Skip to content

Bump mutant-rspec from 0.15.1 to 0.16.0#4319

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/mutant-rspec-0.16.0
Open

Bump mutant-rspec from 0.15.1 to 0.16.0#4319
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/mutant-rspec-0.16.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 8, 2026

Bumps mutant-rspec from 0.15.1 to 0.16.0.

Release notes

Sourced from mutant-rspec's releases.

v0.16.0

Changes

  • Add integer overflow boundary mutations
  • Add session recording support
  • Add improved session CLI with subject drilldown
  • Remove Concord dependency
  • Remove Ruby 3.2 support
  • Relax unparser dependency to allow versions < 0.10
  • Update unparser to 0.9.0
  • Add gem push workflow with Sigstore attestation
Changelog

Sourced from mutant-rspec's changelog.

v0.16.0 2026-04-07

  • Add integer overflow boundary probe mutations.

    Integer literals are now mutated to safe prime sentinel values that fall within integer width overflow zones. Each literal snaps to the next overflow zone above its absolute value, emitting exactly one additional mutation per integer literal.

    This targets a class of bugs that prior mutation operators could not detect: code that assumes fixed-width integer semantics. Ruby transparently promotes integers across width boundaries, but code that interfaces with systems that do not — databases, FFI bindings, binary protocols, serialization formats — can silently produce incorrect results when values cross these thresholds.

    Common examples of bugs this operator catches:

    • FFI bindings declaring int parameters where Ruby happily passes Bignum values that get silently truncated at the C boundary.
    • MessagePack serialization assuming signed 32-bit representation, silently wrapping unsigned values to negative numbers.
    • pack/unpack format strings assuming specific integer widths, silently truncating or wrapping values that exceed the format width.
    • Missing error handling for libraries and databases that do raise on overflow (e.g. PostgreSQL integer out of range, Protocol Buffers RangeError). Tests using small values never exercise these error paths, leaving them untested.

    The overflow zones and their sentinel values:

    Zone Boundary Sentinel
    int8 128 167
    uint8 256 467
    int16 32768 55_487
    uint16 65536 108_503
    int32 2^31 2_667_278_543
    uint32 2^32 7_980_081_959
    int64 2^63 15_508_464_536_481_899_903

    Sentinel values are safe primes (p = 2q + 1 where both p and q are prime). Safe primes cannot arise from simple arithmetic, bit shifts, or masking, which provides strong guarantees against coincidental mutation kills. A mutation surviving against a safe prime is a strong signal of missing boundary validation for that integer width.

    Each integer literal snaps to the next zone above its absolute value. For example, a literal port = 80 (below 128) receives the int8 sentinel 167. A literal timeout = 500 (between 256 and 32768)

... (truncated)

Commits
  • 97b2eae Merge pull request #1603 from mbj/fix/version
  • 5c0b3d6 Change version to v0.16.0
  • 543048a Merge pull request #1601 from mbj/fix/subject/drilldown
  • 2afe2cc Merge pull request #1602 from mbj/integer/boundary-mutations
  • 17a7d19 Add integer overflow boundary mutations
  • a6d8c78 Fix no diff message
  • c8fa97e Merge pull request #1591 from mbj/subject/drilldown
  • d59a173 Change to improved session CLI
  • 9ab099e Merge pull request #1597 from sferik/update-unparser-0.9.0
  • 89bca5c Update unparser to 0.9.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump mutant-rspec from 0.15.1 to 0.16.0
aa91491 
Bumps [mutant-rspec](https://github.com/mbj/mutant) from 0.15.1 to 0.16.0.
- [Release notes](https://github.com/mbj/mutant/releases)
- [Changelog](https://github.com/mbj/mutant/blob/main/Changelog.md)
- [Commits](mbj/mutant@v0.15.1...v0.16.0)

---
updated-dependencies:
- dependency-name: mutant-rspec
  dependency-version: 0.16.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Apr 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants