Skip to content

Bump simplecov from 1.0.1 to 1.0.2#305

Merged
biow0lf merged 1 commit into
mainfrom
dependabot/bundler/simplecov-1.0.2
Jul 18, 2026
Merged

Bump simplecov from 1.0.1 to 1.0.2#305
biow0lf merged 1 commit into
mainfrom
dependabot/bundler/simplecov-1.0.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 18, 2026

Copy link
Copy Markdown
Contributor

Bumps simplecov from 1.0.1 to 1.0.2.

Release notes

Sourced from simplecov's releases.

v1.0.2

What's Changed

Full Changelog: simplecov-ruby/simplecov@v1.0.1...v1.0.2

Changelog

Sourced from simplecov's changelog.

1.0.2 (2026-07-18)

Bugfixes

  • The standalone simplecov CLI's colorizing subcommands (report, uncovered, coverage, diff) no longer crash with NoMethodError: undefined method 'color' when run in a project without a .simplecov file. The CLI deliberately loads only simplecov/cli rather than the full library, so SimpleCov.color was undefined unless a dotfile load had incidentally defined it — and --no-color was the only workaround, since the documented NO_COLOR env var was checked after the line that raised. Color.enabled? now treats missing configuration the same as its :auto default and falls through to NO_COLOR / FORCE_COLOR / TTY detection. Reported with an exemplary diagnosis by @​hasghari. See #1231.
  • Branch tuples synthesized for tracked-but-unloaded files now match Ruby's Coverage for a safe-navigation call that takes a block. For x&.foo { ... } (and the second link of a chain like x&.foo&.bar { ... }) the extractor keyed the branch on the call node's full source range, which extends through the attached block, while Coverage ends the range at the call itself — so a simulated entry merging with a real one produced a phantom, permanently-missed branch, the same failure mode as the elsif fix in 1.0.1. Reported with an exemplary diagnosis and a suggested fix by @​alexdeng-mp. See #1233.
  • Prompted by the two reports above, an exhaustive differential audit of StaticCoverageExtractor against Ruby's Coverage — a fuzzing harness that runs thousands of generated programs through both and diffs the branch tuples, now part of the spec suite (opt-in via SIMPLECOV_FUZZ=1) — surfaced and fixed four more mismatches of the same phantom-branch class. Conditions that are compile-time literals (if true, if 1, a ternary on a literal) are folded away by Ruby's compiler and no longer produce synthesized branches (while true still does — loops are not folded). On Ruby 3.3, three legacy conventions now match: the body range of a do-while (begin ... end while), the location of empty branch arms (which on 3.3 depends on whether the construct is in value or void position), and one-line pattern matching (x => pattern / x in pattern), which emits a :case branch on 3.3 and nothing on 3.4+. The audit also caught a crash on Ruby 3.3's stdlib Prism (0.19), which still exposes the else clause of UnlessNode / CaseNode / CaseMatchNode under its pre-1.3 name consequent: the extractor raised internally and silently dropped simulated branch and method data for any file containing unless/else or a case with an empty arm, unless a newer prism gem happened to be installed.
  • As a defensive layer against any future extractor drift, merging now treats an actually-executed file's branch and method data as authoritative: when a resultset that merely tracked a file (with simulated, statically-derived tuples) merges with one from a process that really loaded it, the synthesized tuples are dropped rather than unioned. This contains any undiscovered mismatch to denominator inflation on files no process loaded, instead of phantom misses on fully-covered ones. Line coverage still combines from both sides, so tracked-but-unloaded files keep contributing to the line denominator as before.
  • Method coverage no longer reports phantom uncovered methods for define_method / define_singleton_method blocks defined onto more than one receiver — e.g. a module's included hook defining the same block on every including class. Ruby records one method entry per receiver, all pointing at the same source location, so any receiver whose copy was never called showed as an uncovered method on a line with 100% line coverage. Entries are now aggregated by (name, source location) with hit counts summed, and cross-process merging matches methods on the same source identity rather than on the receiver class. Reported with an exemplary diagnosis by @​bkuhlmann. See #1234.
  • Branch coverage under enable_coverage :eval no longer inflates denominators or reports phantom missed branches for templates compiled more than once — e.g. hanami-view compiles each template once per view class, and every ERB.new(...).result is a fresh compile. Ruby's Coverage emits a fresh set of branch entries per compile of the same file (nondeterministically through Ruby 4.0, consistently on current ruby master — see https://bugs.ruby-lang.org/issues/22203), each counting only the renders that flowed through that compile, so a side exercised under one compile appeared as a permanently-missed branch in another compile's entry at the same location, and ignore_branches :implicit_else swung the report wildly by stripping only the synthetic-else halves of the duplicates. Duplicated conditions are now aggregated by source location with arm counts summed. Reported with an exemplary diagnosis by @​bkuhlmann. See #1235.
Commits
  • 803dcbc Bump version to 1.0.2
  • 177b0cc Restore a clean Steep check for the post-1.0.1 code
  • b57bf8d Aggregate runtime-duplicated coverage entries by source location
  • 9599343 Drop a simulated file's branches when a real run covered it
  • 25d1ab5 Add a differential fuzzer for the static coverage extractor
  • 2aff8fe Match Coverage's legacy branch conventions and survive stdlib Prism
  • bbb4737 Skip synthesizing branches for constant-folded conditions
  • 6669cbf Match Coverage's safe-navigation range when the call takes a block
  • 21a8a08 Fix NoMethodError in the standalone CLI's colorizing subcommands
  • e27cfd0 Bump step-security/harden-runner from 2.19.4 to 2.20.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [simplecov](https://github.com/simplecov-ruby/simplecov) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/simplecov-ruby/simplecov/releases)
- [Changelog](https://github.com/simplecov-ruby/simplecov/blob/main/CHANGELOG.md)
- [Commits](simplecov-ruby/simplecov@v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: simplecov
  dependency-version: 1.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jul 18, 2026
@biow0lf
biow0lf merged commit c385f53 into main Jul 18, 2026
5 checks passed
@dependabot
dependabot Bot deleted the dependabot/bundler/simplecov-1.0.2 branch July 18, 2026 13:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant