Bump the minor-and-patch group across 1 directory with 5 updates

[dependabot]

Bumps the minor-and-patch group with 5 updates in the / directory:

Package	From	To
nokogiri	1.18.10	1.19.0
bcrypt	3.1.20	3.1.21
sorbet-static-and-runtime	0.6.12873	0.6.12875
thor	1.4.0	1.5.0
rbi	0.3.8	0.3.9

Updates nokogiri from 1.18.10 to 1.19.0

Release notes

Sourced from nokogiri's releases.

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

• Introduce native gem support for Ruby 4.0. #3590
• End support for Ruby 3.1, for which upstream support ended 2025-03-26.
• End support for JRuby 9.4 (which targets Ruby 3.1 compatibility).

11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem
eb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem
572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem
23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem
0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem
5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem
05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem
1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem
f482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem
1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem
e304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem

Changelog

Sourced from nokogiri's changelog.

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

• Introduce native gem support for Ruby 4.0. #3590
• End support for Ruby 3.1, for which upstream support ended 2025-03-26.
• End support for JRuby 9.4 (which targets Ruby 3.1 compatibility).

Commits

• d77bfb6 version bump to v1.19.0
• 1eb5c2c dev: convert scripts/test-gem-set to use mise
• 88a120f dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (#3592)
• f8c8f74 Skip the parser compression test for Windows system libs
• e91c0fc ci: temporarily pin to setup-ruby with windows ruby 4
• 1b08acc dep: update to minitest 6
• 404487d dep: require JRuby >= 10.0
• 19b22ea dep: add support for native Ruby 4.0 gem
• ec57d11 ci: bump versions in CI images
• f7b640f ci: avoid bundler collisions in downstream tests
• Additional commits viewable in compare view

Updates bcrypt from 3.1.20 to 3.1.21

Release notes

Sourced from bcrypt's releases.

v3.1.21

What's Changed

• Provide a 'Changelog' link on rubygems.org/gems/bcrypt by @​mark-young-atg in bcrypt-ruby/bcrypt-ruby#274
• Support ruby 3.3 and 3.4.0-preview1 by @​m-nakamura145 in bcrypt-ruby/bcrypt-ruby#276
• Mark as ractor-safe by @​mohamedhafez in bcrypt-ruby/bcrypt-ruby#280
• Add == gotcha that can be unintuitive at first by @​federicoaldunate in bcrypt-ruby/bcrypt-ruby#279
• Constant compare by @​tenderlove in bcrypt-ruby/bcrypt-ruby#282
• try to modernize CI by @​tenderlove in bcrypt-ruby/bcrypt-ruby#287
• Try to deal with flaky tests by @​tenderlove in bcrypt-ruby/bcrypt-ruby#288
• Configure trusted publishing by @​tenderlove in bcrypt-ruby/bcrypt-ruby#289
• bump version by @​tenderlove in bcrypt-ruby/bcrypt-ruby#290

New Contributors

• @​mark-young-atg made their first contribution in bcrypt-ruby/bcrypt-ruby#274
• @​m-nakamura145 made their first contribution in bcrypt-ruby/bcrypt-ruby#276
• @​mohamedhafez made their first contribution in bcrypt-ruby/bcrypt-ruby#280
• @​federicoaldunate made their first contribution in bcrypt-ruby/bcrypt-ruby#279

Full Changelog: bcrypt-ruby/bcrypt-ruby@v3.1.20...v3.1.21

Changelog

Sourced from bcrypt's changelog.

3.1.21 Dec 31 2025

• Use constant time comparisons
• Mark as Ractor safe

Commits

• 82e6c4c Merge pull request #290 from tenderlove/bump
• 4b1fc73 add bundler tasks
• 64605fc bump version
• da89a83 Merge pull request #289 from tenderlove/trusted-publishers
• 344ca59 Configure trusted publishing
• ca9cea1 Merge pull request #288 from tenderlove/deal-with-flake
• d94041a Try to deal with flaky tests
• eba09de Merge pull request #287 from tenderlove/modernize-ci
• c156254 Modernize CI
• 27dbab3 Declare development dependencies
• Additional commits viewable in compare view

Updates sorbet-static-and-runtime from 0.6.12873 to 0.6.12875

Release notes

Sourced from sorbet-static-and-runtime's releases.

sorbet 0.6.12874.20260105093216-2e0401d7f

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12874', :group => :development
gem 'sorbet-runtime', '0.6.12874'

sorbet 0.6.12873.20260102172548-31f8567fc

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12873', :group => :development
gem 'sorbet-runtime', '0.6.12873'

Commits

• See full diff in compare view

Updates thor from 1.4.0 to 1.5.0

Release notes

Sourced from thor's releases.

1.5.0

What's Changed

• Add specs and linter documentation by @​hlascelles in rails/thor#907
• Add tree command by @​hlascelles in rails/thor#906
• feat: support insert_into_file erroring if the file is not changed, and add insert_into_file by @​G-Rath in rails/thor#908
• support THOR_MERGE values with arguments by @​rafaelfranca in rails/thor#910
• Hidden commands should not make an invocation ambiguous by @​deivid-rodriguez in rails/thor#911
• Set frozen_string_literal: true in colors.rb by @​tenderlove in rails/thor#913
• fix encoding error when running a merge tool by @​moritzschepp in rails/thor#916

New Contributors

• @​tenderlove made their first contribution in rails/thor#913
• @​dependabot[bot] made their first contribution in rails/thor#912
• @​moritzschepp made their first contribution in rails/thor#916

Full Changelog: rails/thor@v1.4.0...v1.5.0

Commits

• 6a680f2 Prepare for 1.5.0
• 615b0c2 Merge pull request #919 from rails/rmf-ci
• f16a2db Unlock bundler development dependency
• 7b99536 Test with Ruby 4.0
• 2a1eecb Merge pull request #918 from rails/dependabot/github_actions/actions/checkout-6
• ed9ffca Merge pull request #916 from moritzschepp/ec-encoding
• 5b85a33 Bump actions/checkout from 5 to 6
• 2e2b684 fix encoding error when running a merge tool
• b2d98fe Remove whatisthor.com references
• 17a3be9 Merge pull request #912 from rails/dependabot/github_actions/actions/checkout-5
• Additional commits viewable in compare view

Updates rbi from 0.3.8 to 0.3.9

Release notes

Sourced from rbi's releases.

v0.3.9

What's Changed

🛠 Other Changes

• Add extra step to gem release workflow to get tag name by @​egiurleo in Shopify/rbi#541
• Separate gem release workflow into two steps by @​egiurleo in Shopify/rbi#542
• Update trusted publishing release workflow to align with spoom's by @​egiurleo in Shopify/rbi#546
• Fix merge tree conflicts between Scope and non-Scope nodes by @​paracycle in Shopify/rbi#550

Full Changelog: Shopify/rbi@v0.3.8...v0.3.9

Commits

• 2f6093a Bump version to v0.3.9
• 6261ea6 Merge pull request #550 from Shopify/uk-smarter-constant-merge
• 87ae1eb Fix merge tree conflicts between Scope and non-Scope nodes
• e9ecc0e Merge pull request #549 from Shopify/dependabot/github_actions/ruby/setup-rub...
• 8a3f50a Bump ruby/setup-ruby from 1.276.0 to 1.278.0
• c18e6ef Merge pull request #548 from Shopify/dependabot/github_actions/ruby/setup-rub...
• 37ee3fe Bump ruby/setup-ruby from 1.275.0 to 1.276.0
• d189ae2 Merge pull request #547 from Shopify/dependabot/github_actions/ruby/setup-rub...
• c0f8620 Bump ruby/setup-ruby from 1.270.0 to 1.275.0
• e939b3c Merge pull request #546 from Shopify/new-release-workflow
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[amomchilov]

I think Dependabot made this without being on Ruby 4, and accidentally deleted sqlite3 (2.5.0) and mini_portile2 (2.8.9) from the Gemfile.lock.

Restored.

[amomchilov]

Rebased to stack this PR on top of #2483, which does this same Sorbet bump (which needs some other small tweaks)