Bump the "all" group with 2 updates across multiple ecosystems

[dependabot]

Bumps the all group with 1 update: github/codeql-action.

Updates github/codeql-action from 4.30.8 to 4.30.9

Release notes

Sourced from github/codeql-action's releases.

v4.30.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.9 - 17 Oct 2025

• Update default CodeQL bundle version to 2.23.3. #3205
• Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.30.9 - 17 Oct 2025

• Update default CodeQL bundle version to 2.23.3. #3205
• Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

4.30.8 - 10 Oct 2025

No user facing changes.

4.30.7 - 06 Oct 2025

• [v4+ only] The CodeQL Action now runs on Node.js v24. #3169

3.30.6 - 02 Oct 2025

• Update default CodeQL bundle version to 2.23.2. #3168

3.30.5 - 26 Sep 2025

• We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

3.30.4 - 25 Sep 2025

• We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100
• We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
• You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130
• Update default CodeQL bundle version to 2.23.1. #3118

3.30.3 - 10 Sep 2025

No user facing changes.

3.30.2 - 09 Sep 2025

• Fixed a bug which could cause language autodetection to fail. #3084
• Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064

3.30.1 - 05 Sep 2025

• Update default CodeQL bundle version to 2.23.0. #3077

3.30.0 - 01 Sep 2025

... (truncated)

Commits

• 16140ae Merge pull request #3213 from github/update-v4.30.9-70205d3d1
• 30db5fe Update changelog for v4.30.9
• 70205d3 Merge pull request #3211 from github/mbg/init/starting-partial-config
• 697c209 Merge remote-tracking branch 'origin/main' into mbg/init/starting-partial-config
• 1bd53ba Merge pull request #3205 from github/update-bundle/codeql-bundle-v2.23.3
• cac4df0 Rebuild
• 77e5c0d Merge branch 'main' into update-bundle/codeql-bundle-v2.23.3
• 97a4f75 Merge pull request #3204 from github/mbg/setup-codeql
• 2d5512b Merge remote-tracking branch 'origin/main' into mbg/init/starting-partial-config
• fa7bdf0 Call getAnalysisKinds a second time, and ignore exceptions thrown during th...
• Additional commits viewable in compare view

Bumps the all group with 7 updates in the /Library/Homebrew directory:

Package	From	To
rubocop	1.81.1	1.81.6
rubocop-performance	1.26.0	1.26.1
rspec	3.13.1	3.13.2
rspec-core	3.13.5	3.13.6
sorbet-static-and-runtime	0.6.12649	0.6.12656
spoom	1.7.8	1.7.9
tapioca	0.17.7	0.17.8

Updates rubocop from 1.81.1 to 1.81.6

Release notes

Sourced from rubocop's releases.

RuboCop v1.81.6

Bug fixes

• #14587: Fix an error for Lint/SelfAssignment when using []= assignment with no arguments. (@​koic)
• #14572: Fix an error for Style/ArrayIntersect when intersection(other).any? is called without a receiver. (@​koic)
• #14599: Fix a crash when Style/ConditionalAssignment is configured with assign_inside_conditional and the conditional contains a multi-line regex. (@​martinemde)
• #14574: Fix false positives for Style/RedundantInterpolation when using a one-line => pattern matching. (@​koic)
• #14602: Fix false positives for Style/EndlessMethod when heredoc is used in method body. (@​koic)
• #14594: Fix false positives for Style/EndlessMethod when the endless method would exceed the maximum line length. (@​koic)
• #14605: Fix false positive for Lint/EmptyInterpolation when interpolation is inside a %W literal. (@​dvandersluis)
• #14604: Fix Style/RedundantFormat false positive when a interpolated value is given to a specifier with a width or precision. (@​dvandersluis)
• #14607: Fix Style/RedundantFormat handling control characters like \n. (@​dvandersluis)
• #14577: Fix an incorrect autocorrect for Style/Semicolon when a method call using hash value omission without parentheses is terminated with a semicolon. (@​koic)
• #14552: Fix a false positive for Security/JSONLoad when create_additions is explicitly specified. (@​earlopain)

Changes

• #14566: Enhance Lint::ConstantOverwrittenInRescue cop to detect offenses within fully qualified constants. (@​viralpraxis)
• #14575: Enhance Lint/ConstantOverwrittenInRescue cop to detect offenses within nested constants. (@​viralpraxis)
• #14596: Change Lint/ConstantOverwrittenInRescue to detect any constant assignment. (@​viralpraxis)
• #14568: Make Style/LambdaCall autocorrection contextual. (@​koic)

Changelog

Sourced from rubocop's changelog.

