🚨 [security] Update sentry-rails 5.21.0 → 5.22.0 (minor)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ sentry-rails (5.21.0 → 5.22.0) · Repo · Changelog

Release Notes

5.22.0

Features

• Add include_sentry_event matcher for RSpec #2424

• Add support for Sentry Cache instrumentation, when using Rails.cache #2380

• Add support for Queue Instrumentation for Sidekiq. #2403

• Add support for string errors in error reporter (#2464)

• Reset trace_id and add root transaction for sidekiq-cron #2446

• Add support for Excon HTTP client instrumentation (#2383)

  Note: MemoryStore and FileStore require Rails 8.0+

Bug Fixes

• Fix Vernier profiler not stopping when already stopped #2429
• Fix send_default_pii handling in rails controller spans #2443
  • Fixes #2438
• Fix RescuedExceptionInterceptor to handle an empty configuration #2428
• Add mutex sync to SessionFlusher aggregates #2469
  • Fixes #2468
• Fix sentry-rails' backtrace cleaner issues (#2475)
  • Fixes #2472

Does any of this look wrong? Please let us know.

✳️ nokogiri (1.16.7 → 1.16.8) · Repo · Changelog

Release Notes

1.16.8

v1.16.8 / 2024-12-02

Fixed

• [CRuby] When serializing HTML5 documents, properly escape foreign content "style" elements. Normally, a "style" tag contains raw text that does not need entity-escaping, but when it appears in either SVG or MathML foreign content, the "style" tag is now correctly escaped when serialized. @flavorjones

---

sha256 checksums:

b1d41cd9abf4180adef496cc8c9fcb5b2e38d39f5e23c8a2445362226a5df6b8  nokogiri-1.16.8-aarch64-linux.gem
b7aa4e8533a720e432d09b52a2ec089b55cf3ee66c916b44a0d9b6608df7bf8c  nokogiri-1.16.8-arm64-darwin.gem
8cbd2971624fc073b9430d86475da031903494dcb83c2339e13f7f22a4de6fad  nokogiri-1.16.8-arm-linux.gem
dece4bf9a663b2d6b6e874716297ad414c95be694656972d54049bd088f752a1  nokogiri-1.16.8.gem
8652028e72a38f2221c810550d03c91682b414e06f6271149139a9042cf727e6  nokogiri-1.16.8-java.gem
861e2d7f24b0c7f5ea2a26e6d99af7e727d7641f0eab27b9b6c51b8a0666c805  nokogiri-1.16.8-x64-mingw32.gem
23c9a8ae47afa2973cbca9e3d38c16f40ff336919f961802c4a3a5e39c767138  nokogiri-1.16.8-x64-mingw-ucrt.gem
6c40d7dc444f752634bf6ee8b53a55c3cfca3f9df52be46b8abcc559ccd49e47  nokogiri-1.16.8-x86_64-darwin.gem
ed7b1f80713ac968dd93fe2b96fc3df6e448b73bd02dd77d5fc89ba92a1ed6d9  nokogiri-1.16.8-x86_64-linux.gem
f97760e6320166d48234029bed9e999521a888376bd2b7e04f4c054537154f16  nokogiri-1.16.8-x86-linux.gem
ea48d7415b89f5dd3ff5a8f82bb2ec56fdc3431444381143fe90bb418eb9ea35  nokogiri-1.16.8-x86-mingw32.gem

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 4 commits:

• version bump to v1.16.8
• fix: escape foreign style tag content when serializing HTML5 (v1.16.x) (#3349)
• doc: update CHANGELOG
• fix: escape foreign style tag content when serializing HTML5

✳️ sentry-ruby (5.21.0 → 5.22.0) · Repo · Changelog

↗️ minitest (indirect, 5.25.1 → 5.25.4) · Repo · Changelog

Release Notes

5.25.4 (from changelog)

• 1 bug fix:

  • Fix for must_verify definition if only requiring minitest/mock (but why?).

5.25.3 (from changelog)

• 5 bug fixes:

  • Fixed assert_mock to fail instead of raise on unmet mock expectations.

  • Fixed assert_mock to take an optional message argument.

  • Fixed formatting of unmet mock expectation messages.

  • Fixed missing must_verify expectation to match assert_mock.

  • minitest/pride: Fixed to use true colors with *-direct terminals (bk2204)

5.25.2 (from changelog)

• 4 bug fixes:

  • Include class name in spec name. (thomasmarshall)

  • Fixed ‘redefining object_id’ warning from ruby 3.4. (mattbrictson)

  • Minitest top-level namespace no longer includes entire contents of README.rdoc. Too much!

  • Refactored spec’s describe to more cleanly determine the superclass and name

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 11 commits:

• prepped for release
• - Fix for must_verify definition if only requiring minitest/mock (but why?).
• prepped for release
• - Fixed formatting of unmet mock expectation messages.
• - minitest/pride: Fixed to use true colors with *-direct terminals (bk2204)
• prepped for release
• + Include class name in spec name. (thomasmarshall)
• - Refactored spec's describe to more cleanly determine the superclass and name
• - Fixed 'redefining object_id' warning from ruby 3.4. (mattbrictson)
• Changed some reporter tests to use FakeTest instead of loading up Runnable w/ test junk.
• - Minitest top-level namespace no longer includes entire contents of README.rdoc. Too much!

↗️ rails-html-sanitizer (indirect, 1.6.0 → 1.6.1) · Repo · Changelog

Security Advisories 🚨

🚨 rails-html-sanitize has XSS vulnerability with certain configurations

Summary

There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8.

• Versions affected: 1.6.0
• Not affected: < 1.6.0
• Fixed versions: 1.6.1

Please note that the fix in v1.6.1 is to update the dependency on Nokogiri to 1.15.7 or >= 1.16.8.

Impact

A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in either of the following ways:

• allow both "math" and "style" elements
• or allow both "svg" and "style" elements

Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options.

Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways:

1. using application configuration to configure Action View sanitizers' allowed tags:

# In config/application.rb
config.action_view.sanitized_allowed_tags = ["math", "style"]
# or
config.action_view.sanitized_allowed_tags = ["svg", "style"]

see https://guides.rubyonrails.org/configuring.html#configuring-action-view

2. using a :tags option to the Action View helper sanitize:

<%= sanitize @comment.body, tags: ["math", "style"] %>
<%# or %>
<%= sanitize @comment.body, tags: ["svg", "style"] %>

see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize

3. setting Rails::HTML5::SafeListSanitizer class attribute allowed_tags:

# class-level option
Rails::HTML5::SafeListSanitizer.allowed_tags = ["math", "style"]
# or
Rails::HTML5::SafeListSanitizer.allowed_tags = ["svg", "style"]

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

4. using a :tags options to the Rails::HTML5::SafeListSanitizer instance method sanitize:

# instance-level option
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["math", "style"])
# or
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["svg", "style"])

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

5. setting ActionText::ContentHelper module attribute allowed_tags:

ActionText::ContentHelper.allowed_tags = ["math", "style"]
# or
ActionText::ContentHelper.allowed_tags = ["svg", "style"]

All users overriding the allowed tags by any of the above mechanisms to include (("math" or "svg") and "style") should either upgrade or use one of the workarounds.

Workarounds

Any one of the following actions will work around this issue:

• Remove "style" from the overridden allowed tags,
• Or, remove "math" and "svg" from the overridden allowed tags,
• Or, downgrade sanitization to HTML4 (see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information)
• Or, independently upgrade Nokogiri to v1.15.7 or >= 1.16.8.

References

• CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)
• Original report: https://hackerone.com/reports/2503220

Credit

This vulnerability was responsibly reported by So Sakaguchi (mokusou) and taise.

🚨 rails-html-sanitizer has XSS vulnerability with certain configurations

Summary

There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.

• Versions affected: 1.6.0
• Not affected: < 1.6.0
• Fixed versions: 1.6.1

Impact

A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way:

• the "math" and "style" elements are both explicitly allowed

Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options.

The default configuration is to disallow these elements. Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways:

1. using application configuration to configure Action View sanitizers' allowed tags:

# In config/application.rb
config.action_view.sanitized_allowed_tags = ["math", "style"]

see https://guides.rubyonrails.org/configuring.html#configuring-action-view

2. using a :tags option to the Action View helper sanitize:

<%= sanitize @comment.body, tags: ["math", "style"] %>

see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize

3. setting Rails::HTML5::SafeListSanitizer class attribute allowed_tags:

# class-level option
Rails::HTML5::SafeListSanitizer.allowed_tags = ["math", "style"]

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

4. using a :tags options to the Rails::HTML5::SafeListSanitizer instance method sanitize:

# instance-level option
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["math", "style"])

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

5. setting ActionText::ContentHelper module attribute allowed_tags:

ActionText::ContentHelper.allowed_tags = ["math", "style"]

All users overriding the allowed tags by any of the above mechanisms to include both "math" and "style" should either upgrade or use one of the workarounds.

Workarounds

Any one of the following actions will work around this issue:

• Remove "math" or "style" from the overridden allowed tags,
• Or, downgrade sanitization to HTML4 (see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information).

References

• CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)
• Original report: https://hackerone.com/reports/2519941

Credit

This vulnerability was responsibly reported by So Sakaguchi (mokusou) and taise.

🚨 rails-html-sanitizer has XSS vulnerability with certain configurations

Summary

There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.

• Versions affected: 1.6.0
• Not affected: < 1.6.0
• Fixed versions: 1.6.1

Impact

A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way:

• the "math", "mtext", "table", and "style" elements are allowed
• and either "mglyph" or "malignmark" are allowed

Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options.

The default configuration is to disallow all of these elements except for "table". Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways:

1. using application configuration to configure Action View sanitizers' allowed tags:

# In config/application.rb
config.action_view.sanitized_allowed_tags = ["math", "mtext", "table", "style", "mglyph"]
# or
config.action_view.sanitized_allowed_tags = ["math", "mtext", "table", "style", "malignmark"]

see https://guides.rubyonrails.org/configuring.html#configuring-action-view

2. using a :tags option to the Action View helper sanitize:

<%= sanitize @comment.body, tags: ["math", "mtext", "table", "style", "mglyph"] %>
<%# or %>
<%= sanitize @comment.body, tags: ["math", "mtext", "table", "style", "malignmark"] %>

see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize

3. setting Rails::HTML5::SafeListSanitizer class attribute allowed_tags:

# class-level option
Rails::HTML5::SafeListSanitizer.allowed_tags = ["math", "mtext", "table", "style", "mglyph"]
# or
Rails::HTML5::SafeListSanitizer.allowed_tags = ["math", "mtext", "table", "style", "malignmark"]

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

4. using a :tags options to the Rails::HTML5::SafeListSanitizer instance method sanitize:

# instance-level option
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["math", "mtext", "table", "style", "mglyph"])
# or
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["math", "mtext", "table", "style", "malignmark"])

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

5. setting ActionText::ContentHelper module attribute allowed_tags:

ActionText::ContentHelper.allowed_tags = ["math", "mtext", "table", "style", "mglyph"]
# or
ActionText::ContentHelper.allowed_tags = ["math", "mtext", "table", "style", "malignmark"]

All users overriding the allowed tags by any of the above mechanisms to include ("math" and "mtext" and "table" and "style" and ("mglyph" or "malignmark")) should either upgrade or use one of the workarounds.

Workarounds

Any one of the following actions will work around this issue:

• Remove "mglyph" and "malignmark" from the overridden allowed tags,
• Or, downgrade sanitization to HTML4 (see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information).

References

• CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)
• Original report: https://hackerone.com/reports/2519936

Credit

This vulnerability was responsibly reported by So Sakaguchi (mokusou) and taise.

🚨 rails-html-sanitizer has XSS vulnerability with certain configurations

Summary

There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.

• Versions affected: 1.6.0
• Not affected: < 1.6.0
• Fixed versions: 1.6.1

Impact

A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way:

• the "style" element is explicitly allowed
• the "svg" or "math" element is not allowed

Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options.

The default configuration is to disallow all of these elements. Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways:

1. using application configuration to configure Action View sanitizers' allowed tags:

# In config/application.rb
config.action_view.sanitized_allowed_tags = ["style"]

see https://guides.rubyonrails.org/configuring.html#configuring-action-view

2. using a :tags option to the Action View helper sanitize:

<%= sanitize @comment.body, tags: ["style"] %>

see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize

3. setting Rails::HTML5::SafeListSanitizer class attribute allowed_tags:

# class-level option
Rails::HTML5::SafeListSanitizer.allowed_tags = ["style"]

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

4. using a :tags options to the Rails::HTML5::SafeListSanitizer instance method sanitize:

# instance-level option
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["style"])

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

5. setting ActionText::ContentHelper module attribute allowed_tags:

ActionText::ContentHelper.allowed_tags = ["style"]

All users overriding the allowed tags by any of the above mechanisms to include "style" and omit "svg" or "math" should either upgrade or use one of the workarounds.

Workarounds

Any one of the following actions will work around this issue:

• Remove "style" from the overridden allowed tags,
• Or, downgrade sanitization to HTML4 (see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information).

References

• CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)
• Original report: https://hackerone.com/reports/2519936

Credit

This vulnerability was responsibly reported by So Sakaguchi (mokusou) and taise.

🚨 rails-html-sanitizer has XSS vulnerability with certain configurations

Summary

There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.

• Versions affected: 1.6.0
• Not affected: < 1.6.0
• Fixed versions: 1.6.1

Impact

A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way:

• the "noscript" element is explicitly allowed

Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options.

The default configuration is to disallow all of these elements. Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways:

1. using application configuration to configure Action View sanitizers' allowed tags:

# In config/application.rb
config.action_view.sanitized_allowed_tags = ["noscript"]

see https://guides.rubyonrails.org/configuring.html#configuring-action-view

2. using a :tags option to the Action View helper sanitize:

<%= sanitize @comment.body, tags: ["noscript"] %>

see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize

3. setting Rails::HTML5::SafeListSanitizer class attribute allowed_tags:

# class-level option
Rails::HTML5::SafeListSanitizer.allowed_tags = ["noscript"]

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

4. using a :tags options to the Rails::HTML5::SafeListSanitizer instance method sanitize:

# instance-level option
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["noscript"])

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

5. setting ActionText::ContentHelper module attribute allowed_tags:

ActionText::ContentHelper.allowed_tags = ["noscript"]

All users overriding the allowed tags by any of the above mechanisms to include "noscript" should either upgrade or use one of the workarounds.

Workarounds

Any one of the following actions will work around this issue:

• Remove "noscript" from the overridden allowed tags,
• Or, downgrade sanitization to HTML4 (see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information).

References

• CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)
• Original report: https://hackerone.com/reports/2509647

Credit

This vulnerability was responsibly reported by So Sakaguchi (mokusou) and taise.

Release Notes

1.6.1

1.6.1 / 2024-12-02

This is a performance and security release which addresses several possible XSS vulnerabilities.

• The dependency on Nokogiri is updated to v1.15.7 or >=1.16.8.

  This change addresses CVE-2024-53985 (GHSA-w8gc-x259-rc7x).

  Mike Dalessio

• Disallowed tags will be pruned when they appear in foreign content (i.e. SVG or MathML content),
  regardless of the prune: option value. Previously, disallowed tags were "stripped" unless the
  gem was configured with the prune: true option.

  The CVEs addressed by this change are:

  • CVE-2024-53986 (GHSA-638j-pmjw-jq48)
  • CVE-2024-53987 (GHSA-2x5m-9ch4-qgrr)

  Mike Dalessio

• The tags "noscript", "mglyph", and "malignmark" will not be allowed, even if explicitly added to
  the allowlist. If applications try to allow any of these tags, a warning is emitted and the tags
  are removed from the allow-list.

  The CVEs addressed by this change are:

  • CVE-2024-53988 (GHSA-cfjx-w229-hgx5)
  • CVE-2024-53989 (GHSA-rxv5-gxqc-xx8g)

  Please note that we may restore support for allowing "noscript" in a future release. We do not
  expect to ever allow "mglyph" or "malignmark", though, especially since browser support is minimal
  for these tags.

  Mike Dalessio

• Improve performance by eliminating needless operations on attributes that are being removed. #188

  Mike Dalessio

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 51 commits:

• version bump to v1.6.1
• doc: update CHANGELOG with assigned CVEs
• Combine the noscript/mglyph prevention blocks
• Merge branch 'h1-2509647-noscript' into flavorjones-2024-security-fixes
• Merge branch 'h1-2519936-mglyph-foster-parenting' into flavorjones-2024-security-fixes
• Merge branch 'h1-2519936-foreign-ns-confusion' into flavorjones-2024-security-fixes
• Merge branch 'h1-2503220-nokogiri-serialization' into flavorjones-2024-security-fixes
• doc: update CHANGELOG
• fix: disallow 'noscript' from safe lists
• fix: disallow 'mglyph' and 'malignmark' from safe lists
• dep: bump Nokogiri dependency to address the foreign style issue
• Merge pull request #194 from rails/flavorjones-bundle-update-20241130
• dev: bundle update
• doc: update CHANGELOG for #188
• fix: Namespace confusion when disallowing 'svg' or 'math'
• test: Nokogiri's HTML5 "foreign style serialization" issue
• Merge pull request #193 from rails/dependabot/bundler/rexml-3.3.9
• build(deps-dev): bump rexml from 3.3.6 to 3.3.9
• Merge pull request #191 from seanpdoyle/patch-1
• Update README.md
• Merge pull request #189 from rails/dependabot/bundler/rexml-3.3.6
• build(deps-dev): bump rexml from 3.3.5 to 3.3.6
• Merge pull request #188 from rails/flavorjones-minimize-operations
• Do not scrub removed attributes
• Do not scrub attributes on a removed node
• Merge pull request #187 from rails/flavorjones-20240813-bundle-update
• dep(dev): bundle update
• Merge pull request #185 from rails/flavorjones-dep-update-nokogiri
• dep: update nokogiri in Gemfile.lock
• Merge pull request #184 from rails/dependabot/bundler/rexml-3.2.8
• build(deps-dev): bump rexml from 3.2.6 to 3.2.8
• Merge pull request #182 from trevorrjohn/main
• Small simplification
• Merge pull request #180 from dogweather/patch-1
• Update sanitizer.rb: add <mark> to safe list
• Merge pull request #179 from rails/flavorjones-dep-bundle-update-20240409
• dep: bundle update
• Merge pull request #178 from rails/dependabot/bundler/rack-3.0.9.1
• build(deps-dev): bump rack from 3.0.8 to 3.0.9.1
• Merge pull request #177 from jweir/ruby-version-cleanup
• Remove checks for Ruby versions no longer supported
• Merge pull request #176 from m-nakamura145/update-checkout-action
• Update latest checkout action version
• Merge pull request #173 from rails/flavorjones-gemfile-lock
• Merge pull request #174 from rails/flavorjones-202401-rubocop-update
• track Gemfile.lock
• Merge pull request #175 from akhilgkrishnan/bump-versions-in-workflow
• Bump action/checkout and ruby version in workflow
• style: update rubocop config to match latest rails config
• Merge pull request #172 from m-nakamura145/update-ci-matrix
• Add Ruby 3.3 to CI matrix

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[coveralls]

coverage: 99.123%. remained the same
when pulling 740929c on depfu/update/group/sentry-ruby-core-5.22.0
into 7792c7b on main.

[depfu]

Closed in favor of #1386.