Bump the bundler group with 7 updates

[dependabot]

Bumps the bundler group with 7 updates:

Package	From	To
rails	7.0.8	7.1.1
slim-rails	3.6.2	3.6.3
devise	4.9.2	4.9.3
rubocop	1.56.4	1.57.1
redis	5.0.7	5.0.8
rack	2.2.8	3.0.8
rouge	4.1.3	4.2.0

Updates rails from 7.0.8 to 7.1.1

Release notes

Sourced from rails's releases.

7.1.1

Active Support

• Add support for keyword arguments when delegating calls to custom loggers from ActiveSupport::BroadcastLogger.

  Jenny Shen

• NumberHelper: handle objects responding to_d.

  fatkodima

• Fix RedisCacheStore to properly set the TTL when incrementing or decrementing.

  This bug was only impacting Redis server older than 7.0.

  Thomas Countz

• Fix MemoryStore to prevent race conditions when incrementing or decrementing.

  Pierre Jambet

Active Model

• No changes.

Active Record

• Fix auto populating IDENTITY columns for PostgreSQL.

  fatkodima

• Fix "ArgumentError: wrong number of arguments (given 3, expected 2)" when down migrating rename_table in older migrations.

  fatkodima

• Do not require the Action Text, Active Storage and Action Mailbox tables to be present when running when running test on CI.

  Rafael Mendonça França

Action View

... (truncated)

Commits

• 2393805 Preparing for 7.1.1 release
• b280d7f Sync CHANGELOG
• 314220e Merge pull request #49525 from abhaynikam/fix-app-generated-dockerfile-to-use...
• 1f1710d Merge pull request #49589 from fatkodima/fix-flaky-fixtures-test
• 4921df0 Merge pull request #49565 from hachi8833/add_missing_doc_43487
• 57d626e Merge pull request #49562 from akhilgkrishnan/update-postgres-naming-to-postg...
• 63f204d Merge pull request #49553 from tricknotes/update-rails-ujs-build
• 8a6118a Use released version of Sdoc
• 3199a45 Merge pull request #49581 from hachi8833/update_doc_npm
• a5534b9 Merge pull request #49515 from dustinbrownman/main
• Additional commits viewable in compare view

Updates slim-rails from 3.6.2 to 3.6.3

Commits

• 5e101b7 Bump version to 3.6.3
• 3246626 Merge pull request #193 from taketo1113/fix-error-with-namespace
• 7934083 Merge pull request #194 from taketo1113/ci-rails-7.1
• 67dccdf Added Rails 7.1 to the CI matrix.
• b2e668e Removed unnecessary @
• See full diff in compare view

Updates devise from 4.9.2 to 4.9.3

Changelog

Sourced from devise's changelog.

4.9.3 - 2023-10-11

• enhancements
  • Add support for Rails 7.1.
  • Add Devise.deprecator to integrate with new application deprecators in Rails 7.1. (@​soartec-lab, @​etiennebarrie)

Commits

• 1d66580 Release v4.9.3
• dcbfb32 Merge pull request #5640 from nmaggioni/nm_config_template_typo
• c146b25 Better clarify need to override internal_methods
• 9a08620 Update changelog with Rails 7.1 mention [ci skip]
• 407f223 Fix test warning about deprecated cache format in Rails 7.1
• f2a42ab Ensure _prefixes is not available as an action method on controllers
• 218d14a Lock ubuntu version to 20.04 to workaround older Ruby build issues
• 501ae58 Lock loofah on Rails <= 5.2
• 373d83c Use Bundler 1.x with Ruby <= 2.2
• fb7faf7 Fix code to support older versions of Ruby
• Additional commits viewable in compare view

Updates rubocop from 1.56.4 to 1.57.1

Release notes

Sourced from rubocop's releases.

RuboCop 1.57.1

Bug fixes

• #12271: Fix a false positive for Lint/RedundantSafeNavigation when using snake case constant receiver. (@​koic)
• #12265: Fix an error for Layout/MultilineMethodCallIndentation when usingarithmetic operation with block inside a grouped expression. (@​koic)
• #12177: Fix an incorrect autocorrect for Style/RedundantException. (@​ydah)
• #12261: Fix an infinite loop for Layout/MultilineMethodCallIndentation when multiline method chain with a block argument and method chain. (@​ydah)
• #12263: Fix false positives for Style/RedundantDoubleSplatHashBraces when method call for no hash braced double splat receiver. (@​koic)
• #12262: Fix an incorrect autocorrect for Style/RedundantDoubleSplatHashBraces when using double splat hash braces with merge method call twice. (@​koic)

RuboCop 1.57

New features

• #12227: Add new Style/SingleLineDoEndBlock cop. (@​koic)
• #12246: Make Lint/RedundantSafeNavigation aware of constant receiver. (@​koic)
• #12257: Make Style/RedundantDoubleSplatHashBraces aware of merge methods. (@​koic)

Bug fixes

• #12244: Fix a false negative for Lint/Debugger when using debugger method inside block. (@​koic)
• #12231: Fix a false negative for Metrics/ModuleLength when defining a singleton class in a module. (@​koic)
• #12249: Fix a false positive Style/IdenticalConditionalBranches when if..else with identical leading lines and assign to condition value. (@​koic)
• #12253: Fix Lint/LiteralInInterpolation to accept an empty string literal interpolated in words literal. (@​knu)
• #12198: Fix an error for flip-flop with beginless or endless ranges. (@​koic)
• #12259: Fix an error for Lint/MixedCaseRange when using nested character class in regexp. (@​koic)
• #12237: Fix an error for Style/NestedTernaryOperator when a ternary operator has a nested ternary operator within an if. (@​koic)
• #12228: Fix false negatives for Style/MultilineBlockChain when using multiline block chain with safe navigation operator. (@​koic)
• #12247: Fix false negatives for Style/RedundantParentheses when using logical or comparison expressions with redundant parentheses. (@​koic)
• #12226: Fix false positives for Layout/MultilineMethodCallIndentation when aligning methods in multiline block chain. (@​koic)
• #12076: Fixed an issue where the top-level cache folder was named differently during two consecutive rubocop runs. (@​K-S-A)

Changes

• #12235: Enable auto parallel inspection when config file is specified. (@​aboutNisblee)
• #12234: Enhance Style/FormatString's autocorrection when using known conversion methods whose return value is not an array. (@​koic)
• #12128: Make Style/GuardClause aware of define_method. (@​koic)
• #12126: Make Style/RedundantFilterChain aware of select.present? when ActiveSupportExtensionsEnabled config is true. (@​koic)
• #12250: Mark Lint/RedundantRequireStatement as unsafe autocorrect. (@​koic)
• #12097: Mark unsafe autocorrect for Style/ClassEqualityComparison. (@​koic)
• #12210: Mark Style/RedundantFilterChain as unsafe autocorrect. (@​koic)

Changelog

Sourced from rubocop's changelog.

1.57.1 (2023-10-13)

Bug fixes

• #12271: Fix a false positive for Lint/RedundantSafeNavigation when using snake case constant receiver. ([@​koic][])
• #12265: Fix an error for Layout/MultilineMethodCallIndentation when usingarithmetic operation with block inside a grouped expression. ([@​koic][])
• #12177: Fix an incorrect autocorrect for Style/RedundantException. ([@​ydah][])
• #12261: Fix an infinite loop for Layout/MultilineMethodCallIndentation when multiline method chain with a block argument and method chain. ([@​ydah][])
• #12263: Fix false positives for Style/RedundantDoubleSplatHashBraces when method call for no hash braced double splat receiver. ([@​koic][])
• #12262: Fix an incorrect autocorrect for Style/RedundantDoubleSplatHashBraces when using double splat hash braces with merge method call twice. ([@​koic][])

1.57.0 (2023-10-11)

New features

• #12227: Add new Style/SingleLineDoEndBlock cop. ([@​koic][])
• #12246: Make Lint/RedundantSafeNavigation aware of constant receiver. ([@​koic][])
• #12257: Make Style/RedundantDoubleSplatHashBraces aware of merge methods. ([@​koic][])

Bug fixes

• #12244: Fix a false negative for Lint/Debugger when using debugger method inside block. ([@​koic][])
• #12231: Fix a false negative for Metrics/ModuleLength when defining a singleton class in a module. ([@​koic][])
• #12249: Fix a false positive Style/IdenticalConditionalBranches when if..else with identical leading lines and assign to condition value. ([@​koic][])
• #12253: Fix Lint/LiteralInInterpolation to accept an empty string literal interpolated in words literal. ([@​knu][])
• #12198: Fix an error for flip-flop with beginless or endless ranges. ([@​koic][])
• #12259: Fix an error for Lint/MixedCaseRange when using nested character class in regexp. ([@​koic][])
• #12237: Fix an error for Style/NestedTernaryOperator when a ternary operator has a nested ternary operator within an if. ([@​koic][])
• #12228: Fix false negatives for Style/MultilineBlockChain when using multiline block chain with safe navigation operator. ([@​koic][])
• #12247: Fix false negatives for Style/RedundantParentheses when using logical or comparison expressions with redundant parentheses. ([@​koic][])
• #12226: Fix false positives for Layout/MultilineMethodCallIndentation when aligning methods in multiline block chain. ([@​koic][])
• #12076: Fixed an issue where the top-level cache folder was named differently during two consecutive rubocop runs. ([@​K-S-A][])

Changes

• #12235: Enable auto parallel inspection when config file is specified. ([@​aboutNisblee][])
• #12234: Enhance Style/FormatString's autocorrection when using known conversion methods whose return value is not an array. ([@​koic][])
• #12128: Make Style/GuardClause aware of define_method. ([@​koic][])
• #12126: Make Style/RedundantFilterChain aware of select.present? when ActiveSupportExtensionsEnabled config is true. ([@​koic][])
• #12250: Mark Lint/RedundantRequireStatement as unsafe autocorrect. ([@​koic][])
• #12097: Mark unsafe autocorrect for Style/ClassEqualityComparison. ([@​koic][])
• #12210: Mark Style/RedundantFilterChain as unsafe autocorrect. ([@​koic][])

Commits

• 9141fe5 Cut 1.57.1
• a302d0c Update Changelog
• 12016d8 [Fix #12271] Fix a false positive for Lint/RedundantSafeNavigation
• 128618c Fix false positives for Style/RedundantDoubleSplatHashBraces
• 03cdf04 Merge pull request #12267 from ydah/fix/12261
• 7edb5ca [Fix #12261] Fix an infinite loop for Layout/MultilineMethodCallIndentation
• 42898bc Merge pull request #12266 from koic/fix_an_error_for_layout_multiline_method_...
• a4a505d [Fix #12265] Fix an error for Layout/MultilineMethodCallIndentation
• 84840b8 Fix typos
• 873cb9f Fix an incorrect autocorrect for Style/RedundantException when message is n...
• Additional commits viewable in compare view

Updates redis from 5.0.7 to 5.0.8

Changelog

Sourced from redis's changelog.

5.0.8

• Fix Redis#without_reconnect for sentinel clients. Fix #1212.
• Add sentinel_username, sentinel_password for sentinel clients. Bump redis-client to >=0.17.0. See #1213

Commits

• 2b183ad Release 5.0.8
• 230a5c4 Merge pull request #1227 from supercaracal/add-sharded-pubsub-support
• 54e6a7e Add sharded Pub/Sub support for cluster
• ccdf15f Merge pull request #1226 from supercaracal/support-transaction-for-cluster-cl...
• dda95f8 Support transactions for cluster client
• c888c74 Merge pull request #1225 from afinzel/master
• ad0f30b Update default timeout docs
• 8e9183a Update sentinel auth with explicit kwargs (#1221)
• 01de51a Merge pull request #1222 from supercaracal/fix-cluster
• ea4d04a Fix redis-clustering gem to pass the test with latest dependencies
• Additional commits viewable in compare view

Updates rack from 2.2.8 to 3.0.8

Release notes

Sourced from rack's releases.

v3.0.8

What's Changed

• Backport "Fix some unused variable verbose warnings" by @​skipkayhil in rack/rack#2084

New Contributors

• @​skipkayhil made their first contribution in rack/rack#2084

Full Changelog: rack/rack@v3.0.7...v3.0.8

v3.0.7

What's Changed

• Backport "Make query parameters without = have nil values". by @​jeremyevans in rack/rack#2060

Full Changelog: rack/rack@v3.0.6.1...v3.0.7

v3.0.6.1

No release notes provided.

v3.0.4.1

Full Changelog: rack/rack@v3.0.4...v3.0.4.1

v3.0.4

Full Changelog: rack/rack@v3.0.3...v3.0.4

v3.0.3

What's Changed

• Release v3.0.3 by @​ioquatix in rack/rack#2000

Full Changelog: rack/rack@v3.0.2...v3.0.3

v3.0.2

Full Changelog: rack/rack@v3.0.1...v3.0.2

Changelog

Sourced from rack's changelog.

[3.0.8] - 2023-06-14

• Fix some unused variable verbose warnings. (#2084, [@​jeremyevans], @​skipkayhil)

[3.0.7] - 2023-03-16

• Make query parameters without = have nil values. (#2059, [@​jeremyevans])

[3.0.6.1] - 2023-03-13

• [CVE-2023-27539] Avoid ReDoS in header parsing

[3.0.6] - 2023-03-13

• Add QueryParser#missing_value for handling missing values + tests. (#2052, [@​ioquatix])

[3.0.5] - 2023-03-13

• Split form/query parsing into two steps. (#2038, @​matthewd)

[3.0.4.2] - 2023-03-02

• [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts

[3.0.4.1] - 2023-01-17

• [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
• [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
• [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)

[3.0.4] - 2023-01-17

• Rack::Request#POST should consistently raise errors. Cache errors that occur when invoking Rack::Request#POST so they can be raised again later. (#2010, [@​ioquatix])
• Fix Rack::Lint error message for HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH. (#2007, @​byroot)
• Extend Rack::MethodOverride to handle QueryParser::ParamsTooDeepError error. (#2006, @​byroot)

[3.0.3] - 2022-12-27

Fixed

• Rack::URLMap uses non-deprecated form of Regexp.new. (#1998, @​weizheheng)

[3.0.2] -2022-12-05

Fixed

• Utils.build_nested_query URL-encodes nested field names including the square brackets.
• Allow Rack::Response to pass through streaming bodies. (#1993, [@​ioquatix])

[3.0.1] - 2022-11-18

... (truncated)

Commits

• d28c464 Bump patch verison.
• 32736d2 Fix some unused variable verbose warnings (#2084)
• 2429b7b Bump patch version.
• 94dd78b Update changelog.
• d38b456 Make query parameters without = have nil values (#2059) (#2060)
• 51e7a0f Merge branch '3-0-sec' into 3-0-stable
• 098d8e1 bump version
• 231ef36 Avoid ReDoS problem
• 54a9ed2 Update changelog.
• e9e9ae6 Bump patch version.
• Additional commits viewable in compare view

Updates rouge from 4.1.3 to 4.2.0

Release notes

Sourced from rouge's releases.

v4.2.0

This release introduce 2 new levers: Code Owners and Svelte. In addition, we have also made some improvements across BPF, Dart, Elixir, Groovy, Python and Xoji lexer. Thank you for all the wonderful contributors ❤️ Happy lexing!

Full Changelog: rouge-ruby/rouge@v4.1.3...v4.2.0

Changelog

Sourced from rouge's changelog.

version 4.2.0: 2023-10-25

Comparison with the previous version

• General
  • Bump actions/checkout to v4 (#1998 by Tan Le)
  • Update change log (#1983 by Tan Le)
• BPF Lexer
  • Update BPF lexer (#2004 by Paul Chaignon)
• Code Owners Lexer (NEW)
  • Add Code owners lexer (#1969 by Tan Le)
• Dart Lexer
  • Remove inline from Dart declaration keywords (#1990 by Parker Lougheed)
• Elixir Lexer
  • Detect Elixir syntax by shebang (#2001 by arathunku)
• Groovy Lexer
  • Update groovy for record, enum, var (#1984 by Guillaume Laforge)
• Python Lexer
  • Guess .pyi files as Python (#1996 by ryderben)
• Svelte Lexer (NEW)
  • add svelte lexer (#1979 by Brodie Davis)
• Xoji Lexer
  • Updated Xojo Syntax (#2005 by XojoGermany)
  • Updated Xojo Syntax (#2000 by XojoGermany)

Commits

• 1687d63 Release v4.2.0 (#2006)
• b3036a7 Updated Xojo Syntax (#2005)
• 73d0e36 Add Code owners lexer (#1969)
• c71fa2f Detect Elixir syntax by shebang (#2001)
• 55d2b48 Updated Xojo Syntax (#2000)
• fdfcbd4 Update BPF lexer (#2004)
• 90ca46e Bump actions/checkout to v4 (#1998)
• b9d05fd Guess .pyi files as Python (#1996)
• b584ea1 add svelte lexer (#1979)
• 17b3aef Remove inline from Dart declaration keywords (#1990)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.