Skip to content

chore(deps): bump the bundler-production-dependencies group across 1 directory with 10 updates#389

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/src/email/bundler-production-dependencies-4dffbfe1fe
Open

chore(deps): bump the bundler-production-dependencies group across 1 directory with 10 updates#389
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/src/email/bundler-production-dependencies-4dffbfe1fe

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown

Bumps the bundler-production-dependencies group with 9 updates in the /src/email directory:

Package From To
google-protobuf 4.35.0 4.35.1
opentelemetry-metrics-sdk 0.14.0 0.15.0
opentelemetry-exporter-otlp-metrics 0.9.0 0.10.0
opentelemetry-exporter-otlp-logs 0.5.0 0.5.1
grpc 1.80.0 1.81.1
net-imap 0.6.4 0.6.4.1
opentelemetry-instrumentation-action_mailer 0.8.0 0.8.1
opentelemetry-instrumentation-active_job 0.12.0 0.13.0
opentelemetry-instrumentation-active_storage 0.5.0 0.5.1

Updates google-protobuf from 4.35.0 to 4.35.1

Commits

Updates opentelemetry-metrics-sdk from 0.14.0 to 0.15.0

Release notes

Sourced from opentelemetry-metrics-sdk's releases.

opentelemetry-metrics-sdk 0.15.0

v0.15.0 / 2026-06-16

  • BREAKING CHANGE: Metrics cardinality limit (#1909)
  • ADDED: Metrics cardinality limit (#1909)
Commits

Updates opentelemetry-exporter-otlp-metrics from 0.9.0 to 0.10.0

Release notes

Sourced from opentelemetry-exporter-otlp-metrics's releases.

opentelemetry-exporter-otlp-metrics 0.10.0

v0.10.0 / 2026-06-16

  • BREAKING CHANGE: Metrics cardinality limit (#1909)
  • ADDED: Metrics cardinality limit (#1909)

opentelemetry-exporter-otlp-metrics 0.9.1

v0.9.1 / 2026-06-02

  • FIXED: URI.join dropping path prefix in logs and metrics exporters (#2158)
Commits

Updates opentelemetry-exporter-otlp-logs from 0.5.0 to 0.5.1

Release notes

Sourced from opentelemetry-exporter-otlp-logs's releases.

opentelemetry-exporter-otlp-logs 0.5.1

v0.5.1 / 2026-06-02

  • FIXED: URI.join dropping path prefix in logs and metrics exporters (#2158)
Commits

Updates grpc from 1.80.0 to 1.81.1

Release notes

Sourced from grpc's releases.

Release v1.81.1

This is release 1.81.0 (graphic) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

  • [EventEngine] Fix a potential use-after-free error on Windows. (#42078)
  • [ssl] Server side handshaker factory stores a map of key signers. (#42002)
  • [Core] Fix completion queue shutdown race on weak memory models (ARM). (#41510)
  • [EventEngine] Fix a Windows race that causes an assertion error. (#41563)
  • [grpc_error] enable error_flatten experiment in OSS. (#41471)

Objective-C

  • [ObjC] Add receiveNextMessage to GRPCUnaryProtoCall. (#42260)

Python

  • [Python] Add typing_extensions dep to aio Bazel target. (#42001)
  • [Python] [Pyright] Part 1 - Pyright for src/python/grpcio/grpc/aio/_base_server.py. (#42240)
  • [Python] Drop 3.9. (#42145)
  • [Python] grpc-status: Relax protobuf dependency upper bound to allow 7.x. (#41948)
  • [Python] [Typeguard] Part 5 - Add Typeguard SYNC Stack in tests. (#40278)
  • [Python] Remove GIL from ReceiveMessageOperation.un_c method. (#41812)
  • [Python] Support observability in AsyncIO stack. (#41573)
  • [Python] Trim Python2 backward compatiblity syntax - removed (object) inheritance. (#41708)

Ruby

  • [Ruby] Drop support for EOL Ruby 3.1 and clean up. (#41435)
  • [Ruby] Composed CallCredentials keep a reference to their source. (#41782)

Release v1.81.0

This is release 1.81.0 (graphic) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

... (truncated)

Commits
  • e84a8a2 [Release] Bump version to 1.81.1 (on v1.81.x branch) (#42584)
  • 4706d6a [xDS] fix use-after-free in global XdsClient map (#42559)
  • 8bdf11e [Release] Bump version to 1.81.0 (on v1.81.x branch) (#42432)
  • 0029e06 Move all gRPC Session classes to the experimental namespace (#42462)
  • 6244f3b [Release] Bump version to 1.81.0-pre1 (on v1.81.x branch) (#42378)
  • 1108777 [Release] Bump core version to 54.0.0 for upcoming release (#42321)
  • 74940e8 [fix] Add back the do-while loop that handles the TSI_RESULT correctly.
  • 5c6185c [CHTTP2] Assert
  • 51bc437 Automated rollback of commit aab1eab78f9fcb3fc6e0aa9c8d7a59de280dbe3f.
  • aab1eab [Inproc] Ensure stream is always cancelled under the transport lock.
  • Additional commits viewable in compare view

Updates net-imap from 0.6.4 to 0.6.4.1

Release notes

Sourced from net-imap's releases.

v0.6.4.1

What's Changed

🔒 Security

This release fixes several more security vulnerabilities which are related to the fixes in v0.6.4. Please see the linked security advisories for more information.

  • (moderate) Command Injection via non-synchronizing literal in "raw" argument (CVE-2026-47240, GHSA-8p34-64r3-mwg8) This vulnerability depends how the server interprets non-synchronizing literals. The connection is not vulnerable if the server supports non-synchronizing literals.
  • (moderate) Command Injection via unvalidated ID and ENABLE arguments (CVE-2026-47242, GHSA-46q3-7gv7-qmgg)
  • (low) Denial of Service via incomplete "raw" argument validation (CVE-2026-47241, GHSA-c4fp-cxrr-mj66) This results in the affected command hanging until the connection is closed. If another thread attempts to send a concurrent pipelined command, the first thread will return with a syntax error and the second thread will hang until the connection closes.

Added

Fixed

Documentation

Other Changes

Miscellaneous

Full Changelog: ruby/net-imap@v0.6.4...v0.6.4.1

Commits
  • 357f3b5 🔖 Bump version to 0.6.4.1
  • e066b83 🔀 Merge pull request #701 from ruby/security/validate-non_sync_literal-support
  • 0ea9eba ✅ Fix flaky tests for MacOS, TruffleRuby
  • 5cad699 🔀 Merge pull request #700 from ruby/security/fix-raw_data-trailing-literal-ma...
  • 5a0af4a 🔀 Merge pull request #699 from ruby/security/validate-enable-arguments
  • b9d1972 🔀 Merge pull request #698 from ruby/security/validate-quoted-data
  • 07e002b ♻️ Use QuotedString internally to send quoted string
  • ae9f83b ♻️ Extract str.bytesize lvar in send_literal
  • d6ddd29 🐛 Prevent trailing {0} in RawData validation
  • 1f97168 🥅 Validate #enable arguments are all atoms
  • Additional commits viewable in compare view

Updates opentelemetry-instrumentation-action_mailer from 0.8.0 to 0.8.1

Release notes

Sourced from opentelemetry-instrumentation-action_mailer's releases.

opentelemetry-instrumentation-action_mailer 0.8.1

v0.8.1 / 2026-06-02

  • DOCS: Document payload-key and payload-transform options in action_mailer and active_storage READMEs (#2363)
Commits

Updates opentelemetry-instrumentation-active_job from 0.12.0 to 0.13.0

Release notes

Sourced from opentelemetry-instrumentation-active_job's releases.

opentelemetry-instrumentation-active_job 0.13.0

v0.13.0 / 2026-06-16

  • ADDED: Add spans for Continuation (#2361)
  • ADDED: Add step.active_job span handler for Continuation
Commits

Updates opentelemetry-instrumentation-active_storage from 0.5.0 to 0.5.1

Release notes

Sourced from opentelemetry-instrumentation-active_storage's releases.

opentelemetry-instrumentation-active_storage 0.5.1

v0.5.1 / 2026-06-02

  • DOCS: Document payload-key and payload-transform options in action_mailer and active_storage READMEs (#2363)
Commits

Updates opentelemetry-semantic_conventions from 1.38.0 to 1.41.0

Release notes

Sourced from opentelemetry-semantic_conventions's releases.

opentelemetry-semantic_conventions 1.41.0

v1.41.0 / 2026-06-10

  • ADDED: Update dependency open-telemetry/semantic-conventions to v1.41.1 (#2184)

opentelemetry-semantic_conventions 1.40.0

v1.40.0 / 2026-06-09

  • ADDED: Update dependency open-telemetry/semantic-conventions to v1.40.0 (#2173)

opentelemetry-semantic_conventions 1.39.0

v1.39.0 / 2026-06-03

  • ADDED: Update dependency open-telemetry/semantic-conventions to v1.39.0 (#2137)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…directory with 10 updates

Bumps the bundler-production-dependencies group with 9 updates in the /src/email directory:

| Package | From | To |
| --- | --- | --- |
| [google-protobuf](https://github.com/protocolbuffers/protobuf) | `4.35.0` | `4.35.1` |
| [opentelemetry-metrics-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.14.0` | `0.15.0` |
| [opentelemetry-exporter-otlp-metrics](https://github.com/open-telemetry/opentelemetry-ruby) | `0.9.0` | `0.10.0` |
| [opentelemetry-exporter-otlp-logs](https://github.com/open-telemetry/opentelemetry-ruby) | `0.5.0` | `0.5.1` |
| [grpc](https://github.com/google/grpc) | `1.80.0` | `1.81.1` |
| [net-imap](https://github.com/ruby/net-imap) | `0.6.4` | `0.6.4.1` |
| [opentelemetry-instrumentation-action_mailer](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.8.0` | `0.8.1` |
| [opentelemetry-instrumentation-active_job](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.12.0` | `0.13.0` |
| [opentelemetry-instrumentation-active_storage](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.5.0` | `0.5.1` |



Updates `google-protobuf` from 4.35.0 to 4.35.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `opentelemetry-metrics-sdk` from 0.14.0 to 0.15.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases)
- [Commits](open-telemetry/opentelemetry-ruby@opentelemetry-metrics-sdk/v0.14.0...opentelemetry-metrics-sdk/v0.15.0)

Updates `opentelemetry-exporter-otlp-metrics` from 0.9.0 to 0.10.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases)
- [Commits](open-telemetry/opentelemetry-ruby@opentelemetry-exporter-otlp-metrics/v0.9.0...opentelemetry-exporter-otlp-metrics/v0.10.0)

Updates `opentelemetry-exporter-otlp-logs` from 0.5.0 to 0.5.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases)
- [Commits](open-telemetry/opentelemetry-ruby@opentelemetry-exporter-otlp-logs/v0.5.0...opentelemetry-exporter-otlp-logs/v0.5.1)

Updates `grpc` from 1.80.0 to 1.81.1
- [Release notes](https://github.com/google/grpc/releases)
- [Commits](grpc/grpc@v1.80.0...v1.81.1)

Updates `net-imap` from 0.6.4 to 0.6.4.1
- [Release notes](https://github.com/ruby/net-imap/releases)
- [Commits](ruby/net-imap@v0.6.4...v0.6.4.1)

Updates `opentelemetry-instrumentation-action_mailer` from 0.8.0 to 0.8.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases)
- [Commits](open-telemetry/opentelemetry-ruby-contrib@opentelemetry-instrumentation-action_mailer/v0.8.0...opentelemetry-instrumentation-action_mailer/v0.8.1)

Updates `opentelemetry-instrumentation-active_job` from 0.12.0 to 0.13.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases)
- [Commits](open-telemetry/opentelemetry-ruby-contrib@opentelemetry-instrumentation-active_job/v0.12.0...opentelemetry-instrumentation-active_job/v0.13.0)

Updates `opentelemetry-instrumentation-active_storage` from 0.5.0 to 0.5.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases)
- [Commits](open-telemetry/opentelemetry-ruby-contrib@opentelemetry-instrumentation-active_storage/v0.5.0...opentelemetry-instrumentation-active_storage/v0.5.1)

Updates `opentelemetry-semantic_conventions` from 1.38.0 to 1.41.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases)
- [Commits](open-telemetry/opentelemetry-ruby@opentelemetry-semantic_conventions/v1.38.0...opentelemetry-semantic_conventions/v1.41.0)

---
updated-dependencies:
- dependency-name: google-protobuf
  dependency-version: 4.35.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bundler-production-dependencies
- dependency-name: opentelemetry-metrics-sdk
  dependency-version: 0.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bundler-production-dependencies
- dependency-name: opentelemetry-exporter-otlp-metrics
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bundler-production-dependencies
- dependency-name: opentelemetry-exporter-otlp-logs
  dependency-version: 0.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bundler-production-dependencies
- dependency-name: grpc
  dependency-version: 1.81.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: bundler-production-dependencies
- dependency-name: net-imap
  dependency-version: 0.6.4.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: bundler-production-dependencies
- dependency-name: opentelemetry-instrumentation-action_mailer
  dependency-version: 0.8.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: bundler-production-dependencies
- dependency-name: opentelemetry-instrumentation-active_job
  dependency-version: 0.13.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: bundler-production-dependencies
- dependency-name: opentelemetry-instrumentation-active_storage
  dependency-version: 0.5.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: bundler-production-dependencies
- dependency-name: opentelemetry-semantic_conventions
  dependency-version: 1.41.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: bundler-production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants