Bump the bundler group across 1 directory with 7 updates

[dependabot]

Bumps the bundler group with 7 updates in the / directory:

Package	From	To
puma	6.4.2	6.4.3
dotenv-rails	3.1.2	3.1.4
sidekiq	6.5.5	7.3.6
nokogiri	1.16.7	1.16.8
rubocop-govuk	5.0.2	5.0.4
rexml	3.3.3	3.3.9
fugit	1.11.0	1.11.1

Updates puma from 6.4.2 to 6.4.3

Release notes

Sourced from puma's releases.

6.4.3

• Security
  • Discards any headers using underscores if the non-underscore version also exists. Without this, an attacker could overwrite values set by intermediate proxies (e.g. X-Forwarded-For). (CVE-2024-45614/GHSA-9hf4-67fc-4vf4)

Changelog

Sourced from puma's changelog.

6.4.3 / 2024-09-19

• Security
  • Discards any headers using underscores if the non-underscore version also exists. Without this, an attacker could overwrite values set by intermediate proxies (e.g. X-Forwarded-For). (CVE-2024-45614/GHSA-9hf4-67fc-4vf4)

Commits

• e867e53 6.4.3
• 63a27b5 5.6.9 release note [ci skip]
• cac3fd1 Merge commit from fork
• See full diff in compare view

Updates dotenv-rails from 3.1.2 to 3.1.4

Release notes

Sourced from dotenv-rails's releases.

3.1.4

What's Changed

• Fix an error when only the Spring::Client is loaded by @​alpaca-tc in bkeepers/dotenv#512

New Contributors

• @​alpaca-tc made their first contribution in bkeepers/dotenv#512

Full Changelog: bkeepers/dotenv@v3.1.3...v3.1.4

3.1.3

What's Changed

• Only use Spring if already loaded by @​runephilosof-abtion in bkeepers/dotenv#511
• Doc Updates:
  • Spell out 'FILENAME' in readme by @​mikegee in bkeepers/dotenv#505
  • Provide a 'Changelog' link on rubygems.org/gems/dotenv by @​mark-young-atg in bkeepers/dotenv#506
  • README.md: typo "exiting" by @​olleolleolle in bkeepers/dotenv#508
• cleanup: Run standard:fix by @​olleolleolle in bkeepers/dotenv#509

New Contributors

• @​mikegee made their first contribution in bkeepers/dotenv#505
• @​mark-young-atg made their first contribution in bkeepers/dotenv#506
• @​olleolleolle made their first contribution in bkeepers/dotenv#508
• @​runephilosof-abtion made their first contribution in bkeepers/dotenv#511

Full Changelog: bkeepers/dotenv@v3.1.2...v3.1.3

Changelog

Sourced from dotenv-rails's changelog.

3.1.4

• Fix an error when only the Spring::Client is loaded by @​alpaca-tc in bkeepers/dotenv#512

New Contributors

• @​alpaca-tc made their first contribution in bkeepers/dotenv#512

Full Changelog: bkeepers/dotenv@v3.1.3...v3.1.4

3.1.3

• Only use Spring if already loaded by @​runephilosof-abtion in bkeepers/dotenv#511
• Doc Updates:
  • Spell out 'FILENAME' in readme by @​mikegee in bkeepers/dotenv#505
  • Provide a 'Changelog' link on rubygems.org/gems/dotenv by @​mark-young-atg in bkeepers/dotenv#506
  • README.md: typo "exiting" by @​olleolleolle in bkeepers/dotenv#508
• cleanup: Run standard:fix by @​olleolleolle in bkeepers/dotenv#509

New Contributors

• @​mikegee made their first contribution in bkeepers/dotenv#505
• @​mark-young-atg made their first contribution in bkeepers/dotenv#506
• @​olleolleolle made their first contribution in bkeepers/dotenv#508
• @​runephilosof-abtion made their first contribution in bkeepers/dotenv#511

Full Changelog: bkeepers/dotenv@v3.1.2...v3.1.3

Commits

• ee3975c Prepare for 3.1.4 release
• fe760d1 Merge pull request #512 from alpaca-tc/fix-spring
• 691f7f9 Make spring specs a little more explicit
• f75ff89 follow-up bkeepers/dotenv#511
• 1e8dae2 Bump to 3.1.3
• 47f5cb6 Prepare for v3.1.3
• 4223d1f Merge pull request #511 from runephilosof-abtion/patch-1
• 8c7e460 Fix tests for spring changes
• 54aa1f6 Only use Spring if already loaded
• b86d9e4 Merge pull request #509 from olleolleolle/run-standard
• Additional commits viewable in compare view

Updates sidekiq from 6.5.5 to 7.3.6

Changelog

Sourced from sidekiq's changelog.

7.3.6

• Forward compatibility fixes for Ruby 3.4
• Filtering in the Web UI now works via GET so you can bookmark a filtered view. #6497

7.3.5

• Reimplement retry_all and kill_all API methods to use ZPOPMIN, approximately 30-60% faster. #6481
• Add preload testing binary at examples/testing/sidekiq_boot to verify your Rails app boots correctly with Sidekiq Enterprise's app preloading.
• Fix circular require with ActiveJob adapter #6477
• Fix potential race condition leading to incorrect serialized values for CurrentAttributes #6475
• Restore missing elapsed time when default job logging is disabled

7.3.4

• Fix FrozenError when starting Sidekiq #6470

7.3.3

• Freeze global configuration once boot is complete, to avoid configuration race conditions [#6466, #6465]
• Sidekiq now warns if a job iteration takes longer than the -t timeout setting (defaults to 25 seconds)
• Iteration callbacks now have easy access to job arguments via the arguments method:

def on_stop
  p arguments # => `[123, "string", {"key" => "value"}]`
  id, str, hash = arguments
end

• Iterable jobs can be cancelled via Sidekiq::Client#cancel!:

c = Sidekiq::Client.new
jid = c.push("class" => SomeJob, "args" => [123])
c.cancel!(jid) # => true

• Take over support for ActiveJob's :sidekiq adapter [#6430, fatkodima]
• Ensure CurrentAttributes are in scope when creating batch callbacks #6455
• Add Sidekiq.gem_version API.
• Update Ukranian translations

7.3.2

• Adjust ActiveRecord batch iteration to restart an interrupted batch from the beginning. Each batch should be processed as a single transaction in order to be idempotent. #6405
• Fix typo in Sidekiq::DeadSet#kill #6397

... (truncated)

Commits

• 3c61a21 bump, prepare for release
• 0e9419a sheesh
• 9e9eb12 fix ci
• 9dd8ae7 Rails 7 for Sidekiq 7, can't bump this yet
• 2f462fc Benchmarking Rails 8.0/sq 1.0, add more arguments for realism
• 9cdb64f Sidekiq Web: Apply filters on GET requests (#6497)
• ba51d28 documentation for weighted queues in capsules (#6496)
• a736b81 ent changes
• 5a96ed3 Add env flag to skip warmup, #6279
• 8b1e859 Revert "bump rails to 8"
• Additional commits viewable in compare view

Updates nokogiri from 1.16.7 to 1.16.8

Release notes

Sourced from nokogiri's releases.

v1.16.8 / 2024-12-02

Fixed

• [CRuby] When serializing HTML5 documents, properly escape foreign content "style" elements. Normally, a "style" tag contains raw text that does not need entity-escaping, but when it appears in either SVG or MathML foreign content, the "style" tag is now correctly escaped when serialized. @​flavorjones

---

sha256 checksums:

b1d41cd9abf4180adef496cc8c9fcb5b2e38d39f5e23c8a2445362226a5df6b8  nokogiri-1.16.8-aarch64-linux.gem
b7aa4e8533a720e432d09b52a2ec089b55cf3ee66c916b44a0d9b6608df7bf8c  nokogiri-1.16.8-arm64-darwin.gem
8cbd2971624fc073b9430d86475da031903494dcb83c2339e13f7f22a4de6fad  nokogiri-1.16.8-arm-linux.gem
dece4bf9a663b2d6b6e874716297ad414c95be694656972d54049bd088f752a1  nokogiri-1.16.8.gem
8652028e72a38f2221c810550d03c91682b414e06f6271149139a9042cf727e6  nokogiri-1.16.8-java.gem
861e2d7f24b0c7f5ea2a26e6d99af7e727d7641f0eab27b9b6c51b8a0666c805  nokogiri-1.16.8-x64-mingw32.gem
23c9a8ae47afa2973cbca9e3d38c16f40ff336919f961802c4a3a5e39c767138  nokogiri-1.16.8-x64-mingw-ucrt.gem
6c40d7dc444f752634bf6ee8b53a55c3cfca3f9df52be46b8abcc559ccd49e47  nokogiri-1.16.8-x86_64-darwin.gem
ed7b1f80713ac968dd93fe2b96fc3df6e448b73bd02dd77d5fc89ba92a1ed6d9  nokogiri-1.16.8-x86_64-linux.gem
f97760e6320166d48234029bed9e999521a888376bd2b7e04f4c054537154f16  nokogiri-1.16.8-x86-linux.gem
ea48d7415b89f5dd3ff5a8f82bb2ec56fdc3431444381143fe90bb418eb9ea35  nokogiri-1.16.8-x86-mingw32.gem

Changelog

Sourced from nokogiri's changelog.

v1.16.8 / 2024-12-02

Fixed

• [CRuby] When serializing HTML5 documents, properly escape foreign content "style" elements. Normally, a "style" tag contains raw text that does not need entity-escaping, but when it appears in either SVG or MathML foreign content, the "style" tag is now correctly escaped when serialized. @​flavorjones

Commits

• 7aaf1aa version bump to v1.16.8
• 973ea98 fix: escape foreign style tag content when serializing HTML5 (v1.16.x) (#3349)
• 573a087 doc: update CHANGELOG
• 02572e8 fix: escape foreign style tag content when serializing HTML5
• See full diff in compare view

Updates rubocop-govuk from 5.0.2 to 5.0.4

Changelog

Sourced from rubocop-govuk's changelog.

5.0.4

• Update dependencies

5.0.3

• Update dependencies: rubocop from 1.64.1 to 1.68.0, rubocop-ast from 1.31.3 to 1.26.1, rubocop-rails from 2.25.1 to 2.27.0, rubocop-rspec from 3.0.1 to 3.2.0

Commits

• 4abd6de Merge pull request #435 from alphagov/release-5.0.4
• 4d9f8ae Merge pull request #436 from alphagov/dependabot/bundler/rubocop-ast-eq-1.36.2
• 8886b44 Update rubocop-ast requirement from = 1.36.1 to = 1.36.2
• 7634f16 Release v5.0.4
• 5c90ef9 Merge pull request #434 from alphagov/dependabot/bundler/rubocop-eq-1.69.0
• 860d69d Update rubocop requirement from = 1.68.0 to = 1.69.0
• 6bbc49d Merge pull request #433 from alphagov/new-release
• 8b599f5 Release v5.0.3
• a822e10 Merge pull request #431 from alphagov/dependabot/bundler/rubocop-ast-eq-1.36.1
• 8b911b7 Update rubocop-ast requirement from = 1.35.0 to = 1.36.1
• Additional commits viewable in compare view

Updates rexml from 3.3.3 to 3.3.9

Release notes

Sourced from rexml's releases.

REXML 3.3.9 - 2024-10-24

Improvements

• Improved performance.
  • GH-210
  • Patch by NAITOH Jun.

Fixes

• Fixed a parse bug for text only invalid XML.

  • GH-215
  • Patch by NAITOH Jun.

• Fixed a parse bug that &#0x...; is accepted as a character reference.

Thanks

• NAITOH Jun

REXML 3.3.8 - 2024-09-29

Improvements

• SAX2: Improve parse performance.
  • GH-207
  • Patch by NAITOH Jun.

Fixes

• Fixed a bug that unexpected attribute namespace conflict error for the predefined "xml" namespace is reported.
  • GH-208
  • Patch by KITAITI Makoto

Thanks

• NAITOH Jun

• KITAITI Makoto

REXML 3.3.7 - 2024-09-04

Improvements

• Added local entity expansion limit methods
  • GH-192
  • GH-202
  • Reported by takuya kodama.

... (truncated)

Changelog

Sourced from rexml's changelog.

3.3.9 - 2024-10-24 {#version-3-3-9}

Improvements

• Improved performance.
  • GH-210
  • Patch by NAITOH Jun.

Fixes

• Fixed a parse bug for text only invalid XML.

  • GH-215
  • Patch by NAITOH Jun.

• Fixed a parse bug that &#0x...; is accepted as a character reference.

Thanks

• NAITOH Jun

3.3.8 - 2024-09-29 {#version-3-3-8}

Improvements

• SAX2: Improve parse performance.
  • GH-207
  • Patch by NAITOH Jun.

Fixes

• Fixed a bug that unexpected attribute namespace conflict error for the predefined "xml" namespace is reported.
  • GH-208
  • Patch by KITAITI Makoto

Thanks

• NAITOH Jun

• KITAITI Makoto

3.3.7 - 2024-09-04 {#version-3-3-7}

Improvements

• Added local entity expansion limit methods
  • GH-192
  • GH-202
  • Reported by takuya kodama.

... (truncated)

Commits

• 38eaa86 Add 3.3.9 entry
• ce59f2e parser: fix a bug that &#0x...; is accepted as a character reference
• a09646d test: fix indent
• cf0fb9c Fix IOSource#readline for @pending_buffer (#215)
• 1d0c362 Optimize IOSource#read_until method (#210)
• 622011f Bump version
• 036d508 test: avoid using needless non ASCII characters
• 4197054 Add 3.3.8 entry
• 78f8712 Fix handling with "xml:" prefixed namespace (#208)
• 2e1cd64 Optimize SAX2Parser#get_namespace (#207)
• Additional commits viewable in compare view

Updates rubocop-govuk from 5.0.2 to 5.0.4

Changelog

Sourced from rubocop-govuk's changelog.

5.0.4

• Update dependencies

5.0.3

• Update dependencies: rubocop from 1.64.1 to 1.68.0, rubocop-ast from 1.31.3 to 1.26.1, rubocop-rails from 2.25.1 to 2.27.0, rubocop-rspec from 3.0.1 to 3.2.0

Commits

• 4abd6de Merge pull request #435 from alphagov/release-5.0.4
• 4d9f8ae Merge pull request #436 from alphagov/dependabot/bundler/rubocop-ast-eq-1.36.2
• 8886b44 Update rubocop-ast requirement from = 1.36.1 to = 1.36.2
• 7634f16 Release v5.0.4
• 5c90ef9 Merge pull request #434 from alphagov/dependabot/bundler/rubocop-eq-1.69.0
• 860d69d Update rubocop requirement from = 1.68.0 to = 1.69.0
• 6bbc49d Merge pull request #433 from alphagov/new-release
• 8b599f5 Release v5.0.3
• a822e10 Merge pull request #431 from alphagov/dependabot/bundler/rubocop-ast-eq-1.36.1
• 8b911b7 Update rubocop-ast requirement from = 1.35.0 to = 1.36.1
• Additional commits viewable in compare view

Updates fugit from 1.11.0 to 1.11.1

Changelog

Sourced from fugit's changelog.

fugit 1.11.1 released 2024-08-15

• Prevent nat parsing chocking on long input (> 256 chars), gh-104

Commits

• 228b53d Release 1.11.1
• 2a0ec27 Upgrade Ruby test matrix versions
• ad2c1c9 Lower time expectations for labby rubies, gh-104
• 767ef55 Add spec for Fugit.parse() and .do_parse, gh-104
• 025ad7b Bring in spec helpers from raabro
• a9a2628 Add Fugit::Nat.parse() spec input len > 256 gh-104
• 2a11805 Add note about nat 256 char limit, gh-104
• 6a75274 Peg Fugit::Nat.parse(s) at 256 chars, gh-104
• d2f6cf3 Prepare 1.11.1
• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
rubocop-govuk	[> 3.14.0, < 4]
puma	[< 5.7, > 5.6.2]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[sarahcrack]

We cannot update group via dependabot: unable to bump sidekiq due to redis issue but may be able to bump each one manually/locally

[github-actions]

Review app deployed to https://get-into-teaching-app-review-4398.test.teacherservices.cloud

[sonarqubecloud]

Quality Gate passed

Issues
12 New issues
10 Accepted issues

Measures
0 Security Hotspots
95.6% Coverage on New Code
0.3% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml