Skip to content

deps(bundler): bump rubocop-github from 0.26.0 to 0.27.0 in /dependencies in the rubocop group#7640

Merged
ferrarimarco merged 1 commit intomainfrom
dependabot/bundler/dependencies/rubocop-1742bdd1b0
Mar 20, 2026
Merged

deps(bundler): bump rubocop-github from 0.26.0 to 0.27.0 in /dependencies in the rubocop group#7640
ferrarimarco merged 1 commit intomainfrom
dependabot/bundler/dependencies/rubocop-1742bdd1b0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 16, 2026
edited
Loading

Bumps the rubocop group in /dependencies with 1 update: rubocop-github.

Updates rubocop-github from 0.26.0 to 0.27.0

Release notes

Sourced from rubocop-github's releases.

v0.27.0

What's Changed

... (truncated)

Changelog

Sourced from rubocop-github's changelog.

rubocop-github

Commits
  • ee52052 Merge pull request #403 from github/bump-version
  • 3e1a5ad Bump the version to 0.27.0
  • 268179f Merge pull request #402 from github/dependabot/bundler/bundler-6efc7144a8
  • b41bf8b Bump nokogiri in the bundler group across 1 directory
  • 7b329ee Merge pull request #401 from github/bump-accepted-ruby-version
  • f90bae2 Test against Ruby 4 too
  • 6a9a0f7 Remove Ruby 3.1 and 3.2 from CI test matrix
  • 2f39a41 Update required Ruby version to >= 3.3
  • ff2fc72 Merge pull request #400 from github/dependabot/github_actions/ruby/setup-ruby...
  • 15614ed Bump ruby/setup-ruby from 1.290.0 to 1.292.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(bundler): bump rubocop-github in /dependencies in the rubocop group
ea2a9cd 
Bumps the rubocop group in /dependencies with 1 update: [rubocop-github](https://github.com/github/rubocop-github).


Updates `rubocop-github` from 0.26.0 to 0.27.0
- [Release notes](https://github.com/github/rubocop-github/releases)
- [Changelog](https://github.com/github/rubocop-github/blob/main/CHANGELOG.md)
- [Commits](github/rubocop-github@v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: rubocop-github
  dependency-version: 0.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rubocop
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Mar 16, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Mar 16, 2026
@github-actions github-actions Bot enabled auto-merge March 16, 2026 13:46
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 16, 2026

Super-linter summary

Language Validation result
BIOME_FORMAT Pass ✅
BIOME_LINT Pass ✅
CHECKOV Pass ✅
EDITORCONFIG Pass ✅
GITLEAKS Pass ✅
GIT_COMMITLINT Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Fail ❌

Super-linter detected linting errors

For more information, see the
GitHub Actions workflow run

Powered by Super-linter

TRIVY 
trivy filesystem --config /github/workspace/.github/linters/trivy.yaml /github/workspace

Report Summary

┌─────────────────────────────────────┬────────────┬─────────────────┬───────────────────┬─────────┐
│               Target                │    Type    │ Vulnerabilities │ Misconfigurations │ Secrets │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dependencies/Gemfile.lock           │  bundler   │        0        │         -         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dependencies/composer/composer.lock │  composer  │        0        │         -         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dependencies/package-lock.json      │    npm     │        2        │         -         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dev-dependencies/package-lock.json  │    npm     │        0        │         -         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ Dockerfile                          │ dockerfile │        -        │         0         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dev-dependencies/Dockerfile         │ dockerfile │        -        │         0         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ test/linters/trivy/good/Dockerfile  │ dockerfile │        -        │         0         │    -    │
└─────────────────────────────────────┴────────────┴─────────────────┴───────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


dependencies/package-lock.json (npm)
====================================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                   Title                    │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤
│ yauzl   │ CVE-2026-31988 │ MEDIUM   │ fixed  │ 2.10.0            │ 3.2.1         │ yauzl contains an off-by-one error         │
│         │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-31988 │
│         │                │          │        ├───────────────────┤               │                                            │
│         │                │          │        │ 3.2.0             │               │                                            │
│         │                │          │        │                   │               │                                            │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘

1 similar comment
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 16, 2026

Super-linter summary

Language Validation result
BIOME_FORMAT Pass ✅
BIOME_LINT Pass ✅
CHECKOV Pass ✅
EDITORCONFIG Pass ✅
GITLEAKS Pass ✅
GIT_COMMITLINT Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Fail ❌

Super-linter detected linting errors

For more information, see the
GitHub Actions workflow run

Powered by Super-linter

TRIVY 
trivy filesystem --config /github/workspace/.github/linters/trivy.yaml /github/workspace

Report Summary

┌─────────────────────────────────────┬────────────┬─────────────────┬───────────────────┬─────────┐
│               Target                │    Type    │ Vulnerabilities │ Misconfigurations │ Secrets │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dependencies/Gemfile.lock           │  bundler   │        0        │         -         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dependencies/composer/composer.lock │  composer  │        0        │         -         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dependencies/package-lock.json      │    npm     │        2        │         -         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dev-dependencies/package-lock.json  │    npm     │        0        │         -         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ Dockerfile                          │ dockerfile │        -        │         0         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dev-dependencies/Dockerfile         │ dockerfile │        -        │         0         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ test/linters/trivy/good/Dockerfile  │ dockerfile │        -        │         0         │    -    │
└─────────────────────────────────────┴────────────┴─────────────────┴───────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


dependencies/package-lock.json (npm)
====================================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                   Title                    │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤
│ yauzl   │ CVE-2026-31988 │ MEDIUM   │ fixed  │ 2.10.0            │ 3.2.1         │ yauzl contains an off-by-one error         │
│         │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-31988 │
│         │                │          │        ├───────────────────┤               │                                            │
│         │                │          │        │ 3.2.0             │               │                                            │
│         │                │          │        │                   │               │                                            │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘

@ferrarimarco ferrarimarco disabled auto-merge March 20, 2026 11:21
@ferrarimarco ferrarimarco merged commit a88d75e into main Mar 20, 2026
208 of 229 checks passed
@ferrarimarco ferrarimarco deleted the dependabot/bundler/dependencies/rubocop-1742bdd1b0 branch March 20, 2026 11:21
@ferrarimarco ferrarimarco added this to the v8.6.0 milestone Mar 20, 2026
@github-actions github-actions Bot mentioned this pull request Mar 24, 2026
Merged
@marcusmai-telia marcusmai-telia mentioned this pull request Apr 8, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zkoppert zkoppert Awaiting requested review from zkoppert zkoppert is a code owner

@Hanse00 Hanse00 Awaiting requested review from Hanse00 Hanse00 is a code owner

@ferrarimarco ferrarimarco Awaiting requested review from ferrarimarco ferrarimarco is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

v8.6.0

Development

Successfully merging this pull request may close these issues.

1 participant

@ferrarimarco