Skip to content

Bump the minor-and-patch group across 1 directory with 5 updates#53

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/minor-and-patch-347c52bbc1
Closed

Bump the minor-and-patch group across 1 directory with 5 updates#53
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/minor-and-patch-347c52bbc1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026
edited
Loading

Bumps the minor-and-patch group with 5 updates in the / directory:

Package From To
propshaft 1.3.1 1.3.2
puma 8.0.0 8.0.1
bootsnap 1.23.0 1.24.1
nokogiri 1.19.2 1.19.3
pagy 43.5.1 43.5.3

Updates propshaft from 1.3.1 to 1.3.2

Release notes

Sourced from propshaft's releases.

v1.3.2

What's Changed

New Contributors

Full Changelog: rails/propshaft@v1.3.1...v1.3.2

Commits
  • eb59571 Bump version for 1.3.2
  • 8335366 Add charset=utf-8 to Content-Type for CSS and HTML assets (#264)
  • 67def02 Merge pull request #265 from flavorjones/fix-ci-minitest
  • 2f9965a Support minitest 6 where possible, pin < 6 elsewhere
  • See full diff in compare view

Updates puma from 8.0.0 to 8.0.1

Release notes

Sourced from puma's releases.

v8.0.1

  • Bugfixes

    • Fix prune_bundler stripping user-configured BUNDLE_* env vars (e.g. BUNDLE_WITHOUT) on re-exec, which caused workers to crash on boot (#3929)

  • Performance

    • Use blocks for debug logging to avoid creating log messages when debug is disabled (#3920)

  • Docs

    • Fix incorrect hook names in gRPC docs (#3923)
    • Reword v8 upgrade guide IPv6 bullet for clarity (#3928)
Changelog

Sourced from puma's changelog.

8.0.1 / 2026-04-27

  • Bugfixes

    • Fix prune_bundler stripping user-configured BUNDLE_* env vars (e.g. BUNDLE_WITHOUT) on re-exec, which caused workers to crash on boot (#3929)

  • Performance

    • Use blocks for debug logging to avoid creating log messages when debug is disabled (#3920)

  • Docs

    • Fix incorrect hook names in gRPC docs (#3923)
    • Reword v8 upgrade guide IPv6 bullet for clarity (#3928)
Commits
  • cee7e61 Release v8.0.1 (#3932)
  • f955caf Fix prune_bundler stripping user-configured BUNDLE_* env vars on re-exec (#3929)
  • 97996aa ci: test_error_logger.rb - fix TruffleRuby error (#3930)
  • 03825bc Build(deps): Bump actions/github-script from 8 to 9 (#3925)
  • 053efae Reword v8 upgrade guide ipv6 bullet (#3928)
  • b19f35a Fix incorrect hook names in gRPC docs (#3923)
  • eeabe4b Use blocks for debug logging to avoid creating messages if debug disabled (#3...
  • See full diff in compare view

Updates bootsnap from 1.23.0 to 1.24.1

Release notes

Sourced from bootsnap's releases.

v1.24.1

What's Changed

  • Fix encoding of Ruby source files loaded when BOOTSNAP_READONLY is set. Files would incorectly be loaded in ASCII-8BIT causing literal strings outside the pure ASCII range to have ASCII-8BIT encoding instead of UTF-8. This bug was introduced in 1.24.0.

Full Changelog: rails/bootsnap@v1.24.0...v1.24.1

v1.24.0

What's Changed

  • Added a hook API to customize Ruby compilation.

Full Changelog: rails/bootsnap@v1.23.0...v1.24.0

Changelog

Sourced from bootsnap's changelog.

1.24.1

  • Fix encoding of Ruby source files loaded when BOOTSNAP_READONLY is set. Files would incorectly be loaded in ASCII-8BIT causing literal strings outside the pure ASCII range to have ASCII-8BIT encoding instead of UTF-8. This bug was introduced in 1.24.0.

1.24.0

  • Added a hook API to customize Ruby compilation.
Commits
  • 51ccecc Release 1.24.1
  • e4479c0 Merge pull request #538 from byroot/debug-compiler-encoding
  • d6d8768 Fix ISeq.input_to_output to respect default external encoding
  • dc57c20 Release 1.24.0
  • 481b9b9 Avoid interning string on every call
  • 81e6db4 Merge pull request #535 from byroot/compilation-backends
  • 320ca02 Allow to substitute the Ruby compiler
  • See full diff in compare view

Updates nokogiri from 1.19.2 to 1.19.3

Release notes

Sourced from nokogiri's releases.

v1.19.3 / 2026-04-27

Fixed / Security

  • Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
  • [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.
46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem
8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem
3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem
9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem
71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem
40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem
8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem
77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem
2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem
248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem
78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem
Changelog

Sourced from nokogiri's changelog.

v1.19.3 / 2026-04-27

Fixed / Security

  • Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
  • [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.
Commits
  • c139a3d version bump to v1.19.3
  • 7501a63 fix: backtracking in CSS tokenizer rules (v1.19.x backport) (#3627)
  • 03e7968 test: skip CSS tokenizer benchmarks on JRuby
  • b984b7e fix: ReDoS in CSS tokenizer ident rule
  • 0092623 fix: ReDoS in CSS tokenizer STRING rule
  • ee17d33 fix: memory leak in XSLT transform (backport to v1.19.x) (#3624)
  • ce188a3 doc: update CHANGELOG
  • caeaac4 fix: memory leak in XSLT transform
  • 25220bf dep(test): test against libxml-ruby v6 (#3618)
  • 0caeb21 doc: add security warnings for untrusted XSLT stylesheets
  • See full diff in compare view

Updates pagy from 43.5.1 to 43.5.3

Release notes

Sourced from pagy's releases.

Version 43.5.3

Changes in 43.5.3

  • Autoload series, a_lambda and page_label
  • Add Hungarian localization file for Pagy (#896)

CHANGELOG

Version 43

We needed a leap version to unequivocally signal that it's not just a major version: it's a complete redesign of the legacy code at all levels, usage and API included.

Why 43? Because it's exactly one step beyond "The answer to the ultimate question of life, the Universe, and everything." 😉

Improvements

This version introduces several enhancements, such as new :countish and :keynav_js paginators and improved automation and configuration processes, reducing setup requirements by 99%. The update also includes a simpler API and new interactive development tools, making it a comprehensive upgrade from previous versions.

  • New :countish Paginator
    • Faster than OFFSET and supporting the full UI
  • New Keynav Pagination
    • The pagy-exclusive technique using the fastest keyset pagination alongside all frontend helpers.
  • New interactive dev-tools
    • New PagyWand to integrate the pagy CSS with your app themes.
    • New Pagy AI available right inside your own app.
  • Intelligent automation
  • Simpler API
    • You solely need the pagy method and the @​pagy instance to paginate any collection and use any navigation tag and helper.
    • Methods are autoloaded only if used, and consume no memory otherwise.
    • Methods have narrower scopes and can be overridden without deep knowledge.
  • New documentation
    • Very concise, straightforward, and easy to navigate and understand.

Upgrade to 43

See the Upgrade Guide

... (truncated)

Changelog

Sourced from pagy's changelog.

Version 43.5.3

  • Autoload series, a_lambda and page_label
  • Add Hungarian localization file for Pagy (#896)

Version 43.5.2

  • Add type validation for page and limit keys type (close #895)
  • Simplify series_nav_js removing "pagy-rjs" CSS class (Fix #894)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the minor-and-patch group across 1 directory with 5 updates
0164426 
Bumps the minor-and-patch group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [propshaft](https://github.com/rails/propshaft) | `1.3.1` | `1.3.2` |
| [puma](https://github.com/puma/puma) | `8.0.0` | `8.0.1` |
| [bootsnap](https://github.com/rails/bootsnap) | `1.23.0` | `1.24.1` |
| [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.19.2` | `1.19.3` |
| [pagy](https://github.com/ddnexus/pagy) | `43.5.1` | `43.5.3` |



Updates `propshaft` from 1.3.1 to 1.3.2
- [Release notes](https://github.com/rails/propshaft/releases)
- [Commits](rails/propshaft@v1.3.1...v1.3.2)

Updates `puma` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](puma/puma@v8.0.0...v8.0.1)

Updates `bootsnap` from 1.23.0 to 1.24.1
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](rails/bootsnap@v1.23.0...v1.24.1)

Updates `nokogiri` from 1.19.2 to 1.19.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.19.2...v1.19.3)

Updates `pagy` from 43.5.1 to 43.5.3
- [Release notes](https://github.com/ddnexus/pagy/releases)
- [Changelog](https://github.com/ddnexus/pagy/blob/master/docs/CHANGELOG.md)
- [Commits](ddnexus/pagy@43.5.1...43.5.3)

---
updated-dependencies:
- dependency-name: propshaft
  dependency-version: 1.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: puma
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: bootsnap
  dependency-version: 1.24.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: nokogiri
  dependency-version: 1.19.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: pagy
  dependency-version: 43.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels May 1, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 2, 2026

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot Bot closed this May 2, 2026
@dependabot dependabot Bot deleted the dependabot/bundler/minor-and-patch-347c52bbc1 branch May 2, 2026 05:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants