Skip to content

Update savon requirement from >= 2.0, < 2.16 to >= 2.0, < 2.18#199

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/savon-gte-2.0-and-lt-2.18
Open

Update savon requirement from >= 2.0, < 2.16 to >= 2.0, < 2.18#199
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/savon-gte-2.0-and-lt-2.18

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 20, 2026

Updates the requirements on savon to permit the latest version.

Release notes

Sourced from savon's releases.

v2.17.0

Add opt-in Faraday transport

Callers who set transport: :faraday get a memoized Faraday::Connection via client.faraday and full control over middleware, SSL, auth, and timeouts. Callers who do not set this option see no behavior change. HTTPI remains the default for 2.x.

  • Add: transport: :faraday global option. Defaults to :httpi (#992).
  • Add: client.faraday returns a memoized Faraday::Connection for configuring middleware, SSL, auth, and timeouts when using the Faraday transport.
  • Add: Savon.client raises if transport: :faraday is set but the faraday gem is not installed, or if any httpi-specific global option (proxy, timeouts, ssl, auth, adapter) is set alongside it. All conflicts are reported with their Faraday equivalents.
  • Change: Observers must return Savon::Transport::Response (or nil) instead of HTTPI::Response. Returning HTTPI::Response still works but emits a deprecation warning.
  • Unblocks:
    • redirect following for WSDL fetches via faraday-follow-redirects middleware (#1033, savonrb/wasabi#18)
    • digest authentication via faraday-digestauth middleware (#1021, savonrb/httpi#250)
    • proxy authentication with special characters in passwords (#941)
    • and setting an Acceptsavonrb/wasabi#115

Changelog: https://github.com/savonrb/savon/blob/v2.x/CHANGELOG.md Commits: savonrb/savon@v2.16.0...v2.17.0

Changelog

Sourced from savon's changelog.

2.17.0 (2026-05-19)

Add opt-in Faraday transport

Callers who set transport: :faraday get a memoized Faraday::Connection via client.faraday and full control over middleware, SSL, auth, and timeouts. Callers who do not set this option see no behavior change. HTTPI remains the default for 2.x.

  • Add: transport: :faraday global option. Defaults to :httpi (#992).
  • Add: client.faraday returns a memoized Faraday::Connection for configuring middleware, SSL, auth, and timeouts when using the Faraday transport.
  • Add: Savon.client raises if transport: :faraday is set but the faraday gem is not installed, or if any httpi-specific global option (proxy, timeouts, ssl, auth, adapter) is set alongside it. All conflicts are reported with their Faraday equivalents.
  • Change: Observers must return Savon::Transport::Response (or nil) instead of HTTPI::Response. Returning HTTPI::Response still works but emits a deprecation warning.
  • Unblocks:
    • redirect following for WSDL fetches via faraday-follow-redirects middleware (#1033, savonrb/wasabi#18)
    • digest authentication via faraday-digestauth middleware (#1021, savonrb/httpi#250)
    • proxy authentication with special characters in passwords (#941)
    • and setting an Acceptsavonrb/wasabi#115

2.16.0 (2026-05-18)

Restore compatibility

If you stayed on 2.12.1 because a later version broke something, this release is for you. The fixes below target the most commonly reported upgrade blockers. Existing code should work without modification.

  • Fix: Restore Savon::Response#hash removed in 2.14.0 (#985). Callers on 2.12.1 that use response.hash get the soap body back instead of Ruby's integer object id. A deprecation warning is emitted on each call. Use #full_hash going forward.
  • Fix: Require wasabi >= 5.1.0 (#1015, #1016savonrb/wasabi#122In suffix.
  • Fix: Stop dumping all WSDL namespaces into every soap envelope (#1014, #942). 2.13.0 injected every namespace from the entire WSDL document into each request, including structural ones that have no place in a request body. Strict servers reject envelopes with unexpected or duplicate declarations.
  • Fix: Raise a proper SOAPFault instead of a raw exception when soap:Fault contains invalid encoding (#923).
  • Fix: SOAPFault.present? was ignoring its xml argument and always operating on the instance's own body.
  • Change: Added Ruby 3.4 (#1024) and Ruby 4.0 (#1039) to the CI test matrix.

2.15.1 (2024-07-08)

  • Ruby 3.0+ is required in the gemspec.
  • Require httpi 4.x - older versions rely on Rack::Utils::HeaderHash which is removed in Rack 3.0.

2.15.0 (2024-02-10)

  • Drop support for ruby 2.7 and below. Added Ruby 3.2 and 3.3 to test matrix.
  • Allows wasabi v5.x, which now supports faraday

2.14.0 (2022-12-16)

  • BC BREAKING Fix: #985 Renamed Savon::Response#hash to Savon::Response#full_hash
  • BC BREAKING Fix: #988 Savon no longer monkeypatches String#snakecase
  • Fix: #989 Do not include xmlns from WSDL, which breaks some servers

2.13.1 (2022-09-04)

  • Fix: #977 Prevent "xmlns:xmlns" namespace but allow "xmlns" namespace.
  • Change: Require Ruby 2.7.0+ in the gemspec. 0e0d695f

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Update savon requirement from >= 2.0, < 2.16 to >= 2.0, < 2.18
e41dcfc 
Updates the requirements on [savon](https://github.com/savonrb/savon) to permit the latest version.
- [Release notes](https://github.com/savonrb/savon/releases)
- [Changelog](https://github.com/savonrb/savon/blob/main/CHANGELOG.md)
- [Commits](savonrb/savon@v2.0.0...v2.17.0)

---
updated-dependencies:
- dependency-name: savon
  dependency-version: 2.17.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels May 20, 2026
@dependabot dependabot Bot mentioned this pull request May 20, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants