Skip to content

Bump the "all" group with 2 updates across multiple ecosystems #904

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 10, 2025
Merged

Bump the "all" group with 2 updates across multiple ecosystems #904

merged 1 commit into from
Oct 10, 2025
+8 −8

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 10, 2025

Bumps the all group with 3 updates: github/codeql-action, ruby/setup-ruby and actions/stale.

Updates github/codeql-action from 3.30.6 to 4.30.7

Release notes

Sourced from github/codeql-action's releases.

v4.30.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.7 - 06 Oct 2025

  • [v4+ only] The CodeQL Action now runs on Node.js v24. #3169

See the full CHANGELOG.md for more information.

v3.30.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.7 - 06 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.30.7 - 06 Oct 2025

  • [v4+ only] The CodeQL Action now runs on Node.js v24. #3169

3.30.6 - 02 Oct 2025

  • Update default CodeQL bundle version to 2.23.2. #3168

3.30.5 - 26 Sep 2025

  • We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

3.30.4 - 25 Sep 2025

  • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100
  • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
  • You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130
  • Update default CodeQL bundle version to 2.23.1. #3118

3.30.3 - 10 Sep 2025

No user facing changes.

3.30.2 - 09 Sep 2025

  • Fixed a bug which could cause language autodetection to fail. #3084
  • Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064

3.30.1 - 05 Sep 2025

  • Update default CodeQL bundle version to 2.23.0. #3077

3.30.0 - 01 Sep 2025

  • Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #3054

3.29.11 - 21 Aug 2025

  • Update default CodeQL bundle version to 2.22.4. #3044

3.29.10 - 18 Aug 2025

... (truncated)

Commits
  • e296a93 Merge pull request #3183 from github/update-v4.30.7-55283843c
  • 93c1673 Update changelog for v4.30.7
  • 5528384 Merge pull request #3169 from github/mario-campos/node24
  • b66db86 Hoist CHANGELOG note back to "UNRELEASED" section.
  • b2e2232 Merge remote-tracking branch 'origin/main' into mario-campos/node24
  • 065c6cf Merge pull request #3174 from github/mbg/fix/start-proxy-matrix
  • 7fb8378 Re-throw exception in createStatusReportBase when in test mode
  • dddf033 Revert changes to build.mjs
  • 54ae8ba Simplify PR check by reverting changes to @types/node.
  • 65e9e64 Make matrix available to start-proxy action
  • Additional commits viewable in compare view

Updates ruby/setup-ruby from 1.263.0 to 1.264.0

Release notes

Sourced from ruby/setup-ruby's releases.

v1.264.0

What's Changed

Full Changelog: ruby/setup-ruby@v1.263.0...v1.264.0

Commits

Updates actions/stale from 10.0.0 to 10.1.0

Release notes

Sourced from actions/stale's releases.

v10.1.0

What's Changed

New Contributors

Full Changelog: actions/stale@v10...v10.1.0

Commits

Bumps the all group with 3 updates in the / directory: minitest, json and prism.

Updates minitest from 5.25.5 to 5.26.0

Changelog

Sourced from minitest's changelog.

=== 5.26.0 / 2025-10-07

The Seattle.rb Nerd Party, Slightly Tipsy Edition!

  • 2 minor enhancements:

    • Added extra documentation to Minitest::TestTask options.
    • Make parallelize_me! a no-op when n_threads=1.

  • 9 bug fixes:

    • Bypass parallel_executor entirely when n_threads=1.
    • Don't require rubygems in Rakefile... it is 2025.
    • Ensure that minitest exits non-zero on Interrupt. (tavianator)
    • Fix Minitest.run sequence rdoc to include loop vars and read consistently.
    • Fix call to parallel_executor.shutdown when it isn't defined.
    • Removed some 1.8/1.9-based code from the assertions and expectations.
    • Still fighting with rdoc? Yup. Still fighting with rdoc...
    • Switched assert_equal's diff from Tempfile.open to Tempfile.create.
    • Use Regexp.escape for BASE_RE in case pwd has special chars. (astra_1993)
Commits
  • f78aa72 prepped for release
  • 5faf12f - Use Regexp.escape for BASE_RE in case pwd has special chars. (astra_1993)
  • 839c5f0 - Bypass parallel_executor entirely when n_threads=1.
  • 7c90742 - Switched assert_equal's diff from Tempfile.open to Tempfile.create.
  • b3dcd38 clarify an assert_equal + newline + backslash n test output to be more readable
  • 14c87ef Improve let tests to no longer be order dependent.
  • 6c995cf - Ensure that minitest exits non-zero on Interrupt. (tavianator)
  • 42ce806 - Removed some 1.8/1.9-based code from the assertions and expectations.
  • a17393e - Still fighting with rdoc? Yup. Still fighting with rdoc...
  • 68b3d0c - Don't require rubygems in Rakefile... it is 2025.
  • Additional commits viewable in compare view

Updates json from 2.15.0 to 2.15.1

Release notes

Sourced from json's releases.

v2.15.1

What's Changed

  • Fix incorrect escaping in the JRuby extension when encoding shared strings.

Full Changelog: ruby/json@v2.15.0...v2.15.1

Changelog

Sourced from json's changelog.

2025-10-07 (2.15.1)

  • Fix incorrect escaping in the JRuby extension when encoding shared strings.
Commits

Updates prism from 1.5.1 to 1.5.2

Release notes

Sourced from prism's releases.

v1.5.2

Changed

  • Fix character literal forced encoding when a unicode escape sequence is used.
  • Reject 1 if foo = bar baz.
  • Clear static literal flag on interpolated strings.
  • Reject optional argument/endless method definition ambiguity.
Changelog

Sourced from prism's changelog.

[1.5.2] - 2025-10-09

Changed

  • Fix character literal forced encoding when a unicode escape sequence is used.
  • Reject 1 if foo = bar baz.
  • Clear static literal flag on interpolated strings.
  • Reject optional argument/endless method definition ambiguity.
Commits
  • 5446f7b Merge pull request #3675 from ruby/bump-version
  • 7574837 Bump to v
  • 022d6d0 Merge pull request #3674 from Earlopain/endless-method-no-parens
  • e1910d4 For these special cases, there exists no optional argument type. Since a endl...
  • c89ca2a sync-ruby.yml: Fix the target push branch
  • c0f3ea7 Add a workflow to sync commits to ruby/ruby (#3673)
  • 3070615 Merge pull request #3672 from ruby/dependabot/bundler/gemfiles/typecheck/ruby...
  • 5e2a3af Merge pull request #3671 from ruby/dependabot/maven/java-wasm/java-deps-7d48a...
  • f6befc3 Bump sorbet
  • bde0629 Bump the java-deps group in /java-wasm with 4 updates
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the all group with 3 updates
465b630 
Bumps the all group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/stale](https://github.com/actions/stale).


Updates `github/codeql-action` from 3.30.6 to 4.30.7
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@64d10c1...e296a93)

Updates `ruby/setup-ruby` from 1.263.0 to 1.264.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](ruby/setup-ruby@0481980...6797dcb)

Updates `actions/stale` from 10.0.0 to 10.1.0
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@3a9db7e...5f858e3)
build(deps-dev): bump the all group across 1 directory with 3 updates

Bumps the all group with 3 updates in the / directory: [minitest](https://github.com/minitest/minitest), [json](https://github.com/ruby/json) and [prism](https://github.com/ruby/prism).


Updates `minitest` from 5.25.5 to 5.26.0
- [Changelog](https://github.com/minitest/minitest/blob/master/History.rdoc)
- [Commits](minitest/minitest@v5.25.5...v5.26.0)

Updates `json` from 2.15.0 to 2.15.1
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v2.15.0...v2.15.1)

Updates `prism` from 1.5.1 to 1.5.2
- [Release notes](https://github.com/ruby/prism/releases)
- [Changelog](https://github.com/ruby/prism/blob/main/CHANGELOG.md)
- [Commits](ruby/prism@v1.5.1...v1.5.2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.30.7
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: ruby/setup-ruby
  dependency-version: 1.264.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: actions/stale
  dependency-version: 10.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: minitest
  dependency-version: 5.26.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: json
  dependency-version: 2.15.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: prism
  dependency-version: 1.5.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies github_actions Pull requests that update Github_actions code ruby Pull requests that update Ruby code labels Oct 10, 2025
@ZhongRuoyu ZhongRuoyu merged commit f726a46 into main Oct 10, 2025
14 checks passed
@ZhongRuoyu ZhongRuoyu deleted the dependabot/all-6cb627c2bd branch October 10, 2025 09:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ZhongRuoyu ZhongRuoyu ZhongRuoyu approved these changes

Assignees

No one assigned

Labels

dependencies github_actions Pull requests that update Github_actions code ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ZhongRuoyu