🚨 [security] [ruby] Update capybara-lockstep 2.2.3 → 2.3.1 (minor)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ capybara-lockstep (2.2.3 → 2.3.1) · Repo · Changelog

Release Notes

2.3.1 (from changelog)

Compatible changes

• Add tests for Ruby 4.0
• Increase required_ruby_version and activesupport minimum version in gemspec so people on legacy Ruby and Rails versions don't receive future upgrades
• Drop tests and support for Ruby < 3 and Rails < 7
• Drop dependency on ruby2_keywords

2.3.0 (from changelog)

• Added support for cuprite as the capybara driver

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ addressable (indirect, 2.8.7 → 2.8.8) · Repo · Changelog

Release Notes

2.8.8 (from changelog)

• Replace the unicode.data blob by a ruby constant (#561)
• Allow public_suffix 7 (#558)

Does any of this look wrong? Please let us know.

↗️ benchmark (indirect, 0.4.1 → 0.5.0) · Repo

Release Notes

0.5.0

What's Changed

• Add Benchmark.ms method and enhance realtime with unit parameter by @nvasilevski in #38

New Contributors

• @nvasilevski made their first contribution in #38

Full Changelog: v0.4.1...v0.5.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ bigdecimal (indirect, 3.3.1 → 4.0.1) · Repo · Changelog

Release Notes

4.0.1

What's Changed

• Exclude dependabot updates from release note by @hsbt in #474
• Remove unused variable (and add test for it) by @tompng in #475
• Remove "Which version should you select" section by @tompng in #476
• Bump version to v4.0.1 by @tompng in #477

Full Changelog: v4.0.0...v4.0.1

4.0.0

What's Changed

• Fix x**y, x.power(y, 0) and x.sqrt(0) calculates huge digits if precision limit is huge by @tompng in #445
• Implement major math functions by @tompng in #336
• Fix fast-path of frac and _decimal_shift affected by BigDecimal.limit by @tompng in #447
• Update the latest versions of actions by @hsbt in #449
• Add missing bigmath precision test, add missing indent by @tompng in #450
• Make BigMath.exp and log also a module_method by @tompng in #452
• Fix incorrect exception when exponent is fractional for Infinity base by @troy-dunamu in #453
• Bump step-security/harden-runner from 2.13.1 to 2.13.2 by @dependabot[bot] in #454
• Don't use assert_separatly if not needed by @tompng in #455
• Bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in #456
• Bump actions/checkout from 5.0.1 to 6.0.0 by @dependabot[bot] in #457
• Add missing BigMath test for jruby by @tompng in #459
• Change remainder/modulo/divmod test of +0/-0 type tolerant by @tompng in #460
• Cast divmod quotient to int by @mrzasa in #312
• Bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #462
• Bump step-security/harden-runner from 2.13.2 to 2.13.3 by @dependabot[bot] in #461
• Implement BigMath.erf(x, prec) and BigMath.erfc(x, prec) by @tompng in #357
• Implement BigMath.gamma and BigMath.lgamma by @tompng in #451
• Fix typos + improve copy/paste in readme by @tas50 in #463
• Fix inaccurate calculation (last digit) and add a workaround for add/sub hang bug by @tompng in #465
• Fix lgamma precision around 1 and 2 by @tompng in #466
• Fix lgamma precision when gamma(negative_x).abs nearly equals 1 by @tompng in #467
• Implement BigMath.frexp and ldexp with exponent of 10 by @tompng in #448
• Bump step-security/harden-runner from 2.13.3 to 2.14.0 by @dependabot[bot] in #468
• Better rounding of BigMath.atan(nearly_one, prec) by @tompng in #469
• Remove deprecated method BigDecimal#precs by @tompng in #470
• Deprecate ludcmp, jacobian and newton by @tompng in #471
• Bump version to v4.0.0 by @tompng in #472

New Contributors

• @troy-dunamu made their first contribution in #453
• @tas50 made their first contribution in #463

