Skip to content

Bump the ruby group across 1 directory with 9 updates #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump the ruby group across 1 directory with 9 updates #92

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 1, 2025
edited
Loading

Bumps the ruby group with 9 updates in the / directory:

Package From To
brakeman 7.0.2 7.1.0
importmap-rails 2.1.0 2.2.2
propshaft 1.1.0 1.2.1
puma 6.6.0 6.6.1
rspec-rails 8.0.0 8.0.1
sentry-rails 5.25.0 5.26.0
faker 3.5.1 3.5.2
active_storage_validations 3.0.0 3.0.1
view_component 3.23.2 4.0.0

Updates brakeman from 7.0.2 to 7.1.0

Release notes

Sourced from brakeman's releases.

7.1.0

  • Add Haml 6.x support (#1914, #1841, etc.)
  • Support render model shortcut (#959, #1940, etc.)
  • Add --ensure-no-obsolete-config-entries option (viralpraxis)
  • Update JUnit report for CircleCI (Philippe Bernery)
  • Improve ignored warnings layout in HTML report (Sebastien Savater)
  • Only load escape functionality from cgi library (Earlopain)
  • Add EOL dates for Rails 8.0 and Ruby 3.4
  • Use lazy file lists for AppTree
Changelog

Sourced from brakeman's changelog.

7.1.0 - 2025-07-18

  • Add EOL dates for Rails 8.0 and Ruby 3.4
  • Support render model shortcut
  • Use lazy file lists for AppTree
  • Add Haml 6.x support
  • Improve ignored warnings layout in HTML report (Sebastien Savater)
  • Update JUnit report for CircleCI (Philippe Bernery)
  • Only load escape functionality from cgi library (Earlopain)
  • Add --ensure-no-obsolete-config-entries option (viralpraxis)
Commits
  • 3bc2154 Exclude thor from bundled gems
  • eba9c07 Bump to 7.1.0
  • 4f56b08 Merge pull request #1949 from presidentbeef/latest_eol_dates
  • fd3475f Update CHANGES
  • b0f63c6 Add EOL date for Ruby 3.4
  • dc29682 Add EOL date for Rails 8.0
  • 8ec21e8 Merge pull request #1948 from presidentbeef/handle_render_model
  • 48627b5 Support render model shortcut
  • e0f5312 Merge pull request #1913 from presidentbeef/lazy_file_lists
  • 6d0eedf Merge pull request #1941 from inkstak/enhanced_ignored_notes_reading
  • Additional commits viewable in compare view

Updates importmap-rails from 2.1.0 to 2.2.2

Release notes

Sourced from importmap-rails's releases.

v2.2.2

What's Changed

Full Changelog: rails/importmap-rails@v2.2.1...v2.2.2

v2.2.1

What's Changed

Integrity is now generated by default using the assets pipeline if it is properly configured. pin and update commands don't download the integrity from the npm repository anymore.

Full Changelog: rails/importmap-rails@v2.2.0...v2.2.1

v2.2.0

What's Changed

New Contributors

Full Changelog: rails/importmap-rails@v2.1.0...v2.2.0

Commits
  • dcdb5fe Bump version for 2.2.2
  • 40d0dc5 Fix update command adding extra new lines
  • b51f709 Merge pull request #312 from rails/rm-opt-in-integrity
  • 41339ab Make integrity calculation opt-in
  • ae67187 Merge pull request #310 from rails/rm-update-keep-options
  • 5e25781 Keep options when updating packages in importmap
  • a151881 Fix character group for package target
  • 56f84e7 Fix the scan when the pinned package has a version and has options after it
  • af71ded Use each_with_object
  • b5f5271 Extract common regexp to constants and methods
  • Additional commits viewable in compare view

Updates propshaft from 1.1.0 to 1.2.1

Release notes

Sourced from propshaft's releases.

v1.2.1

What's Changed

• Only sweep the cache if cache sweeping is enabled by @​gaffneyc in #245 • Change stylesheet_link_tag and javascript_include_tag to extract options from sources
• Add a method to delete manifest entries

New Contributors

@​gaffneyc made their first contribution in #245

Full Changelog: rails/propshaft@v1.2.0...v1.2.1

v1.2.0

📝 Manifest Format Update

The manifest format has been enhanced in v1.2.0 to support Subresource Integrity. While this change is backwards compatible and doesn't affect regular usage, if you or any libraries/tools you use were manually parsing the .manifest.json file, you should be aware of the new format.

Previous format:

{ "logical_path.js": "logical_path-digest123.js" }

New format:

{ "logical_path.js": { "digested_path": "logical_path-digest123.js", "integrity": "sha384-hash..." } }

What you need to know:

  • No action required for most users - Propshaft helper methods continue to work unchanged
  • If you or your tools manually parse the manifest: Update code to access manifest[logical_path]["digested_path"] instead of manifest[logical_path] directly
  • Third-party libraries: Check if any gems or tools in your stack parse the manifest directly and may need updates
  • Backwards compatibility: Propshaft can still read manifests in the old format
  • New feature: The integrity field provides Subresource Integrity hashes when enabled

What's Changed

New Contributors

... (truncated)

Commits
  • e49a9de Prepare for 1.2.1 release
  • 5aa907a Add a method to delete manifest entries
  • b17c7fc Change stylesheet_link_tag and javascript_include_tag to extract options from...
  • 83437cf Add unit test for Propshaft::Helper
  • 4af2f12 Merge pull request #245 from gaffneyc/main
  • cdf2b96 Only attempt to sweep the cache when cache sweeping is enabled
  • 74a0705 Prepare for release 1.2.0
  • 9bcad5f Merge pull request #238 from zcei/feat/integrity
  • 6c47eb2 Document Propshaft::Manifest as part of the public API
  • 90e6592 Add transform_values method to Propshaft::Manifest
  • Additional commits viewable in compare view

Updates puma from 6.6.0 to 6.6.1

Release notes

Sourced from puma's releases.

v6.6.1

6.6.1 / 2025-07-30

  • Bugfixes
    • Accept to_path to be nil on request bodies (#3635)
    • Fix single runner stats before the server start (#3572)
    • Fix incomplete worker boot state on refork (#3601)
    • Improve HttpParserError messages for better debugging (#3586)
    • Fix refork logs to distinguish from phased restarts (#3598)
    • Fix rack.after_reply so it doesn't interrupt chain on error (#3680)
Changelog

Sourced from puma's changelog.

6.6.1 / 2025-07-30

  • Bugfixes
    • Accept to_path to be nil on request bodies (#3635)
    • Fix single runner stats before the server start (#3572)
    • Fix incomplete worker boot state on refork (#3601)
    • Improve HttpParserError messages for better debugging (#3586)
    • Fix refork logs to distinguish from phased restarts (#3598)
    • Fix rack.after_reply so it doesn't interrupt chain on error (#3680)
Commits

Updates rspec-rails from 8.0.0 to 8.0.1

Changelog

Sourced from rspec-rails's changelog.

8.0.1 / 2025-06-19

Full Changelog

Bug Fixes:

  • Make the have_been_performed / have_been_enqueued return false for supports_block_expectations? as they don't supporting block expectations. (Sam Kidman, rspec/rspec-rails#2851)
Commits

Updates sentry-rails from 5.25.0 to 5.26.0

Changelog

Sourced from sentry-rails's changelog.

5.26.0

Feature

  • Support for :logger patch which enables sending logs to Sentry when enabled_logs is set to true (#2657)

    Here's a sample config:

    Sentry.init do |config|
  # ... your setup ...
  config.enable_logs = true
  config.enabled_patches = [:logger]
end

Bug Fixes

  • Skip creating LogEventBuffer if logging is not enabled (#2652)
Commits

Updates faker from 3.5.1 to 3.5.2

Release notes

Sourced from faker's releases.

v3.5.2

Happy Canada Day! 🍁

This version adds and improves some locales and fixes some bugs.

Thanks to all contributors!

Improvements & Bug fixes

Chore

Update local dependencies

New Contributors

... (truncated)

Changelog

Sourced from faker's changelog.

v3.5.2 (2025-07-01)

Happy Canada Day! 🍁

This version adds and improves some locales and fixes some bugs.

Thanks to all contributors!

Improvements & Bug fixes

Chore

Update local dependencies

New Contributors

... (truncated)

Commits

Updates active_storage_validations from 3.0.0 to 3.0.1

Release notes

Sourced from active_storage_validations's releases.

3.0.1

What's Changed

New Contributors

Full Changelog: igorkasyanchuk/active_storage_validations@3.0.0...3.0.1

Changelog

Sourced from active_storage_validations's changelog.

Commits
  • 139ec24 new release
  • 2c6864d Update CHANGES.md
  • c45520f Merge pull request #394 from sei40kr/issue/392
  • 20a7efa Rewrite the Japanese translations of error messages to be more natural and co...
  • fee4757 Update CHANGES.md
  • c2f8bb3 Update CHANGES.md
  • 67e07ae Merge pull request #393 from Dome-GER/fix_german_locales
  • a399ae1 fix: Error messages for PDF validation
  • 6f1dfa4 Merge pull request #390 from igorkasyanchuk/389-test-issue-with-several-aspec...
  • 85c7eb2 [Matcher] Fix failing test
  • Additional commits viewable in compare view

Updates view_component from 3.23.2 to 4.0.0

Release notes

Sourced from view_component's releases.

4.0.0

Two years after releasing 3.0.0 and almost six years since 1.0.0, we're proud to ship ViewComponent 4. This release marks a shift towards a Long Term Support model for the project, having reached significant feature maturity. While contributions are always welcome, we're unlikely to accept further breaking changes or major feature additions.

Please report any issues at https://github.com/ViewComponent/view_component/issues.

Breaking changes (production)

  • Remove dependency on ActionView::Base, eliminating the need for capture compatibility patch. In some edge cases, this change may require switching to use the helpers. proxy.

  • Require non-EOL Rails (>= 7.1.0) and Ruby (>= 3.2.0).

  • Remove render_component and render monkey patch configured with render_monkey_patch_enabled.

  • Remove deprecated use_helper(s). Use include MyHelper or helpers. proxy instead.

  • Support compatibility with Dry::Initializer. As a result, EmptyOrInvalidInitializerError will no longer be raised.

  • Remove default initializer from ViewComponent::Base. Previously, ViewComponent::Base defined a catch-all initializer that allowed components without an initializer defined to be passed arbitrary arguments.

  • Remove use_deprecated_instrumentation_name configuration option. Events will always use render.view_component name.

  • Remove unnecessary #format methods that returned nil.

  • Remove support for variant names containing . to be consistent with Rails.

  • Rename internal methods to have __vc_ prefix if they shouldn't be used by consumers. Make internal constants private. Make Collection#components, Slotable#register_polymorphic_slot private. Remove unused ComponentError class.

  • Use ActionView's lookup_context for picking templates instead of the request format.

    3.15 added support for using templates that match the request format, that is if /resource.csv is requested then ViewComponents would pick _component.csv.erb over _component.html.erb.

    With this release, the request format is no longer considered and instead ViewComponent will use the Rails logic for picking the most appropriate template type, that is the csv template will be used if it matches the Accept header or because the controller uses a respond_to block to pick the response format.

Breaking changes (dev/test)

  • Rename config.generate.component_parent_class to config.generate.parent_class.

  • Remove config.test_controller in favor of vc_test_controller_class test helper method.

  • config.component_parent_class is now config.generate.component_parent_class, moving the generator-specific option to the generator configuration namespace.

  • Move previews-related configuration (enabled, route, paths, default_layout, controller) to under previews namespace.

  • config.view_component_path is now config.generate.path, as components have long since been able to exist in any directory.

  • --inline generator option now generates inline template. Use --call to generate #call method.

  • Remove broken integration with rails stats that ignored components outside of app/components.

  • Remove preview_source functionality. Consider using Lookbook instead.

  • Use Nokogiri::HTML5 instead of Nokogiri::HTML4 for test helpers.

  • Move generators to a ViewComponent namespace.

    Before, ViewComponent generators pollute the generator namespace with a bunch of top level items, and claim the generic "component" name.

    Now, generators live in a "view_component" module/namespace, so what was before rails g component is now rails g view_component:component.

New features

  • Add SystemSpecHelpers for use with RSpec.
  • Add support for including Turbo::StreamsHelper.
  • Add template annotations for components with def call.
  • Graduate SlotableDefault to be included by default.
  • Add #current_template accessor and Template#path for diagnostic usage.
  • Reduce string allocations during compilation.

... (truncated)

Changelog

Sourced from view_component's changelog.

4.0.0

Two years after releasing 3.0.0 and almost six years since 1.0.0, we're proud to ship ViewComponent 4. This release marks a shift towards a Long Term Support model for the project, having reached significant feature maturity. While contributions are always welcome, we're unlikely to accept further breaking changes or major feature additions.

Please report any issues at https://github.com/ViewComponent/view_component/issues.

Breaking changes (production)

  • Remove dependency on ActionView::Base, eliminating the need for capture compatibility patch. In some edge cases, this change may require switching to use the helpers. proxy.

  • Require non-EOL Rails (>= 7.1.0) and Ruby (>= 3.2.0).

  • Remove render_component and render monkey patch configured with render_monkey_patch_enabled.

  • Remove deprecated use_helper(s). Use include MyHelper or helpers. proxy instead.

  • Support compatibility with Dry::Initializer. As a result, EmptyOrInvalidInitializerError will no longer be raised.

  • Remove default initializer from ViewComponent::Base. Previously, ViewComponent::Base defined a catch-all initializer that allowed components without an initializer defined to be passed arbitrary arguments.

  • Remove use_deprecated_instrumentation_name configuration option. Events will always use render.view_component name.

  • Remove unnecessary #format methods that returned nil.

  • Remove support for variant names containing . to be consistent with Rails.

  • Rename internal methods to have __vc_ prefix if they shouldn't be used by consumers. Make internal constants private. Make Collection#components, Slotable#register_polymorphic_slot private. Remove unused ComponentError class.

  • Use ActionView's lookup_context for picking templates instead of the request format.

    3.15 added support for using templates that match the request format, that is if /resource.csv is requested then ViewComponents would pick _component.csv.erb over _component.html.erb.

    With this release, the request format is no longer considered and instead ViewComponent will use the Rails logic for picking the most appropriate template type, that is the csv template will be used if it matches the Accept header or because the controller uses a respond_to block to pick the response format.

Breaking changes (dev/test)

  • Rename config.generate.component_parent_class to config.generate.parent_class.

  • Remove config.test_controller in favor of vc_test_controller_class test helper method.

  • config.component_parent_class is now config.generate.component_parent_class, moving the generator-specific option to the generator configuration namespace.

  • Move previews-related configuration (enabled, route, paths, default_layout, controller) to under previews namespace.

  • config.view_component_path is now config.generate.path, as components have long since been able to exist in any directory.

  • --inline generator option now generates inline template. Use --call to generate #call method.

  • Remove broken integration with rails stats that ignored components outside of app/components.

  • Remove preview_source functionality. Consider using Lookbook instead.

  • Use Nokogiri::HTML5 instead of Nokogiri::HTML4 for test helpers.

  • Move generators to a ViewComponent namespace.

    Before, ViewComponent generators pollute the generator namespace with a bunch of top level items, and claim the generic "component" name.

    Now, generators live in a "view_component" module/namespace, so what was before rails g component is now rails g view_component:component.

New features

  • Add SystemSpecHelpers for use with RSpec.
  • Add support for including Turbo::StreamsHelper.
  • Add template annotations for components with def call.
  • Graduate SlotableDefault to be included by default.
  • Add #current_template accessor and Template#path for diagnostic usage.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove a...

Description has been truncated

@dependabot
Bump the ruby group across 1 directory with 9 updates
7562036 
Bumps the ruby group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [brakeman](https://github.com/presidentbeef/brakeman) | `7.0.2` | `7.1.0` |
| [importmap-rails](https://github.com/rails/importmap-rails) | `2.1.0` | `2.2.2` |
| [propshaft](https://github.com/rails/propshaft) | `1.1.0` | `1.2.1` |
| [puma](https://github.com/puma/puma) | `6.6.0` | `6.6.1` |
| [rspec-rails](https://github.com/rspec/rspec-rails) | `8.0.0` | `8.0.1` |
| [sentry-rails](https://github.com/getsentry/sentry-ruby) | `5.25.0` | `5.26.0` |
| [faker](https://github.com/faker-ruby/faker) | `3.5.1` | `3.5.2` |
| [active_storage_validations](https://github.com/igorkasyanchuk/active_storage_validations) | `3.0.0` | `3.0.1` |
| [view_component](https://github.com/viewcomponent/view_component) | `3.23.2` | `4.0.0` |



Updates `brakeman` from 7.0.2 to 7.1.0
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](presidentbeef/brakeman@v7.0.2...v7.1.0)

Updates `importmap-rails` from 2.1.0 to 2.2.2
- [Release notes](https://github.com/rails/importmap-rails/releases)
- [Commits](rails/importmap-rails@v2.1.0...v2.2.2)

Updates `propshaft` from 1.1.0 to 1.2.1
- [Release notes](https://github.com/rails/propshaft/releases)
- [Commits](rails/propshaft@v1.1.0...v1.2.1)

Updates `puma` from 6.6.0 to 6.6.1
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](puma/puma@v6.6.0...v6.6.1)

Updates `rspec-rails` from 8.0.0 to 8.0.1
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](rspec/rspec-rails@v8.0.0...v8.0.1)

Updates `sentry-rails` from 5.25.0 to 5.26.0
- [Release notes](https://github.com/getsentry/sentry-ruby/releases)
- [Changelog](https://github.com/getsentry/sentry-ruby/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-ruby@5.25.0...5.26.0)

Updates `faker` from 3.5.1 to 3.5.2
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md)
- [Commits](faker-ruby/faker@v3.5.1...v3.5.2)

Updates `active_storage_validations` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/igorkasyanchuk/active_storage_validations/releases)
- [Changelog](https://github.com/igorkasyanchuk/active_storage_validations/blob/master/CHANGES.md)
- [Commits](igorkasyanchuk/active_storage_validations@3.0.0...3.0.1)

Updates `view_component` from 3.23.2 to 4.0.0
- [Release notes](https://github.com/viewcomponent/view_component/releases)
- [Changelog](https://github.com/ViewComponent/view_component/blob/main/docs/CHANGELOG.md)
- [Commits](ViewComponent/view_component@v3.23.2...v4.0.0)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-version: 7.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: ruby
- dependency-name: importmap-rails
  dependency-version: 2.2.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: ruby
- dependency-name: propshaft
  dependency-version: 1.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: ruby
- dependency-name: puma
  dependency-version: 6.6.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: ruby
- dependency-name: rspec-rails
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: ruby
- dependency-name: sentry-rails
  dependency-version: 5.26.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: ruby
- dependency-name: faker
  dependency-version: 3.5.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: ruby
- dependency-name: active_storage_validations
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ruby
- dependency-name: view_component
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ruby
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Aug 1, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 4, 2025

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot bot closed this Aug 4, 2025
@dependabot dependabot bot deleted the dependabot/bundler/ruby-8b5da0f975 branch August 4, 2025 07:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants