Bump the combined-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the combined-dependencies group with 10 updates in the / directory:

Package	From	To
rails	7.1.3.4	7.2.0
propshaft	0.9.0	0.9.1
sentry-ruby	5.18.2	5.19.0
bootsnap	1.18.3	1.18.4
govuk_notify_rails	2.2.0	3.0.0
rexml	3.3.4	3.3.5
hexapdf	0.45.0	0.46.0
rspec-rails	6.1.3	6.1.4
govuk-components	5.4.1	5.5.0
govuk_design_system_formbuilder	5.4.1	5.5.0

Updates rails from 7.1.3.4 to 7.2.0

Release notes

Sourced from rails's releases.

7.2.0

Active Support

• Fix delegate_missing_to allow_nil: true when called with implict self

  class Person
    delegate_missing_to :address, allow_nil: true
  def address
  nil
  end
  def berliner?
  city == "Berlin"
  end
  end
  Person.new.city # => nil
  Person.new.berliner? # undefined local variable or method `city' for an instance of Person (NameError)

  Jean Boussier

• Add logger as a dependency since it is a bundled gem candidate for Ruby 3.5

  Earlopain

• Define Digest::UUID.nil_uuid, which returns the so-called nil UUID.

  Xavier Noria

• Support duration type in ActiveSupport::XmlMini.

  heka1024

• Remove deprecated ActiveSupport::Notifications::Event#children and ActiveSupport::Notifications::Event#parent_of?.

  Rafael Mendonça França

• Remove deprecated support to call the following methods without passing a deprecator:

  • deprecate
  • deprecate_constant
  • ActiveSupport::Deprecation::DeprecatedObjectProxy.new
  • ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.new
  • ActiveSupport::Deprecation::DeprecatedConstantProxy.new
  • assert_deprecated
  • assert_not_deprecated

... (truncated)

Commits

• fb6c430 Preparing for 7.2.0 release
• c9a5cfd Merge pull request #52540 from mattbrictson/fix-brakeman-ci-desc
• ac2035a Merge pull request #52555 from rails/rm-fix-system-test
• 7ae1ec1 Remove WEB_CONCURRENCY "auto" from tuning_performance_for_deployment (#52545)
• 0461267 Merge pull request #52554 from erados/patch-1
• c2e0f6f Remove redundant Puma configuration settings from fresh config/puma.rb files
• ecf787c Puma 5+ now pulls WEB_CONCURRENCY directly from ENV, so we cannot/should not ...
• 573d4bd Merge pull request #52533 from denys-chaikovskyi/mod/auto-puma-workers
• 0b3404e Merge pull request #52531 from n-studio/allow-bots
• 6ffa94c Merge pull request #52524 from rubys/rm-redundant-comment
• Additional commits viewable in compare view

Updates propshaft from 0.9.0 to 0.9.1

Release notes

Sourced from propshaft's releases.

v0.9.1

What's Changed

• Fix 404 for loading source maps with digests in url by @​theodorton in rails/propshaft#194
• Require active_support's delegation module (fix crash introduced in 0.9.0) by @​aaronjensen in rails/propshaft#191
• Fix deprecation in engine mounting by @​atomaka in rails/propshaft#198

New Contributors

• @​atomaka made their first contribution in rails/propshaft#198

Full Changelog: rails/propshaft@v0.9.0...v0.9.1

Commits

• 2abf542 Bump version for 0.9.1
• 40b578c Fix deprecation in engine mounting (#198)
• af557fb Make digest regex less strict on .map extensions (#194)
• c14f2b4 Require active_support's delegation module (#191)
• See full diff in compare view

Updates sentry-ruby from 5.18.2 to 5.19.0

Changelog

Sourced from sentry-ruby's changelog.

5.19.0

Features

• Use Concurrent.available_processor_count instead of Concurrent.usable_processor_count (#2358)

• Support for tracing Faraday requests (#2345)

  • Closes #1795
  • Please note that the Faraday instrumentation has some limitations in case of async requests: lostisland/faraday#1381

  Usage:

  Sentry.init do |config|
    # ...
    config.enabled_patches << :faraday
  end

• Support for attachments (#2357)

  Usage:

  Sentry.add_attachment(path: '/foo/bar.txt')
  Sentry.add_attachment(filename: 'payload.json', bytes: '{"value": 42}'))

• Transaction data are now included in the context (#2365)

  • Closes #2364

• Inject Sentry meta tags in the Rails application layout automatically in the generator (#2369)

  To turn this behavior off, use

  bin/rails generate sentry --inject-meta false

Bug Fixes

• Fix skipping connect spans in open-telemetry #2364

Commits

• 43c5cc2 release: 5.19.0
• 8c1c259 Use Concurrent.available_processor_count instead of `Concurrent.usable_proc...
• 837577a File/attachment uploads (#2357)
• 47c4458 Include transaction data in the trace context (#2365)
• e4571d9 Remove upper limit on graphql gem version (#2362)
• ef1eeb3 Unify Net::HTTP and Faraday implementations (#2360)
• 09f348e Support for tracing Faraday requests (#2345)
• See full diff in compare view

Updates sentry-rails from 5.18.2 to 5.19.0

Changelog

Sourced from sentry-rails's changelog.

5.19.0

Features

• Use Concurrent.available_processor_count instead of Concurrent.usable_processor_count (#2358)

• Support for tracing Faraday requests (#2345)

  • Closes #1795
  • Please note that the Faraday instrumentation has some limitations in case of async requests: lostisland/faraday#1381

  Usage:

  Sentry.init do |config|
    # ...
    config.enabled_patches << :faraday
  end

• Support for attachments (#2357)

  Usage:

  Sentry.add_attachment(path: '/foo/bar.txt')
  Sentry.add_attachment(filename: 'payload.json', bytes: '{"value": 42}'))

• Transaction data are now included in the context (#2365)

  • Closes #2364

• Inject Sentry meta tags in the Rails application layout automatically in the generator (#2369)

  To turn this behavior off, use

  bin/rails generate sentry --inject-meta false

Bug Fixes

• Fix skipping connect spans in open-telemetry #2364

Commits

• 43c5cc2 release: 5.19.0
• a09da50 Include Sentry meta tag in the layout automatically (#2369)
• See full diff in compare view

Updates bootsnap from 1.18.3 to 1.18.4

Changelog

Sourced from bootsnap's changelog.

1.18.4

• Allow using bootsnap without bundler. See #488.
• Fix startup failure if the cache directory points to a broken symlink.

Commits

• cae219a Release 1.18.4
• 407bdef Merge pull request #489 from Shopify/fix-load-error
• 7afa951 Fix bootsnap setup in environments without bundler
• c5513d9 Merge pull request #487 from Uaitt/update-gh-action-versions
• 65691ca Update GitHub actions versions
• 156b8c9 Merge pull request #485 from Uaitt/changelog-typo
• e76fe38 Merge pull request #486 from Uaitt/correct-rubocop-offenses
• 9ec8d70 Correct Rubocop offenses
• 47ad134 Correct a typo present in the CHANGELOG
• f627992 Add --version flag
• Additional commits viewable in compare view

Updates govuk_notify_rails from 2.2.0 to 3.0.0

Release notes

Sourced from govuk_notify_rails's releases.

v3.0.0

What's Changed

• Bump notifications-ruby-client to 6.2.0 by @​stephencdaly in ministryofjustice/govuk_notify_rails#11
• Bump version to 3.0.0 by @​zheileman in ministryofjustice/govuk_notify_rails#12
• Added support for one-click unsubscribe URLs by @​zheileman in ministryofjustice/govuk_notify_rails#12

Please note starting with version 6.0 of the client, some breaking changes were introduced to the prepare_upload method. Although this gem does not use this method directly, given the notifications-ruby-client gem is a transitive dependency, if you are using prepare_upload in your code make sure you've made the necessary changes before updating to this version.

New Contributors

• @​stephencdaly made their first contribution in ministryofjustice/govuk_notify_rails#11

Full Changelog: ministryofjustice/govuk_notify_rails@v2.2.0...v3.0.0

Changelog

Sourced from govuk_notify_rails's changelog.

3.0.0 (08/08/2024)

• Updated to use latest version of the notifications-ruby-client gem (currently 6.2). PR contributed by @​stephencdaly.
• Added support for one-click unsubscribe URLs. The one-click unsubscribe URL will be added to the headers of your email. Email clients will use it to add an unsubscribe button.

Please note starting with version 6.0 of the client, some breaking changes were introduced to the prepare_upload method. Although this gem does not use this method directly, given the notifications-ruby-client gem is a transitive dependency, if you are using prepare_upload in your code make sure you've made the necessary changes before updating to this version.

Commits

• 8171dce Merge pull request #12 from ministryofjustice/bump-version
• e963e48 Bump version to 3.0.0
• cadb377 Merge pull request #11 from stephencdaly/bump-notifications-ruby-client-to-6-2
• 6a0c78f Bump notifications-ruby-client to 6.2.0
• See full diff in compare view

Updates rexml from 3.3.4 to 3.3.5

Release notes

Sourced from rexml's releases.

REXML 3.3.5 - 2024-08-12

Fixes

• Fixed a bug that REXML::Security.entity_expansion_text_limit check has wrong text size calculation in SAX and pull parsers.
  • GH-193
  • GH-195
  • Reported by Viktor Ivarsson.
  • Patch by NAITOH Jun.

Thanks

• Viktor Ivarsson

• NAITOH Jun

Changelog

Sourced from rexml's changelog.

3.3.5 - 2024-08-12 {#version-3-3-5}

Fixes

• Fixed a bug that REXML::Security.entity_expansion_text_limit check has wrong text size calculation in SAX and pull parsers.
  • GH-193
  • GH-195
  • Reported by Viktor Ivarsson.
  • Patch by NAITOH Jun.

Thanks

• Viktor Ivarsson

• NAITOH Jun

Commits

• 21d90cb Add 3.3.5 entry
• 1892770 Fix calculation of Security.entity_expansion_text_limit in SAX/pull parsers (...
• e3f747f Bump version
• See full diff in compare view

Updates hexapdf from 0.45.0 to 0.46.0

Changelog

Sourced from hexapdf's changelog.

0.46.0 - 2024-08-11

Added

• [HexaPDF::DigitalSignature::CMSHandler#embedded_tsa_signature] to return the embedded timestamp authority signature if any
• [HexaPDF::DigitalSignature::Signing::DefaultHandler#signing_time] for setting a custom signing time
• [HexaPDF::Document#duplicate] for making an in-memory copy of a PDF document
• Configuration option 'font.default' for setting the default font for the document layout engine

Changed

• [HexaPDF::Document::Layout::CellArgumentCollector#[]=] to allow stepped ranges
• [HexaPDF::Document::Layout::ChildrenCollector] to also return the box when creating and adding one to the list
• [HexaPDF::Layout::InlineBox] to allow usage without predefined width
• [HexaPDF::DigitalSignature::CMSHandler#verify] to recognize non-repudiation signatures
• [HexaPDF::DigitalSignature::CMSHandler#signing_time] to use time from an embedded timestamp authority signature if possible
• [HexaPDF::Layout::Box#fit] to return success for boxes with content width/height of zero
• [HexaPDF::Importer::copy] to optionally allow copying the catalog and page tree nodes

Fixed

• Setting of correct x-position in fit result for boxes with flow positioning
• [HexaPDF::Layout::ListBox#fit] to respect the set height
• CLI command hexapdf inspect to work in case of missing Unicde mappings
• [HexaPDF::Type::AcroForm::Form#delete_field] to correctly work for fields with an embedded widget
• Parsing of "linearized" PDF files where the first cross-reference section isn't actually used
• [HexaPDF::Layout::PageStyle#create_page] to return new frame objects on each invocation

Commits

• See full diff in compare view

Updates rspec-rails from 6.1.3 to 6.1.4

Changelog

Sourced from rspec-rails's changelog.

6.1.4 / 2024-08-15

Full Changelog

Bug Fixes:

• Prevent have_http_status matcher raising an error when encountering a raw Rack::MockResponse. (Christophe Bliard, #2771)
• Move Rails version conditional from index scaffold generated file to template. (Matt Jankowski, #2777)

Commits

• 3f56a9f 6.1.4
• d6792b4 Extract cell_selector method in scaffold index view spec generator (#2777)
• 49b34bd Changelog for #2771
• 5a71461 Merge pull request #2771 from cbliard/support-rack-mock-response-with-have-ht...
• 7214738 Create SECURITY.md
• 95b496b Merge pull request #2770 from toshimaru/use-perform_enqueued_jobs
• See full diff in compare view

Updates govuk-components from 5.4.1 to 5.5.0

Release notes

Sourced from govuk-components's releases.

Version 5.5.0

• Upgrade to support Pagy 9 - note Pagy 9 changes the items param to limit so watch out for that in your tests - #548
• Upgrade to support ViewComponent 3.13 #550
• Support GOV.UK Frontend 5.5.0 #551

Commits

• 9300206 Release version 5.5.0
• ab3e157 Update view_component requirement from >= 3.9, < 3.13 to >= 3.9, < 3.14 (#550)
• 416ea82 Update view_component requirement from >= 3.9, < 3.13 to >= 3.9, < 3.14
• 9551f85 Update pagy requirement from >= 6, < 9 to >= 6, < 10 (#548)
• 57465fd Make Pagy use the legacy nav bar
• a220959 Update pagy requirement from >= 6, < 9 to >= 6, < 10
• ada743c Update rubocop-govuk requirement from = 5.0.1 to = 5.0.2 (#549)
• 1a53b0f Update rubocop-govuk requirement from = 5.0.1 to = 5.0.2
• b69b77d Upgrade to govuk-frontend 5.5.0 (#551)
• 98f3837 Upgrade to govuk-frontend 5.5.0
• See full diff in compare view

Updates govuk_design_system_formbuilder from 5.4.1 to 5.5.0

Release notes

Sourced from govuk_design_system_formbuilder's releases.

Version 5.5.0

• Add support for GOV.UK Frontend 5.5.0

Commits

• 3984bc1 Release version 5.5.0
• 67399f2 Merge pull request #516 from x-govuk/upgrade-to-govuk-frontend-5.5.0
• 1e5f656 Upgrade to govuk-frontend 5.5.0
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.