DEPS: Bump the gems group with 5 updates

[dependabot]

Bumps the gems group with 5 updates:

Package	From	To
lefthook	2.1.8	2.1.9
json	2.19.5	2.19.8
psych	5.3.1	5.4.0
rubocop	1.86.2	1.87.0
sorbet-runtime	0.6.13252	0.6.13271

Updates lefthook from 2.1.8 to 2.1.9

Release notes

Sourced from lefthook's releases.

v2.1.9

Changelog

• 1d35cbabe1ebaf2a5ed4d2186caa0402de6448e2 chore: add pretty gradient (#1432)
• 22be6c50e1412c748f3c6b60e9c61cd056dc693b deps: May 2026 (#1415)
• 1bae568f03dfb88af9185031fa44e9fee285e917 fix: update hooks path after resetting (#1431)

Changelog

Sourced from lefthook's changelog.

2.1.9 (2026-05-29)

• fix: update hooks path after resetting (#1431) by @​mrexox
• deps: May 2026 (#1415) by @​mrexox

Commits

• 75f99ff 2.1.9: fix install with --reset-hooks-path
• 1d35cba chore: add pretty gradient (#1432)
• 1bae568 fix: update hooks path after resetting (#1431)
• 22be6c5 deps: May 2026 (#1415)
• See full diff in compare view

Updates json from 2.19.5 to 2.19.8

Release notes

Sourced from json's releases.

v2.19.7

What's Changed

• Fix some more edge cases with out of range floats.
• Ensure the string provided to JSON.parse can't be mutated during parsing.
• Add missing write barriers in State#dup.
• Further validate generator depth config.

Full Changelog: ruby/json@v2.19.6...v2.19.7

v2.19.6

What's Changed

• Cleanly handle overly large depth generator argument.
• Add missing write barrier in ParserConfig.

Full Changelog: ruby/json@v2.19.5...v2.19.6

Changelog

Sourced from json's changelog.

2026-06-03 (2.19.8)

• Fix 1-byte buffer overread on EOS errors.
• Handle invalid types passed as max_nesting option.

2026-05-28 (2.19.7)

• Fix some more edge cases with out of range floats.
• Ensure the string provided to JSON.parse can't be mutated during parsing.
• Add missing write barriers in State#dup.
• Further validate generator depth config.

2026-05-28 (2.19.6)

• Cleanly handle overly large depth generator argument.
• Add missing write barrier in ParserConfig.

Commits

• 5233dd9 Release 2.19.8
• 3f44b26 Prevent buffer over-read when generating EOF error
• be8d068 Handle invalid types passed as max_nesting option
• 59501c0 Get rid of all_images gem
• c7a7b2b Add a security note in README
• ab6c8f2 Release 2.19.7
• f033b9d Fix some more edge cases with out of range floats
• 5ca8a67 parser.c: Ensure the user provided string can't be mutated
• dba1d88 generator.c: trigger write barriers in cState_init_copy
• e8800cb Further validate generator depth config
• Additional commits viewable in compare view

Updates psych from 5.3.1 to 5.4.0

Commits

• f7066d8 v5.4.0
• 6201ae1 Round the io_reader clamp down to a character boundary
• 99ecd94 Clamp io_reader copy to libyaml's buffer size
• 7a73514 Merge pull request #794 from ruby/dependabot/github_actions/step-security/har...
• cada6bb Bump step-security/harden-runner from 2.19.3 to 2.19.4
• c06a2c5 Merge pull request #793 from ruby/dependabot/github_actions/step-security/har...
• 4a7ca7e Bump step-security/harden-runner from 2.19.1 to 2.19.3
• 790494a Merge pull request #792 from ruby/dependabot/github_actions/step-security/har...
• 16d8518 Bump step-security/harden-runner from 2.19.0 to 2.19.1
• 1366654 Bump step-security/harden-runner from 2.17.0 to 2.19.0
• Additional commits viewable in compare view

Updates rubocop from 1.86.2 to 1.87.0

Release notes

Sourced from rubocop's releases.

RuboCop v1.87.0

New features

• #15167: Add --enable-all-cops and --disable-all-cops command line options that override AllCops/EnabledByDefault and AllCops/DisabledByDefault in configuration files. (@​koic)
• #15185: Make Layout/EmptyLineAfterGuardClause accept the new # simplecov:disable and # simplecov:enable directive comments. (@​koic)
• #15173: Add optional Rubydex integration via AllCops/UseProjectIndex to enable cross-file detection in Lint/ConstantReassignment (experimental). (@​koic)

Bug fixes

• #15168: Fix false positives in Lint/ParenthesesAsGroupedExpression when the first argument is a call-like expression with its own parentheses, such as yield(...). (@​koic)
• #15188: Fix false positives in Style/YodaCondition when one side is an array or hash literal containing non-literal elements. (@​koic)
• #15182: Fix incorrect autocorrect for Style/Alias causing a syntax error when the return value of alias_method is used, such as an argument to public, private, protected, or module_function, or the right-hand side of an assignment. (@​koic)
• #15174: Fix incorrect autocorrect for Style/ClassAndModuleChildren causing a syntax error when the namespace contains a method call (e.g., class self.class::Foo; end). (@​koic)
• #15180: Fix incorrect autocorrect for Style/FileWrite causing a syntax error when the written heredoc is chained with another method call. (@​koic)
• #15186: Fix incorrect autocorrect for Style/HashConversion causing a syntax error when Hash[...] is passed an anonymous splat (*). (@​koic)
• #15192: Fix incorrect autocorrect for Style/StructInheritance causing a syntax error when the inherited Struct.new is called without parentheses. (@​koic)
• #15170: Fix an infinite loop for Layout/RedundantLineBreak when a single-line block is chained with a safe navigation method call. (@​koic)
• #15175: Fix Layout/IndentationWidth to indent block bodies relative to the method selector for trailing-dot multi-line method chains when EnforcedStyleAlignWith is relative_to_receiver. (@​ddbrendan)
• #15135: Fix incorrect autocorrect for Style/RedundantParentheses that swallowed chained method calls into a trailing inline comment on the line above the closing parenthesis. (@​hammadxcm)
• #15184: Fix various typos and grammar mistakes in documentation and cop descriptions. (@​bbatsov)

Changes

• #15171: Cache FilePatterns#match? results per path so cops sharing the same Include/Exclude configuration do not each repeat File.fnmatch? work on every file. (@​Darhazer)

Changelog

Sourced from rubocop's changelog.

1.87.0 (2026-05-30)

New features

• #15167: Add --enable-all-cops and --disable-all-cops command line options that override AllCops/EnabledByDefault and AllCops/DisabledByDefault in configuration files. ([@​koic][])
• #15185: Make Layout/EmptyLineAfterGuardClause accept the new # simplecov:disable and # simplecov:enable directive comments. ([@​koic][])
• #15173: Add optional Rubydex integration via AllCops/UseProjectIndex to enable cross-file detection in Lint/ConstantReassignment (experimental). ([@​koic][])

Bug fixes

• #15168: Fix false positives in Lint/ParenthesesAsGroupedExpression when the first argument is a call-like expression with its own parentheses, such as yield(...). ([@​koic][])
• #15188: Fix false positives in Style/YodaCondition when one side is an array or hash literal containing non-literal elements. ([@​koic][])
• #15182: Fix incorrect autocorrect for Style/Alias causing a syntax error when the return value of alias_method is used, such as an argument to public, private, protected, or module_function, or the right-hand side of an assignment. ([@​koic][])
• #15174: Fix incorrect autocorrect for Style/ClassAndModuleChildren causing a syntax error when the namespace contains a method call (e.g., class self.class::Foo; end). ([@​koic][])
• #15180: Fix incorrect autocorrect for Style/FileWrite causing a syntax error when the written heredoc is chained with another method call. ([@​koic][])
• #15186: Fix incorrect autocorrect for Style/HashConversion causing a syntax error when Hash[...] is passed an anonymous splat (*). ([@​koic][])
• #15192: Fix incorrect autocorrect for Style/StructInheritance causing a syntax error when the inherited Struct.new is called without parentheses. ([@​koic][])
• #15170: Fix an infinite loop for Layout/RedundantLineBreak when a single-line block is chained with a safe navigation method call. ([@​koic][])
• #15175: Fix Layout/IndentationWidth to indent block bodies relative to the method selector for trailing-dot multi-line method chains when EnforcedStyleAlignWith is relative_to_receiver. ([@​ddbrendan][])
• #15135: Fix incorrect autocorrect for Style/RedundantParentheses that swallowed chained method calls into a trailing inline comment on the line above the closing parenthesis. ([@​hammadxcm][])
• #15184: Fix various typos and grammar mistakes in documentation and cop descriptions. ([@​bbatsov][])

Changes

• #15171: Cache FilePatterns#match? results per path so cops sharing the same Include/Exclude configuration do not each repeat File.fnmatch? work on every file. ([@​Darhazer][])

Commits

• e5b788d Cut 1.87
• 65aece8 Update Changelog
• 810c790 Fix incorrect autocorrect for Style/StructInheritance cop
• 1ec0554 [Fix #15185] Make Layout/EmptyLineAfterGuardClause accept new SimpleCov dir...
• 11cd569 Merge pull request #15190 from koic/fix_false_positives_in_style_yoda_condition
• ceff136 [Fix #15188] Fix false positives for Style/YodaCondition
• 4a12596 Fix incorrect autocorrect for Style/HashConversion cop
• 4801e9d Merge pull request #15184 from rubocop/fix-typos-and-grammar-in-docs
• bfe7dc5 Fix various typos and grammar mistakes in documentation
• 6988aa4 Merge pull request #15182 from koic/fix_incorrect_autocorrect_for_style_alias...
• Additional commits viewable in compare view

Updates sorbet-runtime from 0.6.13252 to 0.6.13271

Release notes

Sourced from sorbet-runtime's releases.

sorbet 0.6.13270.20260601180618-69cabd038

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13270', :group => :development
gem 'sorbet-runtime', '0.6.13270'

sorbet 0.6.13269.20260601114111-a02ab38a4

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13269', :group => :development
gem 'sorbet-runtime', '0.6.13269'

sorbet 0.6.13268.20260601113530-4c53e02bd

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13268', :group => :development
gem 'sorbet-runtime', '0.6.13268'

sorbet 0.6.13267.20260601113045-585c1e318

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13267', :group => :development
gem 'sorbet-runtime', '0.6.13267'

sorbet 0.6.13266.20260529142012-5ae1eebe3

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13266', :group => :development
gem 'sorbet-runtime', '0.6.13266'

sorbet 0.6.13265.20260529141310-f86bf56de

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13265', :group => :development
gem 'sorbet-runtime', '0.6.13265'

sorbet 0.6.13264.20260529140435-6fc2a01db

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13264', :group => :development
gem 'sorbet-runtime', '0.6.13264'

sorbet 0.6.13263.20260529103429-79c064c64

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions