Update all non-major dependencies

[simplificator-renovate]

This PR contains the following updates:

Package	Update	Change
bundler (source, changelog)	minor	2.3.13 -> 2.4.22
webmock (changelog)	minor	3.13.0 -> 3.21.2

---

Release Notes

rubygems/rubygems (bundler)

v2.4.22

Compare Source

Enhancements:

• Add Bundler::Plugin.loaded? helper #​6964
• Give better error when previous installation folder is insecure to remove #​7030
• Set file path when eval-ing local specification in EndpointSpecification #​7106
• Git ignore the proper files for the CI service selected for bundle gem #​7101
• Update vendored thor to v1.3.0 #​7078
• Restore using old way of passing Ruby version to resolver #​7066
• Bump vendored net-http-persistent to 4.0.2 #​6787

Bug fixes:

• Fix regression when installing native extensions on universal rubies #​7077
• Only remove bundler plugin gem when it's inside the cache #​7001
• Don't show bug report template when GEM_HOME has no writable bit #​7113
• Fix regression in old git versions #​7114
• Handle empty array at built-in YAML serializer #​7099
• Fix force_ruby_platform: when the lockfile only locks the ruby platform #​6936

v2.4.21

Compare Source

Enhancements:

• Avoid duplicates -rbundler/setup in RUBYOPT with Ruby preview #​7002
• Prevent gem activation in standalone mode #​6925
• Support Ruby's preview version format (Ex: 3.3.0-preview2) in Gemfile #​7016
• Fix bundle install when older revisions of git source #​6980
• Remove usage of Dir.chdir that only execute a subprocess #​6930

Bug fixes:

• Don't delete the release version from pre-release string more than once #​7054
• Make the lock command not be affected by the frozen setting #​7034
• Raise an error when adding a gem incompatible with some locked platform #​7035
• Re-resolve when lockfile is invalid #​7020
• Don't re-resolve with prereleases if unlocked gem has no prereleases #​7021
• Include gemspec in ExtensionTask for native gem tasks #​7015
• Avoid error reporting relative path when validating frozen #​5128
• Fix bundle lock --minor --update <dep> edge case #​6992
• Stop bundler eagerly loading all specs with exts #​6945

Performance:

• Reduce allocations when parsing lockfile #​6976
• Stop allocating the same settings keys repeatedly #​6963

Documentation:

• Improve formatting and global source information in bundle plugin man page #​7045
• Update man page of bundle exec to reflect default true of flag --keep-file-descriptors #​7033

v2.4.20

Compare Source

Enhancements:

• Bump actions/checkout to v4 in bundler gem template #​6966
• Add support for the ruby-3.2.2 format in the ruby file: Gemfile directive, and explicitly test the 3.2.2@​gemset format as rejected #​6954
• Support ruby file: ".tool-versions" in Gemfile #​6898
• Unify LockfileParser loading of SPECS section #​6933
• Only check circular deps when dependency api is available, not on full index sources #​6919

Bug fixes:

• Allow standalone mode to work on a Windows edge case #​6989
• Fix bundle outdated crashing when both ref and branch specified for a git gem in Gemfile #​6959
• Fix bundle update --redownload #​6924
• Fixed malformed bundler version in lockfile making Bundler crash #​6920
• Fix standalone install crashing when using legacy gemfiles with multiple global sources #​6918
• Resolve ruby version file relative to bundle root #​6892

Performance:

• Lazily construct fetcher debug messages #​6973
• Avoid allocating empty hashes in Index #​6962
• Improve Bundler::Index efficiency by removing unnecessary creation and dups #​6931
• (Further) Improve Bundler::Settings#[] performance and memory usage #​6923
• Don't use full indexes unnecessarily on legacy Gemfiles #​6916
• Improve memory usage in Bundler::Settings, and thus improve boot time #​6884

v2.4.19

Compare Source

Enhancements:

• Add file option to ruby method in Gemfile #​6876
• Show better error when PAT can't authenticate to a private server #​6871
• Don't fallback to old dependency API when bad credentials are configured #​6869

Bug fixes:

• Fix git source conservativeness #​6850

Documentation:

• Clarify that bundle info takes a gem name #​6875

v2.4.18

Compare Source

Security:

• Merge URI-0.12.2 for Bundler #​6779

Enhancements:

• Update Magnus version in Rust extension gem template #​6843

Documentation:

• Update bundle-outdated(1) man to use table output #​6833

v2.4.17

Compare Source

Enhancements:

• Avoid printing "Using ..." messages when version has not changed #​6804

Bug fixes:

• Fix bundler/setup unintendedly writing to the filesystem #​6814

v2.4.16

Compare Source

Bug fixes:

• Exclude Bundler from missing locked dependencies check #​6792
• Fix another incorrect removal of "ruby" platform from lockfile when changing path sources #​6784
• Fix git source lockfile instability #​6786

Documentation:

• gemfile.5: Code format the default glob to escape Markdown #​6790

v2.4.15

Compare Source

Enhancements:

• Improve edge case error message #​6733

Bug fixes:

• Fix bundle lock --update --bundler #​6213

v2.4.14

Compare Source

Enhancements:

• Stop publishing Gemfile in default gem template #​6723
• Avoid infinite loops when hitting resolution bugs #​6722
• Make LockfileParser usable with just a lockfile #​6694
• Always rely on $LOAD_PATH when jumping from exe/ to lib/ #​6702
• Make frozen setting take precedence over deployment setting #​6685
• Show an error when trying to update bundler in frozen mode #​6684

Bug fixes:

• Fix deployment vs path precedence #​6703
• Fix inline mode with multiple sources #​6699

v2.4.13

Compare Source

Bug fixes:

• Fix unexpected fallbacks to full index by adding FalseClass and Time to the SafeMarshal list #​6655

Documentation:

• Fix broken hyperlinks in bundle cache documentation #​6606

v2.4.12

Compare Source

Enhancements:

• Remove reference to pry gem from generated bin/console file #​6515

v2.4.11

Compare Source

Security:

• Use URI-0.12.1 (safe against CVE-2023-28755 ReDoS vulnerability) #​6558

Enhancements:

• Remove one fallback to full indexes on big gemfiles #​6578
• Generate native gems with -fvisibility=hidden #​6541

Bug fixes:

• Fix resolver hangs when dealing with an incomplete lockfile #​6552
• Fix prereleases not being considered by gem version promoter when there's no lockfile #​6537

v2.4.10

Compare Source

Bug fixes:

• Fix some unnecessary top level dependency downgrades #​6535
• Fix incorrect ruby platform removal from lockfile when adding Gemfile dependencies #​6540
• Fix installing plugins in frozen mode #​6543
• Restore "enumerability" of SpecSet #​6532

v2.4.9

Compare Source

Security:

• Don't recommend --full-index on errors #​6493

Enhancements:

• Fix duplicated specs in some error messages #​6475
• When running bundle lock --update <name>, checkout locked revision of unrelated git sources directly #​6459
• Avoid expiring git sources when unnecessary #​6458
• Use RbSys::ExtensionTask when creating new rust gems #​6352
• Don't ignore pre-releases when there's only one candidate #​6441

Bug fixes:

• Fix incorrect removal of ruby platform when auto-healing corrupted lockfiles #​6495
• Don't consider platform specific candidates when force_ruby_platform set #​6442
• Better deal with circular dependencies #​6330

Documentation:

• Add debugging docs #​6387
• Document our current release policy #​6450

v2.4.8

Compare Source

Security:

• Safe load all marshaled data #​6384

Enhancements:

• Better suggestion when bundler/setup fails due to missing gems and Gemfile is not the default #​6428
• Simplify the gem package file filter in the gemspec template #​6344
• Auto-heal corrupted Gemfile.lock with no specs #​6423
• Auto-heal on corrupted lockfile with missing deps #​6400
• Give a better message when Gemfile branch does not exist #​6383

Bug fixes:

• Respect --no-install option for git: sources #​6088
• Fix gems.rb lockfile for bundler version lookup in template #​6413

Documentation:

• Switch supporting explanations to all Ruby Central #​6419

v2.4.7

Compare Source

Enhancements:

• Add --gemfile flag to bundle init to configure gemfile name to generate #​6046
• Improve solve failure explanations by using better wording #​6366
• Restore better error message when locked ref does not exist #​6356
• Avoid crashing when installing from a corrupted lockfile #​6355
• Improve wording of unmet dependencies warning #​6357
• Add Ruby 3.2 and 3.3 platforms to Gemfile DSL #​6346

Bug fixes:

• Fix crash in pub grub involving empty ranges #​6365
• Make gemspec file generated by bundle gem properly exclude itself from packaged gem #​6339
• Preserve relative path sources in standalone setup #​6327

v2.4.6

Compare Source

Enhancements:

• Don't warn on bundle binstubs --standalone --all #​6312

Bug fixes:

• Don't undo require decorations made by other gems #​6308
• Fix bundler/inline not properly installing gems with extensions when used more than once #​6306
• Fix bundler/inline not skipping installation when gems already there, when used more than once #​6305

v2.4.5

Compare Source

Bug fixes:

• Fix bundler/inline not resolving properly if gems not preinstalled #​6282
• Fix packages for external platforms being introduced in lockfile when Bundler retries resolution #​6285

Documentation:

• Update bundle-exec man page to not use deprecated Bundler.with_clean_env #​6284

v2.4.4

Compare Source

Bug fixes:

• Fix platform specific gems removed from the lockfile #​6266
• Properly handle incompatibilities on platform specific gems #​6270
• Optimistically exclude prereleases from initial resolution #​6246
• Fix another case of not properly falling back to ruby variant when materializing #​6261
• Skip setting BUNDLER_SETUP on Ruby 2.6 #​6252
• Let resolver deal with legacy gems with equivalent version and different dependencies #​6219

v2.4.3

Compare Source

Enhancements:

• Enhance bundle open command to allow opening subdir/file of gem #​6146

Bug fixes:

• Fix pointing GitHub sources to PRs #​6241
• Fix version ranges incorrectly handling platforms #​6240
• Cleanup unnecessary gems when removing lockfile platforms #​6234
• When auto-removing RUBY platform don't add specific platform if not needed #​6233
• Fallback to selecting installable candidates if possible when materializing specs #​6225

Documentation:

• Fix several typos #​6224

v2.4.2

Compare Source

Enhancements:

• Add Bundler::Plugin.loaded? helper #​6964
• Give better error when previous installation folder is insecure to remove #​7030
• Set file path when eval-ing local specification in EndpointSpecification #​7106
• Git ignore the proper files for the CI service selected for bundle gem #​7101
• Update vendored thor to v1.3.0 #​7078
• Restore using old way of passing Ruby version to resolver #​7066
• Bump vendored net-http-persistent to 4.0.2 #​6787

Bug fixes:

• Fix regression when installing native extensions on universal rubies #​7077
• Only remove bundler plugin gem when it's inside the cache #​7001
• Don't show bug report template when GEM_HOME has no writable bit #​7113
• Fix regression in old git versions #​7114
• Handle empty array at built-in YAML serializer #​7099
• Fix force_ruby_platform: when the lockfile only locks the ruby platform #​6936

v2.4.1

Compare Source

Enhancements:

• Add file option to ruby method in Gemfile #​6876
• Show better error when PAT can't authenticate to a private server #​6871
• Don't fallback to old dependency API when bad credentials are configured #​6869

Bug fixes:

• Fix git source conservativeness #​6850

Documentation:

• Clarify that bundle info takes a gem name #​6875

v2.4.0

Compare Source

Security:

• In README generated by bundle gem, do not fill rubygems.org install commands with the gem name automatically #​6093
• Use safe Marshal deserialization for dependency API response #​6141

Breaking changes:

• Remove Travis CI from gem skeleton #​6150
• Drop support for Ruby 2.3, 2.4, 2.5 and RubyGems 2.5, 2.6, 2.7 #​6107
• Completely remove "auto-sudo" feature #​5888

Deprecations:

• Turn --ext option of bundle gem into string. Deprecate usage without explicit value #​6144

Features:

• Add --ext=rust support to bundle gem for creating simple gems with Rust extensions #​6149
• Migrate our resolver engine to PubGrub #​5960

Performance:

• Make cloning git repos faster #​4475

Enhancements:

• Add bundle lock --update --bundler #​6134
• Support for pre flag in bundle update/bundle lock #​5258
• Improve error message when changing Gemfile to a mistyped git ref #​6130
• Remove special handling of some LoadError and NoMethodError #​6115

Bug fixes:

• Don't unlock dependencies of a gemspec when its version changes #​6184
• Fix platform specific version for libv8-node and other allowlisted gems not being chosen in Truffleruby #​6169
• Fix bundle outdated with both --groups and --parseable flags #​6148
• Auto-heal lockfile when it's missing specs #​6132
• Fix unintentional downgrades when gemspec DSL is used #​6131
• Fix display of previous gem version when previously downloaded already #​6110
• Fix hang when a lockfile gem does not resolve on the current platform #​6070

Documentation:

• Improve Bundler setup docs for development #​6154
• Fx link in bundle-platform man page #​6071

v2.3.27

Compare Source

Bug fixes

• Provide fix for bundler Gemfile resolving regression. Pull request #​6717
  by Hiroshi SHIBATA.

v2.3.26

Compare Source

Enhancements:

• Map 'universal' to the real arch in Bundler for prebuilt gem selection #​5978

Documentation:

• Fix '--force' option documentation of 'bundle clean' #​6050

v2.3.25

Compare Source

Bug fixes:

• Properly sort specs when materializing #​6015
• Fix bad unfreeze recommendation #​6013

Documentation:

• Bring docs for gemfile(5) manpage up to date #​6007
• Fix github DSL docs to mention they use https protocol over git under the hood #​5993

v2.3.24

Compare Source

Enhancements:

• Only add extra resolver spec group for Ruby platform when needed #​5698
• Fix little UI issue when bundler shows duplicated gems in a list #​5965

Bug fixes:

• Fix incorrect materialization on Windows #​5975

v2.3.23

Compare Source

Enhancements:

• Update GitLab CI template with new one #​5944

Bug fixes:

• Fix bundle init not respecting umask in generated gem's Gemfile #​5947

Performance:

• Further speed up Bundler by not sorting specs unnecessarily #​5868

Documentation:

• Update Bundler new feature instructions #​5912

v2.3.22

Compare Source

Enhancements:

• Use a more accurate source code uri in gemspec #​5896
• Support --path option in bundle add #​5897
• Improve lockfile dependency unlocking #​5881
• Add platform alias :windows to Gemfile DSL #​5650
• Make #to_lock consistent between Gem::Dependency and Bundler::Dependency #​5872
• Support marshaled index specifications with nil required ruby version #​5824

Bug fixes:

• Fix resolution hanging on musl platforms #​5875
• Fix another regression affecting the sorbet family of gems #​5874

Documentation:

• Introduce bundle-console(1) man #​5901
• Introduce bundle-version(1) man #​5895
• Introduce bundle-help(1) man #​5886

v2.3.21

Compare Source

Enhancements:

• Backport non gnu libc linux support from RubyGems #​4488
• Improve Bundler.rm_rf error message #​5861
• Disallow both --branch and --ref at the same time in bundle-plugin #​5855
• Restore previous performance of private RubyGems servers #​5826

Bug fixes:

• Fix conservative update downgrading top level gems #​5847
• Fix edge case where bundler/inline unintentionally skips install #​5848
• Fix bundle platform crash when there's a lockfile with no Ruby locked #​5850
• Fix crash when incomplete locked specifications are found in transitive dependencies #​5840
• Fix Ruby platform incorrectly removed on bundle update #​5832

Documentation:

• Explain cancelled CLI deprecations clearly #​5864
• Improve bundle config command synopsis #​5854
• Introduce bundle-plugin(1) man #​5853

v2.3.20

Compare Source

Enhancements:

• Consistently ignore patchlevel when reporting bundle platform --ruby #​5793
• Make --standalone play nice with --local #​5762
• Implement bundle install --prefer-local #​5761

Bug fixes:

• Fix regression where yanked gems are now unintentionally updated when other gems are unlocked #​5812
• Automatically remove "ruby" from lockfile if incomplete #​5807
• Fix bundle outdated --strict showing too many outdated gems #​5798
• Don't discard candidates matching Ruby metadata #​5784
• Fix bundle outdated crash in debug mode #​5796
• Fix ruby DSL requirement matching for head and prerelease rubies #​5766

Documentation:

• Update Bundler support policies to match what we do these days #​5813
• Fix arguments for bundle-config(1) docs #​5804
• Improve bundle platform man page #​5788
• Remove bundle cache from deprecated commands list, and consistently link to bundle cache in man pages #​5783
• Add package/pack aliases to man pages for cache #​5785
• Add deprecation notice of bundle console #​5775

v2.3.19

Compare Source

Enhancements:

• Add Bundler.settings[:only] to install gems of the specified groups #​5759
• Add ignore_funding_requests config flag #​5767
• Prevent random crash when autoloading Pathname #​5769
• Don't corrupt lockfile when user moves a gem that's already in the lockfile to an incorrect source by mistake #​5070
• Reconcile error/warning message for multiple global sources with documentation #​5741
• Improve error message when gems cannot be found to include the source for each gem #​5729

Bug fixes:

• Fix yet another TruffleRuby platform selection regression #​5746
• Show a proper error if extension dir is not writable #​5726

Performance:

• Lazily check incomplete lockfile to improve performance #​5546

Documentation:

• Add deprecation notice of bundle inject #​5776
• Add deprecation notice of bundle viz to man pages #​5765
• Update command example in bundle exec man page #​5754
• Remove bundle show from obsolete commands #​5753
• Improve global source(s) documentation #​5732
• Use https protocol for URLs for config mirror in bundler man #​5722

v2.3.18

Compare Source

Enhancements:

• Extend gem DSL with a force_ruby_platform option #​4049

Bug fixes:

• Fix misleading error if compact index cannot be copied #​5709
• Fix TruffleRuby no longer able to install lockfiles generated with other implementations #​5711
• Fix TruffleRuby no longer installing lockfiles using "ruby" platform correctly #​5694
• Fix crash when updating vendor cache of default gems #​5679

Performance:

• Speed up bundler/setup by using the raw Gemfile.lock information without extra processing whenever possible #​5695

Documentation:

• Use modern style hashes in Gemfile DSL docs #​5674

v2.3.17

Compare Source

Enhancements:

• Add support for platform :x64_mingw to correctly lookup "x64-mingw-ucrt" #​5649
• Fix some errors being printed twice in --verbose mode #​5654
• Fix extension paths in generated standalone script #​5632

Bug fixes:

• Raise if ruby platform is forced and there are no ruby variants #​5495
• Fix bundle package --no-install no longer skipping install #​5639

Performance:

• Improve performance of Bundler::SpecSet#for by using hash lookup of handled deps #​5537

Documentation:

• Fix formatting issue in bundle add man page #​5642

v2.3.16

Compare Source

Performance:

• Improve performance of installing gems from gem server sources #​5614

v2.3.15

Compare Source

Enhancements:

• Show better error when previous installation fails to be removed #​5564
• Show exception cause in bug report template #​5563

Bug fixes:

• Fix bundle remove by invalidating cached Bundle.definition #​5443
• Fix generated standalone script when it includes default gems #​5586
• Skip duplicated dependency warning for gemspec dev deps #​5587
• Give better conflict resolution advice #​5581
• Fix crash when commenting out a mirror in configuration #​5576
• Fix crash when installing gems with symlinks #​5570
• Ignore Errno::EROFS errors when creating bundler.lock #​5580
• Ignore Errno::EPERM errors when creating bundler.lock #​5579
• Fix crash when printing resolution conflicts on metadata requirements #​5562

v2.3.14

Compare Source

Bug fixes:

• Fix confusing inline mode install output #​5530
• Fix error message when locked version of a gem does not support running Ruby #​5525

Performance:

• Improve bundler/setup performance again by not deduplicating intermediate results #​5533

Documentation:

• Fix typo in documentation #​5514
• Update man page for require option in bundle add command #​5513

bblimke/webmock (webmock)

v3.21.2

Compare Source

• Corrected type checking in WebMock::Response#assert_valid_body! to accurately recognize Hash objects. Additionally, improved the clarity of the error message for unsupported body types, guiding users towards proper usage.

  Thanks to Jake Robb for reporting.

v3.21.1

Compare Source

• The stubbed Net::HTTPResponse#uri now returns request.uri, aligning it with the behavior of an actual Net::HTTPResponse.

  Thanks to Abe Voelker for reporting and to Victor Maslov and Gio Lodi for the suggested solution.

v3.21.0

Compare Source

• Don't use deprecated Rack::VERSION for Rack >= 3

  Thanks to Étienne Barrié

  • Updated HTTPClient adapter, to build request signature using the URI after filters have been applied.

    Thanks to Matt Brown

v3.20.0

Compare Source

• Optimised EmHttpRequestAdapter performance.

  Thanks to Ricardo Trindade

  • Removed runtime dependency on base64.

    Thanks to Earlopain

  • Typhoeus::Response objects constructed from stubbed responses now have all timing attributes set to 0.0.

    Thanks to James Brown

  • Optimised WebMock::Util::Headers by removing redundant freeze invocations.

    Thanks to Kazuhiro NISHIYAMA

  • The default stubbed response body, which is an empty String, is unfrozen.

  • When building signatures of requests made by http.rb, the request body encoding is now preserved.

v3.19.1

Compare Source

• When passing a Proc or lambda as response body to to_return_json, the body is evaluated at the time of request and not at the time of to_return_json method invocation.

  Thanks to [Jason Karns](https://togithub.com/jasonkarns) for reporting.
  

v3.19.0

Compare Source

• Do not alter real (non-stubbed) request headers when handling em-http-request requests.

  Thanks to [Yoann Lecuyer](https://togithub.com/ylecuyer)
  

  • Fix matching stubs with HashExcludingMatcher

    Thanks to Lucas Arnaud

  • Remove development and test files from the gem package

    Thanks to Orien Madgwick

  • Fix supported http client gem version checks.

    Thanks to Marc Rohloff and Roman Stražanec

  • Non-string body passed to #to_return_json is now converted to JSON string.

    Thanks to inkstak

  • [::1] is recognised as localhost e.g when passing allow_localhost option to disable_net_connect!

    Thanks to Yuki Inoue

  • Optimized normalize_headers for performance

    Thanks to Brandon Weaver

  • Added Frozen string literal to files to optimise memory usage

    Thanks to Josh Nichols

v3.18.1

Compare Source

• Reverted simplified connection handing in Net::HTTP adapter due to https://github.com/bblimke/webmock/issues/999

v3.18.0

Compare Source

• Net::BufferedIO is not replaced anymore.

  Thanks to Ray Zane

  • Simplified connection handing in Net::HTTP adapter.

    Thanks to Ray Zane

v3.17.1

Compare Source

• Fixed Syntax Error

  Thanks to Mark Spangler

v3.17.0

Compare Source

• Minimum required Ruby version is 2.3

  Thanks to Go Sueyoshi

  • When using Net::HTTP, stubbed socket StubSocket#close and StubSocket#closed? behave more like the real sockets.

    Thanks to Ray Zane

  • Added peeraddr, ssl_version and cipher methods to stubbed sockets used by Net::HTTP.

    Thanks to Ray Zane

  • Added support for matching top-level array in JSON request body.

    E.g.

    stub_request(:post, 'www.example.com').with(body: [{a: 1}])
    

    Thanks to Cedric Sohrauer

v3.16.2

Compare Source

• Minimum required Ruby version is 2.0.

v3.16.1

Compare Source

v3.15.2

Compare Source

• Minimum required Ruby version is 2.0.

v3.15.1

Compare Source

v3.14.0

Compare Source

• Bump Addressable from 2.3.6 to 2.8.0

  Thanks to Eduardo Hernandez

---

Configuration

📅 Schedule: Branch creation - "before 8am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[simplificator-renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.