chore(deps): bump the dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the dependencies group with 6 updates in the / directory:

Package	From	To
faraday	2.12.2	2.13.2
faraday-retry	2.3.1	2.3.2
json	2.11.3	2.13.0
nokogiri	1.18.8	1.18.9
rake	13.2.1	13.3.0
rubocop	1.75.5	1.78.0

Updates faraday from 2.12.2 to 2.13.2

Release notes

Sourced from faraday's releases.

v2.13.2

What's Changed

• CI against Ruby 3.4 by @​Earlopain in lostisland/faraday#1622
• Only load what is required from cgi by @​Earlopain in lostisland/faraday#1623
• Lint rack_builder.rb: avoid naming a method by @​olleolleolle in lostisland/faraday#1626
• Add migrating from rest-client docs section. by @​simi in lostisland/faraday#1625
• Include HTTP method and URL in Faraday::Error messages for improved exception log transparency by @​nielsbuus in lostisland/faraday#1628

New Contributors

• @​simi made their first contribution in lostisland/faraday#1625
• @​nielsbuus made their first contribution in lostisland/faraday#1628

Full Changelog: lostisland/faraday@v2.13.1...v2.13.2

v2.13.1

What's Changed

• Logger middleware default options by @​yenshirak in lostisland/faraday#1618
• Fix Style/RedundantParentheses in options/env.rb by @​iMacTia in lostisland/faraday#1620

New Contributors

• @​yenshirak made their first contribution in lostisland/faraday#1618

Full Changelog: lostisland/faraday@v2.13.0...v2.13.1

v2.13.0

What's Changed

• feat(ssl options): support SNI hostname by @​bf4 in lostisland/faraday#1615

New Contributors

• @​bf4 made their first contribution in lostisland/faraday#1615

Full Changelog: lostisland/faraday@v2.12.3...v2.13.0

v2.12.3

What's Changed

• Remove ruby2_keywords by @​tisba in lostisland/faraday#1616
• Fix thread safety issue by avoiding mutation of proxy options hash by @​QWYNG in lostisland/faraday#1617

New Contributors

• @​QWYNG made their first contribution in lostisland/faraday#1617

Full Changelog: lostisland/faraday@v2.12.2...v2.12.3

Commits

• da86eba Version bump to 2.13.2
• ad8fe1e Include HTTP method and URL in Faraday::Error messages for improved exception...
• 1ddd281 CONTRIBUTING: update socials links to Mastodon
• 9763698 Add migrating from rest-client docs section. (#1625)
• 64e8a2b Lint rack_builder.rb: avoid naming a method (#1626)
• bbaa093 Only load what is required from cgi (#1623)
• fa9424b CI against Ruby 3.4
• 4018769 Version bump to 2.13.1
• b5a02d7 Fix Style/RedundantParentheses in options/env.rb (#1620)
• b63eb91 Logger middleware default options (#1618)
• Additional commits viewable in compare view

Updates faraday-retry from 2.3.1 to 2.3.2

Release notes

Sourced from faraday-retry's releases.

v2.3.2

What's Changed

• CI: Prepare Trusted Publisher for RubyGems by @​djsmentya in lostisland/faraday-retry#47
• v2.3.2 by @​olleolleolle in lostisland/faraday-retry#48

New Contributors

• @​djsmentya made their first contribution in lostisland/faraday-retry#47

Full Changelog: lostisland/faraday-retry@v2.3.1...v2.3.2

Commits

• 9950680 v2.3.2
• 04bd4ba CI: Ensure Ruby 2.7 can run rubocop
• 1a51fe0 Unignore .ruby-version and add 3.4.4 into it
• 4be76d9 CI: Let Publish access bundled gems, and use latest Ruby there
• e956a6d Prepare Trusted Publisher
• f91e49a CI: use conventional name for ci.yml
• See full diff in compare view

Updates json from 2.11.3 to 2.13.0

Release notes

Sourced from json's releases.

v2.13.0

What's Changed

• Add new allow_duplicate_key parsing options. By default a warning is now emitted when a duplicated key is encountered. In json 3.0 an error will be raised.
• Optimize parsing further using SIMD to scan strings.

Full Changelog: ruby/json@v2.12.2...v2.13.0

v2.12.2

• Fix compiler optimization level.

Full Changelog: ruby/json@v2.12.1...v2.12.2

v2.12.1

What's Changed

• Fix a potential crash in large negative floating point number generation.
• Fix for JSON.pretty_generate to use passed state object's generate instead of state class as the required parameters aren't available.

Full Changelog: ruby/json@v2.12.0...v2.12.1

v2.12.0

What's Changed

• Improve floating point generation to not use scientific notation as much.
• Include line and column in parser errors. Both in the message and as exception attributes.
• Handle non-string hash keys with broken to_s implementations.
• JSON.generate now uses SSE2 (x86) or NEON (arm64) instructions when available to escape strings.

Full Changelog: ruby/json@v2.11.3...v2.12.0

Changelog

Sourced from json's changelog.

2025-05-23 (2.13.0)

• Add new allow_duplicate_key parsing options. By default a warning is now emitted when a duplicated key is encountered. In json 3.0 an error will be raised.
• Optimize parsing further using SIMD to scan strings.

2025-05-23 (2.12.2)

• Fix compiler optimization level.

2025-05-23 (2.12.1)

• Fix a potential crash in large negative floating point number generation.
• Fix for JSON.pretty_generate to use passed state object's generate instead of state class as the required parameters aren't available.

2025-05-12 (2.12.0)

• Improve floating point generation to not use scientific notation as much.
• Include line and column in parser errors. Both in the message and as exception attributes.
• Handle non-string hash keys with broken to_s implementations.
• JSON.generate now uses SSE2 (x86) or NEON (arm64) instructions when available to escape strings.

Commits

• 8d08494 Release 2.13.0
• 37e6890 Fix mistake in jruby Rakefile
• 9b6ac43 Merge pull request #825 from samyron/fix-jruby-java-build
• 90680fa Use File::PATH_SEPARATOR instead of java.lang.System.getProperty.
• b362c08 Use the platform native path.separator when building using JRuby.
• a497c71 Improve consistency of code style
• c5af1b6 Merge pull request #823 from nobu/have_func-headers
• 95fb084 Run have_func with the header providing the declarations
• 829f4bc Merge pull request #822 from byroot/simd-remove-cpu-init
• d3317b9 Stop calling __builtin_cpu_init
• Additional commits viewable in compare view

Updates nokogiri from 1.18.8 to 1.18.9

Release notes

Sourced from nokogiri's releases.

v1.18.9 / 2025-07-20

Security

• [CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See GHSA-353f-x4gh-cqq8 for more information.

5bcfdf7aa8d1056a7ad5e52e1adffc64ef53d12d0724fbc6f458a3af1a4b9e32  nokogiri-1.18.9-aarch64-linux-gnu.gem
55e9e6ca46c4ad1715e313f407d8481d15be1e3b65d9f8e52ba1c124d01676a7  nokogiri-1.18.9-aarch64-linux-musl.gem
eea3f1f06463ff6309d3ff5b88033c4948d0da1ab3cc0a3a24f63c4d4a763979  nokogiri-1.18.9-arm64-darwin.gem
fe611ae65880e445a9c0f650d52327db239f3488626df4173c05beafd161d46e  nokogiri-1.18.9-arm-linux-gnu.gem
935605e14c0ba17da18d203922440bf6c0676c602659278d855d4622d756a324  nokogiri-1.18.9-arm-linux-musl.gem
ac5a7d93fd0e3cef388800b037407890882413feccca79eb0272a2715a82fa33  nokogiri-1.18.9.gem
1fe5b7aa4a054eda689a969bb4e03999960a6ea806582d327207d687168bceb5  nokogiri-1.18.9-java.gem
6b4fc1523aa0370c78653e38c94cb50e7f3ab786425de66ba7ad24222c1164a3  nokogiri-1.18.9-x64-mingw-ucrt.gem
e0d2deb03d3d7af8016e8c9df5ff4a7d692159cefb135cbb6a4109f265652348  nokogiri-1.18.9-x86_64-darwin.gem
b52f5defedc53d14f71eeaaf990da66b077e1918a2e13088b6a96d0230f44360  nokogiri-1.18.9-x86_64-linux-gnu.gem
e69359d6240c17e64cc9f43970d54f13bfc7b8cc516b819228f687e953425e69  nokogiri-1.18.9-x86_64-linux-musl.gem

Changelog

Sourced from nokogiri's changelog.

v1.18.9 / 2025-07-20

Security

• [CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See GHSA-353f-x4gh-cqq8 for more information.

Commits

• 1dcd8ce version bump to v1.18.9
• a05d2b4 Apply upstream patches to address multiple vulnerabilities (#3526)
• 947a55e Apply upstream patches to address multiple vulnerabilities
• See full diff in compare view

Updates rake from 13.2.1 to 13.3.0

Commits

• 0fdacef Bump rake to 13.3.0
• fcc1f86 Merge pull request #515 from rgarner/task-arguments-deconstruct-keys
• 8e917d9 Merge pull request #609 from pvdb/fix_rubyrunner_require
• 0378c45 Merge pull request #627 from komagata/fix-rdoc-links
• cff7664 Pattern matching support for arguments
• a4454e6 Merge pull request #608 from pvdb/use_dir_home
• 0b727e9 Remove superfluous dependency requires (in tests)
• 5367e5c Move dependency requires to RubyRunner file
• 6ba4601 Merge pull request #634 from ruby/trusted-publisher
• 6b3daf8 Enabled trusted publisher for rubygems.org
• Additional commits viewable in compare view

Updates rubocop from 1.75.5 to 1.78.0

Release notes

Sourced from rubocop's releases.

RuboCop v1.78.0

New features

• #14331: Enhance Naming/MethodName cop to detect offenses within define_method calls. (@​viralpraxis)
• #14325: Enhance Naming/MethodName cop to handle offenses within Struct members. (@​viralpraxis)
• #14335: Enhance Security/Eval cop to detect Kernel.eval calls. (@​viralpraxis)

Bug fixes

• #14343: Fix autocorrect code for Style/HashConversion to avoid syntax error. (@​koic)
• #14346: Avoid requiring parentheses for Style/SingleLineMethods. (@​koic)
• #14339: Fix bug where specifying --format disables parallelization. (@​r7kamura)
• #14300: Fix false positives for Lint/DuplicateMethods cop when self-alias trick is used. (@​viralpraxis)
• #14329: Fix false positives for Lint/LiteralAsCondition when a literal is used inside || in case condition. (@​koic)
• #14326: Fix additional autocorrection errors in Style/HashConversion for nested Hash[] calls. (@​dvandersluis)
• #14031: Honor --config options on server mode. (@​steiley)
• #14319: Fix the following incorrect autocorrect for Lint/RedundantTypeConversion when using parentheses with no arguments or any arguments. (@​koic)
• #14336: Fix incorrect autocorrect for Style/ItBlockParameter when using a single numbered parameter after multiple numbered parameters in a method chain. (@​koic)
• #11782: Move pending cops warning out of ConfigLoader. (@​nobuyo)

Changes

• #14318: Add WaywardPredicates config to Naming/PredicateMethod to handle methods that look like predicates but aren't. (@​dvandersluis)

RuboCop v1.77.0

New features

• #14223: Add new Gemspec/AttributeAssignment cop. (@​viralpraxis)
• #14128: Allow long fully-qualified namespace strings to exceed max length. ([@​niranjan-patil][])
• #14288: Add new cop Style/CollectionQuerying. ([@​lovro-bikic][])
• #14165: Add new DefaultToNil option to Style/FetchEnvVar cop. ([@​Yuhi-Sato][])
• #14314: Enhance Gemspec/RequireMFA cop autocorrect to insert MFA directive after last metadata assignment. (@​viralpraxis)
• #14159: Enhance Layout/SpaceInsideArrayLiteralBrackets cop to analyze nested constant patterns. (@​viralpraxis)

Bug fixes

• #14306: Fix an error for Style/HashConversion when using nested Hash[]. (@​koic)
• #14298: Fix an error for Style/SoleNestedConditional when autocorrecting nested if/unless/if. ([@​ssagara00][])
• #14313: Fix a false positive for Layout/SpaceBeforeBrackets when call desugared Hash#[] to lvar receiver with a space around the dot. (@​koic)
• #14292: Fix false positives for Style/RedundantParentheses when assigning a parenthesized one-line in pattern matching. (@​koic)
• #14296: Fix false positives for Style/RedundantSelf when receiver and lvalue have the same name in or-assignment. (@​koic)
• #14303: Fix Lint/SelfAssignment to allow inline RBS comments. ([@​Morriar][])
• #14307: Fix Style/MethodCallWithArgsParentheses false positive on forwarded keyword argument with additional arguments. (@​viralpraxis)

... (truncated)

Changelog

Sourced from rubocop's changelog.

1.78.0 (2025-07-08)

New features

• #14331: Enhance Naming/MethodName cop to detect offenses within define_method calls. ([@​viralpraxis][])
• #14325: Enhance Naming/MethodName cop to handle offenses within Struct members. ([@​viralpraxis][])
• #14335: Enhance Security/Eval cop to detect Kernel.eval calls. ([@​viralpraxis][])

Bug fixes

• #14343: Fix autocorrect code for Style/HashConversion to avoid syntax error. ([@​koic][])
• #14346: Avoid requiring parentheses for Style/SingleLineMethods. ([@​koic][])
• #14339: Fix bug where specifying --format disables parallelization. ([@​r7kamura][])
• #14300: Fix false positives for Lint/DuplicateMethods cop when self-alias trick is used. ([@​viralpraxis][])
• #14329: Fix false positives for Lint/LiteralAsCondition when a literal is used inside || in case condition. ([@​koic][])
• #14326: Fix additional autocorrection errors in Style/HashConversion for nested Hash[] calls. ([@​dvandersluis][])
• #14031: Honor --config options on server mode. ([@​steiley][])
• #14319: Fix the following incorrect autocorrect for Lint/RedundantTypeConversion when using parentheses with no arguments or any arguments. ([@​koic][])
• #14336: Fix incorrect autocorrect for Style/ItBlockParameter when using a single numbered parameter after multiple numbered parameters in a method chain. ([@​koic][])
• #11782: Move pending cops warning out of ConfigLoader. ([@​nobuyo][])

Changes

• #14318: Add WaywardPredicates config to Naming/PredicateMethod to handle methods that look like predicates but aren't. ([@​dvandersluis][])

1.77.0 (2025-06-20)

New features

• #14223: Add new Gemspec/AttributeAssignment cop. ([@​viralpraxis][])
• #14128: Allow long fully-qualified namespace strings to exceed max length. ([@​niranjan-patil][])
• #14288: Add new cop Style/CollectionQuerying. ([@​lovro-bikic][])
• #14165: Add new DefaultToNil option to Style/FetchEnvVar cop. ([@​Yuhi-Sato][])
• #14314: Enhance Gemspec/RequireMFA cop autocorrect to insert MFA directive after last metadata assignment. ([@​viralpraxis][])
• #14159: Enhance Layout/SpaceInsideArrayLiteralBrackets cop to analyze nested constant patterns. ([@​viralpraxis][])

Bug fixes

• #14306: Fix an error for Style/HashConversion when using nested Hash[]. ([@​koic][])
• #14298: Fix an error for Style/SoleNestedConditional when autocorrecting nested if/unless/if. ([@​ssagara00][])
• #14313: Fix a false positive for Layout/SpaceBeforeBrackets when call desugared Hash#[] to lvar receiver with a space around the dot. ([@​koic][])
• #14292: Fix false positives for Style/RedundantParentheses when assigning a parenthesized one-line in pattern matching. ([@​koic][])
• #14296: Fix false positives for Style/RedundantSelf when receiver and lvalue have the same name in or-assignment. ([@​koic][])
• #14303: Fix Lint/SelfAssignment to allow inline RBS comments. ([@​Morriar][])
• #14307: Fix Style/MethodCallWithArgsParentheses false positive on forwarded keyword argument with additional arguments. ([@​viralpraxis][])
• #14301: Fix autocorrection syntax error for multiline expressions in Style/RedundantParentheses. ([@​lovro-bikic][])

Changes

• #14295: Update Naming/PredicateMethod to consider negation (!/not) as boolean values. ([@​dvandersluis][])

... (truncated)

Commits

• dd441f4 Cut 1.78
• 0687f04 Update Changelog
• 9322c7d Tweak docstring
• 2508d94 Fix false positives for Lint/DuplicateMethods when the self-alias trick is used
• 9582c40 [Fix #11782] Move pending cops warning out of ConfigLoader
• 6c863b3 [Fix #14346] Avoid requiring parentheses for Style/SingleLineMethods
• 0b08bb8 Merge pull request #14343 from koic/fix_autocorrect_for_style_hash_conversion
• 0ef54b5 Fix autocorrect for Style/HashConversion to avoid syntax error
• 01fdcbb Remove redundant method call in def_node_matcher
• a80d92b [Doc] Remove redundant blank line
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions