bundle(deps): bump the ruby-deps group with 6 updates

[dependabot]

Bumps the ruby-deps group with 6 updates:

Package	From	To
activesupport	8.0.0	8.0.1
csv	3.3.0	3.3.1
logger	1.6.2	1.6.3
nokogiri	1.17.0	1.17.2
rexml	3.3.9	3.4.0
securerandom	0.4.0	0.4.1

Updates activesupport from 8.0.0 to 8.0.1

Release notes

Sourced from activesupport's releases.

8.0.1

Active Support

• Fix a bug in ERB::Util.tokenize that causes incorrect tokenization when ERB tags are preceeded by multibyte characters.

  Martin Emde

• Restore the ability to decorate methods generated by class_attribute.

  It always has been complicated to use Module#prepend or an alias method chain to decorate methods defined by class_attribute, but became even harder in 8.0.

  This capability is now supported for both reader and writer methods.

  Jean Boussier

Active Model

• No changes.

Active Record

• Fix removing foreign keys with :restrict action for MySQ

  fatkodima

• Fix a race condition in ActiveRecord::Base#method_missing when lazily defining attributes.

  If multiple thread were concurrently triggering attribute definition on the same model, it could result in a NoMethodError being raised.

  Jean Boussier

• Fix MySQL default functions getting dropped when changing a column's nullability.

  Bastian Bartmann

• Fix add_unique_constraint/add_check_constraint/add_foreign_key to be revertible when given invalid options.

  fatkodima

• Fix asynchronous destroying of polymorphic belongs_to associations.

  fatkodima

• Fix insert_all to not update existing records.

  fatkodima

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 8.0.1 (December 13, 2024)

• Fix a bug in ERB::Util.tokenize that causes incorrect tokenization when ERB tags are preceeded by multibyte characters.

  Martin Emde

• Restore the ability to decorate methods generated by class_attribute.

  It always has been complicated to use Module#prepend or an alias method chain to decorate methods defined by class_attribute, but became even harder in 8.0.

  This capability is now supported for both reader and writer methods.

  Jean Boussier

Rails 8.0.0.1 (December 10, 2024)

• No changes.

Commits

• cf6ff17 Preparing for 8.0.1 release
• 3d17d95 Merge tag 'v8.0.0.1' into 8-0-stable
• a993c27 Preparing for 8.0.0.1 release
• 0c1bb3a Sync CHANGELOG
• e1d9222 Conditionally check alphanumeric method parameters
• ab14413 Merge pull request #53804 from claudiob/to_sentence
• 9cea447 Merge pull request #53791 from fatkodima/fix-rubocop-offences
• 015b37e Address changelogs linter offenses at 8-0-stable
• 1f85ee0 Merge pull request #53655 from martinemde/martinemde/byteslice-erb-tokenize
• 5c31aba Merge pull request #53640 from byroot/class-attr-namespaced
• Additional commits viewable in compare view

Updates csv from 3.3.0 to 3.3.1

Release notes

Sourced from csv's releases.

csv 3.3.1 - 2024-12-15

Improvements

• CSV.open: Changed to detect BOM by default. Note that this isn't enabled on Windows because Ruby may have a bug. See also: https://bugs.ruby-lang.org/issues/20526

  • GH-301
  • Reported by Junichi Ito

• Improved performance.

  • GH-311
  • GH-312
  • Patch by Vladimir Kochnev

• CSV.open: Added support for StringIO as an input.

  • GH-300
  • GH-302
  • Patch by Marcelo

• Added a built-in time converter. You can use it by converters: :time.

  • GH-313
  • Patch by Bart de Water

• Added CSV::TSV for tab-separated values.

  • GH-272
  • GH-319
  • Reported by kojix2
  • Patch by Jas

Thanks

• Junichi Ito

• Vladimir Kochnev

• Marcelo

• Bart de Water

• kojix2

• Jas

Changelog

Sourced from csv's changelog.

3.3.1 - 2024-12-15

Improvements

• CSV.open: Changed to detect BOM by default. Note that this isn't enabled on Windows because Ruby may have a bug. See also: https://bugs.ruby-lang.org/issues/20526

  • GH-301
  • Reported by Junichi Ito

• Improved performance.

  • GH-311
  • GH-312
  • Patch by Vladimir Kochnev

• CSV.open: Added support for StringIO as an input.

  • GH-300
  • GH-302
  • Patch by Marcelo

• Added a built-in time converter. You can use it by converters: :time.

  • GH-313
  • Patch by Bart de Water

• Added CSV::TSV for tab-separated values.

  • GH-272
  • GH-319
  • Reported by kojix2
  • Patch by Jas

Thanks

• Junichi Ito

• Vladimir Kochnev

• Marcelo

• Bart de Water

• kojix2

• Jas

Commits

• 7e577ec Add 3.3.1 entry
• 8df779e release: add support for Trusted Publishing
• bc11345 Drop :nodoc: options from core classes that contains methods with docs (#322)
• 7b8c3ca Add CSV::TSV class for tab-separated values (#319)
• 3a7e7c7 [DOC] More about filter options (#316)
• 189851d Add Time converter to CSV::Converters (#313)
• ce91198 Allow CSV.open with StringIO argument (#302)
• bb93c28 Don't build quoted_fields array when not needed (#312)
• e75132e Avoid dynamic parse method dispatch for faster access (#311)
• 4534f35 Update filtering recipes to clarify parsing and writing headers (#309)
• Additional commits viewable in compare view

Updates logger from 1.6.2 to 1.6.3

Release notes

Sourced from logger's releases.

v1.6.3

What's Changed

• Enable log file rotation on Windows by @​nobu in ruby/logger#102

Full Changelog: ruby/logger@v1.6.2...v1.6.3

Commits

• 97bce95 Bump up v1.6.3
• 8ab49e1 Merge pull request #102 from ruby/rotate-windows
• 7b6146f Enable log file rotation on Windows
• f904ad2 Extract Logger::LogDevice#handle_write_errors
• See full diff in compare view

Updates nokogiri from 1.17.0 to 1.17.2

Release notes

Sourced from nokogiri's releases.

v1.17.2 / 2024-12-12

Fixed

• [JRuby] Fixed an issue where Node#dup when called with the new_parent_doc parameter was not decorating the node with the document's Node decorators. #3372 @​flavorjones

585c8cac6380848b7973bacfd0584628d116810e5f209db25e22d0c32313e681  nokogiri-1.17.2-aarch64-linux.gem
0c5eb06ba1c112d33c2bb29973b07e2f21c4ddb66c67c9386fd97ff1c5d84686  nokogiri-1.17.2-arm64-darwin.gem
3d033ad9b09d5b8a203f0f2156053e93a9327a9c7887c0ceb9fa78c71d27280d  nokogiri-1.17.2-arm-linux.gem
75825401f59b1a8746ee8ce5d066c8f11e745642e36a4452e206730b03d1fd8c  nokogiri-1.17.2.gem
ffe1fc1353f831793260b3023f575b4ed2e6144404947c57ad37ad932f9adb94  nokogiri-1.17.2-java.gem
da29e3d6add44bfc0bec8b9d4c7c660b38c7fc16ef505313839e07c3358d1059  nokogiri-1.17.2-x64-mingw32.gem
2bb710109d52f1209ea013c1f9603cd24271a9f22d387c0c45fced62945b4a30  nokogiri-1.17.2-x64-mingw-ucrt.gem
dc5977eb3416e1d501b22b0ed4737bf7604121491405865b887975eacfb3e896  nokogiri-1.17.2-x86_64-darwin.gem
e8614ae8d776bd9adb535ca814375e7ae05d7cfa6aa01909e561484f6d70be0b  nokogiri-1.17.2-x86_64-linux.gem
8c4dd75e35810bdeb7c74943f383ca665baf6aed8fc2b78c1d305094a72794aa  nokogiri-1.17.2-x86-linux.gem
9038e8b59e2eb48feb18f0efb093bd21a19d0eb17eed822a155b2a6860381702  nokogiri-1.17.2-x86-mingw32.gem

v1.17.1 / 2024-12-10

Fixed

• Fixed a potential segfault when using Node#dup and DocumentFragment#dup. #3359 @​byroot @​flavorjones
• Node#dup and Node#clone now correctly decorate the new node with the document's Node decorators. #3363 @​flavorjones

b3fce09bddfab61ae587f83af97bf0d0834352bcd23ad99831f2993d978627bd  nokogiri-1.17.1-aarch64-linux.gem
0e79badf832783e81439c3211562ed904a5c8eaaa0038c8fdfdb3778e873f3d0  nokogiri-1.17.1-arm64-darwin.gem
b8e9909ff893b257a58066e6bfc39456be18b87f4af1e22ca18d7c0dbc9925e5  nokogiri-1.17.1-arm-linux.gem
910fe0f194db99677f7ddb21b19a1d071ceffc4a0e39d44c08736d9b1e558cfc  nokogiri-1.17.1.gem
baf2cf6785f83c8cb3cdc427d0eb8b7f91d76748bfeb6c2612ce639e82c1ecee  nokogiri-1.17.1-java.gem
601a8bca523bf2b1a576c728ad4901c57263d0c29e4f9e6d2abe654c6a929841  nokogiri-1.17.1-x64-mingw32.gem
299ab9cd2c4ce882112e79fc31f82915920cb3e54ba526287e86d9a5fbfafebe  nokogiri-1.17.1-x64-mingw-ucrt.gem
94bcacacd123379229a8ece0d31c38af36d0ef6f86f399d5813be5ca0f566c88  nokogiri-1.17.1-x86_64-darwin.gem
2234250605b03433747e8d21de947b38b79f33a4280930e58bec179fd95d415d  nokogiri-1.17.1-x86_64-linux.gem
d09565316ffc8f8bb522bd6d1b460dec2a57d23d6e479c2d0d49d9ccbb11076c  nokogiri-1.17.1-x86-linux.gem
8f720dd62bf5d3791aa67f933085be5d2a2ab06afc120d4f210f40a5d184fafb  nokogiri-1.17.1-x86-mingw32.gem

Changelog

Sourced from nokogiri's changelog.

v1.17.2 / 2024-12-12

Fixed

• [JRuby] Fixed an issue where Node#dup when called with the new_parent_doc parameter was not decorating the node with the document's Node decorators. #3372 @​flavorjones

v1.17.1 / 2024-12-10

Fixed

• Fixed a potential segfault when using Node#dup and DocumentFragment#dup. #3359 @​byroot @​flavorjones
• Node#dup and Node#clone now correctly decorate the new node with the document's Node decorators. #3363 @​flavorjones

Commits

• 35ec8c5 version bump to v1.17.2
• ffaa44c fix(jruby): XML::DocumentFragment.dup to another document (v1.17.x) (#3373)
• 8bd6c6d fix(jruby): XML::DocumentFragment.dup to another document
• e4bae8a version bump to v1.17.1
• 12244fe fix: Node#dup adds the new node to the document's node cache (backport to v1....
• 7bf2fc1 fix: Node#dup adds the new node to the document's node cache
• 765754c doc: update CHANGELOG bullet lists to render with mkdocs
• 076d647 doc: extract older changelog entries into misc/CHANGELOG-archive.md
• See full diff in compare view

Updates rexml from 3.3.9 to 3.4.0

Release notes

Sourced from rexml's releases.

REXML 3.4.0 - 2024-12-15

Improvement

• Improved performance.

  • GH-216
  • Patch by NAITOH Jun

• JRuby: Improved parse performance.

  • GH-219
  • Patch by João Duarte

• Added support for reusing pull parser.

  • GH-214
  • GH-220
  • Patch by Dmitry Pogrebnoy

• Improved error handling when source is IO.

  • GH-221
  • Patch by NAITOH Jun

Thanks

• NAITOH Jun

• João Duarte

• Dmitry Pogrebnoy

Changelog

Sourced from rexml's changelog.

3.4.0 - 2024-12-15 {#version-3-4-0}

Improvement

• Improved performance.

  • GH-216
  • Patch by NAITOH Jun

• JRuby: Improved parse performance.

  • GH-219
  • Patch by João Duarte

• Added support for reusing pull parser.

  • GH-214
  • GH-220
  • Patch by Dmitry Pogrebnoy

• Improved error handling when source is IO.

  • GH-221
  • Patch by NAITOH Jun

Thanks

• NAITOH Jun

• João Duarte

• Dmitry Pogrebnoy

Commits

• 19d8ebf Add 3.4.0 entry
• dfc7753 release: use Trusted Publishing
• 91305c1 Remove old code for Ruby 1.8 (#223)
• 46dd810 test: Fix NameError: uninitialized constant REXML::Parsers::PullParser (#222)
• 963ccdf Fix error handling when parsing XML via IO.pipe (#221)
• 20562ec parser pull: Add support for reusing parser (#220)
• ed9168e Stop requiring stringio dynamically (#219)
• 519ae6c Clarify variable name (#218)
• 8ef7502 Add IOSource#match? method (#216)
• 6a8c041 test jruby: omit fragile test
• Additional commits viewable in compare view

Updates securerandom from 0.4.0 to 0.4.1

Release notes

Sourced from securerandom's releases.

v0.4.1

What's Changed

• Restore SecureRandom.alphanumeric with 0.3.x behavior by @​hsbt in ruby/securerandom#36

Full Changelog: ruby/securerandom@v0.4.0...v0.4.1

Commits

• 65fb8dd Bump up v0.4.1
• 168d94f Merge pull request #36 from ruby/restore-alphanumeric-method
• 2c8cdfb Only define compatible method in < Ruby 3.3
• fbb36e3 Restore SecureRandom.alphanumeric same as Random::Formatter.alphanumeric of R...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions