Skip to content

build(deps): bump concurrent-ruby from 1.3.3 to 1.3.7 in /apps/bare-rn + fix bare rn demo app#1279

Merged
msluszniak merged 3 commits into
mainfrom
dependabot/bundler/apps/bare-rn/concurrent-ruby-1.3.7
Jun 24, 2026
Merged

build(deps): bump concurrent-ruby from 1.3.3 to 1.3.7 in /apps/bare-rn + fix bare rn demo app#1279
msluszniak merged 3 commits into
mainfrom
dependabot/bundler/apps/bare-rn/concurrent-ruby-1.3.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps concurrent-ruby from 1.3.3 to 1.3.7.

Release notes

Sourced from concurrent-ruby's releases.

v1.3.7

There are 3 security fixes in this release, so updating is recommended. These security vulnerabilities are not very likely to be hit in practice and have a corresponding Low severity score.

What's Changed

New Contributors

Full Changelog: ruby-concurrency/concurrent-ruby@v1.3.6...v1.3.7

v1.3.6

What's Changed

New Contributors

Full Changelog: ruby-concurrency/concurrent-ruby@v1.3.5...v1.3.6

... (truncated)

Changelog

Sourced from concurrent-ruby's changelog.

Release v1.3.7 (16 June 2026)

concurrent-ruby:

Release v1.3.6 (13 December 2025)

concurrent-ruby:

Release v1.3.5, edge v0.7.2 (15 January 2025)

concurrent-ruby:

  • (#1062) Remove dependency on logger.

concurrent-ruby-edge:

  • (#1062) Remove dependency on logger.

Release v1.3.4 (10 August 2024)

  • (#1060) Fix bug with return value of Concurrent.available_processor_count when cpu.cfs_quota_us is -1.
  • (#1058) Add Concurrent.cpu_shares that is cgroups aware.
Commits
  • 4c8fc28 Release 1.3.7
  • d91ca94 Fix AtomicReference#update livelock when stored value is Float::NAN on JRuby ...
  • 7e4d711 Fix ReentrantReadWriteLock read hold overflow into write-lock bit
  • 6e37e06 Fix AtomicReference#update livelock when stored value is Float::NAN
  • 2825cfa Cleanup spec
  • 3fd4932 Fix ReadWriteLock wrong-thread write release and stray read release
  • 1974b47 Add Ruby 4.0 in CI
  • df8706d Add SECURITY.md (#1104)
  • 7a1b789 Bump actions/upload-pages-artifact from 4 to 5
  • 9b2dbf7 Bump actions/deploy-pages from 4 to 5
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump concurrent-ruby from 1.3.3 to 1.3.7 in /apps/bare-rn
b88b5c9 
Bumps [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby) from 1.3.3 to 1.3.7.
- [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases)
- [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md)
- [Commits](ruby-concurrency/concurrent-ruby@v1.3.3...v1.3.7)

---
updated-dependencies:
- dependency-name: concurrent-ruby
  dependency-version: 1.3.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 24, 2026
@msluszniak msluszniak self-assigned this Jun 24, 2026
@msluszniak
fix(bare-rn): add nkf gem for Ruby 3.4 pod install compatibility
999d99b 
CFPropertyList requires kconv when CocoaPods reads the ExecuTorch
xcframework plists, but kconv (nkf) was removed from Ruby 3.4's stdlib.
Re-add it alongside the other stdlib gems so 'bundle exec pod install'
works on Ruby 3.4.x.
@msluszniak
fix(bare-rn): add react-native-device-info dependency
873b915 
react-native-executorch depends on react-native-device-info for its
simulator-detection backend policy, but the app sets hoistingLimits to
'workspaces' so the transitive dep never reaches the app and the native
module isn't autolinked, crashing at runtime (RNDeviceInfo is null).
Declare it directly so it autolinks and pods install.
@msluszniak msluszniak changed the title build(deps): bump concurrent-ruby from 1.3.3 to 1.3.7 in /apps/bare-rn build(deps): bump concurrent-ruby from 1.3.3 to 1.3.7 in /apps/bare-rn + fix bare rn demo app Jun 24, 2026
@msluszniak msluszniak merged commit 73cdedf into main Jun 24, 2026
2 checks passed
@msluszniak msluszniak deleted the dependabot/bundler/apps/bare-rn/concurrent-ruby-1.3.7 branch June 24, 2026 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@msluszniak msluszniak msluszniak approved these changes

Assignees

@msluszniak msluszniak

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@msluszniak