Skip to content

Bump the minor-and-patch group with 3 updates#82

Merged
dadachi merged 1 commit into
mainfrom
dependabot/bundler/minor-and-patch-92cc5c1df9
Jun 5, 2026
Merged

Bump the minor-and-patch group with 3 updates#82
dadachi merged 1 commit into
mainfrom
dependabot/bundler/minor-and-patch-92cc5c1df9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 3 updates: puma, bootsnap and pagy.

Updates puma from 8.0.1 to 8.0.2

Release notes

Sourced from puma's releases.

v8.0.2

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)

Security advisories

Changelog

Sourced from puma's changelog.

8.0.2 / 2026-05-27

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)
Commits

Updates bootsnap from 1.24.4 to 1.24.5

Changelog

Sourced from bootsnap's changelog.

1.24.5

  • No longer load the config file by default when setup is done manually. This is so cli applications like homebrew don't mistakenly load another app's boostnap config.
Commits
  • d6ca050 Release 1.24.5
  • 579aa0e Merge pull request #552 from byroot/fix-bootsnap-config
  • 2884e89 Only load config file is directed to by .setup
  • 103a92b Merge pull request #551 from byroot/enable-fstr-global
  • 33c927d Update compiler options when global options change
  • 122db7f Simplify enable_frozen_string_literal(app_only: false)
  • See full diff in compare view

Updates pagy from 43.5.4 to 43.5.5

Release notes

Sourced from pagy's releases.

Version 43.5.5

Changes in 43.5.5

  • Rescue malformed page request param in Pagy::Keyset and KeynavJsPaginator (#907)
    • Rescue malformed page request param in Pagy::Keyset and KeynavJsPaginator
    • Simplify decoding logic
    Co-authored-by: Domizio Demichelis dd.nexus@gmail.com

CHANGELOG

Version 43

We needed a leap version to unequivocally signal that it's not just a major version: it's a complete redesign of the legacy code at all levels, usage and API included.

Why 43? Because it's exactly one step beyond "The answer to the ultimate question of life, the Universe, and everything." 😉

Improvements

This version introduces several enhancements, such as new :countish and :keynav_js paginators and improved automation and configuration processes, reducing setup requirements by 99%. The update also includes a simpler API and new interactive development tools, making it a comprehensive upgrade from previous versions.

  • New :countish Paginator
    • Faster than OFFSET and supporting the full UI
  • New Keynav Pagination
    • The pagy-exclusive technique using the fastest keyset pagination alongside all frontend helpers.
  • New interactive dev-tools
    • New PagyWand to integrate the pagy CSS with your app themes.
    • New Pagy AI available right inside your own app.
  • Intelligent automation
  • Simpler API
    • You solely need the pagy method and the @​pagy instance to paginate any collection and use any navigation tag and helper.
    • Methods are autoloaded only if used, and consume no memory otherwise.
    • Methods have narrower scopes and can be overridden without deep knowledge.
  • New documentation
    • Very concise, straightforward, and easy to navigate and understand.

Upgrade to 43

See the Upgrade Guide

... (truncated)

Changelog

Sourced from pagy's changelog.

Version 43.5.5

  • Rescue malformed page request param in Pagy::Keyset and KeynavJsPaginator (#907)
    • Rescue malformed page request param in Pagy::Keyset and KeynavJsPaginator
    • Simplify decoding logic
    Co-authored-by: Domizio Demichelis dd.nexus@gmail.com
Commits
  • eb4a810 Merge branch 'dev'
  • 8ee37a0 Version 43.5.5
  • ac62e00 Improve comment/docs
  • 81215c4 Update gem and packages
  • 9161301 💎 Rescue malformed page request param in Pagy::Keyset and KeynavJsPaginator (...
  • 4e9118c Docs: fix input_nav_js link text in how-to guide (#903)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the minor-and-patch group with 3 updates
f2c5647 
Bumps the minor-and-patch group with 3 updates: [puma](https://github.com/puma/puma), [bootsnap](https://github.com/rails/bootsnap) and [pagy](https://github.com/ddnexus/pagy).


Updates `puma` from 8.0.1 to 8.0.2
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](puma/puma@v8.0.1...v8.0.2)

Updates `bootsnap` from 1.24.4 to 1.24.5
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](rails/bootsnap@v1.24.4...v1.24.5)

Updates `pagy` from 43.5.4 to 43.5.5
- [Release notes](https://github.com/ddnexus/pagy/releases)
- [Changelog](https://github.com/ddnexus/pagy/blob/master/docs/CHANGELOG.md)
- [Commits](ddnexus/pagy@43.5.4...43.5.5)

---
updated-dependencies:
- dependency-name: puma
  dependency-version: 8.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: bootsnap
  dependency-version: 1.24.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: pagy
  dependency-version: 43.5.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels May 29, 2026
@dadachi dadachi mentioned this pull request Jun 5, 2026
Closed
@dadachi dadachi merged commit 5332b9c into main Jun 5, 2026
3 checks passed
@dadachi dadachi deleted the dependabot/bundler/minor-and-patch-92cc5c1df9 branch June 5, 2026 02:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dadachi