From a50eaa3dcd6fcb3673d5356db886af26c4e15e52 Mon Sep 17 00:00:00 2001 From: Hiroshi SHIBATA Date: Thu, 4 Jun 2026 10:04:20 +0900 Subject: [PATCH 1/8] Bump actions/checkout to v6.0.3 Dependabot left the version comment as v6.0.2 on the four lines that carry a trailing `# zizmor: ignore[artipacked]`, since its comment rewriter only handles a version comment as the last token on the line. zizmor flagged the resulting hash/comment mismatch. Update every checkout pin in .github to the v6.0.3 commit and comment at once. --- .github/actions/setup/directories/action.yml | 2 +- .github/workflows/annocheck.yml | 2 +- .github/workflows/auto_review_pr.yml | 2 +- .github/workflows/baseruby.yml | 2 +- .github/workflows/bundled_gems.yml | 2 +- .github/workflows/check_dependencies.yml | 2 +- .github/workflows/check_misc.yml | 4 +-- .github/workflows/check_sast.yml | 4 +-- .github/workflows/compilers.yml | 26 ++++++++++---------- .github/workflows/crosscompile.yml | 2 +- .github/workflows/cygwin.yml | 2 +- .github/workflows/default_gems_list.yml | 2 +- .github/workflows/macos.yml | 2 +- .github/workflows/mingw.yml | 2 +- .github/workflows/modgc.yml | 2 +- .github/workflows/parse_y.yml | 2 +- .github/workflows/post_push.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/rust-warnings.yml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/spec_guards.yml | 2 +- .github/workflows/sync_default_gems.yml | 2 +- .github/workflows/tarball-macos.yml | 2 +- .github/workflows/tarball-test.yml | 2 +- .github/workflows/tarball-ubuntu.yml | 2 +- .github/workflows/tarball-windows.yml | 2 +- .github/workflows/ubuntu.yml | 6 ++--- .github/workflows/wasm.yml | 2 +- .github/workflows/windows.yml | 2 +- .github/workflows/yjit-macos.yml | 4 +-- .github/workflows/yjit-ubuntu.yml | 6 ++--- .github/workflows/zjit-macos.yml | 6 ++--- .github/workflows/zjit-ubuntu.yml | 8 +++--- 33 files changed, 57 insertions(+), 57 deletions(-) diff --git a/.github/actions/setup/directories/action.yml b/.github/actions/setup/directories/action.yml index 589049a4b8b2ac..15dc097b6e66c1 100644 --- a/.github/actions/setup/directories/action.yml +++ b/.github/actions/setup/directories/action.yml @@ -98,7 +98,7 @@ runs: git config --global init.defaultBranch garbage - if: inputs.checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: path: ${{ inputs.srcdir }} fetch-depth: ${{ inputs.fetch-depth }} diff --git a/.github/workflows/annocheck.yml b/.github/workflows/annocheck.yml index 1d23c38fcd024b..5991165d43abf3 100644 --- a/.github/workflows/annocheck.yml +++ b/.github/workflows/annocheck.yml @@ -61,7 +61,7 @@ jobs: - run: id working-directory: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout-cone-mode: false sparse-checkout: /.github diff --git a/.github/workflows/auto_review_pr.yml b/.github/workflows/auto_review_pr.yml index 24859ad0b09024..bb84a51573814b 100644 --- a/.github/workflows/auto_review_pr.yml +++ b/.github/workflows/auto_review_pr.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/baseruby.yml b/.github/workflows/baseruby.yml index 1acfbe19ace9ab..9e7720f659fcff 100644 --- a/.github/workflows/baseruby.yml +++ b/.github/workflows/baseruby.yml @@ -53,7 +53,7 @@ jobs: ruby-version: ${{ matrix.ruby }} bundler: none - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/bundled_gems.yml b/.github/workflows/bundled_gems.yml index d890ed2495be59..9acec6d41f69ee 100644 --- a/.github/workflows/bundled_gems.yml +++ b/.github/workflows/bundled_gems.yml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # zizmor: ignore[artipacked] + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # zizmor: ignore[artipacked] with: token: ${{ (github.repository == 'ruby/ruby' && !startsWith(github.event_name, 'pull')) && secrets.MATZBOT_AUTO_UPDATE_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/check_dependencies.yml b/.github/workflows/check_dependencies.yml index ad399b264fd2ee..a120dde7e5c959 100644 --- a/.github/workflows/check_dependencies.yml +++ b/.github/workflows/check_dependencies.yml @@ -30,7 +30,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/check_misc.yml b/.github/workflows/check_misc.yml index f194d007799d11..cb1642b9e2e3b2 100644 --- a/.github/workflows/check_misc.yml +++ b/.github/workflows/check_misc.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: token: ${{ (github.repository == 'ruby/ruby' && !startsWith(github.event_name, 'pull')) && secrets.MATZBOT_AUTO_UPDATE_TOKEN || secrets.GITHUB_TOKEN }} persist-credentials: false @@ -100,7 +100,7 @@ jobs: { echo version=$2; echo ref=$4; } >> $GITHUB_OUTPUT - name: Checkout rdoc - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: repository: ruby/rdoc ref: ${{ steps.rdoc.outputs.ref }} diff --git a/.github/workflows/check_sast.yml b/.github/workflows/check_sast.yml index 6fd1be6542cf28..58d426fbf2125a 100644 --- a/.github/workflows/check_sast.yml +++ b/.github/workflows/check_sast.yml @@ -40,7 +40,7 @@ jobs: security-events: write steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -73,7 +73,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/compilers.yml b/.github/workflows/compilers.yml index 147470f38a9988..f747b7fd033e35 100644 --- a/.github/workflows/compilers.yml +++ b/.github/workflows/compilers.yml @@ -51,7 +51,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { sparse-checkout-cone-mode: false, sparse-checkout: /.github, persist-credentials: false } # Set fetch-depth: 10 so that Launchable can receive commits information. - { uses: './.github/actions/setup/directories', with: { srcdir: 'src', builddir: 'build', makeup: true, fetch-depth: 10 } } @@ -74,7 +74,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { sparse-checkout-cone-mode: false, sparse-checkout: /.github, persist-credentials: false } - { uses: './.github/actions/setup/directories', with: { srcdir: 'src', builddir: 'build', makeup: true, fetch-depth: 10 } } - name: 'GCC 15 LTO' @@ -102,7 +102,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { sparse-checkout-cone-mode: false, sparse-checkout: /.github, persist-credentials: false } - { uses: './.github/actions/setup/directories', with: { srcdir: 'src', builddir: 'build', makeup: true, fetch-depth: 10 } } - { uses: './.github/actions/compilers', name: 'clang 20', with: { tag: 'clang-20' }, timeout-minutes: 5 } @@ -121,7 +121,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { sparse-checkout-cone-mode: false, sparse-checkout: /.github, persist-credentials: false } - { uses: './.github/actions/setup/directories', with: { srcdir: 'src', builddir: 'build', makeup: true, fetch-depth: 10 } } - { uses: './.github/actions/compilers', name: 'clang 13', with: { tag: 'clang-13' }, timeout-minutes: 5 } @@ -142,7 +142,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { sparse-checkout-cone-mode: false, sparse-checkout: /.github, persist-credentials: false } - { uses: './.github/actions/setup/directories', with: { srcdir: 'src', builddir: 'build', makeup: true, fetch-depth: 10 } } # -Wno-strict-prototypes is necessary with current clang-15 since @@ -168,7 +168,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { sparse-checkout-cone-mode: false, sparse-checkout: /.github, persist-credentials: false } - { uses: './.github/actions/setup/directories', with: { srcdir: 'src', builddir: 'build', makeup: true, fetch-depth: 10 } } - { uses: './.github/actions/compilers', name: 'C++20', with: { CXXFLAGS: '-std=c++20 -Werror=pedantic -pedantic-errors -Wno-c++11-long-long' }, timeout-minutes: 5 } @@ -188,7 +188,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { sparse-checkout-cone-mode: false, sparse-checkout: /.github, persist-credentials: false } - { uses: './.github/actions/setup/directories', with: { srcdir: 'src', builddir: 'build', makeup: true, fetch-depth: 10 } } - { uses: './.github/actions/compilers', name: 'disable-jit', with: { append_configure: '--disable-yjit --disable-zjit' }, timeout-minutes: 5 } @@ -208,7 +208,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { sparse-checkout-cone-mode: false, sparse-checkout: /.github, persist-credentials: false } - { uses: './.github/actions/setup/directories', with: { srcdir: 'src', builddir: 'build', makeup: true, fetch-depth: 10 } } - { uses: './.github/actions/compilers', name: 'NDEBUG', with: { cppflags: '-DNDEBUG' }, timeout-minutes: 5 } @@ -227,7 +227,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { sparse-checkout-cone-mode: false, sparse-checkout: /.github, persist-credentials: false } - { uses: './.github/actions/setup/directories', with: { srcdir: 'src', builddir: 'build', makeup: true, fetch-depth: 10 } } - { uses: './.github/actions/compilers', name: 'HASH_DEBUG', with: { cppflags: '-DHASH_DEBUG' }, timeout-minutes: 5 } @@ -247,7 +247,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { sparse-checkout-cone-mode: false, sparse-checkout: /.github, persist-credentials: false } - { uses: './.github/actions/setup/directories', with: { srcdir: 'src', builddir: 'build', makeup: true, fetch-depth: 10 } } - { uses: './.github/actions/compilers', name: 'USE_LAZY_LOAD', with: { cppflags: '-DUSE_LAZY_LOAD' }, timeout-minutes: 5 } @@ -268,7 +268,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { sparse-checkout-cone-mode: false, sparse-checkout: /.github, persist-credentials: false } - { uses: './.github/actions/setup/directories', with: { srcdir: 'src', builddir: 'build', makeup: true, fetch-depth: 10 } } - { uses: './.github/actions/compilers', name: 'GC_DEBUG_STRESS_TO_CLASS', with: { cppflags: '-DGC_DEBUG_STRESS_TO_CLASS' }, timeout-minutes: 5 } @@ -287,7 +287,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { sparse-checkout-cone-mode: false, sparse-checkout: /.github, persist-credentials: false } - { uses: './.github/actions/setup/directories', with: { srcdir: 'src', builddir: 'build', makeup: true, fetch-depth: 10 } } - { uses: './.github/actions/compilers', name: 'VM_DEBUG_BP_CHECK', with: { cppflags: '-DVM_DEBUG_BP_CHECK' }, timeout-minutes: 5 } @@ -317,7 +317,7 @@ jobs: - 'compileB' - 'compileC' steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { sparse-checkout-cone-mode: false, sparse-checkout: /.github, persist-credentials: false } - uses: ./.github/actions/slack with: diff --git a/.github/workflows/crosscompile.yml b/.github/workflows/crosscompile.yml index 4c28516e25bd2c..3ed6429a1e5ced 100644 --- a/.github/workflows/crosscompile.yml +++ b/.github/workflows/crosscompile.yml @@ -52,7 +52,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout-cone-mode: false sparse-checkout: /.github diff --git a/.github/workflows/cygwin.yml b/.github/workflows/cygwin.yml index 5ab86c7b19fbf3..f1a6f79587f30f 100644 --- a/.github/workflows/cygwin.yml +++ b/.github/workflows/cygwin.yml @@ -40,7 +40,7 @@ jobs: steps: - run: git config --global core.autocrlf input - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/default_gems_list.yml b/.github/workflows/default_gems_list.yml index f52b83103ce34c..c4b4cd6d30de5d 100644 --- a/.github/workflows/default_gems_list.yml +++ b/.github/workflows/default_gems_list.yml @@ -23,7 +23,7 @@ jobs: if: ${{ github.repository == 'ruby/ruby' }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # zizmor: ignore[artipacked] + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # zizmor: ignore[artipacked] with: token: ${{ (github.repository == 'ruby/ruby' && !startsWith(github.event_name, 'pull')) && secrets.MATZBOT_AUTO_UPDATE_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 501d35698b7974..4f1807121f9d96 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -65,7 +65,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout-cone-mode: false sparse-checkout: /.github diff --git a/.github/workflows/mingw.yml b/.github/workflows/mingw.yml index 1efae8be59e5c5..9a47e70f8cb929 100644 --- a/.github/workflows/mingw.yml +++ b/.github/workflows/mingw.yml @@ -168,7 +168,7 @@ jobs: [ ${#failed[@]} -eq 0 ] shell: sh - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout-cone-mode: false sparse-checkout: /.github diff --git a/.github/workflows/modgc.yml b/.github/workflows/modgc.yml index bd3c6ab5750e3d..218127aad7c1d5 100644 --- a/.github/workflows/modgc.yml +++ b/.github/workflows/modgc.yml @@ -48,7 +48,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout-cone-mode: false sparse-checkout: /.github diff --git a/.github/workflows/parse_y.yml b/.github/workflows/parse_y.yml index a0082f71dec0c6..7c26e87e57317f 100644 --- a/.github/workflows/parse_y.yml +++ b/.github/workflows/parse_y.yml @@ -51,7 +51,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout-cone-mode: false sparse-checkout: /.github diff --git a/.github/workflows/post_push.yml b/.github/workflows/post_push.yml index 237679ebb1a810..eed8d5b42c4b2b 100644 --- a/.github/workflows/post_push.yml +++ b/.github/workflows/post_push.yml @@ -34,7 +34,7 @@ jobs: REDMINE_SYS_API_KEY: ${{ secrets.REDMINE_SYS_API_KEY }} if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/ruby_') }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # zizmor: ignore[artipacked] + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # zizmor: ignore[artipacked] with: fetch-depth: 500 # for notify-slack-commits token: ${{ secrets.MATZBOT_AUTO_UPDATE_TOKEN }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 5d16915e10035c..5d4a31d287f03c 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,7 +18,7 @@ jobs: release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/rust-warnings.yml b/.github/workflows/rust-warnings.yml index 23ed16440573ae..7ea7d0c9507fa1 100644 --- a/.github/workflows/rust-warnings.yml +++ b/.github/workflows/rust-warnings.yml @@ -36,7 +36,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 74c13f98faeb53..71fe3c3c01052e 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -34,7 +34,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/spec_guards.yml b/.github/workflows/spec_guards.yml index 856b6e434e3cd7..39714b13a4304a 100644 --- a/.github/workflows/spec_guards.yml +++ b/.github/workflows/spec_guards.yml @@ -45,7 +45,7 @@ jobs: fail-fast: false steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/sync_default_gems.yml b/.github/workflows/sync_default_gems.yml index 9fd19454492fbb..7fbddc48a2447f 100644 --- a/.github/workflows/sync_default_gems.yml +++ b/.github/workflows/sync_default_gems.yml @@ -34,7 +34,7 @@ jobs: if: ${{ github.repository == 'ruby/ruby' }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # zizmor: ignore[artipacked] + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # zizmor: ignore[artipacked] name: Check out ruby/ruby with: token: ${{ github.repository == 'ruby/ruby' && secrets.MATZBOT_AUTO_UPDATE_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/tarball-macos.yml b/.github/workflows/tarball-macos.yml index 9bec94d52804bf..0d02cf6ae17475 100644 --- a/.github/workflows/tarball-macos.yml +++ b/.github/workflows/tarball-macos.yml @@ -76,7 +76,7 @@ jobs: /usr/local/bin/gem -v /usr/local/bin/bundle -v if: matrix.test_task == 'check' - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout: .github/actions/slack sparse-checkout-cone-mode: false diff --git a/.github/workflows/tarball-test.yml b/.github/workflows/tarball-test.yml index c862ab76cc1886..f75d76761a8cf8 100644 --- a/.github/workflows/tarball-test.yml +++ b/.github/workflows/tarball-test.yml @@ -46,7 +46,7 @@ jobs: || contains(github.event.pull_request.labels.*.name, 'Documentation') || (github.event.pull_request.user.login == 'dependabot[bot]') )}} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 # actions/checkout fetches all heads/tags unless > 0 persist-credentials: false diff --git a/.github/workflows/tarball-ubuntu.yml b/.github/workflows/tarball-ubuntu.yml index e227dc29aa59bd..0482db3c7f3181 100644 --- a/.github/workflows/tarball-ubuntu.yml +++ b/.github/workflows/tarball-ubuntu.yml @@ -126,7 +126,7 @@ jobs: if: matrix.test_task == 'check' - name: Show .local run: find $HOME/.local -ls - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout: .github/actions/slack sparse-checkout-cone-mode: false diff --git a/.github/workflows/tarball-windows.yml b/.github/workflows/tarball-windows.yml index 1ce95de6fcbb87..a66cdf729d0141 100644 --- a/.github/workflows/tarball-windows.yml +++ b/.github/workflows/tarball-windows.yml @@ -138,7 +138,7 @@ jobs: timeout-minutes: 70 continue-on-error: ${{ matrix.continue-on-error || false }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout: .github/actions/slack sparse-checkout-cone-mode: false diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml index 09e96f764c7546..c887ae38118e42 100644 --- a/.github/workflows/ubuntu.yml +++ b/.github/workflows/ubuntu.yml @@ -60,7 +60,7 @@ jobs: )}} steps: &make-steps - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout-cone-mode: false sparse-checkout: /.github @@ -222,7 +222,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -240,7 +240,7 @@ jobs: - run: make install - name: Checkout ruby-bench - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: repository: ruby/ruby-bench persist-credentials: false diff --git a/.github/workflows/wasm.yml b/.github/workflows/wasm.yml index edb2c76c48fb27..f0263de5ef15e9 100644 --- a/.github/workflows/wasm.yml +++ b/.github/workflows/wasm.yml @@ -59,7 +59,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout-cone-mode: false sparse-checkout: /.github diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 13551427bbbf32..b2c84abc6d397e 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -65,7 +65,7 @@ jobs: bundler: none windows-toolchain: none - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout-cone-mode: false diff --git a/.github/workflows/yjit-macos.yml b/.github/workflows/yjit-macos.yml index b52c6355ada1ea..e11de6bc51c560 100644 --- a/.github/workflows/yjit-macos.yml +++ b/.github/workflows/yjit-macos.yml @@ -41,7 +41,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -85,7 +85,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout-cone-mode: false sparse-checkout: /.github diff --git a/.github/workflows/yjit-ubuntu.yml b/.github/workflows/yjit-ubuntu.yml index 934c3f56d4c1ac..ab816940f4bcca 100644 --- a/.github/workflows/yjit-ubuntu.yml +++ b/.github/workflows/yjit-ubuntu.yml @@ -36,7 +36,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -70,7 +70,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -125,7 +125,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout-cone-mode: false sparse-checkout: /.github diff --git a/.github/workflows/zjit-macos.yml b/.github/workflows/zjit-macos.yml index e68bd897fd55d2..7494f77792c79d 100644 --- a/.github/workflows/zjit-macos.yml +++ b/.github/workflows/zjit-macos.yml @@ -69,7 +69,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout-cone-mode: false sparse-checkout: /.github @@ -192,7 +192,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -214,7 +214,7 @@ jobs: run: echo "MAKEFLAGS=" >> "$GITHUB_ENV" - name: Checkout ruby-bench - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false repository: ruby/ruby-bench diff --git a/.github/workflows/zjit-ubuntu.yml b/.github/workflows/zjit-ubuntu.yml index 8d146b7bdc8cf5..4ba2542e393d5b 100644 --- a/.github/workflows/zjit-ubuntu.yml +++ b/.github/workflows/zjit-ubuntu.yml @@ -41,7 +41,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -106,7 +106,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout-cone-mode: false sparse-checkout: /.github @@ -250,7 +250,7 @@ jobs: )}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -268,7 +268,7 @@ jobs: - run: make install - name: Checkout ruby-bench - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: repository: ruby/ruby-bench persist-credentials: false From 97672020e5390f3e15a5219a6983efe98aaa88e0 Mon Sep 17 00:00:00 2001 From: Hiroshi SHIBATA Date: Thu, 4 Jun 2026 10:12:47 +0900 Subject: [PATCH 2/8] Move artipacked suppressions to zizmor config The inline `# zizmor: ignore[artipacked]` comment is a second trailing comment on the checkout line, which prevents Dependabot from updating the version comment. Suppress these findings in .github/zizmor.yml instead so the pins stay a single comment and Dependabot keeps them in sync. --- .github/workflows/bundled_gems.yml | 2 +- .github/workflows/default_gems_list.yml | 2 +- .github/workflows/post_push.yml | 2 +- .github/workflows/sync_default_gems.yml | 2 +- .github/zizmor.yml | 7 +++++++ 5 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/bundled_gems.yml b/.github/workflows/bundled_gems.yml index 9acec6d41f69ee..d329ee9b4baccf 100644 --- a/.github/workflows/bundled_gems.yml +++ b/.github/workflows/bundled_gems.yml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # zizmor: ignore[artipacked] + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: token: ${{ (github.repository == 'ruby/ruby' && !startsWith(github.event_name, 'pull')) && secrets.MATZBOT_AUTO_UPDATE_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/default_gems_list.yml b/.github/workflows/default_gems_list.yml index c4b4cd6d30de5d..68f2d18dd6446a 100644 --- a/.github/workflows/default_gems_list.yml +++ b/.github/workflows/default_gems_list.yml @@ -23,7 +23,7 @@ jobs: if: ${{ github.repository == 'ruby/ruby' }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # zizmor: ignore[artipacked] + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: token: ${{ (github.repository == 'ruby/ruby' && !startsWith(github.event_name, 'pull')) && secrets.MATZBOT_AUTO_UPDATE_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/post_push.yml b/.github/workflows/post_push.yml index eed8d5b42c4b2b..e351c8c2866712 100644 --- a/.github/workflows/post_push.yml +++ b/.github/workflows/post_push.yml @@ -34,7 +34,7 @@ jobs: REDMINE_SYS_API_KEY: ${{ secrets.REDMINE_SYS_API_KEY }} if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/ruby_') }} - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # zizmor: ignore[artipacked] + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 500 # for notify-slack-commits token: ${{ secrets.MATZBOT_AUTO_UPDATE_TOKEN }} diff --git a/.github/workflows/sync_default_gems.yml b/.github/workflows/sync_default_gems.yml index 7fbddc48a2447f..3aaae5864fcaaf 100644 --- a/.github/workflows/sync_default_gems.yml +++ b/.github/workflows/sync_default_gems.yml @@ -34,7 +34,7 @@ jobs: if: ${{ github.repository == 'ruby/ruby' }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # zizmor: ignore[artipacked] + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 name: Check out ruby/ruby with: token: ${{ github.repository == 'ruby/ruby' && secrets.MATZBOT_AUTO_UPDATE_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/zizmor.yml b/.github/zizmor.yml index 65b67fb6c8eb04..2a8cad1d5ce3de 100644 --- a/.github/zizmor.yml +++ b/.github/zizmor.yml @@ -1,6 +1,13 @@ # Ignore existing findings (baseline) # Composite action findings are suppressed inline with # zizmor: ignore rules: + artipacked: + # These jobs push back to the repo and need persisted credentials. + ignore: + - bundled_gems.yml + - default_gems_list.yml + - post_push.yml + - sync_default_gems.yml dangerous-triggers: ignore: - auto_request_review.yml From b74a5f5ec8e49122a9187611736108caa77d4545 Mon Sep 17 00:00:00 2001 From: Max Bernstein Date: Wed, 3 Jun 2026 16:10:26 -0400 Subject: [PATCH 3/8] ZJIT: Replace IsNil with existing HasType No need for a separate opcode. --- zjit/src/codegen.rs | 8 -------- zjit/src/hir.rs | 15 ++++----------- zjit/src/hir/opt_tests.rs | 2 ++ zjit/src/hir/tests.rs | 4 ++-- 4 files changed, 8 insertions(+), 21 deletions(-) diff --git a/zjit/src/codegen.rs b/zjit/src/codegen.rs index 47f4a97ac7caa3..2d2ade8d7eebdb 100644 --- a/zjit/src/codegen.rs +++ b/zjit/src/codegen.rs @@ -687,7 +687,6 @@ fn gen_insn(cb: &mut CodeBlock, jit: &mut JITState, asm: &mut Assembler, functio } &Insn::FixnumMod { left, right, state } => gen_fixnum_mod(jit, asm, opnd!(left), opnd!(right), &function.frame_state(state)), &Insn::FixnumAref { recv, index } => gen_fixnum_aref(asm, opnd!(recv), opnd!(index)), - Insn::IsNil { val } => gen_isnil(asm, opnd!(val)), &Insn::IsMethodCfunc { val, cd, cfunc, state } => gen_is_method_cfunc(asm, opnd!(val), cd, cfunc, &function.frame_state(state)), &Insn::IsBitEqual { left, right } => gen_is_bit_equal(asm, opnd!(left), opnd!(right)), &Insn::IsBitNotEqual { left, right } => gen_is_bit_not_equal(asm, opnd!(left), opnd!(right)), @@ -2404,13 +2403,6 @@ fn gen_fixnum_aref(asm: &mut Assembler, recv: lir::Opnd, index: lir::Opnd) -> li asm_ccall!(asm, rb_fix_aref, recv, index) } -// Compile val == nil -fn gen_isnil(asm: &mut Assembler, val: lir::Opnd) -> lir::Opnd { - asm.cmp(val, Qnil.into()); - // TODO: Implement and use setcc - asm.csel_e(Opnd::Imm(1), Opnd::Imm(0)) -} - fn gen_is_method_cfunc(asm: &mut Assembler, val: lir::Opnd, cd: *const rb_call_data, cfunc: *const u8, state: &FrameState) -> lir::Opnd { unsafe extern "C" { fn rb_vm_method_cfunc_is(iseq: IseqPtr, cd: *const rb_call_data, recv: VALUE, cfunc: *const u8) -> VALUE; diff --git a/zjit/src/hir.rs b/zjit/src/hir.rs index 02e3759cd69d9e..b247d57ceaafb6 100644 --- a/zjit/src/hir.rs +++ b/zjit/src/hir.rs @@ -926,8 +926,6 @@ pub enum Insn { /// Check if the value is truthy and "return" a C boolean. In reality, we will likely fuse this /// with IfTrue/IfFalse in the backend to generate jcc. Test { val: InsnId }, - /// Return C `true` if `val` is `Qnil`, else `false`. - IsNil { val: InsnId }, /// Return C `true` if `val`'s method on cd resolves to the cfunc. IsMethodCfunc { val: InsnId, cd: *const rb_call_data, cfunc: *const u8, state: InsnId }, /// Return C `true` if left == right @@ -1314,8 +1312,7 @@ macro_rules! for_each_operand_impl { | Insn::Return { val } | Insn::Test { val } | Insn::SetLocal { val, .. } - | Insn::BoxBool { val } - | Insn::IsNil { val } => { + | Insn::BoxBool { val } => { $visit_one!(val); } Insn::SetGlobal { val, state, .. } @@ -1635,7 +1632,6 @@ impl Insn { Insn::ObjectAlloc { .. } => effects::Any, Insn::ObjectAllocClass { .. } => allocates, Insn::Test { .. } => effects::Empty, - Insn::IsNil { .. } => effects::Empty, Insn::IsMethodCfunc { .. } => effects::Any, Insn::IsBitEqual { .. } => effects::Empty, Insn::IsBitNotEqual { .. } => effects::Empty, @@ -2007,7 +2003,6 @@ impl<'a> std::fmt::Display for InsnPrinter<'a> { Ok(()) } Insn::Test { val } => { write!(f, "Test {val}") } - Insn::IsNil { val } => { write!(f, "IsNil {val}") } Insn::IsMethodCfunc { val, cd, .. } => { write!(f, "IsMethodCFunc {val}, :{}", ruby_call_method_name(*cd)) } Insn::IsBitEqual { left, right } => write!(f, "IsBitEqual {left}, {right}"), Insn::IsBitNotEqual { left, right } => write!(f, "IsBitNotEqual {left}, {right}"), @@ -2949,9 +2944,6 @@ impl Function { Insn::Test { val } if self.type_of(*val).is_known_falsy() => Type::from_cbool(false), Insn::Test { val } if self.type_of(*val).is_known_truthy() => Type::from_cbool(true), Insn::Test { .. } => types::CBool, - Insn::IsNil { val } if self.is_a(*val, types::NilClass) => Type::from_cbool(true), - Insn::IsNil { val } if !self.type_of(*val).could_be(types::NilClass) => Type::from_cbool(false), - Insn::IsNil { .. } => types::CBool, Insn::IsMethodCfunc { .. } => types::CBool, Insn::IsBitEqual { .. } => types::CBool, Insn::IsBitNotEqual { .. } => types::CBool, @@ -2990,6 +2982,8 @@ impl Function { Insn::CheckMatch { .. } => types::BasicObject, Insn::GuardType { val, guard_type, .. } => self.type_of(*val).intersection(*guard_type), Insn::RefineType { val, new_type, .. } => self.type_of(*val).intersection(*new_type), + &Insn::HasType { val, expected } if self.is_a(val, expected) => Type::from_cbool(true), + &Insn::HasType { val, expected } if !self.type_of(val).could_be(expected) => Type::from_cbool(false), Insn::HasType { .. } => types::CBool, Insn::GuardBitEquals { val, expected, .. } => self.type_of(*val).intersection(Type::from_const(*expected)), Insn::GuardAnyBitSet { val, .. } => self.type_of(*val), @@ -6025,7 +6019,6 @@ impl Function { } // Instructions with 1 Ruby object operand Insn::Test { val } - | Insn::IsNil { val } | Insn::IsMethodCfunc { val, .. } | Insn::SetGlobal { val, .. } | Insn::SetLocal { val, .. } @@ -7347,7 +7340,7 @@ pub fn iseq_to_hir(iseq: *const rb_iseq_t) -> Result { } let offset = get_arg(pc, 0).as_i64(); let val = state.stack_pop()?; - let test_id = fun.push_insn(block, Insn::IsNil { val }); + let test_id = fun.push_insn(block, Insn::HasType { val, expected: types::NilClass }); let target_idx = insn_idx_at_offset(insn_idx, offset); let target = insn_idx_to_block[&target_idx]; let nil = fun.push_insn(block, Insn::Const { val: Const::Value(Qnil) }); diff --git a/zjit/src/hir/opt_tests.rs b/zjit/src/hir/opt_tests.rs index 74b951d2e59410..c60b01178f0b41 100644 --- a/zjit/src/hir/opt_tests.rs +++ b/zjit/src/hir/opt_tests.rs @@ -6767,6 +6767,7 @@ mod hir_opt_tests { bb3(v8:BasicObject, v9:NilClass): v13:NilClass = Const Value(nil) CheckInterrupts + v20:CBool[true] = HasType v13, NilClass v21:NilClass = Const Value(nil) Return v21 "); @@ -6796,6 +6797,7 @@ mod hir_opt_tests { bb3(v8:BasicObject, v9:NilClass): v13:Fixnum[1] = Const Value(1) CheckInterrupts + v20:CBool[false] = HasType v13, NilClass PatchPoint MethodRedefined(Integer@0x1000, itself@0x1008, cme:0x1010) Return v13 "); diff --git a/zjit/src/hir/tests.rs b/zjit/src/hir/tests.rs index 7a1cd85c5fb38f..a17a5262f4af07 100644 --- a/zjit/src/hir/tests.rs +++ b/zjit/src/hir/tests.rs @@ -4467,7 +4467,7 @@ pub(crate) mod hir_build_tests { Jump bb3(v6, v7) bb3(v9:BasicObject, v10:BasicObject): CheckInterrupts - v17:CBool = IsNil v10 + v17:CBool = HasType v10, NilClass v18:NilClass = Const Value(nil) CondBranch v17, bb4(v9, v18, v18), bb5() bb5(): @@ -4514,7 +4514,7 @@ pub(crate) mod hir_build_tests { bb6(): v19:Truthy = RefineType v10, Truthy CheckInterrupts - v25:CBool[false] = IsNil v19 + v25:CBool[false] = HasType v19, NilClass v26:NilClass = Const Value(nil) CondBranch v25, bb5(v9, v26, v26), bb7() bb7(): From c8c6de3c9935d6b4762a48be8987f7eb9f3458b1 Mon Sep 17 00:00:00 2001 From: Max Bernstein Date: Wed, 3 Jun 2026 16:12:24 -0400 Subject: [PATCH 4/8] ZJIT: Remove Control write effect of HasType This was likely a bad copy/paste from GuardType; HasType does not affect control flow at all. --- zjit/src/hir.rs | 2 +- zjit/src/hir/opt_tests.rs | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/zjit/src/hir.rs b/zjit/src/hir.rs index b247d57ceaafb6..82e50cdd36c817 100644 --- a/zjit/src/hir.rs +++ b/zjit/src/hir.rs @@ -1747,7 +1747,7 @@ impl Insn { Insn::HasType { expected, .. } => Effect::read_write( if expected.is_subtype(types::Immediate) { abstract_heaps::Empty } else { abstract_heaps::Memory }, - abstract_heaps::Control + abstract_heaps::Empty ), Insn::Entries { .. } => effects::Any, Insn::BreakPoint | Insn::Unreachable => Effect::read_write(abstract_heaps::Empty, abstract_heaps::Control), diff --git a/zjit/src/hir/opt_tests.rs b/zjit/src/hir/opt_tests.rs index c60b01178f0b41..74b951d2e59410 100644 --- a/zjit/src/hir/opt_tests.rs +++ b/zjit/src/hir/opt_tests.rs @@ -6767,7 +6767,6 @@ mod hir_opt_tests { bb3(v8:BasicObject, v9:NilClass): v13:NilClass = Const Value(nil) CheckInterrupts - v20:CBool[true] = HasType v13, NilClass v21:NilClass = Const Value(nil) Return v21 "); @@ -6797,7 +6796,6 @@ mod hir_opt_tests { bb3(v8:BasicObject, v9:NilClass): v13:Fixnum[1] = Const Value(1) CheckInterrupts - v20:CBool[false] = HasType v13, NilClass PatchPoint MethodRedefined(Integer@0x1000, itself@0x1008, cme:0x1010) Return v13 "); From 585919619774d0cf08559d85d98ddea591ff6324 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Wed, 3 Jun 2026 21:41:15 +0900 Subject: [PATCH 5/8] [ruby/mmtk] Use rb_gc_obj_needs_cleanup_p https://github.com/ruby/mmtk/commit/031785b41c --- gc/mmtk/mmtk.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gc/mmtk/mmtk.c b/gc/mmtk/mmtk.c index 95176b692b4de8..8be69b4fe65dc8 100644 --- a/gc/mmtk/mmtk.c +++ b/gc/mmtk/mmtk.c @@ -345,7 +345,9 @@ rb_mmtk_call_obj_free(MMTk_ObjectReference object) pthread_mutex_unlock(&objspace->event_hook_mutex); } - rb_gc_obj_free(objspace, obj); + if (RB_UNLIKELY(rb_gc_obj_needs_cleanup_p(obj))) { + rb_gc_obj_free(objspace, obj); + } #ifdef MMTK_DEBUG memset((void *)obj, 0, rb_gc_impl_obj_slot_size(obj)); From cac0c38eeaefc4bd516a32d2602ee25312d7a890 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 02:02:49 +0000 Subject: [PATCH 6/8] Bump the github-actions group across 1 directory with 3 updates Bumps the github-actions group with 3 updates in the / directory: [necojackarc/auto-request-review](https://github.com/necojackarc/auto-request-review), [github/codeql-action](https://github.com/github/codeql-action) and [taiki-e/install-action](https://github.com/taiki-e/install-action). Updates `necojackarc/auto-request-review` from 5d3060495e58e9cb41f51de50e808d3135d5374e to 035f049cb68460341ab744f19aa9f31aae685e36 - [Release notes](https://github.com/necojackarc/auto-request-review/releases) - [Commits](https://github.com/necojackarc/auto-request-review/compare/5d3060495e58e9cb41f51de50e808d3135d5374e...035f049cb68460341ab744f19aa9f31aae685e36) Updates `github/codeql-action` from 4.36.0 to 4.36.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...87557b9c84dde89fdd9b10e88954ac2f4248e463) Updates `taiki-e/install-action` from 2.81.1 to 2.81.3 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/taiki-e/install-action/compare/e49978b799e49ff429d162b7a30601a569ab6538...25435dc8dd3baed7417e0c96d3fe89013a5b2e09) --- updated-dependencies: - dependency-name: necojackarc/auto-request-review dependency-version: 035f049cb68460341ab744f19aa9f31aae685e36 dependency-type: direct:production dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.36.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: taiki-e/install-action dependency-version: 2.81.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/auto_request_review.yml | 2 +- .github/workflows/check_sast.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- .github/workflows/zjit-macos.yml | 2 +- .github/workflows/zjit-ubuntu.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/auto_request_review.yml b/.github/workflows/auto_request_review.yml index 1be2b11b8634e4..80f2517eb5dd35 100644 --- a/.github/workflows/auto_request_review.yml +++ b/.github/workflows/auto_request_review.yml @@ -14,7 +14,7 @@ jobs: if: ${{ github.repository == 'ruby/ruby' && github.base_ref == 'master' }} steps: - name: Request review based on files changes and/or groups the author belongs to - uses: necojackarc/auto-request-review@5d3060495e58e9cb41f51de50e808d3135d5374e # master + uses: necojackarc/auto-request-review@035f049cb68460341ab744f19aa9f31aae685e36 # master with: # scope: public_repo token: ${{ secrets.MATZBOT_AUTO_REQUEST_REVIEW_TOKEN }} diff --git a/.github/workflows/check_sast.yml b/.github/workflows/check_sast.yml index 58d426fbf2125a..0b5d6ad1b69c17 100644 --- a/.github/workflows/check_sast.yml +++ b/.github/workflows/check_sast.yml @@ -78,14 +78,14 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1 with: languages: ${{ matrix.language }} build-mode: none config-file: .github/codeql/codeql-config.yml - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1 with: category: '/language:${{ matrix.language }}' upload: False @@ -127,7 +127,7 @@ jobs: continue-on-error: true - name: Upload SARIF - uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1 with: sarif_file: sarif-results/${{ matrix.language }}.sarif continue-on-error: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 71fe3c3c01052e..fdc28c2d09af35 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1 with: sarif_file: results.sarif diff --git a/.github/workflows/zjit-macos.yml b/.github/workflows/zjit-macos.yml index 7494f77792c79d..09c7c1b6dbe0ef 100644 --- a/.github/workflows/zjit-macos.yml +++ b/.github/workflows/zjit-macos.yml @@ -93,7 +93,7 @@ jobs: rustup install ${{ matrix.rust_version }} --profile minimal rustup default ${{ matrix.rust_version }} - - uses: taiki-e/install-action@e49978b799e49ff429d162b7a30601a569ab6538 # v2.81.1 + - uses: taiki-e/install-action@25435dc8dd3baed7417e0c96d3fe89013a5b2e09 # v2.81.3 with: tool: nextest@0.9 if: ${{ matrix.test_task == 'zjit-check' }} diff --git a/.github/workflows/zjit-ubuntu.yml b/.github/workflows/zjit-ubuntu.yml index 4ba2542e393d5b..7f5ce9322ec9e1 100644 --- a/.github/workflows/zjit-ubuntu.yml +++ b/.github/workflows/zjit-ubuntu.yml @@ -119,7 +119,7 @@ jobs: ruby-version: '3.1' bundler: none - - uses: taiki-e/install-action@e49978b799e49ff429d162b7a30601a569ab6538 # v2.81.1 + - uses: taiki-e/install-action@25435dc8dd3baed7417e0c96d3fe89013a5b2e09 # v2.81.3 with: tool: nextest@0.9 if: ${{ matrix.test_task == 'zjit-check' }} From 4f3cd707ccd97e4fa260c6d42bb48eef27859b51 Mon Sep 17 00:00:00 2001 From: Hiroshi SHIBATA Date: Thu, 4 Jun 2026 10:52:25 +0900 Subject: [PATCH 7/8] [ruby/rubygems] Remove external tool version checks from `bundle env` Keeping up with each version manager's invocation convention is not worth the maintenance cost. chruby in particular is wrapped as a shell function and cannot be run as `chruby --version` at all, so the line always reported a missing version. https://github.com/ruby/rubygems/issues/9528 https://github.com/ruby/rubygems/commit/85cb212067 Co-Authored-By: Claude Opus 4.8 (1M context) --- lib/bundler/env.rb | 25 +++---------------------- spec/bundler/bundler/env_spec.rb | 10 +--------- 2 files changed, 4 insertions(+), 31 deletions(-) diff --git a/lib/bundler/env.rb b/lib/bundler/env.rb index 074bef6edcf0c9..2b297050609887 100644 --- a/lib/bundler/env.rb +++ b/lib/bundler/env.rb @@ -78,17 +78,6 @@ def self.git_version "not installed" end - def self.version_of(script) - return "not installed" unless Bundler.which(script) - `#{script} --version`.chomp - end - - def self.chruby_version - return "not installed" unless Bundler.which("chruby-exec") - `chruby-exec -- chruby --version`. - sub(/.*^chruby: (#{Gem::Version::VERSION_PATTERN}).*/m, '\1') - end - def self.environment out = [] @@ -110,16 +99,8 @@ def self.environment out << [" Cert File", OpenSSL::X509::DEFAULT_CERT_FILE] if defined?(OpenSSL::X509::DEFAULT_CERT_FILE) out << [" Cert Dir", OpenSSL::X509::DEFAULT_CERT_DIR] if defined?(OpenSSL::X509::DEFAULT_CERT_DIR) end - out << ["Tools"] - out << [" Git", git_version] - out << [" RVM", ENV.fetch("rvm_version") { version_of("rvm") }] - out << [" rbenv", version_of("rbenv")] - out << [" chruby", chruby_version] - - %w[rubygems-bundler open_gem].each do |name| - specs = Bundler.rubygems.find_name(name) - out << [" #{name}", "(#{specs.map(&:version).join(",")})"] unless specs.empty? - end + out << ["Git", git_version] + if (exe = caller_locations.last.absolute_path)&.match? %r{(exe|bin)/bundler?\z} shebang = File.read(exe).lines.first shebang.sub!(/^#!\s*/, "") @@ -143,6 +124,6 @@ def self.append_formatted_table(title, pairs, out) out << "```\n" end - private_class_method :read_file, :ruby_version, :git_version, :append_formatted_table, :version_of, :chruby_version + private_class_method :read_file, :ruby_version, :git_version, :append_formatted_table end end diff --git a/spec/bundler/bundler/env_spec.rb b/spec/bundler/bundler/env_spec.rb index 259b4ee9dc2f71..320944d4b9d8b7 100644 --- a/spec/bundler/bundler/env_spec.rb +++ b/spec/bundler/bundler/env_spec.rb @@ -222,16 +222,8 @@ def with_clear_paths(env_var, env_value) and_return(["git version 1.2.3 (Apple Git-BS)", "", status]) expect(Bundler::Source::Git::GitProxy).to receive(:new).and_return(git_proxy_stub) - expect(described_class.report).to include("Git 1.2.3 (Apple Git-BS)") + expect(described_class.report).to include("Git 1.2.3 (Apple Git-BS)") end end end - - describe ".version_of" do - let(:parsed_version) { described_class.send(:version_of, "ruby") } - - it "strips version of new line characters" do - expect(parsed_version).to_not end_with("\n") - end - end end From 9f6cb11797881151b155f720e805d1bf4ac4aaa4 Mon Sep 17 00:00:00 2001 From: Hiroshi SHIBATA Date: Thu, 4 Jun 2026 12:06:35 +0900 Subject: [PATCH 8/8] [ruby/rubygems] Assert the Tools section is gone from `bundle env` Guards against accidentally reintroducing the removed external tool version output. https://github.com/ruby/rubygems/commit/3060a5498a Co-Authored-By: Claude Opus 4.8 (1M context) --- spec/bundler/bundler/env_spec.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/spec/bundler/bundler/env_spec.rb b/spec/bundler/bundler/env_spec.rb index 320944d4b9d8b7..2b7dbde217d8e2 100644 --- a/spec/bundler/bundler/env_spec.rb +++ b/spec/bundler/bundler/env_spec.rb @@ -225,5 +225,13 @@ def with_clear_paths(env_var, env_value) expect(described_class.report).to include("Git 1.2.3 (Apple Git-BS)") end end + + it "no longer reports the Tools section or external tool versions" do + report = described_class.report + expect(report).not_to include("Tools") + ["rbenv", "RVM", "chruby"].each do |tool| + expect(report).not_to include(tool) + end + end end end