build(deps): bump rubocop from 1.80.2 to 1.86.1

[dependabot]

Bumps rubocop from 1.80.2 to 1.86.1.

Release notes

Sourced from rubocop's releases.

RuboCop v1.86.1

Bug fixes

• #11051: Fix Style/AccessModifierDeclarations inline autocorrect dropping comments between the access modifier and the following method definition. (@​dduugg)
• #14665: Cache plugin integration in CopHelper to avoid repeated loading. (@​55728)
• #15091: Fix Lint/DuplicateMethods false positives for anonymous classes in constant assignments and method return values. (@​eugeneius)
• #15055: Fix Lint/DuplicateMethods false positives with anonymous classes inside blocks (e.g. RSpec let, describe). (@​ShkumbinDelija)
• #15035: Exclude included_modules from Style/ModuleMemberExistenceCheck. (@​koic)
• #15087: Fix false positive for Style/RedundantLineContinuation when using interpolated string literals. (@​koic)
• #14361: Fix false positive in file_to_include? when a relative Include pattern matches a parent directory name in the absolute file path. (@​jonas054)
• #15090: Fix false positives for Layout/EmptyLineAfterGuardClause when consecutive guard clauses use and return. (@​eugeneius)
• #15070: Fix false positive for Lint/RedundantSafeNavigation when chained safe navigation is used in a conditional expression with InferNonNilReceiver enabled. (@​koic)
• #15074: Fix false positives in Style/RedundantParentheses when using parentheses around an endless range in assignment. (@​koic)
• #15048: Fix issue where the url_for is missing for Cops without instance methods. (@​Fryguy)
• #15051: Fix Style/RedundantParentheses handling of beginless ranges. (@​oggy)
• #14980: Fix Lint/Syntax zero-length diagnostic range for syntax errors at EOF. (@​55728)
• #15084: Handle heredocs with methods calls correctly when fixing guard clauses. (@​G-Rath)
• #11398: Fix incorrect Include path adjustment when local config overrides an inherited Include. (@​jonas054)
• #15092: Fix Layout/EndAlignment cop error on an empty begin. (@​viralpraxis)
• #15059: Fix an error in Layout/LineLength when SplitStrings option is enabled and __FILE__ is used. (@​jeromedalbert)
• #5876: Fix Lint/UnusedMethodArgument false positive when block argument is used via yield. (@​dduugg)
• #15093: Return tool execution errors instead of protocol errors in MCP server. (@​koic)

Changes

• #15005: Make Style/OneClassPerFile exclude spec/**/* and test/**/* by default. (@​koic)
• #15081: Relax parallel dependency to >= 1.10. (@​koic)
• #15063: Disable Style/RedundantStructKeywordInit cop by default. (@​koic)

RuboCop v1.86.0

New features

• #15000: Display ZJIT usage when running under LSP. (@​koic)
• #14961: Add AllowedParentClasses option to Style/EmptyClassDefinition. ([@​hammadkhan][])
• #14977: Support AllowedReceivers for Style/HashLookupMethod. (@​koic)

Bug fixes

... (truncated)

Changelog

Sourced from rubocop's changelog.

1.86.1 (2026-04-09)

Bug fixes

• #11051: Fix Style/AccessModifierDeclarations inline autocorrect dropping comments between the access modifier and the following method definition. ([@​dduugg][])
• #14665: Cache plugin integration in CopHelper to avoid repeated loading. ([@​55728][])
• #15091: Fix Lint/DuplicateMethods false positives for anonymous classes in constant assignments and method return values. ([@​eugeneius][])
• #15055: Fix Lint/DuplicateMethods false positives with anonymous classes inside blocks (e.g. RSpec let, describe). ([@​ShkumbinDelija][])
• #15035: Exclude included_modules from Style/ModuleMemberExistenceCheck. ([@​koic][])
• #15087: Fix false positive for Style/RedundantLineContinuation when using interpolated string literals. ([@​koic][])
• #14361: Fix false positive in file_to_include? when a relative Include pattern matches a parent directory name in the absolute file path. ([@​jonas054][])
• #15090: Fix false positives for Layout/EmptyLineAfterGuardClause when consecutive guard clauses use and return. ([@​eugeneius][])
• #15070: Fix false positive for Lint/RedundantSafeNavigation when chained safe navigation is used in a conditional expression with InferNonNilReceiver enabled. ([@​koic][])
• #15074: Fix false positives in Style/RedundantParentheses when using parentheses around an endless range in assignment. ([@​koic][])
• #15048: Fix issue where the url_for is missing for Cops without instance methods. ([@​Fryguy][])
• #15051: Fix Style/RedundantParentheses handling of beginless ranges. ([@​oggy][])
• #14980: Fix Lint/Syntax zero-length diagnostic range for syntax errors at EOF. ([@​55728][])
• #15084: Handle heredocs with methods calls correctly when fixing guard clauses. ([@​G-Rath][])
• #11398: Fix incorrect Include path adjustment when local config overrides an inherited Include. ([@​jonas054][])
• #15092: Fix Layout/EndAlignment cop error on an empty begin. ([@​viralpraxis][])
• #15059: Fix an error in Layout/LineLength when SplitStrings option is enabled and __FILE__ is used. ([@​jeromedalbert][])
• #5876: Fix Lint/UnusedMethodArgument false positive when block argument is used via yield. ([@​dduugg][])
• #15093: Return tool execution errors instead of protocol errors in MCP server. ([@​koic][])

Changes

• #15005: Make Style/OneClassPerFile exclude spec/**/* and test/**/* by default. ([@​koic][])
• #15081: Relax parallel dependency to >= 1.10. ([@​koic][])
• #15063: Disable Style/RedundantStructKeywordInit cop by default. ([@​koic][])

1.86.0 (2026-03-23)

New features

• #15000: Display ZJIT usage when running under LSP. ([@​koic][])
• #14961: Add AllowedParentClasses option to Style/EmptyClassDefinition. ([@​hammadkhan][])
• #14977: Support AllowedReceivers for Style/HashLookupMethod. ([@​koic][])

Bug fixes

• #15015: Fix Style/ConcatArrayLiterals autocorrect deleting code for percent literals with interpolation. ([@​bbatsov][])
• #14897: Detect constant reassignment after class/module definition in Lint/ConstantReassignment. ([@​ydakuka][])
• #11829: Fix false negatives for Lint/DuplicateMethods when duplicate methods are defined in anonymous classes and modules not assigned to a constant. ([@​Darhazer][])
• #14988: Fix false negative in Style/RedundantParentheses when redundant parentheses around range literals in block body. ([@​koic][])
• #14916: Fix false positive for Layout/MultilineMethodCallIndentation when method chain is inside a hash pair value passed to a multiline chained method call. ([@​ydakuka][])
• #15010: Fix a false positive for Lint/DuplicateMethods when modules blocks are passed as method arguments. ([@​5hun-s][])
• #15028: Fix a false positive for Lint/DuplicateMethods when the same method is defined in different anonymous module blocks passed to a no-receiver call (e.g. stub_const). ([@​Darhazer][])
• #15021: Fix false positives in Layout/EmptyLineAfterGuardClause when using a guard clause followed by a multi-line guard clause with raise, fail, return, break, or next. ([@​koic][])
• #15001: Fix false positives in Layout/RedundantLineBreak when setting InspectBlocks: true and using rescue or ensure in the block. ([@​koic][])
• #14997: Fix false positives in Style/FileOpen when assigning File.open to an instance variable, class variable, global variable, or constant. ([@​koic][])

... (truncated)

Commits

• af80266 Cut 1.86.1
• eb504ce Update Changelog
• 9c8fe2c Merge pull request #15085 from G-Rath/fix-style-guard
• 11d796a Merge pull request #15093 from koic/fix_return_tool_execution_errors_instead_...
• 4450067 Return tool execution errors instead of protocol errors in MCP server
• ff64180 Merge pull request #15092 from viralpraxis/fix-an-error-for-layout-end-alignm...
• 11e04c0 Merge pull request #15091 from eugeneius/duplicate_methods_anonymous_classes
• b8deea4 Merge pull request #15090 from eugeneius/guard_clause_and_return
• e130020 Fix Layout/EndAlignment cop error on an empty begin
• 4808594 Fix DuplicateMethods for anonymous classes in constant assignments and methods
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

@dependabot merge

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric	Results
Complexity	0

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes.}

[codacy-production]

Pull Request Overview

This PR cannot be merged due to a high-severity security concern: several gem versions specified in the Gemfile.lock (including RuboCop 1.86.1 and Parallel 2.1.0) do not exist on the public RubyGems registry, indicating a potential dependency confusion attack.

Beyond the security risk, there are functional gaps. A version jump from 1.80 to 1.86 typically introduces new linting rules, yet no changes were made to .rubocop.yml or the codebase to address them. Furthermore, the update to 'parallel' 2.1.0 is a major version jump that may break application logic if that gem is used directly.

About this PR

• The PR updates RuboCop by six minor versions but includes no changes to .rubocop.yml or the codebase. This version range typically introduces new rules or changes default behaviors (e.g., Style/RedundantStructKeywordInit is now disabled by default) that should be addressed to maintain consistency.

Test suggestions

• Run the full RuboCop suite against the project to verify that the new version does not introduce breaking linting errors or false positives with current configurations.

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Run the full RuboCop suite against the project to verify that the new version does not introduce breaking linting errors or false positives with current configurations.

Low confidence findings

• The 'parallel' gem is being updated to a new major version (2.1.0). If this gem is utilized directly within the application logic (outside of RuboCop's internal use), this jump may introduce breaking changes that haven't been accounted for.

_{TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback}

[codacy-production]

_{🔴 HIGH RISK}

The versions for rubocop (1.86.1) and its dependencies (json 2.19.5, parallel 2.1.0) do not exist on the public RubyGems registry. Furthermore, the internal dependency constraint for 'parallel' was changed from '~> 1.10' to '>= 1.10' to accommodate this non-existent version jump. This is a strong indicator of a dependency confusion attack. Verify the availability of these versions on RubyGems.org and inspect the Gemfile for untrusted sources or malicious overrides.