Skip to content

chore(deps): update non-major dependencies #3803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update non-major dependencies #3803

renovate wants to merge 1 commit into from
+234 −577

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 27, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence Type Update
@datadog/browser-rum (source) 6.25.16.25.4 age confidence dependencies patch
@dotenvx/dotenvx 1.51.21.51.4 age confidence dependencies patch
@kong/kongponents (source) 9.48.69.49.7 age confidence dependencies minor
@kong/spec-renderer 1.102.21.103.3 age confidence dependencies minor
actions/cache v5.0.1v5.0.2 age confidence action patch
activesupport (source, changelog) 8.1.18.1.2 age confidence patch
algoliasearch (source) 5.46.15.46.3 age confidence dependencies patch
liquid-c (source) 4.0.14.2.0 age confidence minor
node (source) 24.12.024.13.0 age confidence minor
nokogiri 1.18.101.19.0 age confidence minor
pry 0.15.20.16.0 age confidence minor
rouge (source, changelog) 4.6.14.7.0 age confidence minor
rubocop (source, changelog) 1.82.01.82.1 age confidence patch
ruby (source) 3.4.43.4.8 age confidence patch
shiki (source) 3.20.03.21.0 age confidence dependencies minor
vite-plugin-ruby (source) 5.1.15.1.2 age confidence devDependencies patch
vue-instantsearch 4.22.64.22.8 age confidence dependencies patch

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

DataDog/browser-sdk (@​datadog/browser-rum)

v6.25.4

Compare Source

Public Changes:

  • 🐛 [PANA-5375] Treat Change records as full snapshots when appropriate (#​4078) [FLAGGING] [LOGS] [RUM] [RUM-REACT] [RUM-SLIM] [WORKER]
  • 🐛 [RUM-13693] make sure click actions are sent on page exit (#​4070) [RUM] [RUM-REACT] [RUM-SLIM]

Internal Changes:

  • 👷 manage checkTelemetryError connexion pool (#​4094)
  • 👷 Update dependency globals to v17 (#​4074)
  • 👷 Update dependency vite to v7 (#​4076)
  • 👷 Update all non-major dependencies (#​4073)
  • 👷 do not rely on hardcoded list of DCs (#​4037)
  • 👷 Update dependency react-router to v7.12.0 [SECURITY] (#​4065) [RUM-REACT]
  • 👷 handle rate limiting in checkTelemetryErrors (#​4069)
  • 👷 Update Node.js to v25 (#​3940)
  • 👷 Update dependency react-window to v2 (#​4052)
  • 🔧 Update deploy-*.yml to use arch:amd64 runner (#​4086)
  • 🔧 fix deploy auto notification job dependency (#​4084)
  • ⚗️ [PANA-3971] Add a more compact experimental DOM mutation encoding (#​4060) [RUM]
  • ⚗️ [PANA-5359] Support change records in the developer extension (#​4072)
  • ⚗️ [RUM-13259]Track action names in shadow dom (#​4044) [RUM] [RUM-REACT] [RUM-SLIM]
  • 📈 [PANA-5371] Add telemetry to help evaluate new DOM mutation encoding (#​4077) [RUM]

v6.25.3

Compare Source

Public Changes:

  • 🐛 fix reading cookies containing special characters (#​4066) [FLAGGING] [LOGS] [RUM] [RUM-REACT] [RUM-SLIM] [WORKER]
  • 🐛 Fix developer extension crash due to missing build variable (#​4061) [FLAGGING] [LOGS] [RUM] [RUM-REACT] [RUM-SLIM] [WORKER]
  • 🐛 [RUM-13615] fix remote config tracing options support (#​4062) [FLAGGING] [LOGS] [RUM] [RUM-REACT] [RUM-SLIM] [WORKER]

Internal Changes:

v6.25.2

Compare Source

Public Changes:

  • 🐛 Fix profiling <-> long task association regression (#​4045) [RUM] [RUM-REACT] [RUM-SLIM]
  • 🐛 Fix flaky long task <-> action correlation (#​4050) [RUM] [RUM-REACT] [RUM-SLIM]

Internal Changes:

  • ✨[PANA-5288] Update rum-events-format to pull in BrowserChangeRecord (#​4035) [FLAGGING] [LOGS] [RUM] [RUM-REACT] [RUM-SLIM] [WORKER]
  • Revert "👷 disable deploy-prod-canary during the freeze (#​4053)" (#​4058)
  • 👷 disable deploy-prod-canary during the freeze (#​4053)
  • 👷 update the token to AWS after renewing it (#​4048)
  • 🎨 [PANA-5260] Consolidate recorder object id tracking code (#​4049) [RUM]
  • 🔊 add debug logs to npm publishing command (#​4047)
dotenvx/dotenvx (@​dotenvx/dotenvx)

v1.51.4

Compare Source

Changed
  • Change description of dotenvx-ops to better reflect its tooling as operational primitives on top of dotenvx for production use cases. (#​721)

v1.51.3

Compare Source

Added
  • Add hint on .env.keys for dotenvx ops backup. Dotenvx Ops Backup lets you back up your private keys securely with just a single command. It's a convenient alterantive to manually copy/pasting them in and out of 1Password. (#​718)
Kong/kongponents (@​kong/kongponents)

v9.49.7

Compare Source

Bug Fixes

v9.49.6

Compare Source

Bug Fixes

v9.49.5

Compare Source

Bug Fixes
  • ktoaster: prevent creating duplicate containers [KHCP-18535] (#​3017) (0f949e8)

v9.49.4

Compare Source

Bug Fixes
  • multiselect: tweak input name attribute value [KHCP-19041] (#​3056) (36e31dc)

v9.49.3

Compare Source

Bug Fixes

v9.49.2

Compare Source

Bug Fixes

v9.49.1

Compare Source

Bug Fixes

v9.49.0

Compare Source

Features

9.48.9 (2026-01-06)

Bug Fixes
  • deps: update all non-major dependencies with stable versions (#​3035) (418fe4b)

9.48.8 (2025-12-26)

Bug Fixes
  • deps: update all non-major dependencies with stable versions (#​3028) (6af0b03)

9.48.7 (2025-12-24)

Bug Fixes
  • deps: update all non-major dependencies with stable versions (#​3033) (631c403)

9.48.6 (2025-12-17)

Bug Fixes
  • ktextarea: fix mixin inclusion to prevent invalid css (#​3026) (5a4aaf6)

9.48.5 (2025-12-16)

Bug Fixes

9.48.4 (2025-12-12)

Bug Fixes

9.48.3 (2025-12-08)

Bug Fixes

9.48.2 (2025-12-08)

Bug Fixes

9.48.1 (2025-12-04)

Bug Fixes
  • ktoaster: revert prevent creating duplicate containers [KHCP-18535] (#​3015) (6d54c42)

v9.48.9

Compare Source

Bug Fixes
  • deps: update all non-major dependencies with stable versions (#​3035) (418fe4b)

v9.48.8

Compare Source

Bug Fixes
  • deps: update all non-major dependencies with stable versions (#​3028) (6af0b03)

v9.48.7

Compare Source

Bug Fixes
  • deps: update all non-major dependencies with stable versions (#​3033) (631c403)
Kong/spec-renderer (@​kong/spec-renderer)

v1.103.3

Compare Source

Bug Fixes
  • spec-renderer: show try it in insomnia separately from try it [TDX-7288] (#​776) (9df598b)

v1.103.2

Compare Source

Bug Fixes
  • hide customer reference from extension documentation (#​774) (db9080f)

v1.103.1

Compare Source

Bug Fixes
  • no cache for token when token not returned [TDC-7260] (#​773) (536e532)

v1.103.0

Compare Source

Bug Fixes
Features
  • support for x-kong-client-credentials-config extension [TDX-7964] (#​767) (8527517)

1.102.2 (2026-01-05)

Bug Fixes

1.102.2 (2026-01-02)

Bug Fixes

1.102.2 (2026-01-02)

Bug Fixes

1.102.2 (2025-12-31)

Bug Fixes

1.102.2 (2025-12-30)

Bug Fixes

1.102.2 (2025-12-30)

Bug Fixes

1.102.2 (2025-12-29)

Bug Fixes

1.102.2 (2025-12-22)

Bug Fixes

1.102.2 (2025-12-17)

Bug Fixes

1.102.2 (2025-12-04)

Bug Fixes

1.102.2 (2025-12-03)

Bug Fixes

1.102.2 (2025-12-02)

Bug Fixes

1.102.2 (2025-11-28)

Bug Fixes

1.102.1 (2025-11-25)

Bug Fixes
  • back to publishing using semantic-release [KHCP-17673] (#​748) (0aeb96f)
actions/cache (actions/cache)

v5.0.2

Compare Source

rails/rails (activesupport)

v8.1.2: 8.1.2

Compare Source

Active Support

  • Make delegate and delegate_missing_to work in BasicObject subclasses.

    Rafael Mendonça França

  • Fix Inflectors when using a locale that fallbacks to :en.

    Said Kaldybaev

  • Fix ActiveSupport::TimeWithZone#as_json to consistently return UTF-8 strings.

    Previously the returned string would sometime be encoded in US-ASCII, which in
    some cases may be problematic.

    Now the method consistently always return UTF-8 strings.

    Jean Boussier

  • Fix TimeWithZone#xmlschema when wrapping a DateTime instance in local time.

    Previously it would return an invalid time.

    Dmytro Rymar

  • Implement LocalCache strategy on ActiveSupport::Cache::MemoryStore. The memory store
    needs to respond to the same interface as other cache stores (e.g. ActiveSupport::NullStore).

    Mikey Gough

  • Fix ActiveSupport::Inflector.humanize with international characters.

    ActiveSupport::Inflector.humanize("áÉÍÓÚ")  # => "Áéíóú"
ActiveSupport::Inflector.humanize("аБВГДЕ") # => "Абвгде"

    Jose Luis Duran

Active Model
  • No changes.
Active Record

  • Fix counting cached queries in ActiveRecord::RuntimeRegistry.

    fatkodima

  • Fix merging relations with arel equality predicates with null relations.

    fatkodima

  • Fix SQLite3 schema dump for non-autoincrement integer primary keys.

    Previously, schema.rb should incorrectly restore that table with an auto incrementing
    primary key.

    Chris Hasiński

  • Fix PostgreSQL schema_search_path not being reapplied after reset! or reconnect!.

    The schema_search_path configured in database.yml is now correctly
    reapplied instead of falling back to PostgreSQL defaults.

    Tobias Egli

  • Restore the ability of enum to be foats.

    enum :rating, { low: 0.0, medium: 0.5, high: 1.0 },

    In Rails 8.1.0, enum values are eagerly validated, and floats weren't expected.

    Said Kaldybaev

  • Ensure batched preloaded associations accounts for klass when grouping to avoid issues with STI.

    zzak, Stjepan Hadjic

  • Fix ActiveRecord::SoleRecordExceeded#record to return the relation.

    This was the case until Rails 7.2, but starting from 8.0 it
    started mistakenly returning the model class.

    Jean Boussier

  • Improve PostgreSQLAdapter resilience to Timeout.timeout.

    Better handle asynchronous exceptions being thrown inside
    the reconnect! method.

    This may fixes some deep errors such as:

    undefined method `key?' for nil:NilClass (NoMethodError)
          if !type_map.key?(oid)

    Jean Boussier

  • Fix structured events for Active Record was not being emitted.

    Yuji Yaginuma

  • Fix eager_load when loading has_many assocations with composite primary keys.

    This would result in some records being loaded multiple times.

    Martin-Alexander

Action View

  • Fix file_field to join mime types with a comma when provided as Array

    file_field(:article, :image, accept: ['image/png', 'image/gif', 'image/jpeg'])

    Now behaves likes:

    file_field(:article, :image, accept: 'image/png,image/gif,image/jpeg')

    Bogdan Gusiev

  • Fix strict locals parsing to handle multiline definitions.

    Said Kaldybaev

  • Fix content_security_policy_nonce error in mailers when using content_security_policy_nonce_auto setting.

    The content_security_policy_nonce helper is provided by ActionController::ContentSecurityPolicy, and it relies on request.content_security_policy_nonce. Mailers lack both the module and the request object.

    Jarrett Lusso

Action Pack

  • Add config.action_controller.live_streaming_excluded_keys to control execution state sharing in ActionController::Live.

    When using ActionController::Live, actions are executed in a separate thread that shares
    state from the parent thread. This new configuration allows applications to opt-out specific
    state keys that should not be shared.

    This is useful when streaming inside a connected_to block, where you may want
    the streaming thread to use its own database connection context.

    # config/application.rb
config.action_controller.live_streaming_excluded_keys = [:active_record_connected_to_stack]

    By default, all keys are shared.

    Eileen M. Uchitelle

  • Fix IpSpoofAttackError message to include Forwarded header content.

    Without it, the error message may be misleading.

    zzak

Active Job

  • Fix ActiveJob.perform_all_later to respect job_class.enqueue_after_transaction_commit.

    Previously, perform_all_later would enqueue all jobs immediately, even if
    they had enqueue_after_transaction_commit = true. Now it correctly defers
    jobs with this setting until after transaction commits, matching the behavior
    of perform_later.

    OuYangJinTing

  • Fix using custom serializers with ActiveJob::Arguments.serialize when
    ActiveJob::Base hasn't been loaded.

    Hartley McGuire

Action Mailer
  • No changes.
Action Cable
  • No changes.
Active Storage

  • Restore ADC when signing URLs with IAM for GCS

    ADC was previously used for automatic authorization when signing URLs with IAM.
    Now it is again, but the auth client is memoized so that new credentials are only
    requested when the current ones expire. Other auth methods can now be used
    instead by setting the authorization on ActiveStorage::Service::GCSService#iam_client.

    ActiveStorage::Blob.service.iam_client.authorization = Google::Auth::ImpersonatedServiceAccountCredentials.new(options)

    This is safer than setting Google::Apis::RequestOptions.default.authorization
    because it only applies to Active Storage and does not affect other Google API
    clients.

    Justin Malčić

Action Mailbox
  • No changes.
Action Text
  • No changes.
Railties

  • Skip all system test files on app generation.

    Eileen M. Uchitelle

  • Fix db:system:change to correctly update Dockerfile base packages.

    Josiah Smith

  • Fix devcontainer volume mount when app name differs from folder name.

    Rafael Mendonça França

  • Fixed the rails notes command to properly extract notes in CSS files.

    David White

  • Fixed the default Dockerfile to properly include the vendor/ directory during bundle install.

    Zhong Sheng

Guides
  • No changes.
algolia/algoliasearch-client-javascript (algoliasearch)

v5.46.3

Compare Source

  • cd7a174b4 fix(specs): BREAKING CHANGE — remove fields requirement from run response in CompAPI client (#​5809) by @​ClaraMuller
    Some fields from the Composition Run search response were marked as required while they were optional on the API side. This has been fixed, but might impact the client types.
  • b08917039 chore(deps): dependencies 2025-12-29 (#​5792) by @​algolia-bot

v5.46.2

Compare Source

nodejs/node (node)

v24.13.0: 2026-01-13, Version 24.13.0 'Krypton' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

lib:

Commits
rouge-ruby/rouge (rouge)

v4.7.0

Compare Source

Comparison with the previous version

  • General
    • Bump actions/checkout to v5 (#​2166 by Tan Le)
  • COBOL Lexer
    • feat: add support for highlight .cpy and .cpb files as COBOL (#​2186 by simon)
  • Gjs and Gts Lexer (NEW)
    • Created lexers for gjs and gts (used by Ember projects) (#​2165 by Isaac Lee)
  • Go Lexer
    • support underscore in numbers in go (#​2167 by Joris Clement)
  • PHP Lexer
    • php: Support enum definition (#​2171 by nsfisis)
    • php: Support typed class constants (#​2174 by nsfisis)
    • php: Support asymmetric visibility (#​2173 by nsfisis)
    • php: Support alternative notation of octal number literal (0o prefix) (#​2170 by nsfisis)
    • php: Update built-in functions (rake builtins:php) (#​2175 by nsfisis)
  • Python Lexer
    • Add Python 3.14+ template strings (#​2162 by Bart Broere)
  • Terraform Lexer
    • Support .tofu for Terraform lexing (#​2180 by Asherah Connor)
rubocop/rubocop (rubocop)

v1.82.1

Compare Source

Bug fixes
  • #​14736: Fix an error for Style/TrailingCommaInArguments when EnforcedStyleForMultiline is consistent_comma and keyword arguments use a trailing comma. ([@​koic][])
  • #​14737: Fix crash in Layout/RedundantLineBreak when Layout/LineLength is disabled. ([@​ydakuka][])
  • #​14719: Fix crash on long lines when Layout/LineLength is disabled. ([@​floriandejonckheere][])
  • #​14743: Fix false positives for Layout/MultilineMethodCallIndentation when multiline method chain with block has expected indent width and the method is preceded by splat or double splat. ([@​koic][])
  • #​12297: Fix false negative in Layout/IndentationWidth for multiline method chain blocks. ([@​rscq][])
  • #​14730: Fix the cache implementation to use consistent cache keys across workers. ([@​byroot][])
  • #​14559: Fix false positives for Lint/UselessAssignment when a variable is assigned in loop body and used in loop condition. ([@​ydakuka][])
shikijs/shiki (shiki)

v3.21.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
ElMassimo/vite_ruby (vite-plugin-ruby)

v5.1.2

Compare Source

algolia/instantsearch (vue-instantsearch)

v4.22.8

Compare Source

Note: Version bump only for package vue-instantsearch

v4.22.7

Compare Source

Note: Version bump only for package vue-instantsearch

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the review:tech label Dec 27, 2025
@renovate renovate bot requested a review from a team as a code owner December 27, 2025 02:36
@renovate renovate bot added the review:tech label Dec 27, 2025
@netlify
Copy link

netlify bot commented Dec 27, 2025
edited
Loading

Deploy Preview for kongdeveloper failed.

Name Link
🔨 Latest commit 089c593
🔍 Latest deploy log https://app.netlify.com/projects/kongdeveloper/deploys/696abb4522d76d000802ce52

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from eeb0a41 to 6755b63 Compare January 2, 2026 22:47
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 20 times, most recently from 5f0026c to 45d32d3 Compare January 7, 2026 16:50
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 28 times, most recently from a42d623 to 854492d Compare January 16, 2026 17:54
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 854492d to 089c593 Compare January 16, 2026 22:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

review:tech

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant