Skip to content

Auto-update dependencies. #1341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dpebot wants to merge 1 commit into
base: main
Choose a base branch
from
+8 −9
Open

Auto-update dependencies. #1341

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 6 additions & 7 deletions Gemfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@ GEM
remote: https://rubygems.org/
specs:
CFPropertyList (3.0.9)
activesupport (7.2.3.1)
activesupport (7.0.10)
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

This pull request is titled "Auto-update dependencies", but it significantly downgrades activesupport from 7.2.3.1 to 7.0.10. Downgrading core libraries can re-introduce security vulnerabilities and lead to compatibility issues.

base64
benchmark (>= 0.3)
bigdecimal
concurrent-ruby (~> 1.0, >= 1.3.1)
connection_pool (>= 2.2.5)
concurrent-ruby (~> 1.0, >= 1.0.2)
drb
i18n (>= 1.6, < 2)
logger (>= 1.4.2)
minitest (>= 5.1, < 6)
minitest (>= 5.1)
mutex_m
securerandom (>= 0.3)
tzinfo (~> 2.0)
addressable (2.9.0)
Expand Down Expand Up @@ -63,7 +63,6 @@ GEM
cocoapods-try (1.2.0)
colored2 (3.1.2)
concurrent-ruby (1.3.6)
connection_pool (3.0.2)
drb (2.2.3)
escape (0.0.4)
ethon (0.18.0)
Expand All @@ -79,7 +78,7 @@ GEM
concurrent-ruby (~> 1.0)
json (2.19.5)
logger (1.7.0)
minitest (5.27.0)
minitest (5.26.1)
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

This change downgrades minitest from 5.27.0 to 5.26.1. This is a regression that contradicts the pull request's intent to update dependencies.

molinillo (0.8.0)
mutex_m (0.3.0)
nanaimo (0.4.0)
Expand All @@ -88,7 +87,7 @@ GEM
public_suffix (4.0.7)
rexml (3.4.4)
ruby-macho (2.5.1)
securerandom (0.4.1)
securerandom (0.3.2)
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

This change downgrades securerandom from 0.4.1 to 0.3.2. This is a regression that contradicts the pull request's intent to update dependencies.

typhoeus (1.6.0)
ethon (>= 0.18.0)
tzinfo (2.0.6)
Expand Down
4 changes: 2 additions & 2 deletions samples/swift/Podfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1385,7 +1385,7 @@ PODS:
- gRPC-Core/Privacy (= 1.69.0)
- gRPC-Core/Interface (1.69.0)
- gRPC-Core/Privacy (1.69.0)
- GTMSessionFetcher/Core (5.2.0)
- GTMSessionFetcher/Core (5.3.0)
- leveldb-library (1.22.6)
- nanopb (3.30910.0):
- nanopb/decode (= 3.30910.0)
Expand Down Expand Up @@ -1461,7 +1461,7 @@ SPEC CHECKSUMS:
GoogleUtilities: 00c88b9a86066ef77f0da2fab05f65d7768ed8e1
"gRPC-C++": cc207623316fb041a7a3e774c252cf68a058b9e8
gRPC-Core: 860978b7db482de8b4f5e10677216309b5ff6330
GTMSessionFetcher: 904bdd2a82c635bcd6f44edf94cc8775c5d1d6e6
GTMSessionFetcher: 127211aeec0b1e904fc49f4f6f895dcc535b0ecf
leveldb-library: cc8b8f8e013647a295ad3f8cd2ddf49a6f19be19
nanopb: fad817b59e0457d11a5dfbde799381cd727c1275
RecaptchaInterop: 11e0b637842dfb48308d242afc3f448062325aba
Expand Down