[dependabot:bundler] Bump the regular-updates group with 3 updates

[dependabot]

Bumps the regular-updates group with 3 updates: datadog, rspec-rails and web-console.

Updates datadog from 2.28.0 to 2.29.0

Release notes

Sourced from datadog's releases.

2.29.0

Highlights

Live Debugger for Ruby is now in Limited Availability

Datadog Live Debugger for Ruby is now available in Limited Availability, enabling developers to inspect application behavior directly in production without modifying code, redeploying services, or impacting performance. Instead of adding temporary debug logs or reproducing issues locally, you can dynamically capture application state at specific points in the code. This includes variable values, method inputs, and execution context. Live Debugger now supports Java, Python, .NET, Node.js, PHP, Ruby, and Go in Limited Availability enabling consistent debugging workflows across environments. To get started, check out the documentation.

Heap profiling can now be used on Ruby 4

We've now added support for heap profiling on Ruby 4.0 . Check the docs for how to enable it.

Default logger output is changed from stdout to stderr

On v2.29 Datadog will log to stderr instead of stdout by default to avoid polluting user application logs. To go back to stdout, you can use this snippet:

Datadog.configure do |config|
  config.logger.instance = Datadog::Core::Logger.new($stdout)
end

Analysis for downstream requests with redirects

This release introduces comprehensive instrumentation for downstream HTTP requests made by your application. AppSec RASP (Runtime Application Self-Protection) now automatically instruments outbound HTTP requests made via Faraday, Excon, and RestClient.

This includes capturing request/response headers, status codes, and JSON bodies, as well as tracking redirect chains to ensure complete visibility even when requests follow multiple hops.

Body analysis can be tuned to balance security coverage with performance:

Datadog.configure do |c|
  c.appsec.enabled = true
Percentage of downstream requests to analyze body content (0.0 to 1.0)
Default: 1.0 (analyze all requests)
c.appsec.api_security.downstream_body_analysis.sample_rate = 0.8
Maximum number of request/response bodies to analyze per trace
Helps limit overhead in applications making many downstream calls
Default: 1
c.appsec.api_security.downstream_body_analysis.max_requests = 3
end

Simple method tracing API

... (truncated)

Changelog

Sourced from datadog's changelog.

[2.29.0] - 2026-02-20

Added

• AppSec: Add analysis for downstream request with redirects (#5347[])
• AppSec: Add downstream request body analysis. (#5320[])
• SSI: Add support for Bundler vendored mode (BUNDLE_PATH) (#5368[])
• SSI: Default to local dependency resolution (#5368[])
• Dynamic Instrumentation: Added circuit breaker to automatically disable probes consuming excessive CPU time (#5335[])
• Crashtracking: Add reporting of unhandled exceptions (#5321[])
• Tracing: Add support for the kicks gem (#5305[])
• Profiling: Add heap profiling for ruby 4.x (#5201[])
• Tracing: Add simple method tracing API (#5294[])
• Tracing: Add trace_singleton_class_method for tracing singleton class methods. (#5334[])

Changed

• Dynamic Instrumentation: Improve error reporting when instrumentation fails or is removed due to circuit breaker (#5371[])
• SSI: Reduce SSI package size (#5352[])
• Core: Change default logger output from stdout to stderr (#5342[])
• AppSec: Make AppSec blocking page more friendly for vulnerability scanners (#5341[])
• Core: Add process tags and container id to process discovery payloads when the experimental setting DD_EXPERIMENTAL_PROPAGATE_PROCESS_TAGS_ENABLED=true is enabled. (#5336[])

Fixed

• Dynamic Instrumentation: Fix Live Debugger UI for forking web servers with more than one worker process (#5304[])

Commits

• 799b3dc Merge pull request #5383 from DataDog/bump_to_version_2.29.0
• 94eac3f Update changelog
• 0b60a02 [🤖] Update System Tests: https://github.com/DataDog/dd-trace-rb/actions/runs/...
• 4f010c4 Add 2.29.0 to CHANGELOG.md
• 3e46969 [🤖] Update System Tests: https://github.com/DataDog/dd-trace-rb/actions/runs/...
• 2b71a9d Add process tags and container id to process discovery (#5336)
• 864aeb2 Merge pull request #5373 from DataDog/appsec-missing-route-telemetry
• 0a92acb Change export_api_security_metrics to accept context
• 08b2133 Add process and container tags support for DSM (#5209)
• 69278c1 Add appsec.api_security.missing_route telemetry metric
• Additional commits viewable in compare view

Updates rspec-rails from 8.0.2 to 8.0.3

Changelog

Sourced from rspec-rails's changelog.

8.0.3 / 2026-02-17

Full Changelog

Bug Fixes:

• Fix insertion order of controller prefix in the view lookup_context. (Stephen Nelson, #2749)
• Ensure rails stats looks for specs using application root rather than working directory. (Marvin Tangpos, #2879)

Commits

• 58d0380 Fix changelog link
• aa37b05 Drop main from maintenance branch
• 7ec5827 v8.0.3
• a7b0ad4 Merge pull request #2882 from tylerhunt/fix-error-typo
• 42d3a65 Add note about supported versions
• d547cb8 Bump actions/checkout from 5 to 6
• 8530dd4 Bump actions/checkout from 4 to 5
• 440b3c3 Switch to gem.coop in Gemfile
• 76cb716 Update Code of Conduct based on Contributor Covenant v3
• 577a301 Changelog for #2879
• Additional commits viewable in compare view

Updates web-console from 4.2.1 to 4.3.0

Release notes

Sourced from web-console's releases.

v4.3.0

What's Changed

• Drop unused dependency on activemodel by @​sambostock in rails/web-console#336
• Use × as close button instead of letter X by @​luiscobot in rails/web-console#338
• Always permit IPv4-mapped IPv6 loopback addresses by @​zunda in rails/web-console#342
• Fix CI by @​fatkodima in rails/web-console#345
• Fix compatiblity with latest rails by @​fatkodima in rails/web-console#344

Changelog

Sourced from web-console's changelog.

4.3.0

• #342 Always permit IPv4-mapped IPv6 loopback addresses ([@​zunda]).
• Fixed Rails 8.2.0.alpha support
• Drop Rails 7.2 support
• Drop Ruby 3.1 support

Commits

• 90e3474 Release 4.3.0
• bdbb391 Merge pull request #344 from fatkodima/fix-filter-proxies
• 950462c Fix compatiblity with latest rails
• c1f9252 Merge pull request #345 from fatkodima/fix-ci
• 6bc7159 Fix CI
• 859bc60 Merge pull request #342 from zunda/bind-on-ipv6
• c66460a Always permit IPv4-mapped IPv6 loopback addresses
• f3d437c Merge pull request #338 from luiscobot/patch-1
• 5383121 replace close icon with ×
• 9a5c089 Merge pull request #336 from sambostock/drop-active-model
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions