chore(deps): bump the dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the dependencies group with 5 updates in the / directory:

Package	From	To
json	2.18.0	2.19.1
nokogiri	1.19.0	1.19.1
rubocop	1.82.1	1.85.1
fastimage	2.4.0	2.4.1
minitest	6.0.1	6.0.2

Updates json from 2.18.0 to 2.19.1

Release notes

Sourced from json's releases.

v2.19.1

What's Changed

• Fix a compiler dependent GC bug introduced in 2.18.0.

Full Changelog: ruby/json@v2.19.0...v2.19.1

v2.19.0

What's Changed

• Fix allow_blank parsing option to no longer allow invalid types (e.g. load([], allow_blank: true) now raise a type error).
• Add allow_invalid_escape parsing option to ignore backslashes that aren't followed by one of the valid escape characters.

Full Changelog: ruby/json@v2.18.1...v2.19.0

v2.18.1

What's Changed

• Fix a potential crash in very specific circumstance if GC triggers during a call to to_json without first invoking a user defined #to_json method.

Full Changelog: ruby/json@v2.18.0...v2.18.1

Changelog

Sourced from json's changelog.

2026-03-08 (2.19.1)

• Fix a compiler dependent GC bug introduced in 2.18.0.

2026-03-06 (2.19.0)

• Fix allow_blank parsing option to no longer allow invalid types (e.g. load([], allow_blank: true) now raise a type error).
• Add allow_invalid_escape parsing option to ignore backslashes that aren't followed by one of the valid escape characters.

2026-02-03 (2.18.1)

• Fix a potential crash in very specific circumstance if GC triggers during a call to to_json without first invoking a user defined #to_json method.

Commits

• 4a42a04 Release 2.19.1
• 13689c2 Add missing GC_GUARD in fbuffer_append_str
• a11acc1 Release 2.19.0
• 0a4fb79 fbuffer.h: Use size_t over unsigned long
• a29fcdc Add depth validation to Jruby and TruffleRuby implementations
• de993aa Reject negative depth; add overflow guards to prevent hang/crash
• 6ccc102 Fix allow_blank parsing option to only consider strings.
• 3f32c47 Reimplement to_json methods in Ruby
• 93bc1b3 Remove unused load_uint8x16_4 function.
• a888d6d Use single quotes for allow_invalid_escape doc
• Additional commits viewable in compare view

Updates nokogiri from 1.19.0 to 1.19.1

Release notes

Sourced from nokogiri's releases.

v1.19.1 / 2026-02-16

Security

• [CRuby] Address unchecked return value from xmlC14NExecute which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See GHSA-wx95-c6cv-8532 for more information.

cfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem
1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem
0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem
3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem
dfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem
1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem
110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem
7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem
1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem
4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem
598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem

Changelog

Sourced from nokogiri's changelog.

v1.19.1 / 2026-02-16

Security

• [CRuby] Address unchecked return value from xmlC14NExecute which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See GHSA-wx95-c6cv-8532 for more information.

Commits

• d913045 version bump to v1.19.1
• b81cb98 doc: update CHANGELOG for upcoming v1.19.1
• 8e66809 C14n raise on failure (#3600)
• 5b77f3d Raise RuntimeError when canonicalization fails
• edc5595 Thank sponsors in the README
• d4dc245 dep: update rdoc to v7
• See full diff in compare view

Updates rubocop from 1.82.1 to 1.85.1

Release notes

Sourced from rubocop's releases.

RuboCop v1.85.1

Bug fixes

• #14958: Fix false positives in Style/FileOpen when File.open is passed as an argument or returned from a method. (@​sferik)
• #14973: Fix Style/ReduceToHash false positive when accumulator is read in key/value. (@​sferik)
• #14964: Fix false positives in Style/RedundantParentheses when parenthesizing a range in a block body. (@​koic)

Changes

• #14969: Autoload formatters; they're required only when actually used. (@​lovro-bikic)

RuboCop v1.85.0

New features

• #14921: Add mise.toml as source for TargetRubyVersion. ([@​kitsane][])
• #14925: Add new Lint/UnreachablePatternBranch cop. (@​sferik)
• #14942: Add new Style/FileOpen cop. (@​sferik)
• #14939: Add new Style/MapJoin cop. (@​sferik)
• #14924: Add new Style/OneClassPerFile cop. (@​sferik)
• #14923: Add new Style/PartitionInsteadOfDoubleSelect cop. (@​sferik)
• #14811: Add new Style/PredicateWithKind cop. (@​sferik)
• #14938: Add new Style/ReduceToHash cop. (@​sferik)
• #14812: Add new Style/RedundantMinMaxBy cop. (@​sferik)
• #13501: Add new Style/RedundantStructKeywordInit cop. (@​koic)
• #14808: Add new Style/SelectByKind cop. (@​sferik)
• #14810: Add new Style/SelectByRange cop. (@​sferik)
• #14922: Add new Style/TallyMethod cop. (@​sferik)
• #14773: Add new Lint/DataDefineOverride cop. ([@​bbatsov][])
• #14781: Add new InternalAffairs/ItblockHandler cop. ([@​bbatsov][])
• #14911: Support built-in MCP server (experimental). (@​koic)

Bug fixes

• #14829: Allow classes without a superclass in Style/EmptyClassDefinition. (@​koic)
• #14873: Fix an error in Style/NegatedWhile when the last expression of an until condition is negated. (@​koic)
• #14827: Improve Style/EmptyClassDefinition message wording. ([@​bbatsov][])
• #14800: Fix false obsolete configuration error for extracted cops when loaded as plugins. ([@​bbatsov][])
• #14928: Fix a false positive for Lint/Void when nil is used in case branch. ([@​5hun-s][])
• #14857: Fix false positives in Style/IfUnlessModifier when modifier forms are used inside string interpolations. (@​koic)
• #8773: Fix false positives in Style/HashTransformKeys and Style/HashTransformValues. (@​sferik)
• #6963: Fix false positives in Lint/Void for each blocks where the return value may be meaningful (e.g., Enumerator#each). (@​sferik)
• #14931: Ignore directive comments inside comments. (@​koic)
• #14834: Fix Layout/IndentationWidth false positive for chained method blocks when EnforcedStyleAlignWith is start_of_line. ([@​krororo][])
• #14756: Fix Lint/Void to detect void expressions in case/when branches. ([@​bbatsov][])
• #14874: Fix a Parser::ClobberingError in Lint/UselessAssignment when autocorrecting a useless assignment that wraps a block containing another useless assignment. (@​koic)
• #14880: Fix a false negative in Layout/MultilineAssignmentLayout when using numblock or itblock with SupportedTypes: ['block']. ([@​bbatsov][])

... (truncated)

Changelog

Sourced from rubocop's changelog.

1.85.1 (2026-03-03)

Bug fixes

• #14958: Fix false positives in Style/FileOpen when File.open is passed as an argument or returned from a method. ([@​sferik][])
• #14973: Fix Style/ReduceToHash false positive when accumulator is read in key/value. ([@​sferik][])
• #14964: Fix false positives in Style/RedundantParentheses when parenthesizing a range in a block body. ([@​koic][])

Changes

• #14969: Autoload formatters; they're required only when actually used. ([@​lovro-bikic][])

1.85.0 (2026-02-26)

New features

• #14921: Add mise.toml as source for TargetRubyVersion. ([@​kitsane][])
• #14925: Add new Lint/UnreachablePatternBranch cop. ([@​sferik][])
• #14942: Add new Style/FileOpen cop. ([@​sferik][])
• #14939: Add new Style/MapJoin cop. ([@​sferik][])
• #14924: Add new Style/OneClassPerFile cop. ([@​sferik][])
• #14923: Add new Style/PartitionInsteadOfDoubleSelect cop. ([@​sferik][])
• #14811: Add new Style/PredicateWithKind cop. ([@​sferik][])
• #14938: Add new Style/ReduceToHash cop. ([@​sferik][])
• #14812: Add new Style/RedundantMinMaxBy cop. ([@​sferik][])
• #13501: Add new Style/RedundantStructKeywordInit cop. ([@​koic][])
• #14808: Add new Style/SelectByKind cop. ([@​sferik][])
• #14810: Add new Style/SelectByRange cop. ([@​sferik][])
• #14922: Add new Style/TallyMethod cop. ([@​sferik][])
• #14773: Add new Lint/DataDefineOverride cop. ([@​bbatsov][])
• #14781: Add new InternalAffairs/ItblockHandler cop. ([@​bbatsov][])
• #14911: Support built-in MCP server (experimental). ([@​koic][])

Bug fixes

• #14829: Allow classes without a superclass in Style/EmptyClassDefinition. ([@​koic][])
• #14873: Fix an error in Style/NegatedWhile when the last expression of an until condition is negated. ([@​koic][])
• #14827: Improve Style/EmptyClassDefinition message wording. ([@​bbatsov][])
• #14800: Fix false obsolete configuration error for extracted cops when loaded as plugins. ([@​bbatsov][])
• #14928: Fix a false positive for Lint/Void when nil is used in case branch. ([@​5hun-s][])
• #14857: Fix false positives in Style/IfUnlessModifier when modifier forms are used inside string interpolations. ([@​koic][])
• #8773: Fix false positives in Style/HashTransformKeys and Style/HashTransformValues. ([@​sferik][])
• #6963: Fix false positives in Lint/Void for each blocks where the return value may be meaningful (e.g., Enumerator#each). ([@​sferik][])
• #14931: Ignore directive comments inside comments. ([@​koic][])
• #14834: Fix Layout/IndentationWidth false positive for chained method blocks when EnforcedStyleAlignWith is start_of_line. ([@​krororo][])
• #14756: Fix Lint/Void to detect void expressions in case/when branches. ([@​bbatsov][])
• #14874: Fix a Parser::ClobberingError in Lint/UselessAssignment when autocorrecting a useless assignment that wraps a block containing another useless assignment. ([@​koic][])
• #14880: Fix a false negative in Layout/MultilineAssignmentLayout when using numblock or itblock with SupportedTypes: ['block']. ([@​bbatsov][])
• #11462: Fix over-indentation when autocorrecting nested hashes with Layout/FirstHashElementIndentation. ([@​ydakuka][])
• #14880: Recognize block on different line from left side of multi-line assignment in Layout/MultilineAssignmentLayout. ([@​sanfrecce-osaka][])

... (truncated)

Commits

• fd07672 Cut 1.85.1
• 5c41f90 Update Changelog
• 5e8e492 Merge pull request #14975 from sferik/fix_14973
• 90f3780 Fix Style/ReduceToHash false positive when accumulator is read in key/value
• 90c7959 Merge pull request #14972 from lovro-bikic/relevant-options-digest-cache
• 3c20e8d Cache relevant options digest
• e305f79 Merge pull request #14969 from lovro-bikic/autoload-formatter-constants
• 3f0a304 Autoload formatters; they're required only when actually used
• eb973f4 Merge pull request #14966 from koic/fix_false_positives_in_style_redundant_pa...
• 3338a40 [Fix #14964] Fix false positives in Style/RedundantParentheses
• Additional commits viewable in compare view

Updates fastimage from 2.4.0 to 2.4.1

Changelog

Sourced from fastimage's changelog.

Version 2.4.1

07-Mar-2026

• IMPROVED: Improved handling of SVG files
• IMPROVED: Fix CI for older Ruby versions
• IMPROVED: Add Ruby 4.0 to CI test matrix
• IMPROVED: Add compatibility section to README

Version 2.4.0

03-Jan-2025

• IMPROVED: Refactor code into multiple files
• FIX: error rising from redirects to unknown url scheme
• FIX: Handle tiff format with long dimensions values
• FIX: Remove problematic dependency on base64 gem
• IMPROVED: properties including content_length are fetched more lazily improving performance

Version 2.3.1

01-Apr-2024

• FIX: avoid bug where a NoMethodError exception is raised on faulty images

Version 2.3.0

24-Dec-2023

• FIX: replace test tiff that triggers Clam-AV
• FIX: certain heif files could not be parsed
• FEATURE: Adds animated support for png

Version 2.2.7

23-May-2023

• FEATURE: Adds animated? support for webp and avif images

Version 2.2.6

16-December-2021

• FEATURE: Add support for AVIF support

Version 2.2.5

10-August-2021

• FIX: handle HEIC/HEIF rotation angle

... (truncated)

Commits

• 7a0dcf7 Update changelog and version to 2.4.1
• 6b0c533 Merge pull request #159 from delphaber/fix-html-with-inline-svg-detection
• db92e52 Merge pull request #162 from sdsykes/fix/ruby-2-5-workflow
• 893013d Try a fix for ruby 2.5 workflow
• 8c8b349 Merge pull request #160 from delphaber/replace-external-test-dependencies
• 59ad39b Replace external Wikipedia dependency in tests with local servers
• 7b615ae Merge pull request #161 from sdsykes/fix/actions-runner
• 5907fdb Add ruby 4.0 to tests, update readme
• 749dec0 Remove testing old ruby versions
• f9b0332 Update Ruby test runner to use Ubuntu 22.04
• Additional commits viewable in compare view

Updates minitest from 6.0.1 to 6.0.2

Changelog

Sourced from minitest's changelog.

=== 6.0.2 / 2026-02-23

• 7 bug fixes:

  • Added missing drb dependency from minitest-server. (y-yagi)
  • Cleaned up bisect's sub-commands to load files directly, not ruby+require.
  • Fixed bisect to use same cmd ($0) to run tests as original invocation.
  • load server_plugin if server is loaded. (y-yagi)
  • Manipulate local args instead of ARGV in Sprint.run.
  • Only show --bisect in usage if using minitest.
  • Remove -Itest:lib from bisect's rb_flags since bin/minitest adds them.

Commits

• 339492c prepped for release
• 73eb48e Fixed some doco coverage... still running into tons of pain with rdoc.
• 58387c7 - Fixed bisect to use same cmd ($0) to run tests as original invocation.
• 2a529a0 y-yagi is smart and I am dum
• cf465a6 - Only show --bisect in usage if using minitest.
• e5ad492 Push up server_plugin fix to minitest.rb guarded by env.
• a7aeb10 Fixed up tests to be line independent.
• 59ac1fa - MT6: load server_plugin if server is loaded. (y-yagi)
• dba350e - Manipulate local args instead of ARGV in Sprint.run.
• 8e008ed Added new rdoc rsync location.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions