Bump the bundler group across 1 directory with 6 updates

[dependabot]

Bumps the bundler group with 4 updates in the / directory: activesupport, ffi, nokogiri and yajl-ruby.

Updates activesupport from 4.2.1 to 7.1.3.2

Release notes

Sourced from activesupport's releases.

v7.1.3.2

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix raise_on_missing_translations not working correctly with the translate method in controllers after the patch for CVE-2024-26143.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 7.1.3.2 (February 21, 2024)

• No changes.

Rails 7.1.3.1 (February 21, 2024)

• No changes.

Rails 7.1.3 (January 16, 2024)

• Handle nil backtrace_locations in ActiveSupport::SyntaxErrorProxy.

  Eugene Kenny

• Fix ActiveSupport::JSON.encode to prevent duplicate keys.

  If the same key exist in both String and Symbol form it could lead to the same key being emitted twice.

  Manish Sharma

• Fix ActiveSupport::Cache::Store#read_multi when using a cache namespace and local cache strategy.

  Mark Oleson

• Fix Time.now/DateTime.now/Date.today to return results in a system timezone after #travel_to.

  There is a bug in the current implementation of #travel_to: it remembers a timezone of its argument, and all stubbed methods start returning results in that remembered timezone. However, the expected behaviour is to return results in a system timezone.

  Aleksei Chernenkov

• Fix :unless_exist option for MemoryStore#write (et al) when using a cache namespace.

  S. Brent Faulkner

• Fix ActiveSupport::Deprecation to handle blaming generated code.

  Jean Boussier, fatkodima

Rails 7.1.2 (November 10, 2023)

• Fix :expires_in option for RedisCacheStore#write_multi.

... (truncated)

Commits

• 6f0d1ad Preparing for 7.1.3.2 release
• c25f0fc Respect raise_on_missing_ in controller
• d73ed95 Preparing for 7.1.3.1 release
• 43037d8 update changelog
• 36c1591 Preparing for 7.1.3 release
• a84622f Sync changelog
• 894f933 Merge pull request #50764 from eugeneius/syntax_error_proxy_nil_backtrace_loc...
• b02f6c9 Merge pull request #48957 from cmaruz/48326
• 81c8023 Sync changelog
• 3a85830 Merge pull request #50749 from Earlopain/changelog-typo
• Additional commits viewable in compare view

Updates ffi from 1.9.8 to 1.16.3

Changelog

Sourced from ffi's changelog.

1.16.3 / 2023-10-04

Fixed:

• Fix gcc error when building on CentOS 7. #1052
• Avoid trying to store new DataConverter type in frozen TypeDefs hash. #1057

1.16.2 / 2023-09-25

Fixed:

• Handle null pointer crash after fork. #1051

1.16.1 / 2023-09-24

Fixed:

• Fix compiling the builtin libffi. #1049

1.16.0 / 2023-09-23

Fixed:

• Fix an issue with signed bitmasks when using flags on the most significant bit. #949
• Fix FFI::Pointer#initialize using NUM2LL instead of NUM2ULL.
• Fix FFI::Type#inspect to properly display the constant name. #1002
• Use libffi closure allocations on hppa-Linux. #1017 Previously they would segfault.
• Fix class name of Symbol#inspect.
• Fix MSVC support of libtest. #1028
• Fix attach_function of functions ending in ? or ! #971

Added:

• Convert all C-based classes to TypedData and use write barriers. #994, #995, #996, #997, #998, #999, #1000, #1001, #1003, #1004, #1005, #1006, #1007, #1008, #1009, #1010, #1011, #1012 This results in less pressure on the garbage collector, since the objects can be promoted to the old generation, which means they only get marked on major GC.
• Implement ObjectSpace.memsize_of() of all C-based classes.
• Make FFI Ractor compatible. #1023 Modules extended per extend FFI::Library need to be frozen in order to be used by non-main Ractors. This can be done by calling freeze below of all C interface definitions.
  • In a Ractor it's possible to:
    • load DLLs and call its functions, access its global variables
    • use builtin typedefs
    • use and modify ractor local typedefs
    • define callbacks
    • receive async callbacks from non-ruby threads
    • use frozen FFI::Library based modules with all attributes (enums, structs, typedefs, functions, callbacks)
    • invoke frozen functions and callbacks defined in the main Ractor

... (truncated)

Commits

• 6cef66d Bump VERSION to 1.16.3
• 87ca653 Update CHANGELOG for ffi-1.16.3
• a8f7d97 Update link in README.md [ci skip]
• 87ff960 Merge branch 'master' of github.com:ffi/ffi
• c97b825 Add examples from https://github.com/ffi/ffi/wiki/How-to-use-FFI-in-Ruby-Ractors
• c1ed9bc Add link to Ractor docs to README.md
• 13afd23 Merge pull request #1057 from mvz/avoid-frozen-typemap
• 6e29dc1 Avoid trying to store new DataConverter type in frozen TypeDefs hash
• bf21280 Prepare a CHANGELOG entry for ffi-1.16.3
• 683e18b Merge pull request #1053 from larskanis/fix-1052
• Additional commits viewable in compare view

Updates i18n from 0.7.0 to 1.14.5

Release notes

Sourced from i18n's releases.

v1.14.5

What's Changed

• Explicitly bundle racc gem for Ruby 3.3+ by @​amatsuda in ruby-i18n/i18n#690
• Optimize I18n::Locale::Fallbacks#[] for recursive locale mappings by @​uiur in ruby-i18n/i18n#692
• Add I18n.interpolation_keys by @​tom-lord in ruby-i18n/i18n#682
• Fix syntax in documentation for I18n::Backend::Base.interpolate by @​tom-lord in ruby-i18n/i18n#691
• Fix that escaped interpolations with reserved keywords raised ReservedInterpolationKey by @​Bilka2 in ruby-i18n/i18n#688

New Contributors

• @​uiur made their first contribution in ruby-i18n/i18n#692
• @​tom-lord made their first contribution in ruby-i18n/i18n#682
• @​Bilka2 made their first contribution in ruby-i18n/i18n#688

Full Changelog: ruby-i18n/i18n@v1.14.4...v1.14.5

v1.14.4

What's Changed

Note: the racc dependency will be coming back in Version 2.

• undo strict racc dependency on this branch by @​radar in ruby-i18n/i18n#687

Full Changelog: ruby-i18n/i18n@v1.14.3...v1.14.4

v1.14.3

What's Changed

• Pass options to along to exists? super calls by @​radar in ruby-i18n/i18n#671
• Improve TOKENIZER by 23% by @​kbrock in ruby-i18n/i18n#668
• Regex part deux - INTERPOLATION_SYNTAX by @​kbrock in ruby-i18n/i18n#669
• Raise when translated entry contains interpolations for reserved keywords and no substitutions provided by @​fatkodima in ruby-i18n/i18n#678
• Implement Fallbacks#inspect and Fallbacks#empty? by @​fatkodima in ruby-i18n/i18n#683

Upkeep

• Update mocha gem by @​fatkodima in ruby-i18n/i18n#677
• Update workflows by @​yykamei in ruby-i18n/i18n#684

New Contributors

• @​kbrock made their first contribution in ruby-i18n/i18n#668

Full Changelog: ruby-i18n/i18n@v1.14.1...v1.14.3

v1.14.1

Included in this release

• Simplify the "Translation missing" message when default is an empty Array by @​amatsuda in ruby-i18n/i18n#662

Maintenance stuff

... (truncated)

Commits

• 55c7750 Bump to 1.14.5
• 2ab6eb0 Merge pull request #688 from Bilka2/escaped-reserved-interpolation
• 5bec0bc Merge pull request #691 from tom-lord/interpolate_documentation_syntax_fix
• 305edf4 Merge branch 'master' into interpolate_documentation_syntax_fix
• 73fd07e Merge pull request #682 from tom-lord/add_I18n.interpolation_keys
• 9b84d1d Merge pull request #692 from uiur/optimize-fallbacks-compute
• fb8e34e Remove unnecessary line
• 3d19b68 Use left recursion
• a295dba Optimize I18n::Locale::Fallbacks#compute
• 8f4bca1 Add note about not altering strings when no params are given
• Additional commits viewable in compare view

Updates nokogiri from 1.6.6.2 to 1.16.5

Release notes

Sourced from nokogiri's releases.

v1.16.5 / 2024-05-13

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@​flavorjones)

---

sha256 checksums:

af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874  nokogiri-1.16.5-aarch64-linux.gem
23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec  nokogiri-1.16.5-arm-linux.gem
950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214  nokogiri-1.16.5-arm64-darwin.gem
b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989  nokogiri-1.16.5-java.gem
ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e  nokogiri-1.16.5-x64-mingw-ucrt.gem
6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107  nokogiri-1.16.5-x64-mingw32.gem
abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4  nokogiri-1.16.5-x86-linux.gem
63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4  nokogiri-1.16.5-x86-mingw32.gem
71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279  nokogiri-1.16.5-x86_64-darwin.gem
0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97  nokogiri-1.16.5-x86_64-linux.gem
ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2  nokogiri-1.16.5.gem

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

---

sha256 checksums:

bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5  nokogiri-1.16.4-aarch64-linux.gem
0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a  nokogiri-1.16.4-arm-linux.gem
8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196  nokogiri-1.16.4-arm64-darwin.gem
bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc  nokogiri-1.16.4-java.gem
a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae  nokogiri-1.16.4-x64-mingw-ucrt.gem
4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468  nokogiri-1.16.4-x64-mingw32.gem
d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5  nokogiri-1.16.4-x86-linux.gem
d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168  nokogiri-1.16.4-x86-mingw32.gem
a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628  nokogiri-1.16.4-x86_64-darwin.gem
92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31  nokogiri-1.16.4-x86_64-linux.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.5

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@​flavorjones)

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

v1.16.3 / 2024-03-15

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.6 from v2.12.5. (@​flavorjones)

Changed

• [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See GHSA-xc9x-jj77-9p9j for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.5 from v2.12.4. (@​flavorjones)

v1.16.1 / 2024-02-03

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.4 from v2.12.3. (@​flavorjones)

... (truncated)

Commits

• cd70bd3 version bump to v1.16.5
• afc36de dep: update vendored libxml2 to v2.12.7 (#3191)
• 41b4f08 ci: add arm64-darwin coverage using macos-14
• 67b9e86 dep: update libxml2 to v2.12.7
• 17c0362 version bump to v1.16.4
• 1c329e9 dep: update to zlib 1.3.1 (v1.16.x) (#3175)
• edeac07 dep: update to zlib 1.3.1
• 80fb608 version bump to v1.16.3
• 710bd96 dep: update libxml 2.12.6 (branch v1.16.x) (#3151)
• 461a96e fix: Reader#read sets @​encoding if it is unset
• Additional commits viewable in compare view

Updates tzinfo from 1.2.2 to 2.0.6

Release notes

Sourced from tzinfo's releases.

v2.0.6

• Eliminate Object#untaint deprecation warnings on JRuby 9.4.0.0. #145.

TZInfo v2.0.6 on RubyGems.org

v2.0.5

• Changed DateTime results to always use the proleptic Gregorian calendar. This affects DateTime results prior to 1582-10-15 and any arithmetic performed on the results that would produce a secondary result prior to 1582-10-15.
• Added support for eager loading all the time zone and country data by calling either TZInfo::DataSource#eager_load! or TZInfo.eager_load!. Compatible with Ruby On Rails' eager_load_namespaces. #129.
• Ignore the SECURITY file from Arch Linux's tzdata package. #134.

TZInfo v2.0.5 on RubyGems.org

v2.0.4

• Fixed an incorrect InvalidTimezoneIdentifier exception raised when loading a zoneinfo file that includes rules specifying an additional transition to the final defined offset (for example, Africa/Casablanca in version 2018e of the Time Zone Database). #123.

TZInfo v2.0.4 on RubyGems.org

v2.0.3

• Added support for handling "slim" format zoneinfo files that are produced by default by zic version 2020b and later. The POSIX-style TZ string is now used calculate DST transition times after the final defined transition in the file. #120.
• Fixed TimeWithOffset#getlocal returning a TimeWithOffset with the timezone_offset still assigned when called with an offset argument on JRuby 9.3.
• Rubinius is no longer supported.

TZInfo v2.0.3 on RubyGems.org

v2.0.2

• Fixed 'wrong number of arguments' errors when running on JRuby 9.0. #114.
• Fixed warnings when running on Ruby 2.8. #113.

TZInfo v2.0.2 on RubyGems.org

v2.0.1

• Fixed "SecurityError: Insecure operation - require" exceptions when loading data with recent Ruby releases in safe mode. #100.
• Fixed warnings when running on Ruby 2.7. #109.
• Added a TZInfo::Timezone#=~ method that performs a regex match on the time zone identifier. #99.
• Added a TZInfo::Country#=~ method that performs a regex match on the country code.

TZInfo v2.0.1 on RubyGems.org

v2.0.0

Added

• to_local and period_for instance methods have been added to TZInfo::Timezone. These are similar to utc_to_local and period_for_utc, but take the UTC offset of the given time into account.
• abbreviation, dst?, base_utc_offset and observed_utc_offset instance methods have been added to TZInfo::Timezone, returning the abbreviation, whether daylight savings time is in effect and the UTC offset of the time zone at a specified time.
• A TZInfo::Timestamp class has been added. It can be used with TZInfo::Timezone in place of a Time or DateTime.
• local_time, local_datetime and local_timestamp instance methods have been added to TZInfo::Timezone. These methods construct local Time, DateTime and TZInfo::Timestamp instances with the correct UTC offset and abbreviation for the time zone.
• Support for a (yet to be released) version 2 of tzinfo-data has been added, in addition to support for version 1. The new version will remove the (no longer needed) DateTime parameters from transition times, reduce memory consumption and improve the efficiency of loading timezone and country indexes.
• A TZInfo::VERSION constant has been added, indicating the TZInfo version number.

Changed

... (truncated)

Changelog

Sourced from tzinfo's changelog.

Version 2.0.6 - 28-Jan-2023

• Eliminate Object#untaint deprecation warnings on JRuby 9.4.0.0. #145.

Version 2.0.5 - 19-Jul-2022

• Changed DateTime results to always use the proleptic Gregorian calendar. This affects DateTime results prior to 1582-10-15 and any arithmetic performed on the results that would produce a secondary result prior to 1582-10-15.
• Added support for eager loading all the time zone and country data by calling either TZInfo::DataSource#eager_load! or TZInfo.eager_load!. Compatible with Ruby On Rails' eager_load_namespaces. #129.
• Ignore the SECURITY file from Arch Linux's tzdata package. #134.

Version 2.0.4 - 16-Dec-2020

• Fixed an incorrect InvalidTimezoneIdentifier exception raised when loading a zoneinfo file that includes rules specifying an additional transition to the final defined offset (for example, Africa/Casablanca in version 2018e of the Time Zone Database). #123.

Version 2.0.3 - 8-Nov-2020

• Added support for handling "slim" format zoneinfo files that are produced by default by zic version 2020b and later. The POSIX-style TZ string is now used calculate DST transition times after the final defined transition in the file. #120.
• Fixed TimeWithOffset#getlocal returning a TimeWithOffset with the timezone_offset still assigned when called with an offset argument on JRuby 9.3.
• Rubinius is no longer supported.

Version 2.0.2 - 2-Apr-2020

• Fixed 'wrong number of arguments' errors when running on JRuby 9.0. #114.
• Fixed warnings when running on Ruby 2.8. #113.

Version 2.0.1 - 24-Dec-2019

• Fixed "SecurityError: Insecure operation - require" exceptions when loading data with recent Ruby releases in safe mode. #100.
• Fixed warnings when running on Ruby 2.7. #109.
• Added a TZInfo::Timezone#=~ method that performs a regex match on the time zone identifier. #99.

... (truncated)

Commits

• d5893c9 Fix formatting.
• 5561942 Preparing v2.0.6.
• ec27c09 Add v1.2.11 from the 1.2 branch.
• d77da3f Update copyright years.
• eac33df Eliminate Object#untaint deprecation warnings on JRuby 9.4.0.0.
• 19f984c Add Ruby 3.2 and JRuby 9.4.
• e9fe818 Update the dependency on actions/checkout.
• f76bc7f Fix include issues with tests on Ruby 3.2.
• 8a781cf Revert "Workaround for 'Permission denied - NUL' errors with JRuby on Windows."
• d9b289e Preparing v2.0.5.
• Additional commits viewable in compare view

Updates yajl-ruby from 1.2.1 to 1.2.3

Commits

• 8bf7aba bump version for 1.2.3 release
• 58bd1e3 Don't advance our end pointer until we've checked we have enough
• 4258d37 bump version for 1.2.2 release
• 46ae651 Merge pull request #173 from parkr/1.2.x-unify-fixnum-to-integer
• db21502 workaround for old travis boxes
• e24864f Support to Integer unification for Ruby 2.4. https://bugs.ruby-lang.org/issue...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.