1.81.6 (2025-10-21)

Bug fixes

• #14587: Fix an error for Lint/SelfAssignment when using []= assignment with no arguments. ([@​koic][])
• #14572: Fix an error for Style/ArrayIntersect when intersection(other).any? is called without a receiver. ([@​koic][])
• #14599: Fix a crash when Style/ConditionalAssignment is configured with assign_inside_conditional and the conditional contains a multi-line regex. ([@​martinemde][])
• #14574: Fix false positives for Style/RedundantInterpolation when using a one-line => pattern matching. ([@​koic][])
• #14602: Fix false positives for Style/EndlessMethod when heredoc is used in method body. ([@​koic][])
• #14594: Fix false positives for Style/EndlessMethod when the endless method would exceed the maximum line length. ([@​koic][])
• #14605: Fix false positive for Lint/EmptyInterpolation when interpolation is inside a %W literal. ([@​dvandersluis][])
• #14604: Fix Style/RedundantFormat false positive when a interpolated value is given to a specifier with a width or precision. ([@​dvandersluis][])
• #14607: Fix Style/RedundantFormat handling control characters like \n. ([@​dvandersluis][])
• #14577: Fix an incorrect autocorrect for Style/Semicolon when a method call using hash value omission without parentheses is terminated with a semicolon. ([@​koic][])
• #14552: Fix a false positive for Security/JSONLoad when create_additions is explicitly specified. ([@​earlopain][])

Changes

• #14566: Enhance Lint::ConstantOverwrittenInRescue cop to detect offenses within fully qualified constants. ([@​viralpraxis][])
• #14575: Enhance Lint/ConstantOverwrittenInRescue cop to detect offenses within nested constants. ([@​viralpraxis][])
• #14596: Change Lint/ConstantOverwrittenInRescue to detect any constant assignment. ([@​viralpraxis][])
• #14568: Make Style/LambdaCall autocorrection contextual. ([@​koic][])

Commits

• 8c98655 Cut 1.81.6
• f5431f5 Update broken link
• 3d76fb0 Update Changelog
• fe019a8 Merge pull request #14611 from r7kamura/CopDirectiveSyntax-comment-improve
• df813a3 Improve Lint/CopDirectiveSyntax cop documentation examples
• 905c991 Merge pull request #14606 from dvandersluis/issue/14605
• f7f653f Merge pull request #14608 from dvandersluis/issue/14604
• 91ed4aa [Fix #14604] Fix Style/RedundantFormat false positive when a interpolated v...
• bb5d1a3 [Fix #14605] Fix false positive for Lint/EmptyInterpolation when interpolat...
• 783a4bf Merge pull request #14607 from dvandersluis/redundant-format-control-chars
• Additional commits viewable in compare view

Updates rubocop-performance from 1.26.0 to 1.26.1

Release notes

Sourced from rubocop-performance's releases.

RuboCop Performance v1.26.1

Bug fixes

• #517: Fix false positives for Performance/RedundantStringChars when using str.chars[0, 2]. (@​koic)

Changes

• #520: Disable Performance/BigDecimalWithNumericArgument by default. (@​earlopain)

Changelog

Sourced from rubocop-performance's changelog.

1.26.1 (2025-10-18)

Bug fixes

• #517: Fix false positives for Performance/RedundantStringChars when using str.chars[0, 2]. ([@​koic][])

Changes

• #520: Disable Performance/BigDecimalWithNumericArgument by default. ([@​earlopain][])

Commits

• 4783c90 Cut 1.26.1
• d3f1806 Update Changelog
• a63df04 Merge pull request #521 from Earlopain/disable-bigdecimal
• 7a5499f [Fix #520] Disable Performance/BigDecimalWithNumericArgument by default
• 03a6071 Merge pull request #518 from koic/fix_false_positives_for_performance_redunda...
• a1ef194 [Fix #517] Fix false positives for Performance/RedundantStringChars
• 6e1afeb Tweak bug report template
• 60ff474 Suppress RuboCop's offense
• 955429a Switch back docs version to master
• See full diff in compare view

Updates rspec from 3.13.1 to 3.13.2

Commits

• ce5fe4f rspec-v3.13.2
• 1cb8517 Merge pull request #270 from bquorning/fix-rspec-source_code_uri
• See full diff in compare view

Updates rspec-core from 3.13.5 to 3.13.6

Changelog

Sourced from rspec-core's changelog.

3.13.6 / 2025-10-19

Full Changelog

Bug Fixes:

• Add explicit block parameter to RSpec::World::Null.traverse_example_group_trees_until to prevent warning. (@​viralpraxis, rspec/rspec#240)

Commits

• 4d8e9c3 rspec-core-v3.13.6
• f55a7d3 Merge pull request #240 from viralpraxis/fix-unused-block-warning
• 72949df Continue removing :if / :unless and fix broken skip
• 3fbe74e Adjust specs to be deprecation warning-free
• f5cb8cf Use :skip instead of :if/:else in specs
• See full diff in compare view

Updates sorbet-static-and-runtime from 0.6.12649 to 0.6.12656

Release notes

Sourced from sorbet-static-and-runtime's releases.

sorbet 0.6.12655.20251022124514-04568a2dd

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12655', :group => :development
gem 'sorbet-runtime', '0.6.12655'

sorbet 0.6.12654.20251022123820-6e0342fef

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12654', :group => :development
gem 'sorbet-runtime', '0.6.12654'

sorbet 0.6.12653.20251022121005-4b75ddd63

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12653', :group => :development
gem 'sorbet-runtime', '0.6.12653'

sorbet 0.6.12652.20251021202248-3eeeb7aa0

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12652', :group => :development
gem 'sorbet-runtime', '0.6.12652'

sorbet 0.6.12651.20251020155103-8a0290f85

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12651', :group => :development
gem 'sorbet-runtime', '0.6.12651'

sorbet 0.6.12650.20251017065549-f491ad543

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12650', :group => :development
gem 'sorbet-runtime', '0.6.12650'

sorbet 0.6.12649.20251016173128-27b93cc66

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12649', :group => :development
gem 'sorbet-runtime', '0.6.12649'

Commits

• See full diff in compare view

Updates spoom from 1.7.8 to 1.7.9

Release notes

Sourced from spoom's releases.

v1.7.9

What's Changed

🛠 Other Changes

• Rewrite type aliases by @​paracycle in Shopify/spoom#791

Full Changelog: Shopify/spoom@v1.7.8...v1.7.9

Commits

• b15cfe6 Bump version to v1.7.9
• 3f4ce87 Merge pull request #791 from Shopify/uk-type-alias-rewriting
• 5fbfe87 Refactor parse_ruby to always attach & return comments
• 7f232cf Update exported RBI file
• 2d24ccf Rewrite type aliases
• See full diff in compare view

Updates tapioca from 0.17.7 to 0.17.8

Release notes

Sourced from tapioca's releases.

v0.17.8

What's Changed

✨ Enhancements

• Prevent gems from calling exit or abort during gem load by @​paracycle in Shopify/tapioca#2387
• Print currently compiling gems. Add verbose attribute to gem command. by @​cub8 in Shopify/tapioca#2395

🐛 Bug Fixes

• Generate Active Model attributes in an included GeneratedAttributeMethods module by @​paracycle in Shopify/tapioca#2356
• Fix RBS comment prefix in YardDoc listener by @​KaanOzkan in Shopify/tapioca#2364
• Fix rbi deleted when route_dsl runs on files affected by other compilers by @​domingo2000 in Shopify/tapioca#2358
• Use Bundler.load.specs instead of reading Gemfile.lock by @​KaanOzkan in Shopify/tapioca#2363
• Sort YARD comments that have the same tag name by @​KaanOzkan in Shopify/tapioca#2375
• use ActiveRecordColumnTypeHelper for primary key types by @​bobcats in Shopify/tapioca#2377
• Do not mixin Kernel for modules by @​KaanOzkan in Shopify/tapioca#2394

New Contributors

• @​domingo2000 made their first contribution in Shopify/tapioca#2358
• @​bobcats made their first contribution in Shopify/tapioca#2377
• @​cub8 made their first contribution in Shopify/tapioca#2395

Full Changelog: Shopify/tapioca@v0.17.7...v0.17.8

Commits

• 0a9b43b Bump version to v0.17.8
• 897ea69 Merge pull request #2397 from Shopify/dependabot/bundler/rack-3.2.2
• baff5ab Bump rack gem RBI
• d524065 Bump rack from 3.2.0 to 3.2.2
• 6bf27f3 Merge pull request #2395 from cub8/output-currently-compiling-gems
• 3864d7a Pass verbose parameter to gems command. Print currently compiled gems.
• c082032 Merge pull request #2394 from Shopify/ko/remove-include-kernel-from-modules
• 248119c Do not mixin Kernel for modules
• 2ad6511 Merge pull request #2392 from Shopify/dependabot/bundler/minor-and-patch-9c1f...
• 6c480d6 Regenerate gem RBIs
• Additional commits viewable in compare view

Updates sorbet-runtime from 0.6.12649 to 0.6.12656

Release notes

Sourced from sorbet-runtime's releases.

sorbet 0.6.12655.20251022124514-04568a2dd

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12655', :group => :development
gem 'sorbet-runtime', '0.6.12655'

sorbet 0.6.12654.20251022123820-6e0342fef

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12654', :group => :development
gem 'sorbet-runtime', '0.6.12654'

sorbet 0.6.12653.20251022121005-4b75ddd63

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12653', :group => :development
gem 'sorbet-runtime', '0.6.12653'

sorbet 0.6.12652.20251021202248-3eeeb7aa0

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12652', :group => :development
gem 'sorbet-runtime', '0.6.12652'

sorbet 0.6.12651.20251020155103-8a0290f85

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12651', :group => :development
gem 'sorbet-runtime', '0.6.12651'

sorbet 0.6.12650.20251017065549-f491ad543

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12650', :group => :development
gem 'sorbet-runtime', '0.6.12650'

sorbet 0.6.12649.20251016173128-27b93cc66

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12649', :group => :development
gem 'sorbet-runtime', '0.6.12649'

Commits

• See full diff in compare view

Updates benchmark from 0.4.1 to 0.5.0

Release notes

Sourced from benchmark's releases.

v0.5.0

What's Changed

• Add Benchmark.ms method and enhance realtime with unit parameter by @​nvasilevski in ruby/benchmark#38

New Contributors

• @​nvasilevski made their first contribution in ruby/benchmark#38

Full Changelog: ruby/benchmark@v0.4.1...v0.5.0

Commits

• efa6e61 v0.5.0
• 7ba0632 Merge pull request #39 from ruby/dependabot/github_actions/step-security/hard...
• 837ba3c Bump step-security/harden-runner from 2.13.0 to 2.13.1
• 3857561 Update ruby/setup-ruby
• fc27ad1 Merge pull request #38 from Shopify/add-ms-function-and-pass-unit-arg-to-real...
• 6a3fe1f Add Benchmark.ms method and enhance realtime with unit parameter
• 4e39de6 Merge pull request #37 from ruby/dependabot/github_actions/actions/checkout-5
• 15a756a Bump actions/checkout from 4 to 5
• 9e80d1b Merge pull request #36 from ruby/dependabot/github_actions/step-security/hard...
• ef259f4 Bump step-security/harden-runner from 2.12.2 to 2.13.0
• Additional commits viewable in compare view

Updates sorbet from 0.6.12649 to 0.6.12656

Release notes

Sourced from sorbet's releases.

sorbet 0.6.12655.20251022124514-04568a2dd

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12655', :group => :development
gem 'sorbet-runtime', '0.6.12655'

sorbet 0.6.12654.20251022123820-6e0342fef

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12654', :group => :development
gem 'sorbet-runtime', '0.6.12654'

sorbet 0.6.12653.20251022121005-4b75ddd63

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12653', :group => :development
gem 'sorbet-runtime', '0.6.12653'

sorbet 0.6.12652.20251021202248-3eeeb7aa0

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12652', :group => :development
gem 'sorbet-runtime', '0.6.12652'

sorbet 0.6.12651.20251020155103-8a0290f85

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12651', :group => :development
gem 'sorbet-runtime', '0.6.12651'

sorbet 0.6.12650.20251017065549-f491ad543

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12650', :group => :development
gem 'sorbet-runtime', '0.6.12650'

sorbet 0.6.12649.20251016173128-27b93cc66

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12649', :group => :development
gem 'sorbet-runtime', '0.6.12649'

Commits

• See full diff in compare view

Updates sorbet-static from 0.6.12649 to 0.6.12656

Release notes

Sourced from sorbet-static's releases.

sorbet 0.6.12655.20251022124514-04568a2dd

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12655', :group => :development
gem 'sorbet-runtime', '0.6.12655'

sorbet 0.6.12654.20251022123820-6e0342fef

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12654', :group => :development
gem 'sorbet-runtime', '0.6.12654'

sorbet 0.6.12653.20251022121005-4b75ddd63

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12653', :group => :development
gem 'sorbet-runtime', '0.6.12653'

sorbet 0.6.12652.20251021202248-3eeeb7aa0

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12652', :group => :development
gem 'sorbet-runtime', '0.6.12652'

sorbet 0.6.12651.20251020155103-8a0290f85

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12651', :group => :development
gem 'sorbet-runtime', '0.6.12651'

sorbet 0.6.12650.20251017065549-f491ad543

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12650', :group => :development
gem 'sorbet-runtime', '0.6.12650'

sorbet 0.6.12649.20251016173128-27b93cc66

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12649', :group => :development
gem 'sorbet-runtime', '0.6.12649'

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions