Skip to content

chore(deps): bump the bundler group across 1 directory with 3 updates #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the bundler group across 1 directory with 3 updates #65

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 9, 2026

Bumps the bundler group with 1 update in the /ios directory: json.

Updates json from 1.8.6 to 2.3.0

Release notes

Sourced from json's releases.

v2.3.0

What's Changed

New Contributors

Full Changelog: ruby/json@v2.2.0...v2.3.0

v2.2.0

What's Changed

New Contributors

Full Changelog: ruby/json@v2.1.0...v2.2.0

v2.1.0

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from json's changelog.

2019-12-11 (2.3.0)

  • Fix default of create_additions to always be false for JSON(user_input) and JSON.parse(user_input, nil). Note that JSON.load remains with default true and is meant for internal serialization of trusted data. [CVE-2020-10663]
  • Fix passing args all #to_json in json/add/*.
  • Fix encoding issues
  • Fix issues of keyword vs positional parameter
  • Fix JSON::Parser against bigdecimal updates
  • Bug fixes to JRuby port

2019-02-21 (2.2.0)

  • Adds support for 2.6 BigDecimal and ruby standard library Set datetype.

2017-04-18 (2.1.0)

  • Allow passing of decimal_class option to specify a class as which to parse JSON float numbers.

2017-03-23 (2.0.4)

  • Raise exception for incomplete unicode surrogates/character escape sequences. This problem was reported by Daniel Gollahon (dgollahon).
  • Fix arbitrary heap exposure problem. This problem was reported by Ahmad Sherif (ahmadsherif).

2017-01-12 (2.0.3)

  • Set required_ruby_version to 1.9
  • Some small fixes

2016-07-26 (2.0.2)

  • Specify required_ruby_version for json_pure.
  • Fix issue #295 failure when parsing frozen strings.

2016-07-01 (2.0.1)

  • Fix problem when requiring json_pure and Parser constant was defined top level.
  • Add RB_GC_GUARD to avoid possible GC problem via Pete Johns.
  • Store current_nesting on stack by Aaron Patterson.

2015-09-11 (2.0.0)

  • Now complies to newest JSON RFC 7159.
  • Implements compatibility to ruby 2.4 integer unification.
  • Removed support for quirks_mode option.
  • Drops support for old rubies whose life has ended, that is rubies < 2.0. Also see https://www.ruby-lang.org/en/news/2014/07/01/eol-for-1-8-7-and-1-9-2/
  • There were still some mentions of dual GPL licensing in the source, but JSON has just the Ruby license that itself includes an explicit dual-licensing clause that allows covered software to be distributed under the terms of the Simplified BSD License instead for all ruby versions >= 1.9.3. This is however a GPL compatible license according to the Free Software Foundation. I changed these mentions to be consistent with the Ruby license setting in the gemspec files which were already correct now.
Commits

Updates mini_magick from 4.5.1 to 4.13.2

Release notes

Sourced from mini_magick's releases.

v4.13.2

  • Silence convert deprecation warning in latest version of ImageMagick 7.

v4.13.1

  • Revert an optimization to save an identify call when retrieving image information by doing this work while validating on create, as this caused validation to hang for some SVG files.

v4.13.0

  • Warnings about convert command being deprecated on ImageMagick 7 are now ignored.

    The next major version of MiniMagick will switch to using magick on IM7, as it might not be fully compatible with magick convert.

  • If processing images is returning warnings (e.g. TIFF images tend to do that), but they're otherwise fine, you can prevent MiniMagick from forwarding warnings to standard error:

    MiniMagick.configure do |config|
  config.warnings = false
end

  • When the ImageMagick subprocess has been abruptly killed by the operating system (e.g. OOM kill), in which case the exit status will be unknown, MiniMagick will now handle this gracefully.

  • When validating the image, the cheap info will now be automatically stored on the MiniMagick::Image object, so a subsequent call to #type, #width, #height, #dimensions, #size or #human_size will not call identify again.

  • The posix-spawn shell backend has been deprecated (see minimagick/minimagick#558).

    Ruby uses vfork since Ruby 2.2, so posix-spawn doesn't provide performance benefits on relevant Ruby versions anymore. Additionally, Ruby 3 switched to non-blocking pipes by default, which should hopefully resolve deadlocks with open3 (see minimagick/minimagick#347 and minimagick/minimagick#437). Due to this change, posix-spawn is currently incompatible with Ruby 3.

  • MiniMagick::Image#mime_type has been deprecated, due to returning incorrect MIME type for formats not starting with image/*.

    ImageMagick does have a way to return the MIME type, but it requires reading the whole image, which is significantly slower. It's recommended to use Marcel or MimeMagic for determining MIME type from magic header. Alternatively, you can use mime-types or MiniMime for obtaining MIME type from file extension or from MiniMagick::Image#type.

  • Ruby 2.3+ is now required.

v4.12.0

  • Added new tmpdir configuration, which defaults to Dir.tmpdir (#541) 
    MiniMagick.configure do |config|
  config.tmpdir = File.join(Dir.tmpdir, "/my/new/tmp_dir")
end
  • Don't leave temporary files lying around when MiniMagick::Image#format failed (#547)
  • Replace File.exists? with File.exist?, which should fix Ruby 3.2 compatibility (#550)
  • Fixed a case where the log could not be parsed correctly when there were multiple lines (#540)
  • Added status to the exception message when the ImageMagick command fails (#542)
  • Allow passing format to Image#get_pixels so we can request "RGBA" pixels (#537)
  • Suppress warning to ambiguous argument (#529)
  • Use Thread#join with a timeout argument instead of the Timeout standard library (#525)

v4.11.0

  • Fix fetching metadata when there are GhostScript warnings (#522)

... (truncated)

Commits
  • eed76bf Bump to 4.13.2
  • 307063d Handle convert warning in newer IM versions
  • 58a6a5e Bump to 4.13.1
  • 75432bb Revert "Save format, dimensions, size, etc when validating to avoid unnecessa...
  • ca8d406 Bump to 4.13.0
  • c39fbef Ignore warnings about convert command being deprecated on IM7
  • c7c5d2f Allow silencing warnings
  • ece9f09 Save format, dimensions, size, etc when validating to avoid unnecessary secon...
  • 6cc4ecf Also add explicit permissions to workflows (#566)
  • fe2951c Fix CI badge (#564)
  • Additional commits viewable in compare view

Updates rubyzip from 1.1.7 to 2.4.1

Release notes

Sourced from rubyzip's releases.

v2.4.1

No release notes provided.

v2.3.2

No release notes provided.

v2.3.1

This is a "dummy" release to warn about breaking changes coming in version 3.0.

v2.3.0

  • Fix frozen string literal error #431
  • Set OutputStream.write_buffer's buffer to binmode #439
  • Upgrade rubocop and fix various linting complaints #437 #440

Tooling:

  • Add a bin/console script for development #420
  • Update rake requirement (development dependency only) to fix a security alert.

v2.2.0

  • Add support for decompression plugin gems #427

v2.1.0

  • Fix (at least partially) the restore_times and restore_permissions options to Zip::File.new #413
    • Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to false to preserve the current behavior, for the time being. If you have explicitly set either to true, it will now have an effect.
    • Fix handling of UniversalTime (mtime, atime, ctime) fields. #421
    • Previously, Zip::File did not pass the options to Zip::Entry in some cases. #423
    • Note that restore_times in this release does nothing on Windows and only restores mtime, not atime or ctime.
  • Allow Zip::File.open to take an options hash like Zip::File.new #418
  • Always print warnings with warn, instead of a mix of puts and warn #416
  • Create temporary files in the system temporary directory instead of the directory of the zip file #411
  • Drop unused tmpdir requirement #411

Tooling

  • Move CI to xenial and include jruby on JDK11 #419

v2.0.0

Security

  • Default the validate_entry_sizes option to true, so that callers can trust an entry's reported size when using extract #403
    • This option defaulted to false in 1.3.0 for backward compatibility, but it now defaults to true. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to true.

Tooling / Documentation

  • Remove test files from the gem to avoid problems with antivirus detections on the test files #405 / #384
  • Drop support for unsupported ruby versions #406

v1.3.0

Security

... (truncated)

Changelog

Sourced from rubyzip's changelog.

2.4.1 (2025-01-05)

This is a re-release of version 2.4 with a full version number string. We need to move to version 2.4.1 due to the canonical version number 2.4 now being taken in Rubygems.

Tooling:

  • Opt-in for MFA requirement explicitly on 2.4 branch.

2.4 (2025-01-04) - Yanked

Yanked due to incorrect version number format (2.4 vs 2.4.0).

  • Ensure compatibility with --enable-frozen-string-literal.
  • Ensure File.open_buffer doesn't rewrite unchanged data. This is a backport of the fix on the 3.x branch.
  • Enable use of the version 3 calling style (mainly named parameters) wherever possible, while retaining version 2.x compatibility.
  • Add (switchable) warning messages to methods that are changed or removed in version 3.x.

Tooling:

  • Switch to using GitHub Actions (from Travis).
  • Update Rubocop versions and configuration.
  • Update actions with latest rubies.

2.3.2 (2021-07-05)

  • A "dummy" release to warn about breaking changes coming in version 3.0. This updated version uses the Gem post_install_message instead of printing to STDERR.

2.3.1 (2021-07-03)

  • A "dummy" release to warn about breaking changes coming in version 3.0.

2.3.0 (2020-03-14)

  • Fix frozen string literal error #431
  • Set OutputStream.write_buffer's buffer to binmode #439
  • Upgrade rubocop and fix various linting complaints #437 #440

Tooling:

  • Add a bin/console script for development #420
  • Update rake requirement (development dependency only) to fix a security alert.

2.2.0 (2020-02-01)

  • Add support for decompression plugin gems #427

2.1.0 (2020-01-25)

  • Fix (at least partially) the restore_times and restore_permissions options to Zip::File.new #413
    • Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to false to preserve the current behavior, for the time being. If you have explicitly set either to true, it will now have an effect.

... (truncated)

Commits
  • 6c4b7a9 Move to version 2.4.1 due to clash with 2.4.
  • 3b4c2bf Opt-in for MFA requirement explicitly on 2.4
  • e3eb624 Make sure version number is 2.4.0.
  • c09352b Bump version and Changelog for release.
  • 71bb069 Update actions with latest rubies.
  • bb06f99 Update actions dependencies.
  • 3d95a82 Update earliest Ruby version for MacOS builds in CI.
  • 56954b0 Suppress "literal string will be frozen in the future" warning
  • 6ff40f7 Fix setting and restoring RUBYZIP_V3_API_WARN in tests.
  • e05dc9b Improve version 3 API messages.
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the bundler group across 1 directory with 3 updates
3f4ee91 
Bumps the bundler group with 1 update in the /ios directory: [json](https://github.com/ruby/json).


Updates `json` from 1.8.6 to 2.3.0
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v1.8.6...v2.3.0)

Updates `mini_magick` from 4.5.1 to 4.13.2
- [Release notes](https://github.com/minimagick/minimagick/releases)
- [Commits](minimagick/minimagick@v4.5.1...v4.13.2)

Updates `rubyzip` from 1.1.7 to 2.4.1
- [Release notes](https://github.com/rubyzip/rubyzip/releases)
- [Changelog](https://github.com/rubyzip/rubyzip/blob/main/Changelog.md)
- [Commits](rubyzip/rubyzip@v1.1.7...v2.4.1)

---
updated-dependencies:
- dependency-name: json
  dependency-version: 2.3.0
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: mini_magick
  dependency-version: 4.13.2
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: rubyzip
  dependency-version: 2.4.1
  dependency-type: indirect
  dependency-group: bundler
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jan 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant