bundle(deps): bump the ruby-deps group across 1 directory with 6 updates

[dependabot]

Bumps the ruby-deps group with 5 updates in the / directory:

Package	From	To
connection_pool	2.5.0	2.5.3
csv	3.3.3	3.3.4
faraday	2.12.2	2.13.1
ffi	1.17.1	1.17.2
nokogiri	1.18.7	1.18.8

Updates connection_pool from 2.5.0 to 2.5.3

Changelog

Sourced from connection_pool's changelog.

2.5.3

• Fix TruffleRuby/JRuby crash #201

2.5.2

• Rollback inadvertant change to auto_reload_after_fork default. #200

2.5.1

• Pass options to TimedStack in checkout #195
• Optimize connection lookup #196
• Fixes for use with Ractors

Commits

• 1e5c0ee fix: jruby
• cd1099c fix jruby
• 4cfe19d Skip ractor test on rubies without ractor
• 26922bd fix: Rollback default change, fixes #200
• 6a76a6a 251
• 74fb9b8 Ractor fixes, freeze and dont reference constants if we dont need to
• 4338f58 Update ci.yml (#199)
• a132282 doc, bump
• f555177 formatting
• b2587ea more explicit reset
• Additional commits viewable in compare view

Updates csv from 3.3.3 to 3.3.4

Release notes

Sourced from csv's releases.

csv 3.3.4 - 2025-04-13

Improvements

• csv-filter: Removed an experimental command line tool.
  • GH-341

Changelog

Sourced from csv's changelog.

3.3.4 - 2025-04-13

Improvements

• csv-filter: Removed an experimental command line tool.
  • GH-341

Commits

• 43d0856 Add 3.3.4 entry
• 5ceeafa csv-filter: remove (#341)
• 7eea19a csv-filter: add --col-sep (#338)
• a66c40f csv-filter: add --output-quote-char (#334)
• 75009b9 Bump version
• See full diff in compare view

Updates faraday from 2.12.2 to 2.13.1

Release notes

Sourced from faraday's releases.

v2.13.1

What's Changed

• Logger middleware default options by @​yenshirak in lostisland/faraday#1618
• Fix Style/RedundantParentheses in options/env.rb by @​iMacTia in lostisland/faraday#1620

New Contributors

• @​yenshirak made their first contribution in lostisland/faraday#1618

Full Changelog: lostisland/faraday@v2.13.0...v2.13.1

v2.13.0

What's Changed

• feat(ssl options): support SNI hostname by @​bf4 in lostisland/faraday#1615

New Contributors

• @​bf4 made their first contribution in lostisland/faraday#1615

Full Changelog: lostisland/faraday@v2.12.3...v2.13.0

v2.12.3

What's Changed

• Remove ruby2_keywords by @​tisba in lostisland/faraday#1616
• Fix thread safety issue by avoiding mutation of proxy options hash by @​QWYNG in lostisland/faraday#1617

New Contributors

• @​QWYNG made their first contribution in lostisland/faraday#1617

Full Changelog: lostisland/faraday@v2.12.2...v2.12.3

Commits

• 4018769 Version bump to 2.13.1
• b5a02d7 Fix Style/RedundantParentheses in options/env.rb (#1620)
• b63eb91 Logger middleware default options (#1618)
• 77204cc Version bump to 2.13.0
• 919dc8f feat(ssl options): support SNI hostname (#1615)
• 064a54b Version bump to 2.12.3
• cd1c44a Fix thread safety issue by avoiding mutation of proxy options hash (#1617)
• 1551c32 removes ruby2_keywords usage
• See full diff in compare view

Updates ffi from 1.17.1 to 1.17.2

Changelog

Sourced from ffi's changelog.

1.17.2 / 2025-04-15

Fixed:

• #1144, #1145 Update libffi to 3.4.8 to fix installation issues on latest Macos on ARM64
• Various adjustments to run the specs cleanly on Ruby-3.5 master branch.

Commits

• f514862 Update release date in CHANGELOG.md
• 58cde66 Merge branch 'master' of github.com:ffi/ffi
• bfa70bf Merge pull request #1147 from ffi/rcd-1.9
• f49d9a4 Add CHANGELOG item for 1.17.2
• 09a9c4c Bump VERSION to 1.17.2
• a4e8b7c Update to rake-compiler-dock-1.9
• 1734910 Merge pull request #1146 from ffi/fix-ractor
• 9938d3b benchmark gem is bundled gem since ruby-3.5
• 85792d3 Fix making FFI::Function shareable for Ractor
• 734fc2e Merge pull request #1145 from stanhu/sh-update-libffi-3.4.8
• Additional commits viewable in compare view

Updates json from 2.10.2 to 2.11.3

Release notes

Sourced from json's releases.

v2.11.1

What's Changed

• Add back JSON.restore, JSON.unparse, JSON.fast_unparse and JSON.pretty_unparse. These were deprecated 16 years ago, but never emited warnings, only undocumented, so are still used by a few gems.

Full Changelog: ruby/json@v2.11.0...v2.11.1

v2.11.0

What's Changed

• Optimize Integer generation to be ~1.8x faster.
• Optimize Float generation to be ~10x faster.
• Fix JSON.load proc argument to substitute the parsed object with the return value. This better match Marshal.load behavior.
• Deprecate JSON.fast_generate (it's not any faster, so pointless).
• Deprecate JSON.load_default_options.
• Deprecate JSON.unsafe_load_default_options.
• Deprecate JSON.dump_default_options.
• Deprecate Kernel#j
• Deprecate Kernel#jj
• Remove outdated JSON.iconv.
• Remove Class#json_creatable? monkey patch.
• Remove deprecated JSON.restore method.
• Remove deprecated JSON.unparse method.
• Remove deprecated JSON.fast_unparse method.
• Remove deprecated JSON.pretty_unparse method.
• Remove deprecated JSON::UnparserError constant.
• Remove outdated JSON::MissingUnicodeSupport constant.

Full Changelog: ruby/json@v2.10.2...v2.11.0

Changelog

Sourced from json's changelog.

2025-04-25 (2.11.3)

• Fix a regression in JSON.pretty_generate that could cause indentation to be off once some #to_json has been called.

2025-04-24 (2.11.2)

• Add back JSON::PRETTY_STATE_PROTOTYPE. This constant was private API but is used by popular gems like multi_json. It now emits a deprecation warning.

2025-04-24 (2.11.1)

• Add back JSON.restore, JSON.unparse, JSON.fast_unparse and JSON.pretty_unparse. These were deprecated 16 years ago, but never emited warnings, only undocumented, so are still used by a few gems.

2025-04-24 (2.11.0)

• Optimize Integer generation to be ~1.8x faster.
• Optimize Float generation to be ~10x faster.
• Fix JSON.load proc argument to substitute the parsed object with the return value. This better match Marshal.load behavior.
• Deprecate JSON.fast_generate (it's not any faster, so pointless).
• Deprecate JSON.load_default_options.
• Deprecate JSON.unsafe_load_default_options.
• Deprecate JSON.dump_default_options.
• Deprecate Kernel#j
• Deprecate Kernel#jj
• Remove outdated JSON.iconv.
• Remove Class#json_creatable? monkey patch.
• Remove deprecated JSON.restore method.
• Remove deprecated JSON.unparse method.
• Remove deprecated JSON.fast_unparse method.
• Remove deprecated JSON.pretty_unparse method.
• Remove deprecated JSON::UnparserError constant.
• Remove outdated JSON::MissingUnicodeSupport constant.

Commits

• 3e025f7 Release 2.11.3
• d316f93 Merge pull request #791 from byroot/fix-pretty-generate
• 2ffa4ea Stop caching the generator state pointer
• c985e8c Release 2.11.2
• c8ae2c5 Merge pull request #789 from byroot/deprecated-pretty-prototype
• 123121b Bring back JSON::PRETTY_STATE_PROTOTYPE with a deprecation
• 84443e8 Release 2.11.1
• fa3b55c Merge pull request #787 from byroot/deprecate-aliases
• 0dee9bd Bring back the numerous deprecated alias
• a6949f8 Release 2.11.0
• Additional commits viewable in compare view

Updates nokogiri from 1.18.7 to 1.18.8

Release notes

Sourced from nokogiri's releases.

v1.18.8 / 2025-04-21

Security

• [CRuby] Vendored libxml2 is updated to v2.13.8 to address CVE-2025-32414 and CVE-2025-32415. See GHSA-5w6v-399v-w3cc for more information.

36badd2eb281fca6214a5188e24a34399b15d89730639a068d12931e2adc210e  nokogiri-1.18.8-aarch64-linux-gnu.gem
664e0f9a77a7122a66d6c03abba7641ca610769a4728db55ee1706a0838b78a2  nokogiri-1.18.8-aarch64-linux-musl.gem
483b5b9fb33653f6f05cbe00d09ea315f268f0e707cfc809aa39b62993008212  nokogiri-1.18.8-arm64-darwin.gem
17de01ca3adf9f8e187883ed73c672344d3dbb3c260f88ffa1008e8dc255a28e  nokogiri-1.18.8-arm-linux-gnu.gem
6e6d7e71fc39572bd613a82d528cf54392c3de1ba5ce974f05c832b8187a040b  nokogiri-1.18.8-arm-linux-musl.gem
8c7464875d9ca7f71080c24c0db7bcaa3940e8be3c6fc4bcebccf8b9a0016365  nokogiri-1.18.8.gem
41002596960ff854198a20aaeb34cff0d445406d5ad85ba7ca9c3fd0c8f03de0  nokogiri-1.18.8-java.gem
11ab0f76772c5f2d718fb253fca5b74c6ef7628b72bbf8deba6ab1ffc93344cf  nokogiri-1.18.8-x64-mingw-ucrt.gem
024cdfe7d9ae3466bba6c06f348fb2a8395d9426b66a3c82f1961b907945cc0c  nokogiri-1.18.8-x86_64-darwin.gem
4a747875db873d18a2985ee2c320a6070c4a414ad629da625fbc58d1a20e5ecc  nokogiri-1.18.8-x86_64-linux-gnu.gem
ddd735fba49475a395b9ea793bb6474e3a3125b89960339604d08a5397de1165  nokogiri-1.18.8-x86_64-linux-musl.gem

Changelog

Sourced from nokogiri's changelog.

v1.18.8 / 2025-04-21

Security

• [CRuby] Vendored libxml2 is updated to v2.13.8 to address CVE-2025-32414 and CVE-2025-32415. See GHSA-5w6v-399v-w3cc for more information.

Commits

• 9187f4a version bump to v1.18.8
• 1deea04 dep: libxml2 to v2.13.8 (branch v1.18.x) (#3509)
• 6457fe6 dep: libxml2 to v2.13.8
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.