Merge branch 'master' into Remove-Semgrep-GHA-non-EMU

Author: arpit-jn

.github/workflows/codeql.yml

@@ -36,18 +36,18 @@ jobs:
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           category: "/language:${{ matrix.language }}"

.github/workflows/rl-scanner.yml

@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Configure Ruby
         uses: ./.github/actions/setup

.github/workflows/ruby-release.yml

@@ -20,7 +20,7 @@ jobs:
 
     steps:
       # Checkout the code
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 

.github/workflows/snyk.yml

@@ -29,7 +29,7 @@ jobs:
       - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 

.github/workflows/test.yml

@@ -29,7 +29,7 @@ jobs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 
@@ -54,7 +54,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Configure Ruby
         uses: ./.github/actions/setup
@@ -66,4 +66,4 @@ jobs:
 
       - name: Upload coverage
         if: matrix.ruby == '3.2' || matrix.ruby == '3.3'
-        uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # pin@3.1.5
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # pin@6.0.0

.snyk

@@ -9,3 +9,9 @@ ignore:
     - dotenv-rails > railties > actionpack > rack-test:
         reason: No direct upgrade available
         expires: "2023-11-02T12:00:00.000Z"
+  snyk:lic:rubygems:json:Ruby:
+    - '*':
+        reason: Ruby standard library gem, Ruby license is acceptable
+  snyk:lic:rubygems:reline:Ruby:
+    - '*':
+        reason: Ruby standard library gem, Ruby license is acceptable

.version

@@ -1 +1 @@
-v5.18.0
+v5.18.1

CHANGELOG.md

@@ -1,5 +1,20 @@
 # Change Log
 
+## [v5.18.1](https://github.com/auth0/ruby-auth0/tree/v5.18.1) (2026-03-13)
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.18.0...v5.18.1)
+
+**Changed**
+- chore(deps): bump zache from 0.15.0 to 0.15.2 [\#691](https://github.com/auth0/ruby-auth0/pull/691) ([dependabot[bot]](https://github.com/apps/dependabot))
+- chore(deps): bump jwt from 2.9.3 to 2.10.2 [\#682](https://github.com/auth0/ruby-auth0/pull/682) ([dependabot[bot]](https://github.com/apps/dependabot))
+- chore(deps): bump addressable from 2.8.7 to 2.8.8 [\#686](https://github.com/auth0/ruby-auth0/pull/686) ([dependabot[bot]](https://github.com/apps/dependabot))
+- chore(deps): bump zache from 0.13.2 to 0.15.0 [\#649](https://github.com/auth0/ruby-auth0/pull/649) ([dependabot[bot]](https://github.com/apps/dependabot))
+
+**Fixed**
+- fix deleting array content when passing an array as payload [\#697](https://github.com/auth0/ruby-auth0/pull/697) ([carlastabile](https://github.com/carlastabile))
+
+**Security**
+- fix(deps): upgrade dev dependencies to resolve Snyk security vulnerab… [\#704](https://github.com/auth0/ruby-auth0/pull/704) ([arpit-jn](https://github.com/arpit-jn))
+
 ## [v5.18.0](https://github.com/auth0/ruby-auth0/tree/v5.18.0) (2024-11-25)
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.17.0...v5.18.0)
 

Gemfile

@@ -5,10 +5,8 @@ gemspec
 
 group :development do
   gem 'terminal-notifier-guard', require: false unless ENV['CIRCLECI']
-  gem 'coveralls', require: false
   gem 'rubocop', require: false
   gem 'rubocop-rails', require: false
-  gem 'irb', require: false
 end
 
 group :test do