Bump the ruby group across 1 directory with 10 updates

[dependabot]

Bumps the ruby group with 8 updates in the / directory:

Package	From	To
brakeman	7.1.0	7.1.1
katalyst-tables	3.9.0	3.10.0
rails	8.1.0	8.1.1
rake	13.3.0	13.3.1
sentry-rails	6.0.0	6.2.0
turbo-rails	2.0.17	2.0.20
shoulda-matchers	6.5.0	7.0.1
katalyst-govuk-formbuilder	1.22.0	1.24.0

Updates brakeman from 7.1.0 to 7.1.1

Release notes

Sourced from brakeman's releases.

7.1.1

• Exclude directories before searching for files (#1925)
• Check for unsafe SQL when two arguments are passed to AR methods (Patrick Brinich-Langlois)
• Fix SQL injection check for calculate method (Rohan Sharma)
• Check each side of or SQL arguments (#1935)
• Consider Tempfile.create.path as safe input (Ali Ismayilov)
• Fix false positive when calling with_content on ViewComponents (Peer Allan)
• Add FilePath#to_path for Ruby 3.5 compatibility (S.H.)
• Ignore attribute builder in Haml 6 (#1952)
• Word wrap text report output in pager

Changelog

Sourced from brakeman's changelog.

7.1.1 - 2025-11-03

• Fix false positive when calling with_content on ViewComponents (Peer Allan)
• Word wrap text output in pager
• Consider Tempfile.create.path as safe input (Ali Ismayilov)
• Exclude directories before searching for files
• Check each side of or SQL arguments
• Ignore attribute builder in Haml 6
• Add FilePath#to_path for Ruby 3.5 compatibility (S-H-GAMELINKS)
• Fix SQL injection check for calculate method (Rohan Sharma)
• Fix missing td in HTML report (John Hawthorn)
• Check for unsafe SQL when two arguments are passed to AR methods (Patrick Brinich-Langlois)

Commits

• 34569b9 Bump to 7.1.1
• 0daddae Update CHANGES
• ae84d11 Merge pull request #1950 from peerkleio/fix-1832-viewcomponent-with-content
• beabb9c Update CHANGES
• a65c657 Merge pull request #1961 from presidentbeef/wordwrap_output
• 1dcee03 Merge pull request #1933 from aliismayilov/ignore-tempfile-path
• 21ae593 Merge pull request #1953 from sunny/patch-1
• da44c3f Merge pull request #1968 from presidentbeef/faster_file_search
• ec80644 Merge pull request #1963 from rsharma-figma/rohan/fix-calculate-sql-injection...
• e2acb3c Update AppTree tests
• Additional commits viewable in compare view

Updates katalyst-tables from 3.9.0 to 3.10.0

Release notes

Sourced from katalyst-tables's releases.

v3.10.0

What's Changed

• Bump the ruby group with 4 updates by @​dependabot[bot] in katalyst/tables#128
• Bump rollup from 4.52.0 to 4.52.3 in the js group by @​dependabot[bot] in katalyst/tables#127

Full Changelog: katalyst/tables@v3.9.0...v3.10.0

Changelog

Sourced from katalyst-tables's changelog.

[3.10.0]

• Support for Rails 8.1

Commits

• 56a4691 Rails 8.1
• cfd3413 Churn: update dependencies
• 4c6d0ae Bump rollup from 4.52.0 to 4.52.3 in the js group
• 154d710 Bump the ruby group with 4 updates
• 236a78a Block external fonts during system tests
• 28f3a58 Churn: update dependencies
• c59160b Churn: update dependencies
• See full diff in compare view

Updates rails from 8.1.0 to 8.1.1

Release notes

Sourced from rails's releases.

8.1.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• Respect remove_hidden_field_autocomplete config in form builder hidden_field.

  Rafael Mendonça França

Action Pack

• Allow methods starting with underscore to be action methods.

  Disallowing methods starting with an underscore from being action methods was an unintended side effect of the performance optimization in 207a254.

  Fixes #55985.

  Rafael Mendonça França

Active Job

• Only index new serializers.

  Jesse Sharps

Action Mailer

• No changes.

Action Cable

... (truncated)

Commits

• 90a1eaa Preparing for 8.1.1 release
• 0ce0ce1 Upgrade sigstore gem to 0.2.2
• 271acd5 Sync CHANGELOG
• 7574698 Merge pull request #56020 from harsh183/hd/getting_started/fix_line_num_typo
• 89cb7bf Fix railties/CHANGELOG.md offense at 8-1-stable
• 7919bda Restore header
• f007f9c Disable SSL default config for out of the box Kamal deployments (#56010)
• 234b569 Merge pull request #56008 from chaadow/fix_nesting_loop_rails
• 21a8742 Merge pull request #55992 from jsharpify/jsharpify-reduce-deprecation-warnings
• a7ba88b Merge pull request #56001 from hachi8833/update_wishlists
• Additional commits viewable in compare view

Updates rake from 13.3.0 to 13.3.1

Commits

• f0001c3 v13.3.1
• a644c80 Merge pull request #483 from luke-gru/fix_test_warnings
• 2465ea5 silence warnings during execution of rake tasks in Rakefile (ex: rake test)
• df25fb1 Merge pull request #610 from pvdb/fix_testhelper_require
• ec12ac9 Merge pull request #635 from nevans/deconstruct_keys-for-nil-keys
• 4664a69 Merge pull request #666 from ruby/dependabot/github_actions/ruby/setup-ruby-1...
• 7a0bf15 Bump ruby/setup-ruby from 1.265.0 to 1.266.0
• b3ed789 Merge pull request #665 from ruby/dependabot/github_actions/ruby/setup-ruby-1...
• 1e7ef52 Bump ruby/setup-ruby from 1.263.0 to 1.265.0
• 77225e1 Merge pull request #664 from ruby/dependabot/github_actions/ruby/setup-ruby-1...
• Additional commits viewable in compare view

Updates sentry-rails from 6.0.0 to 6.2.0

Changelog

Sourced from sentry-rails's changelog.

6.2.0

Features

• Include otel as custom sampling context (2683)

Fixes

• Prevent logging from crashing main thread (2795)
• Improve error handling in ActiveRecord subscriber (2798)

6.1.2

Fixes

• Handle positioned binds in logging (#2787)
• Handle cached queries with binds correctly when logging (#2789)

6.1.1

Improvements

• Optimize getting query source location in ActiveRecord tracing - this makes tracing up to roughly 40-60% faster depending on the use cases (#2769)

Bug fixes

• Properly skip silenced ActiveRecord::Base.logger's log entries in the ActiveRecord log subscriber (#2775)
• Handle malformed utf-8 log messages and attributes (#2777 and #2780)
• Fix initialized check in Sentry::Rails::CaptureExceptions (#2783)

6.1.0

Features

• Add support for ActiveRecord binds in the log events (#2761)

Bug Fixes

• Guard log subscribers with initialized check (#2765)

Commits

• 0da2bde release: 6.2.0
• bcc0fe7 fix(logging): improve error handling in AR subscriber (#2798)
• 5aa2643 release: 6.1.2
• 78a5a08 fix(rails): fix logging of cached queries with binds (#2789)
• a5cee1b fix(rails): handle positioned binds in logging (#2787)
• 6aed463 release: 6.1.1
• 9eea7de Fix initialized check in Sentry::Rails::CaptureExceptions (#2783)
• 6049bfd fix(rails): properly skip silenced logs from AR (#2775)
• 98f97b4 [rails] improve AR tracing performance (#2769)
• 3e1981a chore(jruby): fixes and updates (#2772)
• Additional commits viewable in compare view

Updates turbo-rails from 2.0.17 to 2.0.20

Release notes

Sourced from turbo-rails's releases.

v2.0.20

Full Changelog: hotwired/turbo-rails@v2.0.19...v2.0.20

v2.0.19

Full Changelog: hotwired/turbo-rails@v2.0.17...v2.0.19

Commits

• 01dd6b9 Bump version
• e3cd134 @​hotwired/turbo-rails v8.0.20
• 00f9864 @​hotwired/turbo-rails v8.0.19
• 2971ba2 Bump turbo version
• See full diff in compare view

Updates shoulda-matchers from 6.5.0 to 7.0.1

Release notes

Sourced from shoulda-matchers's releases.

v7.0.1

7.0.1 - 2025-10-31

Bug fixes

• Hotfix: Add mutex_m gem dependency by @​matsales28 and @​garrettgregor (#1687)

#1687: thoughtbot/shoulda-matchers#1687

v7.0.0

7.0.0 - 2025-10-31

Backward-incompatible changes

• Drop support for Rails 6.1 and older by @​matsales28 (#1678)
• Drop support for Rails 7.0 by @​matsales28 (#1680)

Bug fixes

• Ensure @​options is always set in ActiveModel::ValidationMatcher by @​yelvert (#1669)

Features

• Add support for Rails 8 by @​matsales28 (#1677)
• Add Rails 8.1 support by @​matsales28 (#1682)
• Support encrypted ActionText attributes by @​spdawson (#1667)
• Add service, strict_loading, and dependent options to have_attached matcher by @​matsales28 (#1675)

Improvements

• Refactor Ruby manager setup, add mise integration by @​amalrik (#1674)
• Update Ruby versions to latest stable releases by @​matsales28 (#1676, #1683)
• Update supported Ruby versions to 3.3.10 and 3.4.7

#1667: thoughtbot/shoulda-matchers#1667 #1669: thoughtbot/shoulda-matchers#1669 #1674: thoughtbot/shoulda-matchers#1674 #1675: thoughtbot/shoulda-matchers#1675 #1676: thoughtbot/shoulda-matchers#1676 #1677: thoughtbot/shoulda-matchers#1677 #1678: thoughtbot/shoulda-matchers#1678 #1680: thoughtbot/shoulda-matchers#1680 #1682: thoughtbot/shoulda-matchers#1682 #1683: thoughtbot/shoulda-matchers#1683

Changelog

Sourced from shoulda-matchers's changelog.

7.0.1 - 2025-10-31

Bug fixes

• Hotfix: Add mutex_m gem dependency by @​matsales and @​garrettgregor (#1687)

#1687: thoughtbot/shoulda-matchers#1687

7.0.0 - 2025-10-31

Backward-incompatible changes

• Drop support for Rails 6.1 and older by @​matsales28 (#1678)
• Drop support for Rails 7.0 by @​matsales28 (#1680)

Bug fixes

• Ensure @​options is always set in ActiveModel::ValidationMatcher by @​yelvert (#1669)

Features

• Add support for Rails 8 by @​matsales28 (#1677)
• Add Rails 8.1 support by @​matsales28 (#1682)
• Support encrypted ActionText attributes by @​spdawson (#1667)
• Add service, strict_loading, and dependent options to have_attached matcher by @​matsales28 (#1675)

Improvements

• Refactor Ruby manager setup, add mise integration by @​amalrik (#1674)
• Update Ruby versions to latest stable releases by @​matsales28 (#1676, #1683)
• Update supported Ruby versions to 3.3.10 and 3.4.7

#1667: thoughtbot/shoulda-matchers#1667 #1669: thoughtbot/shoulda-matchers#1669 #1674: thoughtbot/shoulda-matchers#1674 #1675: thoughtbot/shoulda-matchers#1675 #1676: thoughtbot/shoulda-matchers#1676 #1677: thoughtbot/shoulda-matchers#1677 #1678: thoughtbot/shoulda-matchers#1678 #1680: thoughtbot/shoulda-matchers#1680 #1682: thoughtbot/shoulda-matchers#1682 #1683: thoughtbot/shoulda-matchers#1683

Commits

• 2a50331 bump version to 7.0.1
• 3ae93e6 hotfix: Add mutex_m gem dependency (#1687)
• 731aaa7 Bump version to 7.0.0
• 9069b59 * chore: Update supported Ruby versions to 3.3.10 and 3.4.7
• 99e3698 chore: Add Rails 8.1 support (#1682)
• 5c79d3b chore: Drop support for Rails 7.0 (#1680)
• 7c46150 chore: Add support for Rails 8 (#1677)
• 49113db chore: Drop support for Rails 6.1 and older (#1678)
• 15560c7 feat: Add service, strict_loading, and dependent options to `have_attac...
• 024c055 chore: Update Ruby versions to latest stable releases (#1676)
• Additional commits viewable in compare view

Updates activerecord from 8.1.0 to 8.1.1

Release notes

Sourced from activerecord's releases.

8.1.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• Respect remove_hidden_field_autocomplete config in form builder hidden_field.

  Rafael Mendonça França

Action Pack

• Allow methods starting with underscore to be action methods.

  Disallowing methods starting with an underscore from being action methods was an unintended side effect of the performance optimization in 207a254.

  Fixes #55985.

  Rafael Mendonça França

Active Job

• Only index new serializers.

  Jesse Sharps

Action Mailer

• No changes.

Action Cable

... (truncated)

Changelog

Sourced from activerecord's changelog.

Rails 8.1.1 (October 28, 2025)

• No changes.

Commits

• 90a1eaa Preparing for 8.1.1 release
• fe609bf Merge pull request #50598 from lucasmazza/lm/upsert_all-skip
• 53c4ed8 Merge pull request #55973 from rails/fix-ci
• f77a1c3 Require 'rails' at the top of railltie files to ensure Rails is loaded first
• 334ed8f Merge pull request #55969 from rails/fix-explain-tests-mysql-9.5
• See full diff in compare view

Updates katalyst-govuk-formbuilder from 1.22.0 to 1.24.0

Release notes

Sourced from katalyst-govuk-formbuilder's releases.

v1.24.0

Full Changelog: katalyst/govuk-formbuilder@v1.23.0...v1.24.0

v1.23.0

What's Changed

• Bump the js group with 3 updates by @​dependabot[bot] in katalyst/govuk-formbuilder#32

Full Changelog: katalyst/govuk-formbuilder@v1.22.0...v1.23.0

Commits

• 189bc5c Update to govuk-frontend 5.13.0
• 53ef5ab Update to govuk-frontend 5.13.0
• 32f8894 Churn: update dependencies
• 0e26070 Bump the js group with 3 updates
• 7fdf445 Churn: update dependencies
• See full diff in compare view

Updates view_component from 4.1.0 to 4.1.1

Release notes

Sourced from view_component's releases.

v4.1.1

• Add Consultport to list of companies using ViewComponent.

  Sebastian Nepote

• Resolve deprecation warning for ActiveSupport::Configurable.

  Simon Fish

• Make ViewComponent::VERSION accessible to other gems by default.

  Hans Lemuet

• Added Reinvented Hospitality to the list of companies using ViewComponent.

  Torgil Zechel

Changelog

Sourced from view_component's changelog.

4.1.1

• Add Consultport to list of companies using ViewComponent.

  Sebastian Nepote

• Resolve deprecation warning for ActiveSupport::Configurable.

  Simon Fish

• Make ViewComponent::VERSION accessible to other gems by default.

  Hans Lemuet

• Added Reinvented Hospitality to the list of companies using ViewComponent.

  Torgil Zechel

Commits

• 3743d2b Merge pull request #2499 from ViewComponent/release-4-1-1
• ee56651 Bump VC in gemfiles
• f6d0502 release 4.1.1
• cb2240b Merge pull request #2493 from ViewComponent/dependabot/bundler/tailwindcss-ra...
• 7ba75df Merge pull request #2495 from ViewComponent/dependabot/bundler/minitest-5.26.1
• 44cdafe Bump minitest from 5.26.0 to 5.26.1
• 4173395 Bump tailwindcss-rails from 4.3.0 to 4.4.0
• 4dbbaa3 Merge pull request #2492 from snepote/feat/adds_consultport_company_using_vie...
• b26c936 Add Consultport to "Who uses ViewComponent?"
• e222240 Merge pull request #2488 from ViewComponent/dependabot/bundler/selenium-webdr...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions