🚨 [security] Update rubocop 1.56.4 → 1.73.2 (minor) #646

depfu · 2025-03-05T09:18:55Z

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ rubocop (1.56.4 → 1.73.2) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

✳️ reek (6.1.4 → 6.4.0) · Repo · Changelog

Release Notes

6.4.0 (from changelog)

6.3.0 (from changelog)

6.2.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ builder (indirect, 3.2.4 → 3.3.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ concurrent-ruby (indirect, 1.2.2 → 1.3.5) · Repo · Changelog

Release Notes

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.2.3

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ erubi (indirect, 1.12.0 → 1.13.1) · Repo · Changelog

Release Notes

1.13.1 (from changelog)

1.13.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ highline (indirect, 2.1.0 → 3.1.2) · Repo · Changelog

Release Notes

3.1.2 (from changelog)

3.1.1 (from changelog)

3.1.0 (from changelog)

3.0.1 (from changelog)

3.0.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ i18n (indirect, 1.14.1 → 1.14.7) · Repo · Changelog

Release Notes

1.14.7

1.14.6

1.14.5

1.14.4

1.14.3

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ language_server-protocol (indirect, 3.17.0.3 → 3.17.0.4) · Repo · Changelog

Release Notes

3.17.0.4 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ loofah (indirect, 2.21.3 → 2.24.0) · Repo · Changelog

Release Notes

2.24.0

2.23.1

2.23.0

2.22.0

2.21.4

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ method_source (indirect, 1.0.0 → 1.1.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ mini_portile2 (indirect, 2.8.4 → 2.8.8) · Repo · Changelog

Release Notes

2.8.8

2.8.7

2.8.6

2.8.5

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ minitest (indirect, 5.20.0 → 5.25.4) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ nokogiri (indirect, 1.15.4 → 1.18.3) · Repo · Changelog

Security Advisories 🚨

🚨 Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

🚨 Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

🚨 Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459

🚨 Use-after-free in libxml2 via Nokogiri::XML::Reader

🚨 Use-after-free in libxml2 via Nokogiri::XML::Reader

🚨 Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062

🚨 Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ parallel (indirect, 1.23.0 → 1.26.3) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ parser (indirect, 3.2.2.4 → 3.3.7.1) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ racc (indirect, 1.7.1 → 1.8.1) · Repo · Changelog

Release Notes

1.8.1

1.8.0

1.7.3

1.7.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rack-test (indirect, 2.1.0 → 2.2.0) · Repo · Changelog

Release Notes

2.2.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rails-html-sanitizer (indirect, 1.6.0 → 1.6.2) · Repo · Changelog

Security Advisories 🚨

🚨 rails-html-sanitize has XSS vulnerability with certain configurations

🚨 rails-html-sanitizer has XSS vulnerability with certain configurations

🚨 rails-html-sanitizer has XSS vulnerability with certain configurations

🚨 rails-html-sanitizer has XSS vulnerability with certain configurations

🚨 rails-html-sanitizer has XSS vulnerability with certain configurations

Release Notes

1.6.2

1.6.1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rake (indirect, 13.0.6 → 13.2.1) · Repo · Changelog

Release Notes

13.2.1

13.2.0

13.1.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ regexp_parser (indirect, 2.8.1 → 2.10.0) · Repo · Changelog

Release Notes

2.10.0 (from changelog)

2.9.3 (from changelog)

2.9.2 (from changelog)

2.9.1 (from changelog)

2.9.0 (from changelog)

2.8.3 (from changelog)

2.8.2 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rexml (indirect, 3.2.6 → 3.4.1) · Repo · Changelog

Security Advisories 🚨

🚨 REXML ReDoS vulnerability

🚨 REXML denial of service vulnerability

🚨 REXML DoS vulnerability

🚨 REXML DoS vulnerability

🚨 REXML denial of service vulnerability

🚨 REXML contains a denial of service vulnerability

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rubocop-ast (indirect, 1.29.0 → 1.38.1) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ terminal-table (indirect, 3.0.2 → 4.0.0) · Repo · Changelog

Release Notes

4.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ thor (indirect, 1.2.2 → 1.3.2) · Repo · Changelog

Release Notes

1.3.2

1.3.1

1.3.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ unicode-display_width (indirect, 2.5.0 → 3.1.4) · Repo · Changelog

Release Notes

3.1.4 (from changelog)

3.1.3 (from changelog)

3.1.2 (from changelog)

3.1.1 (from changelog)

3.1.0 (from changelog)

3.0.1 (from changelog)

3.0.0 (from changelog)

2.6.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

🆕 io-console (added, 0.8.0)

🆕 lint_roller (added, 1.1.0)

🆕 logger (added, 1.6.6)

🆕 reline (added, 0.6.0)

🆕 unicode-emoji (added, 4.0.4)

🗑️ base64 (removed)

🗑️ kwalify (removed)

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

depfu · 2025-03-14T10:50:15Z

Closed in favor of #648.

Update rubocop to version 1.73.2

4ef0457

depfu bot added the depfu label Mar 5, 2025

depfu bot mentioned this pull request Mar 5, 2025

🚨 [security] Update rubocop 1.56.4 → 1.73.1 (minor) #644

Closed

depfu bot closed this Mar 14, 2025

depfu bot deleted the depfu/update/rubocop-1.73.2 branch March 14, 2025 10:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🚨 [security] Update rubocop 1.56.4 → 1.73.2 (minor) #646

🚨 [security] Update rubocop 1.56.4 → 1.73.2 (minor) #646

depfu bot commented Mar 5, 2025

depfu bot commented Mar 14, 2025

🚨 [security] Update rubocop 1.56.4 → 1.73.2 (minor) #646

🚨 [security] Update rubocop 1.56.4 → 1.73.2 (minor) #646

Conversation

depfu bot commented Mar 5, 2025

What changed?

✳️ rubocop (1.56.4 → 1.73.2) · Repo · Changelog

✳️ reek (6.1.4 → 6.4.0) · Repo · Changelog

6.4.0 (from changelog)

6.3.0 (from changelog)

6.2.0 (from changelog)

↗️ builder (indirect, 3.2.4 → 3.3.0) · Repo · Changelog

↗️ concurrent-ruby (indirect, 1.2.2 → 1.3.5) · Repo · Changelog

↗️ erubi (indirect, 1.12.0 → 1.13.1) · Repo · Changelog

1.13.1 (from changelog)

1.13.0 (from changelog)

↗️ highline (indirect, 2.1.0 → 3.1.2) · Repo · Changelog

3.1.2 (from changelog)

3.1.1 (from changelog)

3.1.0 (from changelog)

3.0.1 (from changelog)

3.0.0 (from changelog)

↗️ i18n (indirect, 1.14.1 → 1.14.7) · Repo · Changelog

↗️ language_server-protocol (indirect, 3.17.0.3 → 3.17.0.4) · Repo · Changelog

3.17.0.4 (from changelog)

↗️ loofah (indirect, 2.21.3 → 2.24.0) · Repo · Changelog

↗️ method_source (indirect, 1.0.0 → 1.1.0) · Repo · Changelog

↗️ mini_portile2 (indirect, 2.8.4 → 2.8.8) · Repo · Changelog

↗️ minitest (indirect, 5.20.0 → 5.25.4) · Repo · Changelog

↗️ nokogiri (indirect, 1.15.4 → 1.18.3) · Repo · Changelog

↗️ parallel (indirect, 1.23.0 → 1.26.3) · Repo

↗️ parser (indirect, 3.2.2.4 → 3.3.7.1) · Repo · Changelog

↗️ racc (indirect, 1.7.1 → 1.8.1) · Repo · Changelog

↗️ rack-test (indirect, 2.1.0 → 2.2.0) · Repo · Changelog

2.2.0 (from changelog)

↗️ rails-html-sanitizer (indirect, 1.6.0 → 1.6.2) · Repo · Changelog

↗️ rake (indirect, 13.0.6 → 13.2.1) · Repo · Changelog

↗️ regexp_parser (indirect, 2.8.1 → 2.10.0) · Repo · Changelog

2.10.0 (from changelog)

2.9.3 (from changelog)

2.9.2 (from changelog)

2.9.1 (from changelog)

2.9.0 (from changelog)

2.8.3 (from changelog)

2.8.2 (from changelog)

↗️ rexml (indirect, 3.2.6 → 3.4.1) · Repo · Changelog

↗️ rubocop-ast (indirect, 1.29.0 → 1.38.1) · Repo · Changelog

↗️ terminal-table (indirect, 3.0.2 → 4.0.0) · Repo · Changelog

↗️ thor (indirect, 1.2.2 → 1.3.2) · Repo · Changelog

↗️ unicode-display_width (indirect, 2.5.0 → 3.1.4) · Repo · Changelog

3.1.4 (from changelog)

3.1.3 (from changelog)

3.1.2 (from changelog)

3.1.1 (from changelog)

3.1.0 (from changelog)

3.0.1 (from changelog)

3.0.0 (from changelog)

2.6.0 (from changelog)

🆕 io-console (added, 0.8.0)

🆕 lint_roller (added, 1.1.0)

🆕 logger (added, 1.6.6)

🆕 reline (added, 0.6.0)

🆕 unicode-emoji (added, 4.0.4)

🗑️ base64 (removed)

🗑️ kwalify (removed)

depfu bot commented Mar 14, 2025