Bump the bundler group group with 4 updates

[dependabot]

Bumps the bundler group group with 4 updates: govuk-components, govuk_design_system_formbuilder, pagy and view_component.

Updates govuk-components from 3.3.0 to 5.0.2

Release notes

Sourced from govuk-components's releases.

v5.0.2

• Massive update to the guide, huge thanks to @​paulrobertlloyd for taking it on #486, #490
• Add cannot_start_yet argument to task list status component, which marks rows as not being startable and greys the action out #488
• Bump ViewComponent to 3.9.0 which adds some extra safety around dealing with raw HTML, thanks @​benilovj for raising and dealing with this

Version 5.0.1

• append the card title to summary card actions, thanks @​frankieroberto for spotting and reporting this #481
• fix source map loading in the guide #485
• add warning messages when action: or controller: args are passed to new link helpers
• fix a bug where the #govuk_breadcrumb_link_to helper was adding govuk-breadcrumbs--link instead of govuk-breadcrumbs__link. Only really noticeable when using breadcrumbs with inverted colours. Thanks @​paulrobertlloyd for reporting.

Version 5.0.0

Release notes

⚠️ This is a breaking change release

Version 5.0.0 of the ruby govuk-components gem supports version 5.0.0 of the govuk-frontend npm package. Both contain breaking changes, and are dependent on each other – so you should update both at the same time.

These release notes for the ruby gem should be read alongside the release notes for govuk-frontend.

Upgrade instructions

1. Install both the gem AND the node package

Update the version of govuk-component in your Gemfile and run bundle install:

gem "govuk-components", "~> 5.0.0"

Update your version of govuk-frontend in your package.json and then run npm install or yarn install (depending on which you use).

"govuk-frontend": "5.0.0",

2. Check that your app still builds

The way that assets have been packaged in govuk-frontend has changed, so you may need to update your build process.

If you're using Sass, change

@import "govuk-frontend/govuk/all";

to

</tr></table> 

... (truncated)

Commits

• b2424bb Release version 5.0.2
• ea993ca Upgrade to rubocop-govuk 4.13.0 (#493)
• c95cf76 Upgrade to rubocop-govuk 4.13.0
• 1d7c7b6 Bump ViewComponent to v3.9.0 (#492)
• eef1e42 HTML escape text in GovukComponent::TabComponent::Tab
• 984cd31 Fix guide build to work with ViewComponent 3.9.0
• 2913217 Bump ViewComponent to v3.9.0
• a9e260d Add cannot_start_yet argument to the task list status component (#488)
• 5fa1e33 Fail when there's both a href and cannot_start_yet
• 4c1b49d Add cannot_start_yet argument to task list status
• Additional commits viewable in compare view

Updates govuk_design_system_formbuilder from 3.3.0 to 5.0.0

Release notes

Sourced from govuk_design_system_formbuilder's releases.

Version 5.0.0

• Add support for Version GOV.UK frontend version 5.0.0

Version 4.1.1

• Allow merging data-aria-controls in addition to aria-controls. Thank you @​sobakasu #440

Version 4.1.0

• Upgrade to GOV.UK frontend 4.7.0 #438
• Switch branding to @​x-govuk #434 - thank you @​paulrobertlloyd
• Add support for inverse buttons #427
• Upgrade to latest versions of Ruby and Rails #439

Version 4.0.0

• Upgrade to govuk-frontend 4.6.0
• Remove classes argument from the few places it remained, custom classes can be set directly using class: thanks to html-attributes-utils' clever merging #409
• Add support for extra_letter_spacing to text inputs which is useful when asking for long complex codes or IDs #424

Upgrade guide

• Replace any classes: ... parameters with class: ...

Version 4.0.0rc1

No release notes provided.

Version 4.0.0a1

Preparing for the upcoming version 4.5.0 of GOV.UK frontend

Commits

• 349383e Release version 5.0.0
• b7df7b1 Merge pull request #452 from x-govuk/govuk-frontend-5.0.0
• 0ee62f4 Upgrade to released version of govuk-frontend 5.0.0
• 3826810 Merge pull request #454 from x-govuk/dependabot/bundler/slim-tw-5.2.0
• c05f1d0 Update slim requirement from ~> 5.1.1 to ~> 5.2.0
• dd1a79e Release version 5.0.0b1
• 9e3b44d Upgrade guide to govuk-frontend 5.0.0-beta.2
• 0f0b282 Merge pull request #450 from x-govuk/dependabot/npm_and_yarn/guide/sass-1.69.5
• 5e9f56c Bump sass from 1.68.0 to 1.69.5 in /guide
• 915ff26 Merge pull request #451 from x-govuk/dependabot/bundler/rouge-tw-4.2.0
• Additional commits viewable in compare view

Updates pagy from 5.10.1 to 6.4.2

Changelog

Sourced from pagy's changelog.

Version 6.4.2

• Better module overrides in jsonapi
• Replaced the is_a?(Hash) check for jsonapi reserved :page param with respond_to?(:Fetch) and prepended to the Frontend
• Docs improvements and fixes

Version 6.4.1

• Remove dependency on base64 (#618)Ruby 3.3 prints a warning if base64 is used without specifying it in the gemfile. Ruby 3.4 will error

Version 6.4.0

• Implement JSON:API specifications
• Added simpler nav generation, triggered by setting the size variable to a positive Integer
• Fix for pagy_calendar_app.ru

Version 6.3.0

• Calendar improvements:
  • Added the :fit_time option to page_at and pagy_calendar_url_at methods. It avoids the OutOfRangeError by returning the first or last page
  • Added starting_time_for and page_offset_at feedback methods to the Calendar base class
  • Prepended the pagy_calendar_url_at to the Frontend and Backend
  • Added calendar showtime
• Updated node modules (dev on node 20)
• Updated Gemfile and fixed new rubocop complaints

Version 6.2.0

• Add Belarusian locale (#567)
• Reordered RubyMine tasks (fix #541)

Version 6.1.0

• Add Vietnamese locale (#550)
• Maintenance (docs, test, gems and node modules updates) fixes and improvements

Version 6.0.4

• Updated gems and npm modules
• fix: Extras::Trim - fix trimming first page (#516)
• Fix for new rubocop

Version 6.0.3

• Updated Gemfile and npm modules
• Improved Danish translation (#502)

Version 6.0.2

... (truncated)

Commits

• 25fe110 Merge branch 'dev'
• 5185a21 Version 6.4.2
• 2059569 Better module overrides in jsonapi
• 87f3cf1 Replaced the is_a?(Hash) check for jsonapi reserved :page param with respond_...
• 0be1d3e Temporary fix for RM 3.3.2 console with ruby >= 3.3.0
• e1e22d7 Docs: fix - add quotes around event handlers (#620)
• 3ab81c8 Updated gems
• 5ef961e Updated node modules
• 9c99645 Docs: Add quotes around turbolinks:load (#619)
• ce27d08 Merge branch 'dev'
• Additional commits viewable in compare view

Updates view_component from 2.74.1 to 3.9.0

Release notes

Sourced from view_component's releases.

v3.9.0

• Don’t break rails stats if ViewComponent path is missing.

  Claudio Baccigalupo

• Add deprecation warnings for EOL ruby and Rails versions and patches associated with them.

  Reegan Viljoen

• Add support for Ruby 3.3.

  *Reegan Viljoen*
  

• Allow translations to be inherited and overridden in subclasses.

  Elia Schito

• Resolve console warnings when running test suite.

  Joel Hawksley

• Fix spelling in a local variable.

  Olle Jonsson

• Avoid duplicating rendered string when output_postamble is blank.

  Mitchell Henke

• Ensure HTML output safety.

  Cameron Dutro

v3.8.0

• Use correct value for the config.action_dispatch.show_exceptions config option for edge Rails.

  Cameron Dutro

• Remove unsupported versions of Rails & Ruby from CI matrix.

  Reegan Viljoen

• Raise error when uncountable slot names are used in renders_many

  Hugo Chantelauze Reegan Viljoen

• Replace usage of String#ends_with? with String#end_with? to reduce the dependency on ActiveSupport core extensions.

  halo

... (truncated)

Changelog

Sourced from view_component's changelog.

3.9.0

• Don’t break rails stats if ViewComponent path is missing.

  Claudio Baccigalupo

• Add deprecation warnings for EOL ruby and Rails versions and patches associated with them.

  Reegan Viljoen

• Add support for Ruby 3.3.

  Reegan Viljoen

• Allow translations to be inherited and overridden in subclasses.

  Elia Schito

• Resolve console warnings when running test suite.

  Joel Hawksley

• Fix spelling in a local variable.

  Olle Jonsson

• Avoid duplicating rendered string when output_postamble is blank.

  Mitchell Henke

• Ensure HTML output safety.

  Cameron Dutro

3.8.0

• Use correct value for the config.action_dispatch.show_exceptions config option for edge Rails.

  Cameron Dutro

• Remove unsupported versions of Rails & Ruby from CI matrix.

  Reegan Viljoen

• Raise error when uncountable slot names are used in renders_many

  Hugo Chantelauze Reegan Viljoen

• Replace usage of String#ends_with? with String#end_with? to reduce the dependency on ActiveSupport core extensions.

... (truncated)

Commits

• c8462c2 release 3.9.0 (#1952)
• 0d26944 Ensure HTML output safety (#1950)
• 78dbac2 Don't break "rails stats" if app/components is missing (#1927)
• 31fafe3 Avoid allocating new string when output_postamble is blank (#1911)
• d5f2544 Add deprecation warnings for EOL Rails and Ruby and the associated work aroun...
• a5ccdef Add support for ruby3.3 (#1948)
• 6ae727f Bump standard from 1.32.1 to 1.33.0 (#1949)
• 782fed3 Bump net-imap from 0.4.8 to 0.4.9 (#1946)
• b194b4e Bump debug from 1.9.0 to 1.9.1 (#1947)
• ff46909 Adding example for 3.x migration (#1876)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #994.