deps(deps): Bump the production-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the production-dependencies group with 3 updates in the / directory: irb, rake and rubocop.

Updates irb from 1.17.0 to 1.18.0

Release notes

Sourced from irb's releases.

v1.18.0

What's Changed

✨ Enhancements

• Completely migrate to prism by @​tompng in ruby/irb#1160
• Suppress error highlight for some incomplete code by @​tompng in ruby/irb#1173
• Display command description in doc dialog on tab completion by @​st0012 in ruby/irb#1180
• Add startup banner with Ruby logo, version info, and tips by @​st0012 in ruby/irb#1183
• Highlight the method name in method calls by @​shugo in ruby/irb#1189
• Add --nobanner option to suppress startup banner by @​st0012 in ruby/irb#1200

🐛 Bug Fixes

• Make ls command work for BasicObjects by @​eikes in ruby/irb#1177
• Fix IRB crash when typing string literal with control/meta sequence by @​tompng in ruby/irb#1182
• Wait for pager to terminate by @​tompng in ruby/irb#1192
• Fix incorrect dash in startup message by @​st0012 in ruby/irb#1206
• Colorize KEYWORD_DO_BLOCK (added in head Prism) by @​tompng in ruby/irb#1207

🛠 Other Changes

• Silence default_external warning in tests by @​Earlopain in ruby/irb#1172
• Ruby >= 4.1.0 allows trailing comma in method signature by @​eikes in ruby/irb#1178
• Fix display_document test fails in tty environment by @​tompng in ruby/irb#1185
• Use Prism::ParseResult#continuable? if possible by @​tompng in ruby/irb#1184
• Do not open nesting for character literals by @​shugo in ruby/irb#1190
• Fix random EPIPE failure in SIGINT restore tests by @​k0kubun in ruby/irb#1191
• Bump version to 1.18.0 by @​st0012 in ruby/irb#1208

New Contributors

• @​Earlopain made their first contribution in ruby/irb#1172
• @​eikes made their first contribution in ruby/irb#1178
• @​shugo made their first contribution in ruby/irb#1190

Full Changelog: ruby/irb@v1.17.0...v1.18.0

Commits

• 31e068a Bump version to 1.18.0 (#1208)
• f49d6b5 Colorize KEYWORD_DO_BLOCK (added in head Prism) (#1207)
• 96342e7 Fix incorrect dash in startup message (#1206)
• 9b930c8 Add --nobanner option to suppress startup banner (#1200)
• 9dc2a85 Bump rubygems/release-gem from 1.1.4 to 1.2.0
• 454964c Bump actions/upload-pages-artifact from 4 to 5
• b9719d1 Bump step-security/harden-runner from 2.16.0 to 2.17.0
• ee2af9f Highlight the method name in method calls (#1189)
• 75ad68d Bump actions/configure-pages from 5 to 6
• 6f757b9 Bump actions/deploy-pages from 4 to 5
• Additional commits viewable in compare view

Updates rake from 13.3.1 to 13.4.2

Commits

• 503b8ec v13.4.2
• 46038e7 Merge pull request #723 from ruby/fix/testopts-preserve-existing-value
• 604a3d9 Isolate TESTOPTS env in TestRakeTestTask setup/teardown
• 5886caa Preserve ENV["TESTOPTS"] when verbose is enabled
• 92193ac v13.4.1
• b74be0b Merge pull request #721 from ruby/fix/add-options-to-gemspec
• 829f66d Add lib/rake/options.rb to gemspec
• 2d55bc4 v13.4.0
• 1415070 Exclude dependabot updates from release note
• b3dc948 Merge pull request #713 from pvdb/simplify_standard_system_dir
• Additional commits viewable in compare view

Updates rubocop from 1.86.0 to 1.87.0

Release notes

Sourced from rubocop's releases.

RuboCop v1.87.0

New features

• #15167: Add --enable-all-cops and --disable-all-cops command line options that override AllCops/EnabledByDefault and AllCops/DisabledByDefault in configuration files. (@​koic)
• #15185: Make Layout/EmptyLineAfterGuardClause accept the new # simplecov:disable and # simplecov:enable directive comments. (@​koic)
• #15173: Add optional Rubydex integration via AllCops/UseProjectIndex to enable cross-file detection in Lint/ConstantReassignment (experimental). (@​koic)

Bug fixes

• #15168: Fix false positives in Lint/ParenthesesAsGroupedExpression when the first argument is a call-like expression with its own parentheses, such as yield(...). (@​koic)
• #15188: Fix false positives in Style/YodaCondition when one side is an array or hash literal containing non-literal elements. (@​koic)
• #15182: Fix incorrect autocorrect for Style/Alias causing a syntax error when the return value of alias_method is used, such as an argument to public, private, protected, or module_function, or the right-hand side of an assignment. (@​koic)
• #15174: Fix incorrect autocorrect for Style/ClassAndModuleChildren causing a syntax error when the namespace contains a method call (e.g., class self.class::Foo; end). (@​koic)
• #15180: Fix incorrect autocorrect for Style/FileWrite causing a syntax error when the written heredoc is chained with another method call. (@​koic)
• #15186: Fix incorrect autocorrect for Style/HashConversion causing a syntax error when Hash[...] is passed an anonymous splat (*). (@​koic)
• #15192: Fix incorrect autocorrect for Style/StructInheritance causing a syntax error when the inherited Struct.new is called without parentheses. (@​koic)
• #15170: Fix an infinite loop for Layout/RedundantLineBreak when a single-line block is chained with a safe navigation method call. (@​koic)
• #15175: Fix Layout/IndentationWidth to indent block bodies relative to the method selector for trailing-dot multi-line method chains when EnforcedStyleAlignWith is relative_to_receiver. (@​ddbrendan)
• #15135: Fix incorrect autocorrect for Style/RedundantParentheses that swallowed chained method calls into a trailing inline comment on the line above the closing parenthesis. (@​hammadxcm)
• #15184: Fix various typos and grammar mistakes in documentation and cop descriptions. (@​bbatsov)

Changes

• #15171: Cache FilePatterns#match? results per path so cops sharing the same Include/Exclude configuration do not each repeat File.fnmatch? work on every file. (@​Darhazer)

RuboCop v1.86.2

New features

• #15075: Implement true runner parallelism. ([@​tdeo][])

Bug fixes

• #15156: Fix an error for Style/HashLookupMethod when chaining fetch (or []) calls on the same expression. (@​koic)
• #15161: Fix an error for Style/ReduceToHash when nested each_with_object/inject/reduce calls would build hashes. (@​koic)
• #15144: Fix an error in Style/SoleNestedConditional when autocorrecting nested conditionals containing comments. (@​koic)
• #15040: Exclude constants from Style/ModuleMemberExistenceCheck. ([@​t-daisuke][])
• #15155: Fix false negatives in Style/RedundantSelf when an explicit self receiver in one scope matches the LHS of an ||=, &&=, or op_asgn in another scope. (@​koic)
• #15107: Fix false positives in Lint/RequireRelativeSelfPath when a non-.rb file uses require_relative with its own basename. (@​koic)
• #15137: Fix incorrect "does not support IndentationWidth parameter" warning for Layout/ClosingParenthesisIndentation and Layout/CommentIndentation. (@​koic)
• #15148: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in rescue or ensure bodies. (@​koic)
• #15147: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in the body of unless. (@​koic)
• #15163: Fix false positives in Style/Copyright when Notice pattern starts with \A#, uses \s metacharacters, or has multiple spaces after #. (@​koic)
• #10179: Fix false positives in Style/DocumentDynamicEvalDefinition when the heredoc contains an escaped interpolation (\#{...}). ([@​eyupcanakman][])
• #15154: Fix bug where specifying --out disables parallelization. ([@​deivid-rodriguez][])

... (truncated)

Changelog

Sourced from rubocop's changelog.

1.87.0 (2026-05-30)

New features

• #15167: Add --enable-all-cops and --disable-all-cops command line options that override AllCops/EnabledByDefault and AllCops/DisabledByDefault in configuration files. ([@​koic][])
• #15185: Make Layout/EmptyLineAfterGuardClause accept the new # simplecov:disable and # simplecov:enable directive comments. ([@​koic][])
• #15173: Add optional Rubydex integration via AllCops/UseProjectIndex to enable cross-file detection in Lint/ConstantReassignment (experimental). ([@​koic][])

Bug fixes

• #15168: Fix false positives in Lint/ParenthesesAsGroupedExpression when the first argument is a call-like expression with its own parentheses, such as yield(...). ([@​koic][])
• #15188: Fix false positives in Style/YodaCondition when one side is an array or hash literal containing non-literal elements. ([@​koic][])
• #15182: Fix incorrect autocorrect for Style/Alias causing a syntax error when the return value of alias_method is used, such as an argument to public, private, protected, or module_function, or the right-hand side of an assignment. ([@​koic][])
• #15174: Fix incorrect autocorrect for Style/ClassAndModuleChildren causing a syntax error when the namespace contains a method call (e.g., class self.class::Foo; end). ([@​koic][])
• #15180: Fix incorrect autocorrect for Style/FileWrite causing a syntax error when the written heredoc is chained with another method call. ([@​koic][])
• #15186: Fix incorrect autocorrect for Style/HashConversion causing a syntax error when Hash[...] is passed an anonymous splat (*). ([@​koic][])
• #15192: Fix incorrect autocorrect for Style/StructInheritance causing a syntax error when the inherited Struct.new is called without parentheses. ([@​koic][])
• #15170: Fix an infinite loop for Layout/RedundantLineBreak when a single-line block is chained with a safe navigation method call. ([@​koic][])
• #15175: Fix Layout/IndentationWidth to indent block bodies relative to the method selector for trailing-dot multi-line method chains when EnforcedStyleAlignWith is relative_to_receiver. ([@​ddbrendan][])
• #15135: Fix incorrect autocorrect for Style/RedundantParentheses that swallowed chained method calls into a trailing inline comment on the line above the closing parenthesis. ([@​hammadxcm][])
• #15184: Fix various typos and grammar mistakes in documentation and cop descriptions. ([@​bbatsov][])

Changes

• #15171: Cache FilePatterns#match? results per path so cops sharing the same Include/Exclude configuration do not each repeat File.fnmatch? work on every file. ([@​Darhazer][])

1.86.2 (2026-05-14)

New features

• #15075: Implement true runner parallelism. ([@​tdeo][])

Bug fixes

• #15156: Fix an error for Style/HashLookupMethod when chaining fetch (or []) calls on the same expression. ([@​koic][])
• #15161: Fix an error for Style/ReduceToHash when nested each_with_object/inject/reduce calls would build hashes. ([@​koic][])
• #15144: Fix an error in Style/SoleNestedConditional when autocorrecting nested conditionals containing comments. ([@​koic][])
• #15040: Exclude constants from Style/ModuleMemberExistenceCheck. ([@​t-daisuke][])
• #15155: Fix false negatives in Style/RedundantSelf when an explicit self receiver in one scope matches the LHS of an ||=, &&=, or op_asgn in another scope. ([@​koic][])
• #15107: Fix false positives in Lint/RequireRelativeSelfPath when a non-.rb file uses require_relative with its own basename. ([@​koic][])
• #15137: Fix incorrect "does not support IndentationWidth parameter" warning for Layout/ClosingParenthesisIndentation and Layout/CommentIndentation. ([@​koic][])
• #15148: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in rescue or ensure bodies. ([@​koic][])
• #15147: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in the body of unless. ([@​koic][])
• #15163: Fix false positives in Style/Copyright when Notice pattern starts with \A#, uses \s metacharacters, or has multiple spaces after #. ([@​koic][])
• #10179: Fix false positives in Style/DocumentDynamicEvalDefinition when the heredoc contains an escaped interpolation (\#{...}). ([@​eyupcanakman][])
• #15154: Fix bug where specifying --out disables parallelization. ([@​deivid-rodriguez][])
• #15106: Fix TargetFinder to work correctly inside hidden parent directories. ([@​alpaca-tc][])
• #15102: Fix FrozenError in DisabledConfigFormatter for frozen array config parameters. ([@​koic][])
• #15141: Fix incorrect autocorrect for Gemspec/RequireMFA causing an infinite loop when rubygems_mfa_required metadata uses a symbol key. ([@​koic][])
• #15142: Fix infinite loop for --disable-uncorrectable and offense near heredoc. ([@​jonas054][])

... (truncated)

Commits

• e5b788d Cut 1.87
• 65aece8 Update Changelog
• 810c790 Fix incorrect autocorrect for Style/StructInheritance cop
• 1ec0554 [Fix #15185] Make Layout/EmptyLineAfterGuardClause accept new SimpleCov dir...
• 11cd569 Merge pull request #15190 from koic/fix_false_positives_in_style_yoda_condition
• ceff136 [Fix #15188] Fix false positives for Style/YodaCondition
• 4a12596 Fix incorrect autocorrect for Style/HashConversion cop
• 4801e9d Merge pull request #15184 from rubocop/fix-typos-and-grammar-in-docs
• bfe7dc5 Fix various typos and grammar mistakes in documentation
• 6988aa4 Merge pull request #15182 from koic/fix_incorrect_autocorrect_for_style_alias...
• Additional commits viewable in compare view

Updates erb from 4.0.4 to 4.0.4.1

Changelog

Sourced from erb's changelog.

4.0.4.1

• Prohibit def_method on marshal-loaded ERB instances

Commits

• 6a2e4a7 Version 4.0.4.1
• c3b721f Prohibit def_method on marshal-loaded ERB instances
• See full diff in compare view

Updates json from 2.19.3 to 2.19.8

Release notes

Sourced from json's releases.

v2.19.7

What's Changed

• Fix some more edge cases with out of range floats.
• Ensure the string provided to JSON.parse can't be mutated during parsing.
• Add missing write barriers in State#dup.
• Further validate generator depth config.

Full Changelog: ruby/json@v2.19.6...v2.19.7

v2.19.6

What's Changed

• Cleanly handle overly large depth generator argument.
• Add missing write barrier in ParserConfig.

Full Changelog: ruby/json@v2.19.5...v2.19.6

v2.19.5

What's Changed

• Cap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.

Full Changelog: ruby/json@v2.19.4...v2.19.5

v2.19.4

What's Changed

• Fix parsing of out of range floats (very large exponents that lead to either 0.0 or Inf).

Full Changelog: ruby/json@v2.19.2...v2.19.4

Changelog

Sourced from json's changelog.

2026-06-03 (2.19.8)

• Fix 1-byte buffer overread on EOS errors.
• Handle invalid types passed as max_nesting option.

2026-05-28 (2.19.7)

• Fix some more edge cases with out of range floats.
• Ensure the string provided to JSON.parse can't be mutated during parsing.
• Add missing write barriers in State#dup.
• Further validate generator depth config.

2026-05-28 (2.19.6)

• Cleanly handle overly large depth generator argument.
• Add missing write barrier in ParserConfig.

2026-05-04 (2.19.5)

• Cap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.

2026-04-19 (2.19.4)

• Fix parsing of out of range floats (very large exponents that lead to either 0.0 or Inf).

Commits

• 5233dd9 Release 2.19.8
• 3f44b26 Prevent buffer over-read when generating EOF error
• be8d068 Handle invalid types passed as max_nesting option
• 59501c0 Get rid of all_images gem
• c7a7b2b Add a security note in README
• ab6c8f2 Release 2.19.7
• f033b9d Fix some more edge cases with out of range floats
• 5ca8a67 parser.c: Ensure the user provided string can't be mutated
• dba1d88 generator.c: trigger write barriers in cState_init_copy
• e8800cb Further validate generator depth config
• Additional commits viewable in compare view

Updates parallel from 1.27.0 to 1.28.0

Changelog

Sourced from parallel's changelog.

1.28.0

Fixed

• Dump undumpable exceptions without cause if that fixes the issue

Commits

• e141db9 v1.28.0
• 679f6ec Merge pull request #360 from grosser/grosser/dump
• 0da8239 dump undumpable exceptions without cause if that fixes the issue
• 8d638d0 Merge pull request #358 from grosser/grosser/up
• 998ce26 bundle and cleanup test duplication
• See full diff in compare view

Updates psych from 5.3.1 to 5.4.0

Commits

• f7066d8 v5.4.0
• 6201ae1 Round the io_reader clamp down to a character boundary
• 99ecd94 Clamp io_reader copy to libyaml's buffer size
• 7a73514 Merge pull request #794 from ruby/dependabot/github_actions/step-security/har...
• cada6bb Bump step-security/harden-runner from 2.19.3 to 2.19.4
• c06a2c5 Merge pull request #793 from ruby/dependabot/github_actions/step-security/har...
• 4a7ca7e Bump step-security/harden-runner from 2.19.1 to 2.19.3
• 790494a Merge pull request #792 from ruby/dependabot/github_actions/step-security/har...
• 16d8518 Bump step-security/harden-runner from 2.19.0 to 2.19.1
• 1366654 Bump step-security/harden-runner from 2.17.0 to 2.19.0
• Additional commits viewable in compare view

Updates regexp_parser from 2.11.3 to 2.12.0

Changelog

Sourced from regexp_parser's changelog.

[2.12.0] - 2026-04-04 - Janosch Müller

Added

• support for new unicode properties of Ruby 4.0.0

Commits

• 55f48a1 Release v2.12.0
• 2c97fc7 Disable gouteur for mutant
• 2d2babd Add ruby 4 unicode properties
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated, bot: dependabot, dependencies, lang: ruby, size: sm, status: needs-review, type: maintenance. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.