Full Changelog: v3.3.1...v4.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ concurrent-ruby (indirect, 1.3.5 → 1.3.6) · Repo · Changelog

Release Notes

1.3.6

What's Changed

• Run tests without the C extension in CI by @eregon in #1081
• Fix typo in Promise docs by @danieldiekmeier in #1083
• Correct word in readme by @wwahammy in #1084
• Fix mistakes in MVar documentation by @trinistr in #1087
• Fix multi require concurrent/executor/cached_thread_pool by @OuYangJinTing in #1085
• Use typed data APIs by @nobu in #1096
• Add Joshua Young to the list of maintainers by @eregon in #1097
• Asynchronous pruning for RubyThreadPoolExecutor by @joshuay03 in #1082
• Mark RubySingleThreadExecutor as a SerialExecutorService by @meineerde in #1070
• Allow TimerTask to be safely restarted after shutdown and avoid duplicate tasks by @bensheldon in #1001
• Flaky test fix: allow ThreadPool to shutdown before asserting completed_task_count by @bensheldon in #1098
• ThreadPoolExecutor#kill will wait_for_termination in JRuby; ensure TimerSet timer thread shuts down cleanly by @bensheldon in #1044

New Contributors

• @danieldiekmeier made their first contribution in #1083
• @wwahammy made their first contribution in #1084
• @trinistr made their first contribution in #1087
• @OuYangJinTing made their first contribution in #1085
• @nobu made their first contribution in #1096
• @joshuay03 made their first contribution in #1082

Full Changelog: v1.3.5...v1.3.6

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ connection_pool (indirect, 2.5.4 → 3.0.2) · Repo · Changelog

Release Notes

3.0.2 (from changelog)

• Support :name keyword for backwards compatibility [#210]

3.0.1 (from changelog)

• Add missing fork.rb to gemspec.

3.0.0 (from changelog)

• BREAKING CHANGES ConnectionPool and ConnectionPool::TimedStack now use keyword arguments rather than positional arguments everywhere. Expected impact is minimal as most people use the with API, which is unchanged.

pool = ConnectionPool.new(size: 5, timeout: 5)
pool.checkout(1) # 2.x
pool.reap(30)    # 2.x
pool.checkout(timeout: 1) # 3.x
pool.reap(idle_seconds: 30) # 3.x

• Dropped support for Ruby <3.2.0

2.5.5 (from changelog)

• Support ConnectionPool::TimedStack#pop(exception: false) [#207] to avoid using exceptions as control flow.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ i18n (indirect, 1.14.7 → 1.14.8) · Repo · Changelog

Release Notes

1.14.8

Full Changelog: v1.14.7...v1.14.8

What's Changed

• Remove unused cgi require for Ruby 3.5 compatibility by @Earlopain in #713
• Explicitly require pathname by @voxik in #708
• CI: Add Ruby 3.4 to CI Matrix by @taketo1113 in #722
• Fix: I18n.locale reset in Fiber context by using Thread#thread_variable by @lee266 in #724
• CI: Use actions/checkout@v5 by @olleolleolle in #721
• Fix compatibility with --enable-frozen-string-literal by @byroot in #726

New Contributors

• @Earlopain made their first contribution in #713
• @taketo1113 made their first contribution in #722
• @lee266 made their first contribution in #724
• @byroot made their first contribution in #726

Full Changelog: v1.14.7...v1.14.8

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ minitest (indirect, 5.26.0 → 6.0.1) · Repo · Changelog

Release Notes

6.0.1 (from changelog)

• 1 minor enhancement:

  • Added new rake task ‘test:fu` to Minitest::TestTask, to only run tests with FU (focused units?) in their name. This should mostly obviate the need for the minitest-focus plugin.

• 5 bug fixes:

  • Fixed –help and –version exiting 1. (grosser)

  • Fixed method signature of Minitest::Benchmark.run. (flavorjones)

  • Flush stdout/stderr before exit./bin/minitest -Ilib ./bug1046.rb:1 < /dev/null (grosser)

  • Improved usage banner output by reordering and reformatting.

  • Normalize paths while processing file.rb:line args.

6.0.0 (from changelog)

This is a major release. Read this.

Please give feedback here: github.com/minitest/minitest/issues/1040

Oh god… here we go… (again)

• 8 deaths in the family(!!):

  • Deleted MiniTest and MiniTest::Unit::TestCase compatibility namespaces.

  • Deleted all use of Marshal for serialization.

  • Deleted maglev? and rubinius? guard methods. LOL.

  • Deleted all minitest/spec expectations from Object. Use _/value/expect.

  • Dropped minitest/mock.rb. This has been extracted to the minitest-mock gem.

  • assert_equal(nil, value) no longer allowed. Use assert_nil to be explicit.

  • Removed assert_send. Use assert_predicate or assert_operator.

  • Removed Minitest::Test#class_name.

• 7 major (oft incompatible) changes:

  • Big: Major refactored MT6’s run path!

    • Minitest.__run -> Minitest.run_all_suites

    • Runnable.run -> Runnable.run_suite & Runnable.filter_runnable_methods

    • Runnable.run_one_method -> Runnable.run

    • Removed Minitest.run_one_method (might bring it back to raise?)

  • Removed deprecated ENV["N"] to specify number of parallel tests. Use MT_CPU.

  • Renamed options[:filter] to options[:include], added --include cmdline option.

    • --name is still handled, but that will be removed in the future.

  • Renamed Minitest::Runnable#test_order to #run_order.

  • If #message is passed a proc then that proc overrides all other output.

    • They are no longer chained!

    • And it does less for formatting of your output.

  • Removed reporter arg from with_info_handler as it has never(?) been used. (HACK?)

  • Plugin loading is now opt-in!

    • Require the plugin in your test_helper.

    • Or use Minitest.load :x

    • Or call Minitest.load_plugins for the old autoloading behavior.

• 5 additions:

  • Added minitest-sprint’s minitest cmdline, now with line support!

  • Added minitest-bisect. Run with minitest –bisect or -b.

  • Added minitest-server.

  • Added minitest/complete to help with shell’s tab-completion of tests.

  • Vendored latest version of path_expander.

• 5 other:

  • Bumped to ruby 3.2+.

  • Removed obsolete conditional for CompositeReporter#prerecord.

  • Removed obsolete version guards around Minitest::Result in reporters.

  • assert_operator and assert_predicate both call assert_respond_to first.

  • Assertions reuse themselves a lot more. Bumps assertion count in some places.

5.27.0 (from changelog)

• 1 major enhancement:

  • Adding post install message announcing the EOL for minitest 5!

• 2 minor enhancements:

  • Removed TestTask::Work#initialize since Queue can now initialize with an Enumerable! AMAZING!

  • Use Kernel#warn uplevel argument for nicer warnings. (byroot)

• 5 bug fixes:

  • Cleaned up option aliasing a tad.

  • Removed obsolete conditional for prerecord

  • Removed obsolete guards around Warning.

  • Removed obsolete version guards for pattern matching assertions.

  • Switched all internal requires to require_relative.

5.26.2 (from changelog)

• 5 bug fixes:

  • Bumped minimum ruby to 3.1.

  • Alias Spec#name to #inspect for cleaner output in repls.

  • Fix pathing for Hoe::Minitest initialization to be more generic.

  • Fixed refute_in_epsilon to use min of abs values. (wtn)

  • Improved options processing and usage output to be more clear.

5.26.1 (from changelog)

The Ocean Shores, Slightly Less Tipsy Edition!

• 3 bug fixes:

  • Add links to API doco in README.

  • Add missing require thread.

  • Bumped ruby version to include 4.0 (trunk). (hsbt) (see also 5.14.2)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ nokogiri (indirect, 1.18.9 → 1.19.1) · Repo · Changelog

Release Notes

1.19.1

v1.19.1 / 2026-02-16

Security

• [CRuby] Address unchecked return value from xmlC14NExecute which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See GHSA-wx95-c6cv-8532 for more information.

sha256 checksums

cfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem
1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem
0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem
3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem
dfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem
1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem
110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem
7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem
1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem
4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem
598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem

1.19.0

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

• Introduce native gem support for Ruby 4.0. #3590
• End support for Ruby 3.1, for which upstream support ended 2025-03-26.
• End support for JRuby 9.4 (which targets Ruby 3.1 compatibility).

sha256 checksums

11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem
eb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem
572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem
23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem
0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem
5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem
05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem
1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem
f482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem
1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem
e304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem

1.18.10

v1.18.10 / 2025-09-15

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.13.9. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.
• [CRuby] [Windows and MacOS] Vendored libiconv is updated to v1.18

sha256 checksums

7fb87235d729c74a2be635376d82b1d459230cc17c50300f8e4fcaabc6195344  nokogiri-1.18.10-aarch64-linux-gnu.gem
7e74e58314297cc8a8f1b533f7212d1999dbe2639a9ee6d97b483ea2acc18944  nokogiri-1.18.10-aarch64-linux-musl.gem
51f4f25ab5d5ba1012d6b16aad96b840a10b067b93f35af6a55a2c104a7ee322  nokogiri-1.18.10-arm-linux-gnu.gem
1c6ea754e51cecc85c30ee8ab1e6aa4ce6b6e134d01717e9290e79374a9e00aa  nokogiri-1.18.10-arm-linux-musl.gem
c2b0de30770f50b92c9323fa34a4e1cf5a0af322afcacd239cd66ee1c1b22c85  nokogiri-1.18.10-arm64-darwin.gem
cd431a09c45d84a2f870ba0b7e8f571199b3727d530f2b4888a73639f76510b5  nokogiri-1.18.10-java.gem
64f40d4a41af9f7f83a4e236ad0cf8cca621b97e31f727b1bebdae565a653104  nokogiri-1.18.10-x64-mingw-ucrt.gem
536e74bed6db2b5076769cab5e5f5af0cd1dccbbd75f1b3e1fa69d1f5c2d79e2  nokogiri-1.18.10-x86_64-darwin.gem
ff5ba26ba2dbce5c04b9ea200777fd225061d7a3930548806f31db907e500f72  nokogiri-1.18.10-x86_64-linux-gnu.gem
0651fccf8c2ebbc2475c8b1dfd7ccac3a0a6d09f8a41b72db8c21808cb483385  nokogiri-1.18.10-x86_64-linux-musl.gem
d5cc0731008aa3b3a87b361203ea3d19b2069628cb55e46ac7d84a0445e69cc1  nokogiri-1.18.10.gem

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ public_suffix (indirect, 6.0.2 → 7.0.2) · Repo · Changelog

Release Notes

7.0.2 (from changelog)

Changed

• Excluded symlinks and unnecessary files from gem packaging. On Windows symlinks cannot be created without Administrator privileges or with developer mode enabled #496.

7.0.1 (from changelog)

Changed

• Updated definitions.

7.0.0 (from changelog)

Changed

• Updated definitions.
• Minimum Ruby version is 3.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rack (indirect, 3.2.3 → 3.2.5) · Repo · Changelog

Security Advisories 🚨

🚨 Rack has a Directory Traversal via Rack:Directory

Summary

Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../root_example/ can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root.

Details

In directory.rb, File.expand_path(File.join(root, path_info)).start_with?(root) does not enforce a path boundary. If the server root is /var/www/root, a path like /var/www/root_backup passes the check because it shares the same prefix, so Rack::Directory will list that directory also.

Impact

Information disclosure via directory listing outside the configured root when Rack::Directory is exposed to untrusted clients and a directory shares the root prefix (e.g., public2, www_backup).

Mitigation

• Update to a patched version of Rack that correctly checks the root prefix.
• Don't name directories with the same prefix as one which is exposed via Rack::Directory.

🚨 Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href

Summary

Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the javascript: scheme (e.g. javascript:alert(1)), the generated index includes an anchor whose href attribute is exactly javascript:alert(1). Clicking this entry executes arbitrary JavaScript in the context of the hosting application.

This results in a client-side XSS condition in directory listings generated by Rack::Directory.

Details

Rack::Directory renders directory entries using an HTML row template similar to:

<a href='%s'>%s</a>

The %s placeholder is populated directly with the file’s basename. If the basename begins with javascript:, the resulting HTML contains an executable JavaScript URL:

<a href='javascript:alert(1)'>javascript:alert(1)</a>

Because the value is inserted directly into the href attribute without scheme validation or normalization, browsers interpret it as a JavaScript URI. When a user clicks the link, the JavaScript executes in the origin of the Rack application.

Impact

If Rack::Directory is used to expose filesystem contents over HTTP, an attacker who can create or upload files within that directory may introduce a malicious filename beginning with javascript:.

When a user visits the directory listing and clicks the entry, arbitrary JavaScript executes in the application's origin. Exploitation requires user interaction (clicking the malicious entry).

Mitigation

• Update to a patched version of Rack in which Rack::Directory prefixes generated anchors with a relative path indicator (e.g. ./filename).
• Avoid exposing user-controlled directories via Rack::Directory.
• Apply a strict Content Security Policy (CSP) to reduce impact of potential client-side execution issues.
• Where feasible, restrict or sanitize uploaded filenames to disallow dangerous URI scheme prefixes.

Release Notes

3.2.4 (from changelog)

Fixed

• Multipart parser: limit MIME header size check to the unread buffer region to avoid false multipart mime part header too large errors when previously read data accumulates in the scan buffer. (#2392, @alpaca-tc, @willnet, @krororo)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ uri (indirect, 1.0.4 → 1.1.1) · Repo · Changelog

Release Notes

1.1.1

What's Changed

• Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP by @osyoyu in #189

New Contributors

• @osyoyu made their first contribution in #189

Full Changelog: v1.1.0...v1.1.1

1.1.0

What's Changed

• Update to use the latest version of setup-ruby and bump up to Ruby 3.4 by @hsbt in #158
• Fix the mention to removed URI.escape/URI::Escape by @y-yagi in #146
• Use a fully qualified name in warning messages by @y-yagi in #150
• Support Ractor#value by @hsbt in #163
• Removed unnecessary workaround by @hsbt in #164
• Escape reserved characters in scheme name by @nobu in #148
• [DOC] State that uri library is needed to call Kernel#URI by @nobu in #167
• Prefer dedicated assertion methods by @nobu in #169
• Fix the message for unexpected argument by @nobu in #171
• Make URI::regexp schemes case sensitive (#38) by @nobu in #170
• The local part should not contain leading or trailing dots in the EMAIL_REGEXP by @nlevchuk in #124
• More checks in EMAIL_REGEXP by @nobu in #172
• Do not allow empty host names, as they are not allowed by RFC 3986 by @jeremyevans in #116
• Improve performance of URI::MailTo::EMAIL_REGEXP by @nobu in #173
• Performance test stability by @nobu in #174
• Update documents that used URI::Parser by @nobu in #175
• Add a workflow to sync commits to ruby/ruby by @k0kubun in #183
• Add irb to the Gemfile to fix the warning by @y-yagi in #182
• Replace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by @vivshaw in #166
• Switch a parsing behavior completely when switching a parser by @y-yagi in #161
• improve error message by @soda92 in #130
• Use generic version number to VERSION by @hsbt in #187

New Contributors

• @y-yagi made their first contribution in #146
• @nlevchuk made their first contribution in #124
• @vivshaw made their first contribution in #166
• @soda92 made their first contribution in #130

Full Changelog: v1.0.4...v1.1.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

🗑️ rexml (removed)

🗑️ ruby2_keywords (removed)

🗑️ rubyzip (removed)

🗑️ selenium-webdriver (removed)

🗑️ websocket (removed)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)