Skip to content

chore(deps): bump the ruby-deps group across 1 directory with 4 updates#520

Closed
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/bundler/dev/ruby-deps-98ee025e20
Closed

chore(deps): bump the ruby-deps group across 1 directory with 4 updates#520
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/bundler/dev/ruby-deps-98ee025e20

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 8, 2026
edited
Loading

Bumps the ruby-deps group with 4 updates in the / directory: bootsnap, sqlite3, view_component and pagy.

Updates bootsnap from 1.24.2 to 1.24.3

Release notes

Sourced from bootsnap's releases.

v1.24.3

  • Fix the 1.24.2 workaround to parse Ruby files with UTF-8 even when the LANG environment variable is unset or set to C.

Full Changelog: rails/bootsnap@v1.24.2...v1.24.3

Changelog

Sourced from bootsnap's changelog.

1.24.3

  • Fix the 1.24.2 workaround to parse Ruby files with UTF-8 even when the LANG environment variable is unset or set to C.
Commits

Updates sqlite3 from 2.9.3 to 2.9.4

Release notes

Sourced from sqlite3's releases.

2.9.4 / 2026-05-05

ecabed721e6eaad54601d2685f09029d90025efc8d931040dc89cb3f8a2080ec  gems/sqlite3-2.9.4-aarch64-linux-gnu.gem
ffb4255947fb54c8c3eeca97460c9702b40de91ce390455ef7367ca6a3929a31  gems/sqlite3-2.9.4-aarch64-linux-musl.gem
9ee2008b9fbec984c3c165b0d7eedd2bd2a415100b761bfa3a4c6fbec9208bf6  gems/sqlite3-2.9.4-arm-linux-gnu.gem
8dc1fe4da6977992cd62decf4a93ccf6cc2e124a5e6a340160d52092f70e837a  gems/sqlite3-2.9.4-arm-linux-musl.gem
1d5aad413a815d236e96d43f05a1acc600b6cd086800770342a3f9c2877499ff  gems/sqlite3-2.9.4-arm64-darwin.gem
40997c549b19e2fdfcc5e271f6bdd4d502179742c0bfd678da23d0d09b929848  gems/sqlite3-2.9.4-x64-mingw-ucrt.gem
5cab40ea734796802853501bd23b6162eec391dc37f3bf04bc2ffbda9c8bf93d  gems/sqlite3-2.9.4-x86-linux-gnu.gem
936e2d4a428887fac15f55e26a18671fbb4e522bffaa43969fadf7b40ab25214  gems/sqlite3-2.9.4-x86-linux-musl.gem
f280c476e360b73e86165a5e59b72801385b4a6c3a47f8af5ecefb9d90bec17f  gems/sqlite3-2.9.4-x86_64-darwin.gem
537a3eda71b1df1336d0055cbebe55a7317c34870c192c7b6b9d8d0be6871847  gems/sqlite3-2.9.4-x86_64-linux-gnu.gem
3fc5e865b4be9a85d998203ef8d0c0fdcb92f20acf34a254346ff8a19088efec  gems/sqlite3-2.9.4-x86_64-linux-musl.gem
6161c5b9c17886b289558e6c8082b28a22a814736d2433c9a67f4c6bfcde5c97  gems/sqlite3-2.9.4.gem
Changelog

Sourced from sqlite3's changelog.

2.9.4 / 2026-05-05

Commits
  • ae58899 version bump to v2.9.4
  • e16df53 Merge pull request #704 from sparklemotion/dep-sqlite-3.53.1
  • 2dc95ff dep: update vendored sqlite to 3.53.1
  • 1b8241a build(deps): bump the actions group with 2 updates (#703)
  • fd6f3fb build(deps-dev): update minitest requirement from 6.0.5 to 6.0.6 (#702)
  • b0453d6 build(deps-dev): update minitest requirement from 6.0.4 to 6.0.5 (#700)
  • 134521c build(deps): bump ruby/setup-ruby in the actions group (#701)
  • a2fff52 build(deps): bump the actions group with 3 updates (#699)
  • af66843 build(deps-dev): update minitest requirement from 6.0.3 to 6.0.4 (#698)
  • 26d49d9 build(deps-dev): update rake-compiler-dock requirement (#697)
  • See full diff in compare view

Updates view_component from 4.8.0 to 4.9.0

Release notes

Sourced from view_component's releases.

4.9.0

  • Fix path traversal vulnerability in ViewComponentsSystemTestController where sibling directories sharing a string prefix with the allowed temp directory could bypass the path containment check. The start_with? check has been replaced with a separator-aware prefix check, and nefarious path errors now return a 404 instead of an unhandled exception.

    Joel Hawksley

  • Fix preview route vulnerability where inherited methods on ViewComponent::Preview (such as render_with_template) could be invoked via the preview URL, allowing arbitrary internal Rails templates to be rendered with attacker-controlled locals and request parameters. render_args now raises AbstractController::ActionNotFound for any example not explicitly declared on the preview subclass.

    Joel Hawksley

  • Add yard-lint to CI.

    Joel Hawksley

Changelog

Sourced from view_component's changelog.

4.9.0

  • Fix path traversal vulnerability in ViewComponentsSystemTestController where sibling directories sharing a string prefix with the allowed temp directory could bypass the path containment check. The start_with? check has been replaced with a separator-aware prefix check, and nefarious path errors now return a 404 instead of an unhandled exception.

    Joel Hawksley

  • Fix preview route vulnerability where inherited methods on ViewComponent::Preview (such as render_with_template) could be invoked via the preview URL, allowing arbitrary internal Rails templates to be rendered with attacker-controlled locals and request parameters. render_args now raises AbstractController::ActionNotFound for any example not explicitly declared on the preview subclass.

    Joel Hawksley

  • Add yard-lint to CI.

    Joel Hawksley

Commits

Updates pagy from 6.5.0 to 9.4.0

Release notes

Sourced from pagy's releases.

Version 9.4.0

🚀 Try the upcoming v43! 🚀

Pagy is about to leap to the next level.

Try the new v43.0.0.rc*.

Leave your comments in the Version 43 discussion.

✴ What's new in 9.0+ ✴

  • Wicked-fast Keyset Pagination for big data! It works with ActiveRecord::Relation and Sequel::Dataset sets.
  • More Playground Apps to showcase, clone and develop pagy APPs without any setup on your side
  • Lots of refactorings and optimizations
  • See the Changelog for possible breaking changes

Changes in 9.4.0

  • Update aria translation for Tamil (#788)
  • Add Slovak localization with west_slavic pluralization rules (#787)

CHANGELOG

Version 9.3.4

✴ What's new in 9.0+ ✴

  • Wicked-fast Keyset Pagination for big data! It works with ActiveRecord::Relation and Sequel::Dataset sets.
  • More Playground Apps to showcase, clone and develop pagy APPs without any setup on your side
  • Lots of refactorings and optimizations
  • See the Changelog for possible breaking changes

Changes in 9.3.4

  • Fix method visibility in JsonApiExtra (#765)

CHANGELOG

Version 9.3.3

✴ What's new in 9.0+ ✴

  • Wicked-fast Keyset Pagination for big data! It works with ActiveRecord::Relation and Sequel::Dataset sets.
  • More Playground Apps to showcase, clone and develop pagy APPs without any setup on your side

... (truncated)

Changelog

Sourced from pagy's changelog.

Version 9.4.0

  • Update aria translation for Tamil (#788)
  • Add Slovak localization with west_slavic pluralization rules (#787)

Version 9.3.5

  • fix quoted identifiers in keyset (#780)
  • Fix clone command (#770)

Version 9.3.4

  • Fix method visibility in JsonApiExtra (#765)

Version 9.3.3

  • Add test for locales - to find problematic keys (#752)
  • Update locales: zh-CN, zh-HK, zh-TW (#751) (fix #608, fix #609, fix #610)
    • Remove :other from :aria_label key and code comment
    • Change :item_name which had :one_other keys to default to the :other key
    • Fix comment

Version 9.3.2

  • Improve gapped series computation by a few milliseconds

Version 9.3.1

  • Added qualified column names to the keyset query

Version 9.3.0

  • Remove the :typecast_latest variable
  • Add the :jsonify_keyset_attributes variable to override the encoding (#749)

Version 9.2.2

  • Replace inline templates with template block in sinatra apps
  • Replace the rails calendar app with a sinatra app
  • Add PagyApps::INDEX

Version 9.2.1

  • Improve bin/pagy to dynamically find apps and descriptions
  • Apps refactoring:
    • Update rails to 8.0
    • Replace rails AR keyset apps with sinatra apps
    • Improve consistency

Version 9.2.0

... (truncated)

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
pagy [>= 43.a, < 44]

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 8, 2026
@AkaKwak
Copy link
Copy Markdown
Contributor

AkaKwak commented May 8, 2026

@dependabot unignore pagy

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 8, 2026

No dependency name (pagy) or ignore conditions found to unignore.

@AkaKwak
Copy link
Copy Markdown
Contributor

AkaKwak commented May 8, 2026

@dependabot ignore pagy major version

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 8, 2026

OK, I won't notify you about version 43.x.x of pagy again, unless you unignore it.

@dependabot dependabot Bot changed the title chore(deps): bump the ruby-deps group with 4 updates chore(deps): bump the ruby-deps group across 1 directory with 4 updates May 8, 2026
@dependabot
chore(deps): bump the ruby-deps group across 1 directory with 4 updates
3e4db3c 
Bumps the ruby-deps group with 4 updates in the / directory: [bootsnap](https://github.com/rails/bootsnap), [sqlite3](https://github.com/sparklemotion/sqlite3-ruby), [view_component](https://github.com/viewcomponent/view_component) and [pagy](https://github.com/ddnexus/pagy).


Updates `bootsnap` from 1.24.2 to 1.24.3
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](rails/bootsnap@v1.24.2...v1.24.3)

Updates `sqlite3` from 2.9.3 to 2.9.4
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/sqlite3-ruby@v2.9.3...v2.9.4)

Updates `view_component` from 4.8.0 to 4.9.0
- [Release notes](https://github.com/viewcomponent/view_component/releases)
- [Changelog](https://github.com/ViewComponent/view_component/blob/main/docs/CHANGELOG.md)
- [Commits](ViewComponent/view_component@v4.8.0...v4.9.0)

Updates `pagy` from 6.5.0 to 9.4.0
- [Release notes](https://github.com/ddnexus/pagy/releases)
- [Changelog](https://github.com/ddnexus/pagy/blob/9.4.0/CHANGELOG.md)
- [Commits](ddnexus/pagy@6.5.0...9.4.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.24.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: pagy
  dependency-version: 43.5.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ruby-deps
- dependency-name: sqlite3
  dependency-version: 2.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: view_component
  dependency-version: 4.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/dev/ruby-deps-98ee025e20 branch from 68fdad8 to 3e4db3c Compare May 8, 2026 19:34
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 15, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 15, 2026
@dependabot dependabot Bot deleted the dependabot/bundler/dev/ruby-deps-98ee025e20 branch May 15, 2026 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AkaKwak