Bump the dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the dependencies group with 10 updates in the / directory:

Package	From	To
rails	8.1.1	8.1.2
puma	7.1.0	7.2.0
importmap-rails	2.2.2	2.2.3
turbo-rails	2.0.20	2.0.21
bootsnap	1.20.1	1.21.1
listen	3.9.0	3.10.0
devise	4.9.4	5.0.0
bootstrap	5.3.5	5.3.8
whenever	1.1.1	1.1.2
honeybadger	6.2.0	6.2.1

Updates rails from 8.1.1 to 8.1.2

Release notes

Sourced from rails's releases.

8.1.2

Active Support

• Make delegate and delegate_missing_to work in BasicObject subclasses.

  Rafael Mendonça França

• Fix Inflectors when using a locale that fallbacks to :en.

  Said Kaldybaev

• Fix ActiveSupport::TimeWithZone#as_json to consistently return UTF-8 strings.

  Previously the returned string would sometime be encoded in US-ASCII, which in some cases may be problematic.

  Now the method consistently always return UTF-8 strings.

  Jean Boussier

• Fix TimeWithZone#xmlschema when wrapping a DateTime instance in local time.

  Previously it would return an invalid time.

  Dmytro Rymar

• Implement LocalCache strategy on ActiveSupport::Cache::MemoryStore. The memory store needs to respond to the same interface as other cache stores (e.g. ActiveSupport::NullStore).

  Mikey Gough

• Fix ActiveSupport::Inflector.humanize with international characters.

  ActiveSupport::Inflector.humanize("áÉÍÓÚ")  # => "Áéíóú"
  ActiveSupport::Inflector.humanize("аБВГДЕ") # => "Абвгде"

  Jose Luis Duran

Active Model

• No changes.

Active Record

• Fix counting cached queries in ActiveRecord::RuntimeRegistry.

... (truncated)

Commits

• d7c8ae6 Preparing for 8.1.2 release
• 695ac6d Update Gemfile.lock
• 01263f1 Merge pull request #56512 from byroot/remove-minitest-ci
• 3ea2701 CHANGELOG sync
• d3fe83f Merge pull request #56541 from rails/remove-system-test-from-default-ci-template
• 5283514 Merge pull request #56012 from jmalcic/restore-default-adc-for-gcs-iam-client
• 53e82ef Merge pull request #56534 from khasinski/fix-sqlite3-schema-dump-default-nil
• d2509f8 Allow backburner warning
• 8c48fd1 Merge pull request #56535 from eglitobias/8-1-stable
• adcface Fix PostgreSQL schema_search_path after reconnect and reset
• Additional commits viewable in compare view

Updates puma from 7.1.0 to 7.2.0

Release notes

Sourced from puma's releases.

v7.2.0

7.2.0 On The Corner

• Features

  • Add workers :auto (#3827)
  • Make it possible to restrict control server commands to stats (#3787)

• Bugfixes

  • Don't break if WEB_CONCURRENCY is set to a blank string (#3837)
  • Don't share server between worker 0 and descendants on refork (#3602)
  • Fix phase check race condition in Puma::Cluster#check_workers (#3690)
  • Fix advertising of CLI config before config files are loaded (#3823)

• Performance

  • 17% faster HTTP parsing through pre-interning env keys (#3825)
  • Implement dsize and dcompact functions for Puma::HttpParser, which makes Puma's C-extension GC-compactible (#3828)

• Refactor

  • Remove NoMethodError rescue in Reactor#select_loop (#3831)
  • Various cleanups in the C extension (#3814)
  • Monomorphize handle_request return (#3802)

• Docs

  • Change link to docs/deployment.md in README.md (#3848)
  • Fix formatting for each signal description in signals.md (#3813)
  • Update deployment and Kubernetes docs with Puma configuration tips (#3807)
  • Rename master to main (#3809, #3808, #3800)
  • Fix some minor typos in the docs (#3804)
  • Add GOVERNANCE.md, MAINTAINERS (#3826)
  • Remove Code Climate badge (#3820)
  • Add @​joshuay03 to the maintainer list

• CI

  • Use Minitest 6 where applicable (#3859)
  • Many test suite improvements and flake fixes (#3861, #3863, #3860, #3852, #3857, #3856, #3845, #3843, #3842, #3841, #3822, #3817, #3764)

New Contributors

• @​moozzi made their first contribution in puma/puma#3848
• @​ybiquitous made their first contribution in puma/puma#3813
• @​jrafanie made their first contribution in puma/puma#3804

Full Changelog: puma/puma@v7.1.0...v7.2.0

Changelog

Sourced from puma's changelog.

7.2.0 / 2026-01-20

• Features

  • Add workers :auto (#3827)
  • Make it possible to restrict control server commands to stats (#3787)

• Bugfixes

  • Don't break if WEB_CONCURRENCY is set to a blank string (#3837)
  • Don't share server between worker 0 and descendants on refork (#3602)
  • Fix phase check race condition in Puma::Cluster#check_workers (#3690)
  • Fix advertising of CLI config before config files are loaded (#3823)

• Performance

  • 17% faster HTTP parsing through pre-interning env keys (#3825)
  • Implement dsize and dcompact functions for Puma::HttpParser, which makes Puma's C-extension GC-compactible (#3828)

• Refactor

  • Remove NoMethodError rescue in Reactor#select_loop (#3831)
  • Various cleanups in the C extension (#3814)
  • Monomorphize handle_request return (#3802)

• Docs

  • Change link to docs/deployment.md in README.md (#3848)
  • Fix formatting for each signal description in signals.md (#3813)
  • Update deployment and Kubernetes docs with Puma configuration tips (#3807)
  • Rename master to main (#3809, #3808, #3800)
  • Fix some minor typos in the docs (#3804)
  • Add GOVERNANCE.md, MAINTAINERS (#3826)
  • Remove Code Climate badge (#3820)
  • Add @​joshuay03 to the maintainer list

• CI

  • Use Minitest 6 where applicable (#3859)
  • Many test suite improvements and flake fixes (#3861, #3863, #3860, #3852, #3857, #3856, #3845, #3843, #3842, #3841, #3822, #3817, #3764)

Commits

• 96b5aa6 v7.2.0 (#3864)
• 5d7d1dd Add workers :auto (#3827)
• b8c4783 ci: fix ci - remove append_as_bytes logic, misc changes (#3861)
• 44a3ac4 Fix PR label manager when maintainer comments [ci skip] (#3863)
• 43f5d89 Add GOVERNANCE.md, MAINTAINERS (#3826)
• 21afa66 Use Minitest 6 where applicable (#3859)
• ec7dd61 ci: Update test_http11.rb for TruffleRuby - string size (#3860)
• fa89dbe ci: add ruby 4.0 and rails 8.1 (#3852)
• 98ff11d Fix flaky test test_horrible_queries (#3857)
• da162d7 ci: fix tests.yml (#3856)
• Additional commits viewable in compare view

Updates importmap-rails from 2.2.2 to 2.2.3

Release notes

Sourced from importmap-rails's releases.

v2.2.3

What's Changed

• Fix pin_all_from incorrectly removing "js" substring from filenames by @​rafaelfranca in rails/importmap-rails#313
• Handle package names with nested paths in import maps by @​rafaelfranca in rails/importmap-rails#322

Full Changelog: rails/importmap-rails@v2.2.2...v2.2.3

Commits

• 6fb2bd5 Prepare for 2.2.3
• 682e058 Merge pull request #322 from rails/rmf-fix-321
• a04dd30 Handle package names with nested paths in import maps
• 9b0a9e0 Merge pull request #323 from rails/rmf-test-ruby-4
• e37bea6 Test with Ruby 4.0 and Rails 8.1
• 51c1a53 Merge pull request #313 from rails/rm-fix-282
• 3e94dfa Add some copilot prompts for this project
• 7ffedcb Fix pin_all_from incorrectly removing "js" substring from filenames
• See full diff in compare view

Updates turbo-rails from 2.0.20 to 2.0.21

Release notes

Sourced from turbo-rails's releases.

v2.0.21

What's Changed

• Add rails@8.1 to the CI matrix by @​seanpdoyle in hotwired/turbo-rails#758
• Use an immediate debouncer for tests by @​djmb in hotwired/turbo-rails#761
• Include hidden elements for turbo-cable-stream-source selector by @​excid3 in hotwired/turbo-rails#740
• Fix CI for ruby@3.2.x-rails@7.2.x by @​seanpdoyle in hotwired/turbo-rails#764
• Add turbo frame assertion test helpers by @​excid3 in hotwired/turbo-rails#742
• Acccept meta tag string arguments as well by @​frenkel in hotwired/turbo-rails#754
• [fix #762] Forward broadcast_refresh_to options by @​OutlawAndy in hotwired/turbo-rails#763
• Add support for Model Class in Action and Frame helpers by @​afrase in hotwired/turbo-rails#597
• Remove legacy workaround for Rails < 7 by @​drjayvee in hotwired/turbo-rails#766
• Fix debouncer tests to wait on correct debouncer by @​djmb in hotwired/turbo-rails#767
• Restrict tests to minitest < 6 by @​seanpdoyle in hotwired/turbo-rails#774
• Only return messages produced by block in capture_turbo_stream_broadcasts by @​Vivalldi in hotwired/turbo-rails#736
• Respect broadcast suppressions on before/after actions by @​stowersjoshua in hotwired/turbo-rails#770

New Contributors

• @​djmb made their first contribution in hotwired/turbo-rails#761
• @​frenkel made their first contribution in hotwired/turbo-rails#754
• @​OutlawAndy made their first contribution in hotwired/turbo-rails#763
• @​afrase made their first contribution in hotwired/turbo-rails#597
• @​drjayvee made their first contribution in hotwired/turbo-rails#766
• @​Vivalldi made their first contribution in hotwired/turbo-rails#736
• @​stowersjoshua made their first contribution in hotwired/turbo-rails#770

Full Changelog: hotwired/turbo-rails@v2.0.20...v2.0.21

Commits

• e511fb2 Bump version
• 99dc9c5 @​hotwired/turbo-rails v8.0.20
• c2cd99f v8.0.21
• 31c78af Respect broadcast suppressions on before/after actions (#770)
• 16f7613 Only return messages produced by block in capture_turbo_stream_broadcasts
• dda27a8 Restrict tests to minitest<6
• 0eb3c03 Fix debouncer tests to wait on correct debouncer (#767)
• 89c363e Remove legacy workaround for Rails < 7 (#766)
• d85f2f0 Add support for Model Class in Action and Frame helpers
• a3336b4 [fix #762] Forward broadcast_refresh_to options to turbo_stream_refresh_tag
• Additional commits viewable in compare view

Updates bootsnap from 1.20.1 to 1.21.1

Changelog

Sourced from bootsnap's changelog.

1.21.1

• Prevent a Ruby crash while scanning load path if opendir fails without setting errno. According to the C spec this should not happen, but according to user reports, it did.

1.21.0

• Fix the require decorator to handle Bootsnap.unload_cache! being called.
• Minor optimization: Eagerly clear cache buffers to appease the GC.

Commits

• 182a809 Release 1.21.1
• 1e59365 Merge pull request #522 from byroot/improve-scandir
• a2ff4b8 Fallback to pure the pure ruby path scanner on unexpected error
• 6003c14 Avoid crashing when opendir fails without setting errno
• 92edbf7 Release 1.21.0
• f490894 Merge pull request #520 from byroot/handle-unload
• 4a559a0 Fix the require decorator to handle Bootsnap.unload_cache! being called
• 417dd84 Merge pull request #518 from byroot/clear-buffers
• 7d57a70 Eagerly clear cache buffers
• 018fcb8 Add Ruby 4.0 to the CI matrix
• See full diff in compare view

Updates listen from 3.9.0 to 3.10.0

Release notes

Sourced from listen's releases.

v3.10.0

What's Changed

• Rubocop workflow with GitHub actions by @​AlexB52 in guard/listen#573
• Fix the Rubocop offence by @​y-yagi in guard/listen#588
• Add logger gem as a runtime dependency by @​y-yagi in guard/listen#587
• Remove conditions from gem declarations in Gemfile by @​larskanis in guard/listen#584
• CI against Ruby 3.4 by @​y-yagi in guard/listen#590
• Remove link to Travis CI by @​y-yagi in guard/listen#593
• Use Naming/PredicatePrefix instead of deprecated Naming/PredicateName cop by @​y-yagi in guard/listen#592
• Remove unused require by @​y-yagi in guard/listen#594
• Mention the relation with fs.inotify.max_user_watches and the memory allocation by @​y-yagi in guard/listen#595
• CI against Ruby 4.0 by @​y-yagi in guard/listen#596

New Contributors

• @​AlexB52 made their first contribution in guard/listen#573
• @​larskanis made their first contribution in guard/listen#584

Full Changelog: guard/listen@v3.9.0...v3.10.0

Commits

• 2fa1a74 Bump VERSION to 3.10.0
• 7c6d39e Merge pull request #596 from y-yagi/ci_against_ruby40
• 62255c0 CI against Ruby 4.0
• 43cb09c Merge pull request #595 from y-yagi/mention_memory_allocation_about_max_user_...
• 030aff8 Merge pull request #594 from y-yagi/remove_unused_require
• 4317b21 Mention the relation with fs.inotify.max_user_watches and the memory alloc...
• 5883c5e Remove unused require
• cde3720 Merge pull request #592 from y-yagi/fix_rubocop
• 8e93885 Merge pull request #593 from y-yagi/remove_link_to_travis
• 2f07a81 Remove link to Travis CI
• Additional commits viewable in compare view

Updates devise from 4.9.4 to 5.0.0

Release notes

Sourced from devise's releases.

v5.0.0

https://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23

v5.0.0.rc

https://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31

Changelog

Sourced from devise's changelog.

5.0.0 - 2026-01-23

no changes

5.0.0.rc - 2025-12-31

• breaking changes

  • Drop support to Ruby < 2.7

  • Drop support to Rails < 7.0

  • Remove deprecated :bypass option from sign_in helper, use bypass_sign_in instead. #5803

  • Remove deprecated devise_error_messages! helper, use render "devise/shared/error_messages", resource: resource instead. #5803

  • Remove deprecated scope second argument from sign_in(resource, :admin) controller test helper, use sign_in(resource, scope: :admin) instead. #5803

  • Remove deprecated Devise::TestHelpers, use Devise::Test::ControllerHelpers instead. #5803

  • Remove deprecated Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION #5598

  • Remove deprecated Devise.activerecord51? method.

  • Remove SecretKeyFinder and use app.secret_key_base as the default secret key for Devise.secret_key if a custom Devise.secret_key is not provided.

    This is potentially a breaking change because Devise previously used the following order to find a secret key:

    app.credentials.secret_key_base > app.secrets.secret_key_base > application.config.secret_key_base > application.secret_key_base
    

    Now, it always uses application.secret_key_base. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for recoverable, lockable, and confirmable will be invalid. #5645

  • Change password instructions button label on devise view from Send me reset password instructions to Send me password reset instructions #5515

  • Change <br> tags separating form elements to wrapping them in <p> tags #5494

  • Replace [data-turbo-cache=false] with [data-turbo-temporary] on devise/shared/error_messages partial. This has been deprecated by Turbo since v7.3.0 (released on Mar 1, 2023).

    If you are using an older version of Turbo and the default devise template, you'll need to copy it over to your app and change that back to [data-turbo-cache=false].

• enhancements

  • Add Rails 8 support.

    • Routes are lazy-loaded by default in test and development environments now so Devise loads them before Devise.mappings call. #5728

  • New apps using Rack 3.1+ will be generated using config.responder.error_status = :unprocessable_content, since :unprocessable_entity has been deprecated by Rack.

    Latest versions of Rails transparently convert :unprocessable_entity -> :unprocessable_content, and Devise will use that in the failure app to avoid Rack deprecation warnings for apps that are configured with :unprocessable_entity. They can also simply change their error_status to :unprocessable_content in latest Rack versions to avoid the warning.

  • Add Ruby 3.4 and 4.0 support.

  • Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. #5568

  • Password length validator is changed from

    validates_length_of :password, within: password_length, allow_blank: true`
    

    to

    validates_length_of :password, minimum: proc { password_length.min }, maximum: proc { password_length.max }, allow_blank: true
    

... (truncated)

Commits

• c51da69 Release v5, no changes since RC
• e9c534d Fix "Test is missing assertions" warnings
• 731074b Stop updating copyright every year [ci skip]
• 35920d2 Exclude Rails main + Ruby 3.2
• 00a9778 Release v5.0.0.rc
• 119a40f Fix gemspec and readme, Devise v5 will support Rails >= 7, not 6
• 1096b60 Remove deprecated Devise.activerecord51? method
• fc46631 Ensure auth keys at the start of the i18n msg are properly cased
• 356b094 Downcase authentication keys and humanize error message (#4834)
• 9a149ff Return 401 for sessions#destroy action with no user signed in (#4878)
• Additional commits viewable in compare view

Updates bootstrap from 5.3.5 to 5.3.8

Commits

• b4003b3 Update to v5.3.8
• e16da54 Update to v5.3.7
• f7a2c7f Update to v5.3.6
• 087adf9 Fix tests
• See full diff in compare view

Updates whenever from 1.1.1 to 1.1.2

Release notes

Sourced from whenever's releases.

v1.1.2

What's Changed

Enhancements

• Override global option with group option by @​njakobsen in javan/whenever#822
• Add description as comment in crontab by @​dyson in javan/whenever#776

Maintenance

• CI: Add Ruby 4.0 to CI Matrix by @​taketo1113 in javan/whenever#872
• CI: Use macos-15-intel instead of macos-13 for Ruby 2.4 and 2.5 by @​taketo1113 in javan/whenever#871

New Contributors

• @​njakobsen made their first contribution in javan/whenever#822
• @​dyson made their first contribution in javan/whenever#776

Full Changelog: javan/whenever@v1.1.1...v1.1.2

Changelog

Sourced from whenever's changelog.

1.1.2 / January 18, 2026

• Add description as comment in crontab javan/whenever#776

• Override global option with group option javan/whenever#822

• CI: Add Ruby 4.0 to CI Matrix javan/whenever#872

• CI: Use macos-15-intel instead of macos-13 for Ruby 2.4 and 2.5 javan/whenever#871

Commits

• b9ec779 Merge pull request #873 from javan/bump-1.1.2
• 9d3b980 Bump to v1.1.2
• 7a18f09 Merge pull request #776 from dyson/add-description
• ab3ebf3 Add description as comment in crontab
• 19daf02 Merge pull request #872 from javan/ci-ruby-4.0
• a898903 CI: Add Ruby 4.0 to CI Matrix
• bd77e98 Merge pull request #822 from combinaut/override-global-option-with-group-option
• 7c43bb7 Merge pull request #871 from javan/ci-macos-15-intel
• 81873cc CI: Use macos-15-intel instead of macos-13 for Ruby 2.4 and 2.5
• See full diff in compare view

Updates honeybadger from 6.2.0 to 6.2.1

Release notes

Sourced from honeybadger's releases.

v6.2.1

6.2.1 (2026-01-23)

Bug Fixes

• remove Transfer-Encoding when setting Content-Length in Rack middlewares (#773) (dc8acaa)

Changelog

Sourced from honeybadger's changelog.

6.2.1 (2026-01-23)

Bug Fixes

• remove Transfer-Encoding when setting Content-Length in Rack middlewares (#773) (dc8acaa)

Commits

• 7c38ac0 chore(master): release 6.2.1 (#774)
• dc8acaa fix: remove Transfer-Encoding when setting Content-Length in Rack middlewares...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions