chore(deps): bump the bundler-version-updates group across 1 directory with 9 updates

[dependabot]

Updates the requirements on oauth2, typhoeus, warning, rubocop, rubocop-minitest, dotenv, minitest-hooks, rake and simplecov-cobertura to permit the latest version.
Updates oauth2 from 2.0.12 to 2.0.22

Release notes

Sourced from oauth2's releases.

v2.0.22

2.0.22 - 2026-06-07

• TAG: v2.0.22
• COVERAGE: 100.00% -- 542/542 lines in 15 files
• BRANCH COVERAGE: 100.00% -- 180/180 branches in 15 files
• 88.35% documented

Changed

• Raised generated development tooling floors to kettle-dev >= 2.1.1 and version_gem >= 1.1.11.
• Raised the runtime dependency floor for snaky_hash to >= 2.0.5.

Security

• [GHSA-pp92-crg2-gfv9] Prevent protocol-relative redirect Location values from changing request authority, and strip Authorization headers from cross-origin redirects.

Official Discord 👉️

Many paths lead to being a sponsor or a backer of this project. Are you on such a path?

... (truncated)

Changelog

Sourced from oauth2's changelog.

[2.0.22] - 2026-06-07

• TAG: [v2.0.22][2.0.22t]
• COVERAGE: 100.00% -- 542/542 lines in 15 files
• BRANCH COVERAGE: 100.00% -- 180/180 branches in 15 files
• 88.35% documented

Changed

• Raised generated development tooling floors to kettle-dev >= 2.1.1 and version_gem >= 1.1.11.
• Raised the runtime dependency floor for snaky_hash to >= 2.0.5.

Security

• [GHSA-pp92-crg2-gfv9] Prevent protocol-relative redirect Location values from changing request authority, and strip Authorization headers from cross-origin redirects.

[2.0.21] - 2026-06-06

• TAG: [v2.0.21][2.0.21t]
• COVERAGE: 100.00% -- 525/525 lines in 15 files
• BRANCH COVERAGE: 100.00% -- 174/174 branches in 15 files
• 88.35% documented

Added

• gh!730 - Alternatives section to README by @​jonathangrinstead
• Updates to alternatives section - by @​pboling

• Added conditional appraisal2-rubocop Appraisal root loading on modern Ruby so generated Appraisal gemfiles are normalized during generation - by @​pboling

Changed

• Raised generated version_gem dependency floor to version_gem >= 1.1.10 - by @​pboling
• Raised the runtime dependency floor for auth-sanitizer to >= 0.2.1 - by @​pboling
• Refreshed generated package metadata, support documentation, CI workflows, and development dependency floors from the current kettle-jem template - by @​pboling
• Documented the current per-version Ruby, JRuby, and TruffleRuby CI matrix in generated README badges and compatibility tables - by @​pboling
• Removed the post-install message from the gemspec to keep installs quieter - by @​pboling
• Refreshed generated README support badges so Ruby 2.3 is listed as supported but untested - by @​pboling
• Refreshed generated project metadata from the current kettle-jem template - by @​pboling
• Raised development tooling floors to kettle-dev >= 2.1.0 and appraisal2 >= 3.1.1 for Appraisal2's split generate/install/update command semantics.
• Refreshed generated Appraisal and CI templates to appraisal2-rubocop 0.2.0 - by @​pboling

... (truncated)

Commits

• 551f434 🔖 Prepare release v2.0.22
• 849e7e5 🧪 Strengthen redirect security specs
• 442c160 📝 Reference GHSA in security changelog
• f6fed86 ⬆️ Raise snaky_hash floor
• 26bfeda 🔧 Refresh kettle-jem templates
• 0f0a474 Fix credential leakage on redirects
• 1118527 🔒️ Checksums for v2.0.21
• 3f41549 🔖 Prepare release v2.0.21
• 3311b5b Raise auth-sanitizer floor to 0.2.1
• 5659d89 🔖 Prepare release v2.0.21
• Additional commits viewable in compare view

Updates typhoeus from 1.4.1 to 1.6.0

Changelog

Sourced from typhoeus's changelog.

1.6.0

Full Changelog

• Add Ruby 4.0 to CI matrix and update checkout action to v6. (Geremia Taglialatela, #744)
• Require Ethon >= 0.18.0, removing the upper bound constraint. (Geremia Taglialatela, #742)
• Update RubyDoc link in gemspec metadata. (Felipe Mesquita, #737)
• Update gem version badge and remove Code Climate badge. (Felipe Mesquita, #736)

1.5.0

Full Changelog

• Update gemspec with metadata and remove extra files from the bundled gem. (Felipe Mesquita, #734)
• Require Ruby 2.6+ and simplify Gemfile. (Felipe Mesquita, #733)
• Add support for URI objects in Typhoeus.stub(). (Katelyn Schiesser, #732)
• Add explicit require for logger and ostruct gems for Ruby 3.5+ compatibility. (Felipe Mesquita, #729)
• Add Ruby 3.4 to CI matrix. (y-yagi, #728)
• Support curl 8.9 error message changes in tests. (Mamoru TASAKA, #724)
• Add Ruby 3.2 and 3.3 to CI, drop Ruby 2.5, lock ethon < 0.16.0. (y-yagi, #716)
• Fix typo in comment: "reponse" → "response". (George Brocklehurst, #700)

Commits

• d7aba1b Update changelog to include tagliala's ci update
• 31798ca Merge pull request #744 from tagliala/chore/ci-ruby4
• 10c3530 Prepare for 1.6.0 release
• 7d2e7ee Merge pull request #742 from tagliala/feature/739-ethon-0180
• 0e05c4a Test against Ruby 4.0
• fd55b54 Require Ethon >= 0.18.0
• 2c83401 Merge pull request #737 from typhoeus/Update-RubyDoc-link
• 65b7fdd Update RubyDoc link
• 02d8589 Merge pull request #736 from typhoeus/Update-gem-version-badge
• 863a6d2 Update badge and remove code climate
• Additional commits viewable in compare view

Updates warning from 1.5.0 to 1.6.0

Changelog

Sourced from warning's changelog.

=== 1.6.0 (2026-05-11)

• Skip warning's own frame when raising exceptions (byroot) (#27)

• Add Warning.error_class accessor to override class to use when raising warnings as errors (byroot) (#26)

Commits

• 42094ca Bump version to 1.6.0
• f704c0b Mention Warning.error_class= in README
• 0f11aa1 Update CHANGELOG and documentation
• 808bcaf Skip warning's own frame when raising exceptions
• 3b25dc0 Allow to customize the raised error
• 1c8f52f Bump copyright year
• 9fd6fd4 Update to actions/checkout@v6
• 4de5514 Add Ruby 4.0 to CI
• 8086bcd Use SimpleCov.add_filter block instead of string
• b574f24 Switch rdoc task to normal rake task, avoid rdoc/task require
• Additional commits viewable in compare view

Updates rubocop from 1.78.0 to 1.87.0

Release notes

Sourced from rubocop's releases.

RuboCop v1.87.0

New features

• #15167: Add --enable-all-cops and --disable-all-cops command line options that override AllCops/EnabledByDefault and AllCops/DisabledByDefault in configuration files. (@​koic)
• #15185: Make Layout/EmptyLineAfterGuardClause accept the new # simplecov:disable and # simplecov:enable directive comments. (@​koic)
• #15173: Add optional Rubydex integration via AllCops/UseProjectIndex to enable cross-file detection in Lint/ConstantReassignment (experimental). (@​koic)

Bug fixes

• #15168: Fix false positives in Lint/ParenthesesAsGroupedExpression when the first argument is a call-like expression with its own parentheses, such as yield(...). (@​koic)
• #15188: Fix false positives in Style/YodaCondition when one side is an array or hash literal containing non-literal elements. (@​koic)
• #15182: Fix incorrect autocorrect for Style/Alias causing a syntax error when the return value of alias_method is used, such as an argument to public, private, protected, or module_function, or the right-hand side of an assignment. (@​koic)
• #15174: Fix incorrect autocorrect for Style/ClassAndModuleChildren causing a syntax error when the namespace contains a method call (e.g., class self.class::Foo; end). (@​koic)
• #15180: Fix incorrect autocorrect for Style/FileWrite causing a syntax error when the written heredoc is chained with another method call. (@​koic)
• #15186: Fix incorrect autocorrect for Style/HashConversion causing a syntax error when Hash[...] is passed an anonymous splat (*). (@​koic)
• #15192: Fix incorrect autocorrect for Style/StructInheritance causing a syntax error when the inherited Struct.new is called without parentheses. (@​koic)
• #15170: Fix an infinite loop for Layout/RedundantLineBreak when a single-line block is chained with a safe navigation method call. (@​koic)
• #15175: Fix Layout/IndentationWidth to indent block bodies relative to the method selector for trailing-dot multi-line method chains when EnforcedStyleAlignWith is relative_to_receiver. (@​ddbrendan)
• #15135: Fix incorrect autocorrect for Style/RedundantParentheses that swallowed chained method calls into a trailing inline comment on the line above the closing parenthesis. (@​hammadxcm)
• #15184: Fix various typos and grammar mistakes in documentation and cop descriptions. (@​bbatsov)

Changes

• #15171: Cache FilePatterns#match? results per path so cops sharing the same Include/Exclude configuration do not each repeat File.fnmatch? work on every file. (@​Darhazer)

RuboCop v1.86.2

New features

• #15075: Implement true runner parallelism. ([@​tdeo][])

Bug fixes

• #15156: Fix an error for Style/HashLookupMethod when chaining fetch (or []) calls on the same expression. (@​koic)
• #15161: Fix an error for Style/ReduceToHash when nested each_with_object/inject/reduce calls would build hashes. (@​koic)
• #15144: Fix an error in Style/SoleNestedConditional when autocorrecting nested conditionals containing comments. (@​koic)
• #15040: Exclude constants from Style/ModuleMemberExistenceCheck. ([@​t-daisuke][])
• #15155: Fix false negatives in Style/RedundantSelf when an explicit self receiver in one scope matches the LHS of an ||=, &&=, or op_asgn in another scope. (@​koic)
• #15107: Fix false positives in Lint/RequireRelativeSelfPath when a non-.rb file uses require_relative with its own basename. (@​koic)
• #15137: Fix incorrect "does not support IndentationWidth parameter" warning for Layout/ClosingParenthesisIndentation and Layout/CommentIndentation. (@​koic)
• #15148: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in rescue or ensure bodies. (@​koic)
• #15147: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in the body of unless. (@​koic)
• #15163: Fix false positives in Style/Copyright when Notice pattern starts with \A#, uses \s metacharacters, or has multiple spaces after #. (@​koic)
• #10179: Fix false positives in Style/DocumentDynamicEvalDefinition when the heredoc contains an escaped interpolation (\#{...}). ([@​eyupcanakman][])
• #15154: Fix bug where specifying --out disables parallelization. ([@​deivid-rodriguez][])

... (truncated)

Changelog

Sourced from rubocop's changelog.

1.87.0 (2026-05-30)

New features

• #15167: Add --enable-all-cops and --disable-all-cops command line options that override AllCops/EnabledByDefault and AllCops/DisabledByDefault in configuration files. ([@​koic][])
• #15185: Make Layout/EmptyLineAfterGuardClause accept the new # simplecov:disable and # simplecov:enable directive comments. ([@​koic][])
• #15173: Add optional Rubydex integration via AllCops/UseProjectIndex to enable cross-file detection in Lint/ConstantReassignment (experimental). ([@​koic][])

Bug fixes

• #15168: Fix false positives in Lint/ParenthesesAsGroupedExpression when the first argument is a call-like expression with its own parentheses, such as yield(...). ([@​koic][])
• #15188: Fix false positives in Style/YodaCondition when one side is an array or hash literal containing non-literal elements. ([@​koic][])
• #15182: Fix incorrect autocorrect for Style/Alias causing a syntax error when the return value of alias_method is used, such as an argument to public, private, protected, or module_function, or the right-hand side of an assignment. ([@​koic][])
• #15174: Fix incorrect autocorrect for Style/ClassAndModuleChildren causing a syntax error when the namespace contains a method call (e.g., class self.class::Foo; end). ([@​koic][])
• #15180: Fix incorrect autocorrect for Style/FileWrite causing a syntax error when the written heredoc is chained with another method call. ([@​koic][])
• #15186: Fix incorrect autocorrect for Style/HashConversion causing a syntax error when Hash[...] is passed an anonymous splat (*). ([@​koic][])
• #15192: Fix incorrect autocorrect for Style/StructInheritance causing a syntax error when the inherited Struct.new is called without parentheses. ([@​koic][])
• #15170: Fix an infinite loop for Layout/RedundantLineBreak when a single-line block is chained with a safe navigation method call. ([@​koic][])
• #15175: Fix Layout/IndentationWidth to indent block bodies relative to the method selector for trailing-dot multi-line method chains when EnforcedStyleAlignWith is relative_to_receiver. ([@​ddbrendan][])
• #15135: Fix incorrect autocorrect for Style/RedundantParentheses that swallowed chained method calls into a trailing inline comment on the line above the closing parenthesis. ([@​hammadxcm][])
• #15184: Fix various typos and grammar mistakes in documentation and cop descriptions. ([@​bbatsov][])

Changes

• #15171: Cache FilePatterns#match? results per path so cops sharing the same Include/Exclude configuration do not each repeat File.fnmatch? work on every file. ([@​Darhazer][])

1.86.2 (2026-05-14)

New features

• #15075: Implement true runner parallelism. ([@​tdeo][])

Bug fixes

• #15156: Fix an error for Style/HashLookupMethod when chaining fetch (or []) calls on the same expression. ([@​koic][])
• #15161: Fix an error for Style/ReduceToHash when nested each_with_object/inject/reduce calls would build hashes. ([@​koic][])
• #15144: Fix an error in Style/SoleNestedConditional when autocorrecting nested conditionals containing comments. ([@​koic][])
• #15040: Exclude constants from Style/ModuleMemberExistenceCheck. ([@​t-daisuke][])
• #15155: Fix false negatives in Style/RedundantSelf when an explicit self receiver in one scope matches the LHS of an ||=, &&=, or op_asgn in another scope. ([@​koic][])
• #15107: Fix false positives in Lint/RequireRelativeSelfPath when a non-.rb file uses require_relative with its own basename. ([@​koic][])
• #15137: Fix incorrect "does not support IndentationWidth parameter" warning for Layout/ClosingParenthesisIndentation and Layout/CommentIndentation. ([@​koic][])
• #15148: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in rescue or ensure bodies. ([@​koic][])
• #15147: Fix false positives in Lint/RedundantSafeNavigation when safe navigation appears in the body of unless. ([@​koic][])
• #15163: Fix false positives in Style/Copyright when Notice pattern starts with \A#, uses \s metacharacters, or has multiple spaces after #. ([@​koic][])
• #10179: Fix false positives in Style/DocumentDynamicEvalDefinition when the heredoc contains an escaped interpolation (\#{...}). ([@​eyupcanakman][])
• #15154: Fix bug where specifying --out disables parallelization. ([@​deivid-rodriguez][])
• #15106: Fix TargetFinder to work correctly inside hidden parent directories. ([@​alpaca-tc][])
• #15102: Fix FrozenError in DisabledConfigFormatter for frozen array config parameters. ([@​koic][])
• #15141: Fix incorrect autocorrect for Gemspec/RequireMFA causing an infinite loop when rubygems_mfa_required metadata uses a symbol key. ([@​koic][])
• #15142: Fix infinite loop for --disable-uncorrectable and offense near heredoc. ([@​jonas054][])

... (truncated)

Commits

• e5b788d Cut 1.87
• 65aece8 Update Changelog
• 810c790 Fix incorrect autocorrect for Style/StructInheritance cop
• 1ec0554 [Fix #15185] Make Layout/EmptyLineAfterGuardClause accept new SimpleCov dir...
• 11cd569 Merge pull request #15190 from koic/fix_false_positives_in_style_yoda_condition
• ceff136 [Fix #15188] Fix false positives for Style/YodaCondition
• 4a12596 Fix incorrect autocorrect for Style/HashConversion cop
• 4801e9d Merge pull request #15184 from rubocop/fix-typos-and-grammar-in-docs
• bfe7dc5 Fix various typos and grammar mistakes in documentation
• 6988aa4 Merge pull request #15182 from koic/fix_incorrect_autocorrect_for_style_alias...
• Additional commits viewable in compare view

Updates rubocop-minitest from 0.38.1 to 0.39.1

Release notes

Sourced from rubocop-minitest's releases.

RuboCop Minitest v0.39.1

Bug fixes

• #347: Fix false positives in Minitest/AssertIncludes and Minitest/RefuteIncludes cops. (@​koic)

RuboCop Minitest v0.39.0

Changes

• #344: Disable Minitest/AssertEmptyLiteral by default. (@​koic)
• #315: Make Minitest/AssertIncludes and Minitest/RefuteIncludes aware of key?, has_key?, and member? alias methods. (@​koic)

RuboCop Minitest v0.38.2

Bug fixes

• #321: Fix false positives for Minitest/MultipleAssertions when the assertion has a receiver. (@​earlopain)

Changelog

Sourced from rubocop-minitest's changelog.

0.39.1 (2026-02-24)

Bug fixes

• #347: Fix false positives in Minitest/AssertIncludes and Minitest/RefuteIncludes cops for key? and has_key? used with assert or refute. ([@​koic][])

0.39.0 (2026-02-24)

Changes

• #344: Disable Minitest/AssertEmptyLiteral by default. ([@​koic][])
• #315: Make Minitest/AssertIncludes and Minitest/RefuteIncludes aware of key?, has_key?, and member? alias methods. ([@​koic][])

0.38.2 (2025-08-30)

Bug fixes

• #321: Fix false positives for Minitest/MultipleAssertions when the assertion has a receiver. ([@​earlopain][])

Commits

• 17b5474 Cut 0.39.1
• d7a0f1e Update Changelog
• 93a5474 Merge pull request #347 from koic/fix_false_positive_for_assert_includes_and_...
• b8d8789 Fix false positives in Minitest/AssertIncludes and `Minitest/RefuteIncludes...
• 9b577b6 Switch back docs version to master
• 0f1a4f6 Cut 0.39.0
• 1c01cf9 Update Changelog
• bf38672 Merge pull request #346 from koic/disable_minitest_assert_empty_literal_by_de...
• 7793f07 [Fix #344] Disable Minitest/AssertEmptyLiteral by default
• c8f3fc5 Suppress RuboCop offenses
• Additional commits viewable in compare view

Updates dotenv from 3.1.8 to 3.2.0

Release notes

Sourced from dotenv's releases.

v3.2.0

What's Changed

• Boost app startup time by removing to_sentence usage by @​ThomasCrambert in bkeepers/dotenv#534
• Handle parentheses in variables in commands by @​i7an in bkeepers/dotenv#540
• allow warning when a env var was not overwritten by @​grosser in bkeepers/dotenv#531
• fix a few small issues by @​grosser in bkeepers/dotenv#532

New Contributors

• @​ThomasCrambert made their first contribution in bkeepers/dotenv#534
• @​i7an made their first contribution in bkeepers/dotenv#540

Full Changelog: bkeepers/dotenv@v3.1.8...v3.2.0

Commits

• 34156bf Prepare for 3.2.0 release
• ab47820 Merge pull request #531 from grosser/grosser/warn
• fae6120 Merge branch 'main' into grosser/warn
• 4f510f4 Merge pull request #532 from grosser/grosser/fixes
• 959e1da Merge pull request #539 from bkeepers/dependabot/github_actions/actions/check...
• 041451e Update spec message
• b300f26 Bump actions/checkout from 4 to 6
• 5f4ca01 Merge branch 'main' into grosser/warn
• 209dca4 Merge pull request #540 from i7an/handle-parentheses
• 48c4956 Merge branch 'main' into handle-parentheses
• Additional commits viewable in compare view

Updates minitest-hooks from 1.5.2 to 1.5.4

Changelog

Sourced from minitest-hooks's changelog.

=== 1.5.4 (2026-05-04)

• Fix reported assertion counts on minitest 6+ (jeremyevans)

=== 1.5.3 (2025-12-18)

• Work correctly on minitest 6+ (jeremyevans)

Commits

• f3ef8c7 Bump version to 1.5.4
• aa7f157 Spec tweak to pass on Ruby 1.8
• 375a4bf Fix reported assertion counts on minitest 6+
• 84937b2 Bump copyright year
• 7e4db42 Update to actions/checkout@v6
• 129288d Add Ruby 4.0 to CI
• e690c2e Bump version to 1.5.3
• fc549a2 Add nocov around minitest 6 conditional
• 88126f2 Add metadata and required ruby version to gemspec
• 672d4af Work correctly on minitest 6+
• Additional commits viewable in compare view

Updates rake from 13.3.0 to 13.4.2

Commits

• 503b8ec v13.4.2
• 46038e7 Merge pull request #723 from ruby/fix/testopts-preserve-existing-value
• 604a3d9 Isolate TESTOPTS env in TestRakeTestTask setup/teardown
• 5886caa Preserve ENV["TESTOPTS"] when verbose is enabled
• 92193ac v13.4.1
• b74be0b Merge pull request #721 from ruby/fix/add-options-to-gemspec
• 829f66d Add lib/rake/options.rb to gemspec
• 2d55bc4 v13.4.0
• 1415070 Exclude dependabot updates from release note
• b3dc948 Merge pull request #713 from pvdb/simplify_standard_system_dir
• Additional commits viewable in compare view

Updates simplecov-cobertura from 3.1.0 to 3.1.2

Release notes

Sourced from simplecov-cobertura's releases.

v3.1.2

What's Changed

• Add 'require stringio' to root library file. by @​beporter in jessebs/simplecov-cobertura#47
• Build against ruby 4 by @​jessebs in jessebs/simplecov-cobertura#52
• Resolve #45 by @​jessebs in jessebs/simplecov-cobertura#51
• Bump version for 3.1.1 release by @​jessebs in jessebs/simplecov-cobertura#53
• Better branch coverage calculations by @​jessebs in jessebs/simplecov-cobertura#54
• Bump version for 3.1.2 release by @​jessebs in jessebs/simplecov-cobertura#55
• bump checkout action to v6 by @​jessebs in jessebs/simplecov-cobertura#56

New Contributors

• @​beporter made their first contribution in jessebs/simplecov-cobertura#47

Full Changelog: jessebs/simplecov-cobertura@v3.1.0...v3.1.2

Commits

• 713fe69 bump checkout action to v6 (#56)
• c62ace9 Bump version for 3.1.2 release (#55)
• cc55569 Better branch coverage calculations (#54)
• c28e90b Bump version for 3.1.1 release (#53)
• eb015bd Resolve #45 (#51)
• 4b14890 Build against ruby 4 (#52)
• 12dd5d3 Add 'require stringio' to root library file. (#47)
• 6ac7862 Bump version for dev
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Qodana for PHP

It seems all right 👌

No new problems were found according to the checks applied

💡 Qodana analysis was run in the pull request mode: only the changed files were checked
☁️ View the detailed Qodana report

Contact Qodana team

Contact us at qodana-support@jetbrains.com

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions