Bump the "all" group with 2 updates across multiple ecosystems

[dependabot]

Bumps the all group with 2 updates: ruby/setup-ruby and actions/cache.

Updates ruby/setup-ruby from 1.257.0 to 1.263.0

Release notes

Sourced from ruby/setup-ruby's releases.

v1.263.0

What's Changed

• Print lockfile contents earlier by @​Earlopain in ruby/setup-ruby#811

New Contributors

• @​Earlopain made their first contribution in ruby/setup-ruby#811

Full Changelog: ruby/setup-ruby@v1.262.0...v1.263.0

v1.262.0

Full Changelog: ruby/setup-ruby@v1.261.0...v1.262.0

v1.261.0

What's Changed

• Update CRuby releases on Windows by @​ruby-builder-bot in ruby/setup-ruby#809

Full Changelog: ruby/setup-ruby@v1.260.0...v1.261.0

v1.260.0

What's Changed

• Revert "feat: upgrade to node 24" by @​eregon in ruby/setup-ruby#808
• Reinstate testing against jruby 9.4 and head by @​chadlwilson in ruby/setup-ruby#807

New Contributors

• @​chadlwilson made their first contribution in ruby/setup-ruby#807

Full Changelog: ruby/setup-ruby@v1.259.0...v1.260.0

v1.259.0

What's Changed

• feat: upgrade to node 24 by @​chenrui333 in ruby/setup-ruby#804

Full Changelog: ruby/setup-ruby@v1.258.0...v1.259.0

v1.258.0

What's Changed

• Add ruby-3.4.6 by @​ruby-builder-bot in ruby/setup-ruby#802
• Add truffleruby-25.0.0,truffleruby+graalvm-25.0.0 by @​ruby-builder-bot in ruby/setup-ruby#803

Full Changelog: ruby/setup-ruby@v1.257.0...v1.258.0

Commits

• 0481980 Print lockfile contents earlier
• cf7216d Use new releases of ruby-builder per engine-version
• 1c58d16 Update CRuby releases on Windows
• 1dc7956 Test on JRuby 9.4 as well as 10.0
• b8714f7 Revert "Skip test failing on JRuby on Windows"
• d3e13b3 Revert "feat: upgrade to node 24"
• 4df093a Revert "chore: add setup-node for lint job"
• 866b91c chore: add setup-node for lint job
• c4cd38d feat: upgrade to node 24
• 3fee676 Add truffleruby-25.0.0,truffleruby+graalvm-25.0.0
• Additional commits viewable in compare view

Updates actions/cache from 4.2.4 to 4.3.0

Release notes

Sourced from actions/cache's releases.

v4.3.0

What's Changed

• Add note on runner versions by @​GhadimiR in actions/cache#1642
• Prepare v4.3.0 release by @​Link- in actions/cache#1655

New Contributors

• @​GhadimiR made their first contribution in actions/cache#1642

Full Changelog: actions/cache@v4...v4.3.0

Changelog

Sourced from actions/cache's changelog.

Releases

4.3.0

• Bump @actions/cache to v4.1.0

4.2.4

• Bump @actions/cache to v4.0.5

4.2.3

• Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

• Bump @actions/cache to v4.0.2

4.2.1

• Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

• Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474
• Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

• Restore original behavior of cache-hit output - #1467

4.1.0

• Ensure cache-hit output is set when a cache is missed - #1404
• Deprecate save-always input - #1452

... (truncated)

Commits

• 0057852 Merge pull request #1655 from actions/Link-/prepare-4.3.0
• 4f5ea67 Update licensed cache
• 9fcad95 Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release
• 638ed79 Merge pull request #1642 from actions/GhadimiR-patch-1
• 3862dcc Add note on runner versions
• See full diff in compare view

Bumps the all group with 3 updates: json, rubocop-ast and rubocop-rails.

Updates json from 2.13.2 to 2.14.1

Release notes

Sourced from json's releases.

v2.14.1

What's Changed

• Fix IndexOutOfBoundsException in the JRuby extension when encoding shared strings.

Full Changelog: ruby/json@v2.14.0...v2.14.1

v2.14.0

What's Changed

• Add new allow_duplicate_key generator options. By default a warning is now emitted when a duplicated key is encountered. In json 3.0 an error will be raised.

  >> Warning[:deprecated] = true
  >> puts JSON.generate({ foo: 1, "foo" => 2 })
  (irb):2: warning: detected duplicate key "foo" in {foo: 1, "foo" => 2}.
  This will raise an error in json 3.0 unless enabled via `allow_duplicate_key: true`
  {"foo":1,"foo":2}
  >> JSON.generate({ foo: 1, "foo" => 2 }, allow_duplicate_key: false)
  detected duplicate key "foo" in {foo: 1, "foo" => 2} (JSON::GeneratorError)

• Fix JSON.generate strict: true mode to also restrict hash keys.
• Fix JSON::Coder to also invoke block for hash keys that aren't strings nor symbols.
• Fix JSON.unsafe_load usage with proc
• Fix the parser to more consistently reject invalid UTF-16 surogate pairs.
• Stop defining String.json_create, String#to_json_raw, String#to_json_raw_object when json/add isn't loaded.

Full Changelog: ruby/json@v2.13.2...v2.14.0

Changelog

Sourced from json's changelog.

2025-09-18 (2.14.1)

• Fix IndexOutOfBoundsException in the JRuby extension when encoding shared strings.

2025-09-18 (2.14.0)

• Add new allow_duplicate_key generator options. By default a warning is now emitted when a duplicated key is encountered. In json 3.0 an error will be raised.

  >> Warning[:deprecated] = true
  >> puts JSON.generate({ foo: 1, "foo" => 2 })
  (irb):2: warning: detected duplicate key "foo" in {foo: 1, "foo" => 2}.
  This will raise an error in json 3.0 unless enabled via `allow_duplicate_key: true`
  {"foo":1,"foo":2}
  >> JSON.generate({ foo: 1, "foo" => 2 }, allow_duplicate_key: false)
  detected duplicate key "foo" in {foo: 1, "foo" => 2} (JSON::GeneratorError)

• Fix JSON.generate strict: true mode to also restrict hash keys.
• Fix JSON::Coder to also invoke block for hash keys that aren't strings nor symbols.
• Fix JSON.unsafe_load usage with proc
• Fix the parser to more consistently reject invalid UTF-16 surogate pairs.
• Stop defining String.json_create, String#to_json_raw, String#to_json_raw_object when json/add isn't loaded.

Commits

• 51ce76e Release 2.14.1
• a8ff0c8 Merge pull request #860 from samyron/sm/fix-swar-index-out-of-bounds-exception
• 67ebabe fix issue reading off the end of the ByteBuffer if ptr > 0
• 1d52d18 Update changelog
• 55552ca Release 2.14.0
• d334dbf Merge pull request #856 from robinetmiller/add-branch-coverage
• 08b9eb0 Only enable test coverage when running the test suite standalone
• 6bded94 Add branch test coverage when available. Force track all files to prevent imp...
• db89486 Regenerate the Java parser
• ddffd05 Merge pull request #858 from byroot/validate-surogate
• Additional commits viewable in compare view

Updates rubocop-ast from 1.46.0 to 1.47.1

Changelog

Sourced from rubocop-ast's changelog.

1.47.1 (2025-09-21)

Bug fixes

• #386: Fix parsing of node patterns that match against the empty string. ([@​earloapin][])

1.47.0 (2025-09-19)

New features

• #387: Add Node#any_sym_type? to match sym and dsym types. ([@​dvandersluis][])
• #328: Add Node#any_str_type? to match str, dstr, and xstr types. ([@​dvandersluis][])

Commits

• 4d22ef0 Cut 1.47.1
• fb62fd9 Update Changelog
• 7695bf2 Allow to match against the empty string
• 53a64d5 Restore docs/antora.yml
• 7a2aa5d Cut 1.47.0
• bdce308 Update Changelog
• 2fffb71 Add Node#any_sym_type? to match sym and dsym types
• bddfd6e Fix build error by keeping prism below 1.5.0 for older RuboCop
• f7e25f9 Add Node#any_str_type? to match str, dstr, and xstr types
• 0761f8c Run codespell with bundle exec rake
• Additional commits viewable in compare view

Updates rubocop-rails from 2.33.3 to 2.33.4

Release notes

Sourced from rubocop-rails's releases.

RuboCop Rails v2.33.4

Bug fixes

• #1530: Fix an incorrect autocorrect for Rails/FindByOrAssignmentMemoization when using endless method definition. (@​koic)
• #1522: Fix an error for Rails/FindBy when where takes a block. (@​earlopain)
• #1182: Fix a false positive for Rails/ActionControllerFlashBeforeRender when flash is called in a block. (@​5hun-s)

Changelog

Sourced from rubocop-rails's changelog.

2.33.4 (2025-09-27)

Bug fixes

• #1530: Fix an incorrect autocorrect for Rails/FindByOrAssignmentMemoization when using endless method definition. ([@​koic][])
• #1522: Fix an error for Rails/FindBy when where takes a block. ([@​earlopain][])
• #1182: Fix a false positive for Rails/ActionControllerFlashBeforeRender when flash is called in a block. ([@​5hun-s][])

Commits

• b2ccb82 Cut 2.33.4
• 0fb1259 Update Changelog
• 24faad2 Merge pull request #1533 from viralpraxis/load-simplecov-before-lib-for-bette...
• 28caddb Load simplecov before loading lib for better coverage results
• 60dd19b Merge pull request #1528 from 5hun-s/fix_false_positive_for_rails_action_cont...
• 87e5bbf [Fix rubocop#1182] Fix a false positive for Rails/ActionControllerFlashBefore...
• ec292a2 Fix a build error when using Ruby 2.7
• 17371a8 Merge pull request #1531 from koic/fix_an_incorrect_autocorrect_for_rails_fin...
• 2b091eb Fix an incorrect autocorrect for Rails/FindByOrAssignmentMemoization
• dd73491 Merge pull request #1522 from Earlopain/find-by-where-block
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions