Bump the bundler group across 2 directories with 4 updates

[dependabot]

Updates the requirements on activesupport, resque, sidekiq and httparty to permit the latest version.
Updates activesupport to 5.2.8.1

Release notes

Sourced from activesupport's releases.

5.2.8.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• Change ActiveRecord::Coders::YAMLColumn default to safe_load

  This adds two new configuration options The configuration options are as follows:

  • config.active_storage.use_yaml_unsafe_load

  When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is not recommended, but can aid in upgrading.

  • config.active_record.yaml_column_permitted_classes

  The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows:

  config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
  

  [CVE-2022-32224]

Action View

• No changes.

Action Pack

... (truncated)

Commits

• 8030cff Preparing for 5.2.8.1 release
• ec10235 updating version and changelog
• 2652133 Preparing for 5.2.8 release
• a1b8a9b Merge pull request #45027 from rails/fix-tag-helper-regression
• 9f3761a Merge branch '5-2-sec' into 5-2-stable
• b290430 Preparing for 5.2.7.1 release
• 2d8cb45 Update changelogs for release
• 1278c0f Fix and add protections for XSS in names.
• de20f93 Merge pull request #38069 from y-yagi/make_load_interlock_aware_monitor_work_...
• 459e7cf Preparing for 5.2.7 release
• Additional commits viewable in compare view

Updates resque to 2.6.0

Release notes

Sourced from resque's releases.

v2.6.0

What's Changed

• Fix reflected XSS in queue by @​priya-hinduja in resque/resque#1865
• format args in YAML by @​FeLvi-zzz in resque/resque#1875
• Documents how to make the worker shutdown when the queue is empty by @​marcusmalmberg in resque/resque#1873
• Fix MiniTest undefined errors by @​PatrickTulskie in resque/resque#1879
• Fix failing reconnect specs by @​PatrickTulskie in resque/resque#1880
• Version 2.6.0 and Changelog by @​PatrickTulskie in resque/resque#1881

New Contributors

• @​priya-hinduja made their first contribution in resque/resque#1865
• @​FeLvi-zzz made their first contribution in resque/resque#1875
• @​marcusmalmberg made their first contribution in resque/resque#1873

Full Changelog: resque/resque@v2.5.0...v2.6.0

Changelog

Sourced from resque's changelog.

2.6.0

Fixed

• resque-web: Fix reflected XSS in queues endpoint (#1865)
• resque-web: Format args in YAML (#1875)
• Fix MiniTest undefined errors (#1879)
• Fix failing reconnect tests (#1880)

Added

• Documents how to make the worker shutdown when the queue is empty (#1873)

2.5.0

Fixed

• Replace File.exists? with File.exist? (#1846)
• Escape Resque.redis_id for stats page (#1834)
• Escape resque info values (#1832)
• Correctly show the values of hash and none type on stats tab (#1838)
• Fix logging the worker name when starting the task (#1837)

Added

• Raise an error when no available Rack server was found (#1836)
• Move code in Resque::Server.helpers block into a module to make it testable (#1851)

2.4.0

Fixed

• Remove thread_safe arg in Redis instantiaons (#1822)
• Updated Test Matrix for Redis 5.0 (#1824)
• Fix redis-rb 4.8 deprecation warnings (#1827)
• Fix redis-rb 5.0 compatibility issues (#1828)

2.3.0

Fixed

• Fix NoMethodError: undefined method 'application' for Rails:Module when Rails module is defined but not a full Rails app (#1799)
• Fix deprecation warnings in Redis#pipelined for redis 4.6 (#1806)
• Add Ruby syntax highlighting to remaining markdown docs (#1802)
• Fix pagination section (#1809)
• Fix before_run undefined local variable or method runner (#1811)

Added

• Added support for pausing all workers by setting the Redis key pause-all-workers to string value "true" (#1803)

... (truncated)

Commits

• 2f9d080 Version 2.6.0 and Changelog
• 3502893 Make tests for reconnect pass again
• 18d63e2 Fix MiniTest undefined errors
• 771b5d2 Documents how to make the worker shutdown when the queue is empty
• ae3fe72 format args in YAML
• 7623b8d Fix reflected XSS in queue
• 811ef35 Version 2.5.0
• f8444d3 Add tests for #redis_get_size and #redis_get_value_as_array
• e080135 Cut out codes in the helpers block into a module
• d683029 Remove unused file
• Additional commits viewable in compare view

Updates sidekiq to 7.2.2

Changelog

Sourced from sidekiq's changelog.

7.2.2

• Add Process.warmup call in Ruby 3.3+
• Batch jobs now skip transactional push #6160

7.2.1

• Add Sidekiq::Work type which replaces the raw Hash as the third parameter in Sidekiq::WorkSet#each { |pid, tid, hash| ... } #6145
• DEPRECATED: direct access to the attributes within the hash block parameter above. The Sidekiq::Work instance contains accessor methods to get at the same data, e.g.

work["queue"] # Old
work.queue # New

• Fix Ruby 3.3 warnings around base64 gem [#6151, earlopain]

7.2.0

• sidekiq_retries_exhausted can return :discard to avoid the deadset and all death handlers #6091
• Metrics filtering by job class in Web UI #5974
• Better readability and formatting for numbers within the Web UI #6080
• Add explicit error if user code tries to nest test modes #6078

Sidekiq::Testing.inline! # global setting
Sidekiq::Testing.fake! do # override within block
  # ok
  Sidekiq::Testing.inline! do # can't override the override
    # not ok, nested
  end
end

• SECURITY Forbid inline JavaScript execution in Web UI #6074
• Adjust redis-client adapter to avoid method_missing #6083 This can result in app code breaking if your app's Redis API usage was depending on Sidekiq's adapter to correct invalid redis-client API usage. One example:

# bad, not redis-client native
# Unsupported command argument type: TrueClass (TypeError)
Sidekiq.redis { |c| c.set("key", "value", nx: true, ex: 15) }
# good
Sidekiq.redis { |c| c.set("key", "value", "nx", "ex", 15) }

7.1.6

... (truncated)

Commits

• 6031f3d bump
• e6d58f8 722
• bccc8c2 fix: Avoid JSON dump on Rails.application (#6198)
• 1df02c8 Add comment to sidekiq.service for use as user service (#6191)
• d09b882 formatting, logging
• 250cc1e Dragonfly support
• 2f147f6 release
• f367138 fix: fix determine_redis_provider test behaviour (#6176)
• 501c39a Better, thanks @​jjb
• 312672d standard formatting
• Additional commits viewable in compare view

Updates httparty to 0.21.0

Changelog

Sourced from httparty's changelog.

0.21.0

• escape filename in the multipart/form-data Content-Disposition header
• Fix request marshaling
• Replace mime-types with mini_mime

0.20.0

Breaking changes

• Require Ruby >= 2.3.0

Fixes

• Marshal.dump fails on response objects when request option :logger is set or :parser is a proc
• Switch :pem option to to OpenSSL::PKey.read to support other algorithms

0.19.1

• Remove use of unary + method for creating non-frozen string to increase compatibility with older versions of ruby

0.19.0

• Multipart/Form-Data: rewind files after read
• add frozen_string_literal pragma to all files
• [Better handling of Accept-Encoding / Content-Encoding decompression (fixes #562)](jnunemaker/httparty#729)

0.18.1

• Rename cop Lint/HandleExceptions to Lint/SuppressedException.
• Encode keys in query params.
• Fixed SSL doc example.
• Add a build status badge.

0.18.0

• Support gzip/deflate transfer encoding when explicit headers are set.
• Support edge case cookie format with a blank attribute.

0.17.3

0.17.2 is broken jnunemaker/httparty#681

0.17.2

• Add Response#nil? deprecetion warning

0.17.1

... (truncated)

Commits

• e731057 Update version
• a2038f2 Add security notice in changelog
• 455c222 Ignore asdf tool-versions
• cdb45a6 Merge pull request from GHSA-5pq7-52mg-hr42
• 243a215 Merge pull request #769 from carlosantoniodasilva/ca-mini-mime
• a577aca Merge pull request #773 from petergoldstein/feature/add_ruby_3_2_to_ci
• 7bb1f94 Adds Ruby 3.2 to the CI matrix. Updates checkout action version.
• 31d3d9d Merge pull request #771 from mishina2228/update-ci-status-badge
• 7737a77 Update CI status badge
• 051c181 escape filename in the multipart/form-data Content-Disposition header
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.