Bump the bundler group across 1 directory with 2 updates by dependabot[bot] · Pull Request #87 · jackpocket/paysafe

dependabot · 2026-03-18T12:32:36Z

Updates the requirements on webmock and http to permit the latest version.
Updates webmock from 3.26.1 to 3.26.2

Release notes

3.26.2

Add support to parse http/2 request on curb adapter

Thanks to Christoph Rieß

CurbAdapter alias code from response_code

Thanks to Christoph Rieß

Add HTTP.rb v6.0.0 compatibility to http_rb adapter

Thanks to Erik Berlin

Changelog

Sourced from webmock's changelog.

3.26.2

Add support to parse http/2 request on curb adapter

Thanks to Christoph Rieß

CurbAdapter alias code from response_code

Thanks to Christoph Rieß

Add HTTP.rb v6.0.0 compatibility to http_rb adapter

Thanks to Erik Berlin

Commits

ce700d9 Version 3.26.2
ddf8a43 Merge pull request #1121 from criess/cr/curb-http-2-parse-headers
035e9fc [fix] add support to parse http/2 request on curb adapter
29d3532 Merge pull request #1123 from sferik/support-http_rb-6
801ad3b Merge pull request #1122 from criess/cr/curb-easy-code-as-alias
a4de224 Add HTTP.rb 6.0.0 compatibility to http_rb adapter
c6cf2f1 [fix] CurbAdapter alias code from response_code
596d8a8 Merge pull request #1113 from koic/ci_against_ruby_4_0
86977f8 Run CI against Ruby 4.0
cc11b78 Merge pull request #1114 from koic/remove_pride_option_from_minitest_rake_task
Additional commits viewable in compare view

Updates http from 5.3.1 to 6.0.1

Release notes

Sourced from http's releases.

v6.0.1

Full Changelog: httprb/http@v6.0.0...v6.0.1

v6.0.0

What's Changed

Fixed incorrect link in CHANGES.md by @daniel-sabourin in httprb/http#738

Add Connection#finished_request? by @c960657 in httprb/http#743

Bump llhttp-ffi (0.5.0) by @bryanp in httprb/http#744

Let the instrumenter log exceptions too by @foca in httprb/http#746

Run CI against Ruby 3.2 by @koheisg in httprb/http#742

Update README.md by @sandstrom in httprb/http#751

Downcase Content-Type charset name by @paul in httprb/http#753

Add base64 to runtime dependency by @koic in httprb/http#759

DummyServer::Servlet#not_found requires two arguments by @c960657 in httprb/http#761

fix: close sockets on connection initialize timeout by @rpeng in httprb/http#762

Prevent CRLF injection due to broken URL normalizer by @c960657 in httprb/http#765

Do more conservative URL normalization by @c960657 in httprb/http#758

Handle responses in the reverse order from the requests by @souk4711 in httprb/http#766

Add support for the PURGE HTTP method. by @renchap in httprb/http#757

Start 6.0.0 version by @ixti in httprb/http#768

SECURITY.md: use private vulnerability reporting feature by @tarcieri in httprb/http#772

Goodbye Hash rockets... by @ixti in httprb/http#769

Fixes comment typo in errors.rb by @ajsharma in httprb/http#781

Update base64 dependency version by @SleepingInsomniac in httprb/http#780

Add .retriable feature to Http - Rebased by @tomprats in httprb/http#775

Bump rubocop to v1.61 by @tarcieri in httprb/http#788

Drop depenency on base64 by @Earlopain in httprb/http#778

Add more granularity to ConnectionError through more specific error classes by @omkarmoghe in httprb/http#783

Cache header normalization to reduce object allocation by @alexcwatt in httprb/http#789

New feature: RaiseError by @c960657 in httprb/http#792

Correct typo in comments for retriable method by @hakanensari in httprb/http#794

Remove circular require by @hakanensari in httprb/http#795

Native llhttp for MRI by @sebyx07 in httprb/http#800

feat: introduce better error for wrong mime type by @TheBlackArroVV in httprb/http#805

chore: Cleanup and update gemspec by @ixti in httprb/http#806

fix: Simplify response and headers inspection by @ixti in httprb/http#810

feat: Add bin/console for development convenience by @ixti in httprb/http#811

Add ruby 3.4 support by @ixti in httprb/http#808

Introduce HTTP::Session for thread-safe request building by @sferik in httprb/http#829

Remove Headers::Mixin and [] / []= delegators from Request and Response by @sferik in httprb/http#831

Refactor cookie API by @sferik in httprb/http#830

Instrumentation hooks by @sferik in httprb/http#832

Add HTTP.base_uri by @sferik in httprb/http#833

Add binary body formatting to the logging feature by @sferik in httprb/http#834

Add HTTP caching by @sferik in httprb/http#835

Release v6.0.0 by @ixti in httprb/http#790

New Contributors

@daniel-sabourin made their first contribution in httprb/http#738

@c960657 made their first contribution in httprb/http#743

... (truncated)

Changelog

Sourced from http's changelog.

[6.0.1] - 2026-03-16

Changed

Exclude test files from gem package, reducing gem size by 50% (from 175 KB to 87 KB).

[6.0.0] - 2026-03-16

Changed

Merged http-form_data gem into the main http gem. The HTTP::FormData module (including Part, File, Multipart, Urlencoded, and CompositeIO) is now shipped directly with http instead of being a separate dependency. The public API is unchanged.

Fixed

Inflater no longer raises Zlib::BufError when a response declares Content-Encoding: gzip (or deflate) but the body is not valid compressed data. This commonly occurred when following redirects with auto_inflate enabled, because the redirect response had a Content-Encoding header but a non-compressed body. (#621)

Persistent connections now auto-flush unread response bodies before sending the next request, instead of raising StateError. Bodies up to 1 MiB are drained transparently; larger bodies cause the connection to close and reopen. This prevents the silent body clobbering described in #371, where an unread response body would return "" after a subsequent request. (#371)

Response#content_length now handles duplicate Content-Length headers per RFC 7230 Section 3.3.2. When all values are identical, they are collapsed into a single valid value. When values conflict, nil is returned instead of raising TypeError. (#566)

HTTP 1xx informational responses (e.g. 100 Continue) are now transparently skipped, returning the final response. This was a regression introduced when the parser was migrated from http-parser to llhttp. (#667)

Redirect loop detection now considers cookies, so a redirect back to the same URL with different cookies is no longer falsely detected as an endless loop. Fixes cookie-dependent redirect flows where a server sets a cookie on one hop and expects it on the next. (#544)

Per-operation timeouts (HTTP.timeout(read: n, write: n, connect: n)) no longer default unspecified values to 0.25 seconds. Omitted timeouts now mean no timeout for that operation, matching the behavior when no timeout is configured at all. (#579)

Per-operation timeout handler now correctly handles :wait_writable from read_nonblock and :wait_readable from write_nonblock on SSL sockets during TLS renegotiation. Previously these symbols were returned as data instead of being waited on. (#358)

Persistent sessions now follow cross-origin redirects instead of raising StateError. HTTP.persistent returns an HTTP::Session that pools one HTTP::Client per origin, so redirects to a different domain transparently open (and reuse) a separate persistent connection. Cookie management is

... (truncated)

Commits

866cb87 Release v6.0.1
1ae2a60 Add mutant to default rake task and pass --since main flag
c39f85f Reduce gem package size by excluding non-essential files
26f26c4 Switch gem release to OIDC API key role with JRuby support
5d1ff43 Release v6.0.0
1dbc20d Merge form_data into http
e68bddc Override release task to skip gem push (handled by CI)
38419ea Convert test suite from Minitest::Spec DSL to Minitest::Test
4067339 Ship sig/http.rbs type signatures in the gem
da374ef Switch mutant operators from light to full and kill surviving mutants
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Updates the requirements on [webmock](https://github.com/bblimke/webmock) and [http](https://github.com/httprb/http) to permit the latest version. Updates `webmock` from 3.26.1 to 3.26.2 - [Release notes](https://github.com/bblimke/webmock/releases) - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](bblimke/webmock@v3.26.1...v3.26.2) Updates `http` from 5.3.1 to 6.0.1 - [Release notes](https://github.com/httprb/http/releases) - [Changelog](https://github.com/httprb/http/blob/main/CHANGELOG.md) - [Commits](httprb/http@v5.3.1...v6.0.1) --- updated-dependencies: - dependency-name: webmock dependency-version: 3.26.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: bundler - dependency-name: http dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: bundler ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Mar 18, 2026

javierjulio self-assigned this Mar 18, 2026

javierjulio self-requested a review March 18, 2026 17:55

javierjulio approved these changes Mar 18, 2026

View reviewed changes

javierjulio merged commit 2fbf460 into master Mar 18, 2026
5 checks passed

javierjulio deleted the dependabot/bundler/bundler-c468a0535f branch March 18, 2026 17:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the bundler group across 1 directory with 2 updates#87

Bump the bundler group across 1 directory with 2 updates#87
javierjulio merged 1 commit intomasterfrom
dependabot/bundler/bundler-c468a0535f

dependabot bot commented on behalf of github Mar 18, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 18, 2026

3.26.2

3.26.2

v6.0.1

v6.0.0

What's Changed

New Contributors

[6.0.1] - 2026-03-16

Changed

[6.0.0] - 2026-03-16

Changed

Fixed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant