgroups aware.

... (truncated)

Commits
  • 4c8fc28 Release 1.3.7
  • d91ca94 Fix AtomicReference#update livelock when stored value is Float::NAN on JRuby ...
  • 7e4d711 Fix ReentrantReadWriteLock read hold overflow into write-lock bit
  • 6e37e06 Fix AtomicReference#update livelock when stored value is Float::NAN
  • 2825cfa Cleanup spec
  • 3fd4932 Fix ReadWriteLock wrong-thread write release and stray read release
  • 1974b47 Add Ruby 4.0 in CI
  • df8706d Add SECURITY.md (#1104)
  • 7a1b789 Bump actions/upload-pages-artifact from 4 to 5
  • 9b2dbf7 Bump actions/deploy-pages from 4 to 5
  • Additional commits viewable in compare view

Updates webrick from 1.7.0 to 1.8.2

Release notes

Sourced from webrick's releases.

v1.8.2

What's Changed

New Contributors

Full Changelog: ruby/webrick@v1.8.1...v1.8.2

v1.8.1

What's Changed

Full Changelog: ruby/webrick@v1.8.0...v1.8.1

v1.8.0

What's Changed

... (truncated)

Commits
  • 0fb9de6 Bump up v1.8.2
  • b9a4c81 Removed trailing spaces
  • f5faca9 Prevent request smuggling
  • 0c600e1 Fix reference to URI::REGEXP::PATTERN::HOST
  • 15a9391 Return 400 response for chunked requests with unexpected data after chunk
  • 2b38d56 Treat missing CRLF separator after headers as an EOFError
  • e4efb4a Remove unnecessary gsub calls in test_httprequest.rb
  • 426e214 Only strip space and horizontal tab in headers
  • e72cb69 Prefer squigly heredocs. (#143)
  • ee60354 Require CRLF line endings in request line and headers
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the bundler group with 3 updates in the / directory: [activesupport](https://github.com/rails/rails), [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) and [webrick](https://github.com/ruby/webrick).


Updates `activesupport` from 6.1.6 to 7.2.3.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.1.3/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.1.6...v7.2.3.1)

Updates `aws-sdk-s3` from 1.114.0 to 1.208.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `concurrent-ruby` from 1.1.10 to 1.3.7
- [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases)
- [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md)
- [Commits](ruby-concurrency/concurrent-ruby@v1.1.10...v1.3.7)

Updates `webrick` from 1.7.0 to 1.8.2
- [Release notes](https://github.com/ruby/webrick/releases)
- [Commits](ruby/webrick@v1.7.0...v1.8.2)

---
updated-dependencies:
- dependency-name: activesupport
  dependency-version: 7.2.3.1
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: aws-sdk-s3
  dependency-version: 1.208.0
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: concurrent-ruby
  dependency-version: 1.3.7
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: webrick
  dependency-version: 1.8.2
  dependency-type: indirect
  dependency-group: bundler
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants