chore(deps): update all non-major bundler dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
bcrypt	'~> 3.1.21' → '~> 3.1.22'
bootsnap	'~> 1.21.1' → '~> 1.23.0'
brakeman (source, changelog)	'~> 8.0.1' → '~> 8.0.4'
database_consistency	'~> 2.1.1' → '~> 2.1.3'
devise (changelog)	'~>5.0.0' → '~>5.0.3'
devise-i18n (changelog)	'~>1.15.0' → '~>1.16.0'
faker (changelog)	'~> 3.6.0' → '~> 3.6.1'
grover	'~> 1.2.6' → '~> 1.2.9'
mollie-api-ruby (changelog)	'~> 4.18.0' → '~> 4.19.0'
net-imap (changelog)	'~> 0.6.2' → '~> 0.6.3'
rails (source, changelog)	'~> 7.2.3' → '~> 7.2.3', '>= 7.2.3.1'
rspec-rails (changelog)	'~> 8.0.2' → '~> 8.0.4'
rubocop (source, changelog)	'~> 1.84.0' → '~> 1.86.0'
sentry-rails (source, changelog)	'~> 6.3' → '~> 6.5'
sentry-ruby (source, changelog)	'~> 6.3' → '~> 6.5'
sentry-sidekiq (source, changelog)	'~> 6.3' → '~> 6.5'
sidekiq (source, changelog)	'~> 8.0.10' → '~> 8.1.2'
spring (changelog)	'~> 4.4.0' → '~> 4.4.2'
web-console	'~> 4.2.1' → '~> 4.3.0'

---

Release Notes

presidentbeef/brakeman (brakeman)

v8.0.4

Compare Source

• Load 'date' library for --ensure-latest

v8.0.3

Compare Source

• Fix polymorphic_name SQLi false positive (Fredrico Franco)
• Fix logger behavior when loading config files
• Handle application names with module prefixes
• Add release age option for --ensure-latest

v8.0.2

Compare Source

• Reline console control should use stderr
• Fix logger cleanup based method (Imran Iqbal)

djezzzl/database_consistency (database_consistency)

v2.1.3

Compare Source

• Fix MissingDependentDestroyChecker to support composite keys. Thanks Andy Allan for reporting this!

v2.1.2

Compare Source

• Fix ForeignKeyTypeChecker to support composite keys. Thanks Quentin de Metz for reporting this!
• Fix MissingUniqueIndexChecker to support composite keys. Thanks Andy Allan for reporting this!

heartcombo/devise (devise)

v5.0.3

Compare Source

• security fixes
  • Fix race condition vulnerability on confirmable "change email" which would allow confirming an email they don't own CVE-2026-32700 #​5783 #​5784

v5.0.2

Compare Source

• enhancements
  • Allow resource class scopes to override the global configuration for sign_in_after_change_password behaviour. #​5825
  • Add sign_in_after_reset_password? check hook to passwords controller, to allow it to be customized by users. #​5826

v5.0.1

Compare Source

• bug fixes
  • Fix translation issue with German E-Mail on invalid authentication messages caused by previous fix for incorrect grammar #​5822

devise-i18n/devise-i18n (devise-i18n)

v1.16.0

Compare Source

• Added Ruby 4.0 to test matrix.
• Added compatibility with Devise 5.0.
• Updated views for Devise 5.0. Any views generated into your app prior to this release of devise-i18n should continue to work. Changes from Devise are:
  • heartcombo/devise#5494
  • heartcombo/devise@d13ef89
• Updated one English string for Devise 5.0: heartcombo/devise@41003bf. Translations of this string are unaffected.
• Dropped compatibility for Devise < 5.0.

faker-ruby/faker (faker)

v3.6.1

Compare Source

It's almost Spring time in the Northern hemisphere 🌸

Security, performance improvements and bug fixes

• fix: polynomial regex on uncontrolled input by @​thdaraujo in #​3196
• perf: replaces list of postcodes in ja/address.yml with a 7-digit format by @​thdaraujo in #​3201
• Remove unnecessary whitespace from code blocks in READMEs by @​ryotaro-shirai in #​3209
• Document lazy load experiment results by @​stefannibrasil in #​3205
• [skip ci] Add-backtick by @​OzuAkira in #​3210
• Zeitwerk experiment changes and results [skip ci] by @​stefannibrasil in #​3213
• Remove duplicate reference link in README.md by @​yutasb in #​3217

Update development dependencies

• Bump rubocop from 1.84.0 to 1.84.1 by @​dependabot[bot] in #​3202
• Bump irb from 1.16.0 to 1.17.0 by @​dependabot[bot] in #​3203
• Bump rubocop version and fix offenses by @​stefannibrasil in #​3198
• Bump rdoc from 7.1.0 to 7.2.0 by @​dependabot[bot] in #​3204
• Bump rubocop to 1.84.2 by @​stefannibrasil in #​3215
• Bump rubocop-minitest from 0.38.2 to 0.39.1 by @​dependabot[bot] in #​3216
• Bump rubocop to v1.85.0 by @​stefannibrasil in #​3220

New Contributors

• @​ryotaro-shirai made their first contribution in #​3209
• @​OzuAkira made their first contribution in #​3210
• @​yutasb made their first contribution in #​3217

Full Changelog: faker-ruby/faker@v3.6.0...v3.6.1

---

Studiosity/grover (grover)

v1.2.9

Compare Source

Added

• #​304 Add javascript_enabled option ([@​vakuum][])

v1.2.8

Compare Source

Added

• #​303 Allow overriding of browser launch timeout ([@​abrom][])

v1.2.7

Compare Source

Added

• #​302 Capture/expose Puppeteer DevTools debug output ([@​abrom][])

mollie/mollie-api-ruby (mollie-api-ruby)

v4.19.0

Compare Source

• (c61808e) Allow bigdecimal 4.x

ruby/net-imap (net-imap)

v0.6.3

Compare Source

What's Changed

Added

• 🥅 Add parser state and #detailed_message to ResponseParseError by @​nevans in #​599
  • 🥅💄 Support (monochrome) highlights in parse error details by @​nevans in #​603
  • 🥅💄 Auto-highlight parse error detailed_message using TERM and FORCE_COLOR by @​nevans in #​607
  • 🥅💄 Add color highlights to parse error details (default honors NO_COLOR) by @​nevans in #​609
• 🔧 Add Config#overrides? (opposite of #inherited?) by @​nevans in #​610
• 🔧 Add recursive Config#inherits_defaults? by @​nevans in #​611

Fixed

• 🐛 Parse resp-text with invalid resp-text-code by @​nevans in #​601
• 🐛 Config.version_defaults should be read only by @​nevans in #​594

Other Changes

• 🥅 Only print parser debug for unhandled errors by @​nevans in #​600
• ♻️ Don't hardcode parser deprecation warning uplevel by @​nevans in #​602
• ♻️ Simplify Config::AttrAccessors a little by @​nevans in #​606
• ♻️ Set Config[:default] as alias of Config[VERSION] by @​nevans in #​608

Fixes for unreleased code:

• 🐛 Return ResponseText from resp-text fallback by @​nevans in #​605
• 🐛 Fix parse error parser_backtrace (for ruby <= 3.3) by @​nevans in #​604

Miscellaneous

• Delete test/net/imap/test_data_lite.rb by @​nobu in #​593
• ⬆️ Bump step-security/harden-runner from 2.14.0 to 2.14.1 by @​dependabot[bot] in #​596
• Bump step-security/harden-runner from 2.14.1 to 2.14.2 by @​dependabot[bot] in #​598

Full Changelog: ruby/net-imap@v0.6.2...v0.6.3

rails/rails (rails)

v7.2.3.1: 7.2.3.1

Compare Source

Active Support

• Reject scientific notation in NumberConverter

  [CVE-2026-33176]

  Jean Boussier

• Fix SafeBuffer#% to preserve unsafe status

  [CVE-2026-33170]

  Jean Boussier

• Improve performance of NumberToDelimitedConverter

  [CVE-2026-33169]

  Jean Boussier

Active Model

• No changes.

Active Record

• No changes.

Action View

• Skip blank attribute names in tag helpers to avoid generating invalid HTML.

  [CVE-2026-33168]

  Mike Dalessio

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• Filter user supplied metadata in DirectUploadController

  [CVE-2026-33173]

  Jean Boussier

• Configurable maxmimum streaming chunk size

  Makes sure that byte ranges for blobs don't exceed 100mb by default.
  Content ranges that are too big can result in denial of service.

  [CVE-2026-33174]

  Gannon McGibbon

• Limit range requests to a single range

  [CVE-2026-33658]

  Jean Boussier

• Prevent path traversal in DiskService.

  DiskService#path_for now raises an InvalidKeyError when passed keys with dot segments (".",
  ".."), or if the resolved path is outside the storage root directory.

  #path_for also now consistently raises InvalidKeyError if the key is invalid in any way, for
  example containing null bytes or having an incompatible encoding. Previously, the exception
  raised may have been ArgumentError or Encoding::CompatibilityError.

  DiskController now explicitly rescues InvalidKeyError with appropriate HTTP status codes.

  [CVE-2026-33195]

  Mike Dalessio

• Prevent glob injection in DiskService#delete_prefixed.

  Escape glob metacharacters in the resolved path before passing to Dir.glob.

  Note that this change breaks any existing code that is relying on delete_prefixed to expand
  glob metacharacters. This change presumes that is unintended behavior (as other storage services
  do not respect these metacharacters).

  [CVE-2026-33202]

  Mike Dalessio

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• No changes.

Guides

• No changes.

rspec/rspec-rails (rspec-rails)

v8.0.4

Compare Source

Full Changelog

Released to relax version constraint for rspec to allow 4.0.0.beta1.

v8.0.3

Compare Source

Full Changelog

Bug Fixes:

• Fix insertion order of controller prefix in the view lookup_context. (Stephen Nelson, #​2749)
• Ensure rails stats looks for specs using application root rather than working directory.
  (Marvin Tangpos, #​2879)

rubocop/rubocop (rubocop)

v1.86.0

Compare Source

New features

• #​15000: Display ZJIT usage when running under LSP. ([@​koic][])
• #​14961: Add AllowedParentClasses option to Style/EmptyClassDefinition. ([@​hammadkhan][])
• #​14977: Support AllowedReceivers for Style/HashLookupMethod. ([@​koic][])

Bug fixes

• #​15015: Fix Style/ConcatArrayLiterals autocorrect deleting code for percent literals with interpolation. ([@​bbatsov][])
• #​14897: Detect constant reassignment after class/module definition in Lint/ConstantReassignment. ([@​ydakuka][])
• #​11829: Fix false negatives for Lint/DuplicateMethods when duplicate methods are defined in anonymous classes and modules not assigned to a constant. ([@​Darhazer][])
• #​14988: Fix false negative in Style/RedundantParentheses when redundant parentheses around range literals in block body. ([@​koic][])
• #​14916: Fix false positive for Layout/MultilineMethodCallIndentation when method chain is inside a hash pair value passed to a multiline chained method call. ([@​ydakuka][])
• #​15010: Fix a false positive for Lint/DuplicateMethods when modules blocks are passed as method arguments. ([@​5hun-s][])
• #​15028: Fix a false positive for Lint/DuplicateMethods when the same method is defined in different anonymous module blocks passed to a no-receiver call (e.g. stub_const). ([@​Darhazer][])
• #​15021: Fix false positives in Layout/EmptyLineAfterGuardClause when using a guard clause followed by a multi-line guard clause with raise, fail, return, break, or next. ([@​koic][])
• #​15001: Fix false positives in Layout/RedundantLineBreak when setting InspectBlocks: true and using rescue or ensure in the block. ([@​koic][])
• #​14997: Fix false positives in Style/FileOpen when assigning File.open to an instance variable, class variable, global variable, or constant. ([@​koic][])
• #​15019: Fix false positives in Lint/DuplicateMethods when the same method is defined in anonymous module blocks passed to different receivers. ([@​koic][])
• #​14987: Complete ERB and Haml autocorrection in a single run. ([@​alpaca-tc][])
• #​15039: Fix incorrect autocorrect in Style/IfWithSemicolon when return with value is in the else branch. ([@​koic][])
• #​14930: Fix incorrect autocorrection for Style/IfUnlessModifier when multiple if/unless modifier forms are on the same line inside a collection. ([@​ydakuka][])
• #​14985: Fix incorrect autocorrection in Lint/SafeNavigationChain when chaining a method call after safe navigation in the if branch of a ternary. ([@​koic][])
• #​15009: Fix infinite loop in Layout/EndAlignment when end is followed by || or &&. ([@​koic][])
• #​14981: Fix spurious warning "does not support Safe/SafeAutoCorrect parameter" when those parameters are set for cops that don't have them in their default configuration. ([@​dduugg][])
• #​15043: Fix an error for Lint/UselessDefaultValueArgument when fetch without a receiver is inside a fetch block. ([@​koic][])
• #​15034: Fix incorrect autocorrection in Style/IfWithSemicolon when using single-line unless / ; / end. ([@​koic][])
• #​15015: Fix Style/NonNilCheck autocorrect for receivers containing spaces. ([@​bbatsov][])
• #​15015: Fix Style/RaiseArgs to allow anonymous keyword forwarding (raise Ex.new(**)). ([@​bbatsov][])
• #​14890: Fix a false positive for Lint/RedundantCopDisableDirective when a rubocop:disable comment is used to suppress Lint/EmptyWhen, Lint/EmptyConditionalBody, Lint/EmptyInPattern, or Style/SymbolProc. ([@​eugeneius][])
• #​15015: Fix false negative in Style/RedundantPercentQ for %q strings with interpolation-like syntax. ([@​bbatsov][])
• #​14984: Fix Style/AndOr adding unnecessary parentheses around return without arguments. ([@​eugeneius][])
• #​14945: Support files with multiple modifiers in Lint/UselessConstantScoping. ([@​h-lame][])
• #​15015: Fix Style/TrailingMethodEndStatement to detect singleton methods (def self.foo). ([@​bbatsov][])
• #​10822: Don't store results in cache if there are warnings. ([@​jonas054][])

Changes

• #​14718: Allow setting MaxFilesInCache to false to entirely disable cache pruning. ([@​byroot][])
• #​14989: Make Lint/RedundantSafeNavigation aware of safe navigation in conditional true branch. ([@​koic][])
• #​15041: Remove mcp gem from runtime dependencies. ([@​koic][])

v1.85.1

Compare Source

Bug fixes

• #​14958: Fix false positives in Style/FileOpen when File.open is passed as an argument or returned from a method. ([@​sferik][])
• #​14973: Fix Style/ReduceToHash false positive when accumulator is read in key/value. ([@​sferik][])
• #​14964: Fix false positives in Style/RedundantParentheses when parenthesizing a range in a block body. ([@​koic][])

Changes

• #​14969: Autoload formatters; they're required only when actually used. ([@​lovro-bikic][])

v1.85.0

Compare Source

New features

• #​14921: Add mise.toml as source for TargetRubyVersion. ([@​kitsane][])
• #​14925: Add new Lint/UnreachablePatternBranch cop. ([@​sferik][])
• #​14942: Add new Style/FileOpen cop. ([@​sferik][])
• #​14939: Add new Style/MapJoin cop. ([@​sferik][])
• #​14924: Add new Style/OneClassPerFile cop. ([@​sferik][])
• #​14923: Add new Style/PartitionInsteadOfDoubleSelect cop. ([@​sferik][])
• #​14811: Add new Style/PredicateWithKind cop. ([@​sferik][])
• #​14938: Add new Style/ReduceToHash cop. ([@​sferik][])
• #​14812: Add new Style/RedundantMinMaxBy cop. ([@​sferik][])
• #​13501: Add new Style/RedundantStructKeywordInit cop. ([@​koic][])
• #​14808: Add new Style/SelectByKind cop. ([@​sferik][])
• #​14810: Add new Style/SelectByRange cop. ([@​sferik][])
• #​14922: Add new Style/TallyMethod cop. ([@​sferik][])
• #​14773: Add new Lint/DataDefineOverride cop. ([@​bbatsov][])
• #​14781: Add new InternalAffairs/ItblockHandler cop. ([@​bbatsov][])
• #​14911: Support built-in MCP server (experimental). ([@​koic][])

Bug fixes

• #​14829: Allow classes without a superclass in Style/EmptyClassDefinition. ([@​koic][])
• #​14873: Fix an error in Style/NegatedWhile when the last expression of an until condition is negated. ([@​koic][])
• #​14827: Improve Style/EmptyClassDefinition message wording. ([@​bbatsov][])
• #​14800: Fix false obsolete configuration error for extracted cops when loaded as plugins. ([@​bbatsov][])
• #​14928: Fix a false positive for Lint/Void when nil is used in case branch. ([@​5hun-s][])
• #​14857: Fix false positives in Style/IfUnlessModifier when modifier forms are used inside string interpolations. ([@​koic][])
• #​8773: Fix false positives in Style/HashTransformKeys and Style/HashTransformValues. ([@​sferik][])
• #​6963: Fix false positives in Lint/Void for each blocks where the return value may be meaningful (e.g., Enumerator#each). ([@​sferik][])
• #​14931: Ignore directive comments inside comments. ([@​koic][])
• #​14834: Fix Layout/IndentationWidth false positive for chained method blocks when EnforcedStyleAlignWith is start_of_line. ([@​krororo][])
• #​14756: Fix Lint/Void to detect void expressions in case/when branches. ([@​bbatsov][])
• #​14874: Fix a Parser::ClobberingError in Lint/UselessAssignment when autocorrecting a useless assignment that wraps a block containing another useless assignment. ([@​koic][])
• #​14880: Fix a false negative in Layout/MultilineAssignmentLayout when using numblock or itblock with SupportedTypes: ['block']. ([@​bbatsov][])
• #​11462: Fix over-indentation when autocorrecting nested hashes with Layout/FirstHashElementIndentation. ([@​ydakuka][])
• #​14880: Recognize block on different line from left side of multi-line assignment in Layout/MultilineAssignmentLayout. ([@​sanfrecce-osaka][])
• #​14641: Fix false positive in Lint/RedundantSafeNavigation when using &.respond_to? with methods defined on Object (e.g., :class). ([@​bbatsov][])
• #​14098: Mark Lint/SafeNavigationConsistency autocorrect as unsafe. ([@​bbatsov][])
• #​14791: Fix autocorrect producing SyntaxError in Lint/InterpolationCheck when single quoted string contains double quotes with invalid interpolation. ([@​ydakuka][])

Changes

• #​14872: Tweak autocorrection in Style/HashAsLastArrayItem when multiline hash elements. ([@​koic][])
• #​14917: Change Style/EndlessMethod cop to consider receivers. ([@​fatkodima][])
• #​14851: Reduce precision in 'Finished in X.X seconds' message to 5 decimal places. ([@​ZimbiX][])
• #​14895: Rename class_definition to class_keyword in EnforcedStyle of Style/EmptyClassDefinition. ([@​koic][])
• #​14956: Add support for String.new with interpolated strings to Style/RedundantInterpolationUnfreeze. ([@​lovro-bikic][])
• #​14955: Register redundant parentheses around block body in Style/RedundantParentheses. ([@​lovro-bikic][])

v1.84.2

Compare Source

Bug fixes

• #​14854: Fix a clobbering error in Style/BlockDelimiters when autocorrecting nested multi-line blocks with adjacent curly braces. ([@​koic][])
• #​14837: Fix an error for Style/IfUnlessModifier when the first value uses a normal if and the others use modifier if. ([@​koic][])
• #​14858: Fix an infinite loop error in Layout/FirstArgumentIndentation when first arguments are over-indented in nested method calls. ([@​koic][])
• #​14843: Fix an error in Layout/MultilineMethodCallIndentation when a multiline method call follows a hash access. ([@​koic][])
• #​14859: Fix an error in Layout/MultilineMethodCallIndentation when a multiline method call includes a keyword argument whose value is a method call with a block. ([@​koic][])
• #​14839: Fix a false positive for Layout/EmptyLinesAfterModuleInclusion when include is nested inside an array. ([@​eugeneius][])
• #​7436: Fix Style/FormatStringToken to not autocorrect strings outside of format method context in aggressive mode. ([@​ydakuka][])
• #​14841: Fix false negatives in Style/HashAsLastArrayItem when an array contains only a single hash element. ([@​koic][])
• #​14865: Fix false negatives in Style/MethodDefParentheses when using splat or forwarding arguments without parentheses. ([@​koic][])
• #​14833: Fix false positive for Layout/MultilineMethodCallIndentation when a multi-dot method chain is inside a hash pair value. ([@​ydakuka][])
• #​14847: Fix false positive for Layout/MultilineMethodCallIndentation when a method is chained after a single-line block. ([@​ydakuka][])
• #​14867: Fix Offense#highlighted_area for PseudoSourceRange locations. ([@​rafaelfranca][])
• #​14861: Fix an error in Style/IfUnlessModifier when the first value uses a normal if and the others use ternary operator. ([@​koic][])
• #​14816: Use toplevel cache configs for remote configuration files. ([@​nekketsuuu][])

v1.84.1

Compare Source

Bug fixes

• #​14803: Fix an error for Layout/IndentationWidth cop. ([@​viralpraxis][])
• #​14806: Fix an error in Style/NegativeArrayIndex when using self as array with implicit self receiver. ([@​koic][])
• #​14813: Fix opt-in cop comments taking precedence over configuration file exclude patterns. ([@​afrase][])
• #​14819: Fix incorrect autocorrect for Style/GuardClause when using heredoc as an argument of method call in raise in else branch. ([@​koic][])
• #​14805: Bring back the original indentation from before version 1.84.0. ([@​Magikdidi24][])
• #​12754: Fix an infinite loop for Style/IfUnlessModifier when multiple if/unless statements share the same line in arrays, method arguments, or hash values. ([@​ydakuka][])
• #​14817: Fix an infinite loop between Layout/FirstArgumentIndentation and Layout/LineLength when correcting method chains. ([@​ydakuka][])
• #​11513: Fix Layout/MultilineMethodCallIndentation to properly handle method chains inside hash pair values. ([@​ydakuka][])
• #​14814: Fix push/pop directives to properly handle nested scopes and state restoration. ([@​Magikdidi24][])

Changes

• #​14823: Add the built-in infinite? method to the allowlists for Naming/PredicateMethod, Style/IfWithBooleanLiteralBranches, and Style/RedundantCondition, in addition to the existing nonzero?. ([@​koic][])
• #​14735: Remove deprecated InjectDefaults handling. ([@​afurm][])

getsentry/sentry-ruby (sentry-rails)

v6.5.0

Compare Source

New Features ✨

• (otlp) Add collector_url option to OTLP integration by @​sl0thentr0py in #​2887
• (release-detector) Prefer HEROKU_BUILD_COMMIT over deprecated HEROKU_SLUG_COMMIT by @​ericapisani in #​2886
• Implement strict trace continuation by @​giortzisg in #​2872

Bug Fixes 🐛

• (rails) Set mechanism.handled based on error handling status by @​solnic in #​2892
• Copy event processors on Scope#dup by @​sl0thentr0py in #​2893
• Map trilogy database adapter to mysql for Query Insights compatibility by @​krismichalski in #​2656
• Don't transform attributes in place in metrics by @​sl0thentr0py in #​2883

Internal Changes 🔧

• (transport) Handle HTTP 413 response for oversized envelopes by @​sl0thentr0py in #​2885

v6.4.1

Compare Source

Bug Fixes 🐛

• (rails) Track request queue time in Rails middleware by @​dingsdax in #​2877

v6.4.0

Compare Source

Features

• Add support for OTLP ingestion in sentry-opentelemetry (#​2853)

  Sentry now has first class OTLP ingestion capabilities.

  Sentry.init do |config|
    ## ...
    config.otlp.enabled = true
  end

  Under the hood, this will setup:

  • An OpenTelemetry::Exporter that will automatically set up the OTLP ingestion endpoint from your DSN
    • You can turn this off with config.otlp.setup_otlp_traces_exporter = false to setup your own exporter
  • An OTLPPropagator that ensures Distributed Tracing works
    • You can turn this off with config.otlp.setup_propagator = false
  • Trace/Span linking for all other Sentry events such as Errors, Logs, Crons and Metrics

  If you were using the SpanProcessor before, we recommend migrating over to config.otlp since it's a much simpler setup.

• Treat Sidekiq nil retry as true (#​2864)

• Queue time capture for Rack (#​2838)

Bug Fixes

• Fix MetricEvent timestamp serialization to float (#​2862)
• Fix CGI imports for ruby 4.x (#​2863)
• Always include scope user data in telemetry (#​2866)

v6.3.1

Compare Source

Bug Fixes

• Use ActionDispatch::ExceptionWrapper for correct HTTP status code (#​2850)
• Add explicit dependency on logger gem to fix Ruby 4.0 warning (#​2837)

Internal

• Add external_propagation_context support (#​2841)

sidekiq/sidekiq (sidekiq)

v8.1.2

Compare Source

• Initial release for kiq, Sidekiq's official terminal UI:

bundle exec kiq

Use REDIS_URL or REDIS_PROVIDER to point kiq to Redis.

• Mutation during iteration in SortedSet#each caused it to miss half of the jobs [#​6936]
• Fix edge case resulting in nil crash on /busy page [#​6954]

v8.1.1

Compare Source

• DEPRECATION require 'sidekiq/testing' and
  require 'sidekiq/testing/inline'.
  Add new Sidekiq.testing!(mode) API [#​6931]
  Requiring code should not enable process-wide changes.

# Old, implicit
require "sidekiq/testing"
require "sidekiq/testing/inline"

# New, more explicit
Sidekiq.testing!(:fake)
Sidekiq.testing!(:inline)

• Fix race condition with Stop button in UI [#​6935]
• Fix javascript error handler [#​6893]

v8.1.0

Compare Source

• retry_for and retry are now mutually exclusive [#​6878, Saidbek]
• perform_inline now enforces strict_args! [#​6718, Saidbek]
• Integrate Herb linting for ERB templates [#​6760, Saidbek]
• Remove CSRF code, use Sec-Fetch-Site header [#​6874, deve1212]
• Allow custom Web UI assets_path for CDN purposes [#​6865, stanhu]
• Upgrade to connection_pool 3.0
• Allow idle connection reaping after N seconds.
  You can activate this beta feature like below.
  Feedback requested: is this feature stable and useful for you in production?
  This feature may or may not be enabled by default in Sidekiq 9.0.

Sidekiq.configure_server do |cfg|
  cfg.reap_idle_redis_connections(60)
end

rails/spring (spring)

v4.4.2: 4.4.2

Compare Source

What's Changed

• Fix spawn_on_env vars leaking from server to app by @​hmcguire-shopify in #​749

New Contributors

• @​hmcguire-shopify made their first contribution in #​749

Full Changelog: rails/spring@v4.4.1...v4.4.2

v4.4.1: 4.4.1

[Compare Source](https://redirect.github.com

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone Europe/Amsterdam, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.59%. Comparing base (9e7b1d0) to head (4782a50).

Additional details and impacted files

@@           Coverage Diff            @@
##           staging    #1226   +/-   ##
========================================
  Coverage    77.59%   77.59%           
========================================
  Files           54       54           
  Lines         1406     1406           
========================================
  Hits          1091     1091           
  Misses         315      315           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Gemfile.lock

Writing lockfile to /tmp/renovate/repos/github/csvalpha/sofia/Gemfile.lock
Fetching gem metadata from https://rubygems.org/........
Resolving dependencies...

Could not find compatible versions

Because web-console >= 4.3.0 depends on railties >= 8.0.0
  and rails-i18n >= 7.0.1, < 8.0.0 depends on railties >= 6.0.0, < 8,
  web-console >= 4.3.0 is incompatible with rails-i18n >= 7.0.1, < 8.0.0.
So, because Gemfile depends on rails-i18n ~> 7.0.10
  and Gemfile depends on web-console ~> 4.3.0,
  version solving has failed.