chore(deps): update all non-major bundler dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
bootsnap	'~> 1.21.1' → '~> 1.23.0'
brakeman (source, changelog)	'~> 8.0.1' → '~> 8.0.4'
database_consistency	'~> 2.1.1' → '~> 2.1.3'
devise (changelog)	'~>5.0.0' → '~>5.0.2'
devise-i18n (changelog)	'~>1.15.0' → '~>1.16.0'
grover	'~> 1.2.6' → '~> 1.2.8'
mollie-api-ruby (changelog)	'~> 4.18.0' → '~> 4.19.0'
net-imap (changelog)	'~> 0.6.2' → '~> 0.6.3'
rspec-rails (changelog)	'~> 8.0.2' → '~> 8.0.3'
rubocop (source, changelog)	'~> 1.84.0' → '~> 1.85.0'
sentry-rails (source, changelog)	'~> 6.3' → '~> 6.4'
sentry-ruby (source, changelog)	'~> 6.3' → '~> 6.4'
sentry-sidekiq (source, changelog)	'~> 6.3' → '~> 6.4'
sidekiq (source, changelog)	'~> 8.0.10' → '~> 8.1.1'
spring (changelog)	'~> 4.4.0' → '~> 4.4.2'
web-console	'~> 4.2.1' → '~> 4.3.0'

---

Release Notes

presidentbeef/brakeman (brakeman)

v8.0.4

Compare Source

• Load 'date' library for --ensure-latest

v8.0.3

Compare Source

• Fix polymorphic_name SQLi false positive (Fredrico Franco)
• Fix logger behavior when loading config files
• Handle application names with module prefixes
• Add release age option for --ensure-latest

v8.0.2

Compare Source

• Reline console control should use stderr
• Fix logger cleanup based method (Imran Iqbal)

djezzzl/database_consistency (database_consistency)

v2.1.3

Compare Source

• Fix MissingDependentDestroyChecker to support composite keys. Thanks Andy Allan for reporting this!

v2.1.2

Compare Source

• Fix ForeignKeyTypeChecker to support composite keys. Thanks Quentin de Metz for reporting this!
• Fix MissingUniqueIndexChecker to support composite keys. Thanks Andy Allan for reporting this!

heartcombo/devise (devise)

v5.0.2

Compare Source

• enhancements
  • Allow resource class scopes to override the global configuration for sign_in_after_change_password behaviour. #​5825
  • Add sign_in_after_reset_password? check hook to passwords controller, to allow it to be customized by users. #​5826

v5.0.1

Compare Source

• bug fixes
  • Fix translation issue with German E-Mail on invalid authentication messages caused by previous fix for incorrect grammar #​5822

devise-i18n/devise-i18n (devise-i18n)

v1.16.0

Compare Source

• Added Ruby 4.0 to test matrix.
• Added compatibility with Devise 5.0.
• Updated views for Devise 5.0. Any views generated into your app prior to this release of devise-i18n should continue to work. Changes from Devise are:
  • heartcombo/devise#5494
  • heartcombo/devise@d13ef89
• Updated one English string for Devise 5.0: heartcombo/devise@41003bf. Translations of this string are unaffected.
• Dropped compatibility for Devise < 5.0.

Studiosity/grover (grover)

v1.2.8

Compare Source

Added

• #​303 Allow overriding of browser launch timeout ([@​abrom][])

v1.2.7

Compare Source

Added

• #​302 Capture/expose Puppeteer DevTools debug output ([@​abrom][])

mollie/mollie-api-ruby (mollie-api-ruby)

v4.19.0

Compare Source

• (c61808e) Allow bigdecimal 4.x

ruby/net-imap (net-imap)

v0.6.3

Compare Source

What's Changed

Added

• 🥅 Add parser state and #detailed_message to ResponseParseError by @​nevans in #​599
  • 🥅💄 Support (monochrome) highlights in parse error details by @​nevans in #​603
  • 🥅💄 Auto-highlight parse error detailed_message using TERM and FORCE_COLOR by @​nevans in #​607
  • 🥅💄 Add color highlights to parse error details (default honors NO_COLOR) by @​nevans in #​609
• 🔧 Add Config#overrides? (opposite of #inherited?) by @​nevans in #​610
• 🔧 Add recursive Config#inherits_defaults? by @​nevans in #​611

Fixed

• 🐛 Parse resp-text with invalid resp-text-code by @​nevans in #​601
• 🐛 Config.version_defaults should be read only by @​nevans in #​594

Other Changes

• 🥅 Only print parser debug for unhandled errors by @​nevans in #​600
• ♻️ Don't hardcode parser deprecation warning uplevel by @​nevans in #​602
• ♻️ Simplify Config::AttrAccessors a little by @​nevans in #​606
• ♻️ Set Config[:default] as alias of Config[VERSION] by @​nevans in #​608

Fixes for unreleased code:

• 🐛 Return ResponseText from resp-text fallback by @​nevans in #​605
• 🐛 Fix parse error parser_backtrace (for ruby <= 3.3) by @​nevans in #​604

Miscellaneous

• Delete test/net/imap/test_data_lite.rb by @​nobu in #​593
• ⬆️ Bump step-security/harden-runner from 2.14.0 to 2.14.1 by @​dependabot[bot] in #​596
• Bump step-security/harden-runner from 2.14.1 to 2.14.2 by @​dependabot[bot] in #​598

Full Changelog: ruby/net-imap@v0.6.2...v0.6.3

rspec/rspec-rails (rspec-rails)

v8.0.3

Compare Source

Full Changelog

Bug Fixes:

• Fix insertion order of controller prefix in the view lookup_context. (Stephen Nelson, #​2749)
• Ensure rails stats looks for specs using application root rather than working directory.
  (Marvin Tangpos, #​2879)

rubocop/rubocop (rubocop)

v1.85.0

Compare Source

New features

• #​14921: Add mise.toml as source for TargetRubyVersion. ([@​kitsane][])
• #​14925: Add new Lint/UnreachablePatternBranch cop. ([@​sferik][])
• #​14942: Add new Style/FileOpen cop. ([@​sferik][])
• #​14939: Add new Style/MapJoin cop. ([@​sferik][])
• #​14924: Add new Style/OneClassPerFile cop. ([@​sferik][])
• #​14923: Add new Style/PartitionInsteadOfDoubleSelect cop. ([@​sferik][])
• #​14811: Add new Style/PredicateWithKind cop. ([@​sferik][])
• #​14938: Add new Style/ReduceToHash cop. ([@​sferik][])
• #​14812: Add new Style/RedundantMinMaxBy cop. ([@​sferik][])
• #​13501: Add new Style/RedundantStructKeywordInit cop. ([@​koic][])
• #​14808: Add new Style/SelectByKind cop. ([@​sferik][])
• #​14810: Add new Style/SelectByRange cop. ([@​sferik][])
• #​14922: Add new Style/TallyMethod cop. ([@​sferik][])
• #​14773: Add new Lint/DataDefineOverride cop. ([@​bbatsov][])
• #​14781: Add new InternalAffairs/ItblockHandler cop. ([@​bbatsov][])
• #​14911: Support built-in MCP server (experimental). ([@​koic][])

Bug fixes

• #​14829: Allow classes without a superclass in Style/EmptyClassDefinition. ([@​koic][])
• #​14873: Fix an error in Style/NegatedWhile when the last expression of an until condition is negated. ([@​koic][])
• #​14827: Improve Style/EmptyClassDefinition message wording. ([@​bbatsov][])
• #​14800: Fix false obsolete configuration error for extracted cops when loaded as plugins. ([@​bbatsov][])
• #​14928: Fix a false positive for Lint/Void when nil is used in case branch. ([@​5hun-s][])
• #​14857: Fix false positives in Style/IfUnlessModifier when modifier forms are used inside string interpolations. ([@​koic][])
• #​8773: Fix false positives in Style/HashTransformKeys and Style/HashTransformValues. ([@​sferik][])
• #​6963: Fix false positives in Lint/Void for each blocks where the return value may be meaningful (e.g., Enumerator#each). ([@​sferik][])
• #​14931: Ignore directive comments inside comments. ([@​koic][])
• #​14834: Fix Layout/IndentationWidth false positive for chained method blocks when EnforcedStyleAlignWith is start_of_line. ([@​krororo][])
• #​14756: Fix Lint/Void to detect void expressions in case/when branches. ([@​bbatsov][])
• #​14874: Fix a Parser::ClobberingError in Lint/UselessAssignment when autocorrecting a useless assignment that wraps a block containing another useless assignment. ([@​koic][])
• #​14880: Fix a false negative in Layout/MultilineAssignmentLayout when using numblock or itblock with SupportedTypes: ['block']. ([@​bbatsov][])
• #​11462: Fix over-indentation when autocorrecting nested hashes with Layout/FirstHashElementIndentation. ([@​ydakuka][])
• #​14880: Recognize block on different line from left side of multi-line assignment in Layout/MultilineAssignmentLayout. ([@​sanfrecce-osaka][])
• #​14641: Fix false positive in Lint/RedundantSafeNavigation when using &.respond_to? with methods defined on Object (e.g., :class). ([@​bbatsov][])
• #​14098: Mark Lint/SafeNavigationConsistency autocorrect as unsafe. ([@​bbatsov][])
• #​14791: Fix autocorrect producing SyntaxError in Lint/InterpolationCheck when single quoted string contains double quotes with invalid interpolation. ([@​ydakuka][])

Changes

• #​14872: Tweak autocorrection in Style/HashAsLastArrayItem when multiline hash elements. ([@​koic][])
• #​14917: Change Style/EndlessMethod cop to consider receivers. ([@​fatkodima][])
• #​14851: Reduce precision in 'Finished in X.X seconds' message to 5 decimal places. ([@​ZimbiX][])
• #​14895: Rename class_definition to class_keyword in EnforcedStyle of Style/EmptyClassDefinition. ([@​koic][])
• #​14956: Add support for String.new with interpolated strings to Style/RedundantInterpolationUnfreeze. ([@​lovro-bikic][])
• #​14955: Register redundant parentheses around block body in Style/RedundantParentheses. ([@​lovro-bikic][])

v1.84.2

Compare Source

Bug fixes

• #​14854: Fix a clobbering error in Style/BlockDelimiters when autocorrecting nested multi-line blocks with adjacent curly braces. ([@​koic][])
• #​14837: Fix an error for Style/IfUnlessModifier when the first value uses a normal if and the others use modifier if. ([@​koic][])
• #​14858: Fix an infinite loop error in Layout/FirstArgumentIndentation when first arguments are over-indented in nested method calls. ([@​koic][])
• #​14843: Fix an error in Layout/MultilineMethodCallIndentation when a multiline method call follows a hash access. ([@​koic][])
• #​14859: Fix an error in Layout/MultilineMethodCallIndentation when a multiline method call includes a keyword argument whose value is a method call with a block. ([@​koic][])
• #​14839: Fix a false positive for Layout/EmptyLinesAfterModuleInclusion when include is nested inside an array. ([@​eugeneius][])
• #​7436: Fix Style/FormatStringToken to not autocorrect strings outside of format method context in aggressive mode. ([@​ydakuka][])
• #​14841: Fix false negatives in Style/HashAsLastArrayItem when an array contains only a single hash element. ([@​koic][])
• #​14865: Fix false negatives in Style/MethodDefParentheses when using splat or forwarding arguments without parentheses. ([@​koic][])
• #​14833: Fix false positive for Layout/MultilineMethodCallIndentation when a multi-dot method chain is inside a hash pair value. ([@​ydakuka][])
• #​14847: Fix false positive for Layout/MultilineMethodCallIndentation when a method is chained after a single-line block. ([@​ydakuka][])
• #​14867: Fix Offense#highlighted_area for PseudoSourceRange locations. ([@​rafaelfranca][])
• #​14861: Fix an error in Style/IfUnlessModifier when the first value uses a normal if and the others use ternary operator. ([@​koic][])
• #​14816: Use toplevel cache configs for remote configuration files. ([@​nekketsuuu][])

v1.84.1

Compare Source

Bug fixes

• #​14803: Fix an error for Layout/IndentationWidth cop. ([@​viralpraxis][])
• #​14806: Fix an error in Style/NegativeArrayIndex when using self as array with implicit self receiver. ([@​koic][])
• #​14813: Fix opt-in cop comments taking precedence over configuration file exclude patterns. ([@​afrase][])
• #​14819: Fix incorrect autocorrect for Style/GuardClause when using heredoc as an argument of method call in raise in else branch. ([@​koic][])
• #​14805: Bring back the original indentation from before version 1.84.0. ([@​Magikdidi24][])
• #​12754: Fix an infinite loop for Style/IfUnlessModifier when multiple if/unless statements share the same line in arrays, method arguments, or hash values. ([@​ydakuka][])
• #​14817: Fix an infinite loop between Layout/FirstArgumentIndentation and Layout/LineLength when correcting method chains. ([@​ydakuka][])
• #​11513: Fix Layout/MultilineMethodCallIndentation to properly handle method chains inside hash pair values. ([@​ydakuka][])
• #​14814: Fix push/pop directives to properly handle nested scopes and state restoration. ([@​Magikdidi24][])

Changes

• #​14823: Add the built-in infinite? method to the allowlists for Naming/PredicateMethod, Style/IfWithBooleanLiteralBranches, and Style/RedundantCondition, in addition to the existing nonzero?. ([@​koic][])
• #​14735: Remove deprecated InjectDefaults handling. ([@​afurm][])

getsentry/sentry-ruby (sentry-rails)

v6.4.0

Compare Source

Features

• Add support for OTLP ingestion in sentry-opentelemetry (#​2853)

  Sentry now has first class OTLP ingestion capabilities.

  Sentry.init do |config|
    ## ...
    config.otlp.enabled = true
  end

  Under the hood, this will setup:

  • An OpenTelemetry::Exporter that will automatically set up the OTLP ingestion endpoint from your DSN
    • You can turn this off with config.otlp.setup_otlp_traces_exporter = false to setup your own exporter
  • An OTLPPropagator that ensures Distributed Tracing works
    • You can turn this off with config.otlp.setup_propagator = false
  • Trace/Span linking for all other Sentry events such as Errors, Logs, Crons and Metrics

  If you were using the SpanProcessor before, we recommend migrating over to config.otlp since it's a much simpler setup.

• Treat Sidekiq nil retry as true (#​2864)

• Queue time capture for Rack (#​2838)

Bug Fixes

• Fix MetricEvent timestamp serialization to float (#​2862)
• Fix CGI imports for ruby 4.x (#​2863)
• Always include scope user data in telemetry (#​2866)

v6.3.1

Compare Source

Bug Fixes

• Use ActionDispatch::ExceptionWrapper for correct HTTP status code (#​2850)
• Add explicit dependency on logger gem to fix Ruby 4.0 warning (#​2837)

Internal

• Add external_propagation_context support (#​2841)

sidekiq/sidekiq (sidekiq)

v8.1.1

Compare Source

• DEPRECATION require 'sidekiq/testing' and
  require 'sidekiq/testing/inline'.
  Add new Sidekiq.testing!(mode) API [#​6931]
  Requiring code should not enable process-wide changes.

# Old, implicit
require "sidekiq/testing"
require "sidekiq/testing/inline"

# New, more explicit
Sidekiq.testing!(:fake)
Sidekiq.testing!(:inline)

• Fix race condition with Stop button in UI [#​6935]
• Fix javascript error handler [#​6893]

v8.1.0

Compare Source

• retry_for and retry are now mutually exclusive [#​6878, Saidbek]
• perform_inline now enforces strict_args! [#​6718, Saidbek]
• Integrate Herb linting for ERB templates [#​6760, Saidbek]
• Remove CSRF code, use Sec-Fetch-Site header [#​6874, deve1212]
• Allow custom Web UI assets_path for CDN purposes [#​6865, stanhu]
• Upgrade to connection_pool 3.0
• Allow idle connection reaping after N seconds.
  You can activate this beta feature like below.
  Feedback requested: is this feature stable and useful for you in production?
  This feature may or may not be enabled by default in Sidekiq 9.0.

Sidekiq.configure_server do |cfg|
  cfg.reap_idle_redis_connections(60)
end

rails/spring (spring)

v4.4.2: 4.4.2

Compare Source

What's Changed

• Fix spawn_on_env vars leaking from server to app by @​hmcguire-shopify in #​749

New Contributors

• @​hmcguire-shopify made their first contribution in #​749

Full Changelog: rails/spring@v4.4.1...v4.4.2

v4.4.1: 4.4.1

Compare Source

What's Changed

• Uses subclasses instead of descendants to support Rails < 7.1
• Pass signaled exit code properly to the client by @​rafaelfranca in #​744

Full Changelog: rails/spring@v4.4.0...v4.4.1

rails/web-console (web-console)

v4.3.0

Compare Source

• #​342 Always permit IPv4-mapped IPv6 loopback addresses ([@​zunda]).
• Fixed Rails 8.2.0.alpha support
• Drop Rails 7.2 support
• Drop Ruby 3.1 support

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone Europe/Amsterdam, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.59%. Comparing base (9e7b1d0) to head (4782a50).

Additional details and impacted files

@@           Coverage Diff            @@
##           staging    #1226   +/-   ##
========================================
  Coverage    77.59%   77.59%           
========================================
  Files           54       54           
  Lines         1406     1406           
========================================
  Hits          1091     1091           
  Misses         315      315           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Gemfile.lock

Writing lockfile to /tmp/renovate/repos/github/csvalpha/sofia/Gemfile.lock
Fetching gem metadata from https://rubygems.org/........
Resolving dependencies...

Could not find compatible versions

Because web-console >= 4.3.0 depends on railties >= 8.0.0
  and rails-i18n >= 7.0.1, < 8.0.0 depends on railties >= 6.0.0, < 8,
  web-console >= 4.3.0 is incompatible with rails-i18n >= 7.0.1, < 8.0.0.
So, because Gemfile depends on rails-i18n ~> 7.0.10
  and Gemfile depends on web-console ~> 4.3.0,
  version solving has failed.