Skip to content

build(deps): bump faraday from 2.14.2 to 2.14.3#1272

Merged
myronmarston merged 2 commits into
mainfrom
dependabot/bundler/faraday-2.14.3
Jul 1, 2026
Merged

build(deps): bump faraday from 2.14.2 to 2.14.3#1272
myronmarston merged 2 commits into
mainfrom
dependabot/bundler/faraday-2.14.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps faraday from 2.14.2 to 2.14.3.

Release notes

Sourced from faraday's releases.

v2.14.3

Security Note

This release contains a security fix, we recommend all users to upgrade as soon as possible. A Security Advisory with more details will be posted shortly.

What's Changed

New Contributors

Full Changelog: lostisland/faraday@v2.14.2...v2.14.3

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jun 23, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jun 23, 2026
myronmarston added a commit that referenced this pull request Jul 1, 2026
## Why

A batch of dependency-bump PRs (#1236, #1245, #1267, #1272, #1276,
#1277, #1279, #1280) are all failing Steep with `declaration is
duplicated` errors.

Root cause: the new `elasticgraph-json_ingestion` gem ships RBS
signatures (`sig/`) and is a dev dependency of 6 other EG gems, but it
was never added to `rbs_collection.yaml` with `ignore: true`. When `rbs
collection install` runs, it pulls the gem's signatures in via bundler
while those same signatures _also_ exist locally in this monorepo, so
Steep sees duplicate declarations and fails.

Every EG gem that ships signatures must be ignored in
`rbs_collection.yaml` for this reason (see the explanatory comment in
that file). Nothing in CI caught the omission.

## What

- **Fix**: add `elasticgraph-json_ingestion` to `rbs_collection.yaml`
with `ignore: true`.
- **Guard**: add a spec to `gem_spec.rb` asserting that the EG gems with
a `sig/` directory match (via `match_array`) the `elasticgraph*` entries
marked `ignore: true`. This catches both a newly-added gem missing its
entry _and_ a stale entry, so this mistake can't recur silently.

The bootstrap gem `elasticgraph` (no dash) ships no signatures and is
correctly exempt.

## Verification

- New spec fails before the yaml fix (`missing elements:
["elasticgraph-json_ingestion"]`), passes after.
- `bundle exec rspec elasticgraph/spec/unit/elastic_graph/gem_spec.rb` →
205 examples, 0 failures.
- `script/type_check` → No type error detected. 🫖

🤖 Generated with [Claude Code](https://claude.com/claude-code)
@myronmarston

Copy link
Copy Markdown
Collaborator

🤖 (via Claude Code on Myron's behalf)

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/bundler/faraday-2.14.3 branch from 2eb0a35 to 4eae780 Compare July 1, 2026 00:02
@myronmarston

Copy link
Copy Markdown
Collaborator

@dependabot recreate

Bumps [faraday](https://github.com/lostisland/faraday) from 2.14.2 to 2.14.3.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](lostisland/faraday@v2.14.2...v2.14.3)

---
updated-dependencies:
- dependency-name: faraday
  dependency-version: 2.14.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/faraday-2.14.3 branch from a581790 to 0406495 Compare July 1, 2026 00:32
@myronmarston myronmarston merged commit 0f12e10 into main Jul 1, 2026
25 checks passed
@myronmarston myronmarston deleted the dependabot/bundler/faraday-2.14.3 branch July 1, 2026 01:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant