Bump the minor-and-patch group with 5 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the minor-and-patch group with 5 updates:

Package	From	To
state_machines	0.31.0	0.50.0
graphql	2.5.10	2.5.11
sidekiq	8.0.4	8.0.5
config	5.5.2	5.6.1
sorbet-static-and-runtime	0.5.12219	0.5.12222

Updates state_machines from 0.31.0 to 0.50.0

Release notes

Sourced from state_machines's releases.

state_machines: v0.50.0

0.50.0 (2025-07-12)

Features

• Add coordinated state management guards (#145) (97eb6ef)

state_machines: v0.40.0

0.40.0 (2025-07-12)

Features

• add async support with declarative async: true parameter (#144) (5fcbbd7)

Bug Fixes

• prevent event_transition overwriting with multiple state machines (fab957e)
• prevent event_transition overwriting with multiple state machines (a8c6017)

Changelog

Sourced from state_machines's changelog.

0.50.0 (2025-07-12)

Features

• Add coordinated state management guards (#145) (97eb6ef)

0.40.0 (2025-07-12)

Features

• add async support with declarative async: true parameter (#144) (5fcbbd7)

Bug Fixes

• prevent event_transition overwriting with multiple state machines (fab957e)
• prevent event_transition overwriting with multiple state machines (a8c6017)

Commits

• ba17e0e chore(master): release state_machines 0.50.0 (#146)
• 97eb6ef feat: Add coordinated state management guards (#145)
• fe7f908 chore: update COSS version to 0.40.0
• 53a492a chore(master): release state_machines 0.40.0 (#142)
• 5fcbbd7 feat: add async support with declarative async: true parameter (#144)
• 073012d refactor: Modernize conditional logic with pattern matching (#143)
• fab957e Merge pull request #141 from state-machines/feat/fixing2020bug
• a8c6017 fix: prevent event_transition overwriting with multiple state machines
• 7013770 chore: update COSS version to 0.31.0
• See full diff in compare view

Updates graphql from 2.5.10 to 2.5.11

Changelog

Sourced from graphql's changelog.

2.5.11 (9 Jul 2025)

Bug fixes

• Dataloader: improve compatibility when objects are loaded by GraphQL-Batch but .authorized? uses Dataloader #5400

Commits

• 885a0bf 2.5.11
• 9e03c13 Merge pull request #5400 from rmosolgo/dataloader-batch-integration
• 9442377 Support dataloader calls after batched lazy resolve
• See full diff in compare view

Updates sidekiq from 8.0.4 to 8.0.5

Changelog

Sourced from sidekiq's changelog.

8.0.5

• Add stopping? method to AJ adapter for compatibility with the new AJ::Continuations feature #6732
• Further improvements to Rails boot compatibility #6710
• Add ability to disable CSRF middleware. SameSite cookies prevent CSRF in a cleaner manner and are default in most browsers now. CSRF code will be removed in Sidekiq 9.0. #6739

Commits

• 78b6d88 document how to properly log to a local file with systemd
• 01bc5c9 Allow disabling CSRF, fixes #6739
• c4deada Update selected text background color on dark mode. (#6737)
• e255bf7 standard formatting
• cbc2dd0 changes, bump
• cdb5873 Add missing stopping? method to SidekiqAdapter. (#6732)
• a2594b6 Don't load ActiveJob::Base during initialization (#6710)
• fbd2573 Make SidekiqAdapter subclass AbstractAdapter (#6727)
• See full diff in compare view

Updates config from 5.5.2 to 5.6.1

Release notes

Sourced from config's releases.

5.6.1

What's Changed

• fix(security): replace IO.read with File.read by @​pkuczynski in rubyconfig/config#378

Full Changelog: rubyconfig/config@5.6.0...5.6.1

5.6.0

What's Changed

• feat: added extra sources in initializer by @​Nuzair46 in rubyconfig/config#366

Full Changelog: rubyconfig/config@5.5.2...5.6.0

Changelog

Sourced from config's changelog.

5.6.1

• fix(security): replace IO.read with File.read #378

5.6.0

• Added extra_sources in initializer (#366)

Commits

• 8b6ffe6 release: 5.6.1
• d639f9d ci: limit workflow permissions (#379)
• e0bf18f fix(security): replace IO.read with File.read (#378)
• 263e66a test: bump puma in rails 5.2 test app to fix security warning (#377)
• c833d19 release: 5.6.0
• 4dc0f3e ci: fix jruby rails >= 7.2 (#376)
• 1f17cd8 feat: added extra sources in initializer (#366)
• 97b3e8c ci: add rails 7.2 and 8.0 to the test matrix and bump some older dependencies...
• 1b5581d ci: add Ruby 3.4 to the test matrix (#369)
• a4c978f ci: remove unnecessary ubuntu packages installation (#374)
• Additional commits viewable in compare view

Updates sorbet-static-and-runtime from 0.5.12219 to 0.5.12222

Release notes

Sourced from sorbet-static-and-runtime's releases.

sorbet 0.5.12221.20250708104131-4081716a2

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.5.12221', :group => :development
gem 'sorbet-runtime', '0.5.12221'

sorbet 0.5.12220.20250707130737-19deaded1

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.5.12220', :group => :development
gem 'sorbet-runtime', '0.5.12220'

sorbet 0.5.12219.20250702112501-26fef6e2a

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.5.12219', :group => :development
gem 'sorbet-runtime', '0.5.12219'

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

[amomchilov]

Bug issue: sidekiq/sidekiq#6746
Caused by: sidekiq/sidekiq#6727
Upstream fix: sidekiq/sidekiq#6749

[amomchilov]

Nvm, this workaround didn't work across the whole CI test matrix. I just rolled back to Sidekiq 8.0.4 for now, instead.

[amomchilov]

• Bump the minor-and-patch group with 5 updates #2351 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.