Bump the ruby-deps group with 20 updates

[dependabot]

Bumps the ruby-deps group with 20 updates:

Package	From	To
middleman	4.6.1	4.6.2
middleman-syntax	3.6.0	3.6.1
aws-sdk-s3	1.195.0	1.198.0
activesupport	8.0.2	8.0.2.1
afm	0.2.2	1.0.0
async	2.27.0	2.28.1
aws-partitions	1.1139.0	1.1153.0
aws-sdk-core	3.228.0	3.232.0
aws-sdk-kms	1.109.0	1.112.0
ethon	0.16.0	0.17.0
google-protobuf	4.31.1	4.32.0
io-event	1.12.1	1.13.0
metrics	0.12.2	0.14.0
middleman-cli	4.6.1	4.6.2
middleman-core	4.6.1	4.6.2
mime-types-data	3.2025.0729	3.2025.0826
pdf-reader	2.14.1	2.15.0
rexml	3.4.1	3.4.2
sass-embedded	1.89.2	1.91.0
traces	0.15.2	0.18.1

Updates middleman from 4.6.1 to 4.6.2

Changelog

Sourced from middleman's changelog.

4.6.2

• Use lowercase headers in preview app, to make it compatible with Rack 3 (#2839)

Commits

• 1c1b400 Prepare new release: v4.6.2 (#2843)
• 61b81de Fix Rack::Lint error by converting Pathname to String in send_file method (#2...
• 2d01171 bundle update
• 18869e4 maybe fix random test error
• 56b170c Bump nokogiri from 1.18.8 to 1.18.9 (#2841)
• 668239a Bump thor from 1.3.2 to 1.4.0 (#2840)
• bc35257 Use lowercase headers in preview app (#2839)
• f8db800 Bump tilt from 2.6.0 to 2.6.1 (#2837)
• 79954d5 Bump cucumber from 9.2.1 to 10.0.0 (#2834)
• 3d8d3f2 Bump aruba from 2.3.0 to 2.3.1 (#2835)
• Additional commits viewable in compare view

Updates middleman-syntax from 3.6.0 to 3.6.1

Changelog

Sourced from middleman-syntax's changelog.

3.6.1

• Add fix for lexer_options potentially being nil (#94).

Commits

• 81061a1 Prepare new release: v3.6.1
• 7d88b14 Add fix for lexer_options potentially being nil (#94)
• See full diff in compare view

Updates aws-sdk-s3 from 1.195.0 to 1.198.0

Changelog

Sourced from aws-sdk-s3's changelog.

1.198.0 (2025-08-26)

• Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

• Issue - Fix multipart download_file to support Pathname, File and Tempfile objects as download destinations.

1.197.0 (2025-08-19)

• Issue - When multipart stream uploader fails to complete multipart upload, it calls abort multipart upload.

• Issue - For Aws::S3::Object class, the following methods have been deprecated: download_file, upload_file and upload_stream. Use Aws::S3::TransferManager instead.

• Feature - Add Aws::S3::TransferManager, a S3 transfer utility that provides upload/download capabilities with automatic multipart handling, progress tracking, and handling of large files.

1.196.1 (2025-08-05)

• Issue - Add range validation to multipart download to ensure all parts are successfully processed.

• Issue - When multipart uploader fails to complete multipart upload, it calls abort multipart upload.

• Issue - Clean up partially downloaded file on multipart download_file failure while preserving existing file.

1.196.0 (2025-08-04)

• Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

Commits

• See full diff in compare view

Updates activesupport from 8.0.2 to 8.0.2.1

Release notes

Sourced from activesupport's releases.

8.0.2.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• Call inspect on ids in RecordNotFound error

  [CVE-2025-55193]

  Gannon McGibbon, John Hawthorn

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

Remove dangerous transformations
[CVE-2025-24293]

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 8.0.2.1 (August 13, 2025)

• No changes.

Commits

• b0c813b Preparing for 8.0.2.1 release
• See full diff in compare view

Updates afm from 0.2.2 to 1.0.0

Release notes

Sourced from afm's releases.

1.0.0

There are no functional changes to 0.2.2 in this release, it is just a quick update to make sure it still runs on modern rubies and add modern tooling

• [chore] Add GitHub actions instead of travis (chuckle)
• [chore] Set required ruby version to last maintained version
• [chore] update dependencies
• [chore] modernize gemspec
• [chore] formatting all ruby files to modernish standards

Changelog

Sourced from afm's changelog.

1.0.0

There are no functional changes to 0.2.2 in this release, it is just a quick update to make sure it still runs on modern rubies and add modern tooling

• [chore] Add GitHub actions instead of travis (chuckle)
• [chore] Set required ruby version to last maintained version
• [chore] update dependencies
• [chore] modernize gemspec
• [chore] formatting all ruby files to modernish standards

Commits

• 071f03b What was that anyway?
• 40bf140 Small README changes, remove (c) years
• b4d3835 Fix Depfu badge, fix gemspec, bump version
• 081c24a Ah yes, that thing
• 00d6d6a Prepare 1.0.0 release
• ffb006c add depfu badge
• See full diff in compare view

Updates async from 2.27.0 to 2.28.1

Changelog

Sourced from async's changelog.

v2.28.1

• Fix race condition between Async::Barrier#stop and finish signalling.

v2.28.0

• Use Traces.current_context and Traces.with_context for better integration with OpenTelemetry.

v2.27.4

• Suppress excessive warning in Async::Scheduler#async.

v2.27.3

• Ensure trace attributes are strings, fixes integration with OpenTelemetry.

v2.27.2

• Fix context/index.yaml schema.

v2.27.1

• Updated documentation and agent context.

Commits

• 6cece07 Bump patch version.
• 35ef83e Fix race between stop and task exiting. (#414)
• 998288e Bump minor version.
• 3ca3c46 Modernize code.
• 07d5fed Update release notes.
• 9e83acd Slightly more elaborate trace provider test.
• 1363629 Better support for OpenTelemetry.
• 185cd48 Bump patch version.
• af335ee Surpress excessive warning in Scheduler#async. Fixes #410.
• e6d6f94 Bump patch version.
• Additional commits viewable in compare view

Updates aws-partitions from 1.1139.0 to 1.1153.0

Changelog

Sourced from aws-partitions's changelog.

1.1153.0 (2025-08-29)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1152.0 (2025-08-27)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1151.0 (2025-08-25)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1150.0 (2025-08-21)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1149.0 (2025-08-20)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1148.0 (2025-08-18)

• Feature - Added support for enumerating regions for Aws::BCMDashboards.

1.1147.0 (2025-08-14)

• Feature - Added support for enumerating regions for Aws::BCMRecommendedActions.

1.1146.0 (2025-08-12)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1145.0 (2025-08-11)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1144.0 (2025-08-08)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

... (truncated)

Commits

• See full diff in compare view

Updates aws-sdk-core from 3.228.0 to 3.232.0

Changelog

Sourced from aws-sdk-core's changelog.

3.232.0 (2025-08-28)

• Feature - Updated Aws::SSO::Client with the latest API changes.

• Feature - Remove incorrect endpoint tests

3.231.0 (2025-08-26)

• Feature - Remove incorrect endpoint tests

• Feature - Add support for ENV as credential source for AssumeRoleCredentials.

3.230.0 (2025-08-21)

• Feature - Remove incorrect endpoint tests

3.229.0 (2025-08-04)

• Feature - Updated Aws::STS::Client with the latest API changes.

• Feature - Updated Aws::SSOOIDC::Client with the latest API changes.

• Feature - Updated Aws::SSO::Client with the latest API changes.

Commits

• See full diff in compare view

Updates aws-sdk-kms from 1.109.0 to 1.112.0

Changelog

Sourced from aws-sdk-kms's changelog.

1.112.0 (2025-08-27)

• Feature - Remove incorrect endpoint tests

1.111.0 (2025-08-26)

• Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.110.0 (2025-08-04)

• Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

Commits

• See full diff in compare view

Updates ethon from 0.16.0 to 0.17.0

Changelog

Sourced from ethon's changelog.

0.17.0

Full Changelog

• Require Ruby 2.6+ and simplify Gemfile. (Felipe Mesquita, #255)
• Fixed mismatched libcurl error codes in easy_codes array. (Felipe Mesquita, #253)
• Add Ruby 3.3 and 3.4, remove Ruby 2.5 from CI matrix. (Felipe Mesquita, #252)
• Skip test due to libcurl 8.7.x bug in CURLINFO_REQUEST_SIZE. (Felipe Mesquita, #251)
• Use Rackup::Handler.default for Rack 3 compatibility. (Vít Ondruch, #244)
• Add Ruby 3.1 and 3.2 to the test matrix. (Orien Madgwick, #228)
• Remove development and test files from the gem package. (Orien Madgwick, #227)
• Fix missing parenthesis in example. (Aleksey Tsalolikhin, #226)

Commits

• c88a2b0 Merge pull request #254 from typhoeus/Release-v0.17.0
• deb0977 Fill in changelog and bump version to 0.17.0
• ad5d4d4 Merge pull request #255 from felipedmesquita/require-ruby-26
• 9b757a0 Suport Rack and Rackup in test server
• b324862 Require ruby 2.6
• 582e857 Merge pull request #253 from felipedmesquita/Fix-easy-codes-mismatch
• 7137564 Fill in changelog
• 0967489 Add regression test
• 836000d fix mismatched codes
• 945e312 Merge pull request #252 from felipedmesquita/add-ruby-3.3-and-3.4,-remove-2.5...
• Additional commits viewable in compare view

Updates google-protobuf from 4.31.1 to 4.32.0

Commits

• See full diff in compare view

Updates io-event from 1.12.1 to 1.13.0

Commits

• 774ba62 Bump minor version.
• 73f10dc Update context documentation on release.
• 97798f6 Modernize code.
• f02c394 Add IO::Event::PriorityHeap#empty?.
• e444027 Benchmark experimentation.
• See full diff in compare view

Updates metrics from 0.12.2 to 0.14.0

Changelog

Sourced from metrics's changelog.

v0.14.0

• Don't call prepare in metrics/provider.rb. It can cause circular loading warnings.

v0.13.0

• Introduce metrics:provider:list command to list all available metrics providers.

v0.12.1

Introduce Metrics::Config to Expose prepare Hook

The metrics gem uses aspect-oriented programming to wrap existing methods to emit metrics. However, while there are some reasonable defaults for emitting metrics, it can be useful to customize the behavior and level of detail. To that end, the metrics gem now optionally loads a config/metrics.rb which includes a prepare hook that can be used to load additional providers.

# config/metrics.rb
def prepare
require 'metrics/provider/async'
require 'metrics/provider/async/http'
end

The prepare method is called immediately after the metrics backend is loaded. You can require any provider you want in this file, or even add your own custom providers.

Commits

• ef1f353 Bump minor version.
• 41e0e78 Add agent context.
• 1bcd3f2 Don't call prepare in metrics/provider.rb.
• f819a45 Bump minor version.
• ba78348 Add bake metrics:provider:list command.
• cb7bd14 Modernize code.
• See full diff in compare view

Updates middleman-cli from 4.6.1 to 4.6.2

Updates middleman-core from 4.6.1 to 4.6.2

Updates mime-types-data from 3.2025.0729 to 3.2025.0826

Changelog

Sourced from mime-types-data's changelog.

3.2025.0826 / 2025-08-26

• Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional], the [Apache httpd media registry][httpd], and the [Apache Tika media registry][tika] as of the release date.

3.2025.0819 / 2025-08-19

• Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional], the [Apache httpd media registry][httpd], and the [Apache Tika media registry][tika] as of the release date.

3.2025.0812 / 2025-08-12

• Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional], the [Apache httpd media registry][httpd], and the [Apache Tika media registry][tika] as of the release date.

3.2025.0805 / 2025-08-05

• Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional], the [Apache httpd media registry][httpd], and the [Apache Tika media registry][tika] as of the release date.

Commits

• 08f679e Update mime-types-data 3.2025.0826 / 2025-08-26
• fac1e47 deps: Bump ruby/setup-ruby from 1.255.0 to 1.256.0
• 84f4509 deps: Bump actions/dependency-review-action from 4.7.1 to 4.7.2
• c9ca81c deps: Bump github/codeql-action from 3.29.9 to 3.29.11
• 6403310 deps: Bump reviewdog/action-actionlint from 1.66.0 to 1.66.1
• 20382b3 deps: Bump astral-sh/setup-uv from 6.5.0 to 6.6.0
• 924aa94 Update mime-types-data 3.2025.0819 / 2025-08-19
• e936815 deps: Bump github/codeql-action from 3.29.8 to 3.29.9
• c2782af deps: Bump actions/checkout from 4.2.2 to 5.0.0
• 586ea8c deps: Bump astral-sh/setup-uv from 6.4.3 to 6.5.0
• Additional commits viewable in compare view

Updates pdf-reader from 2.14.1 to 2.15.0

Changelog

Sourced from pdf-reader's changelog.

v2.15.0 (13th August 2025)

• Overhaul sorbet types, moving from an external RBI file to inline comments in RBS syntax
  • multiple PRs, but mainly yob/pdf-reader#562
  • See https://railsatscale.com/2025-04-23-rbs-support-for-sorbet/
  • No impact expected for most users, but projects that use sorbet may find subtle changes in the RBI file that is shipped with the gem
• Relax version requirements for dependency afm, allow 1.x (yob/pdf-reader#557)
• Improve text positioning logic in some PDFs (yob/pdf-reader#554)
• Multiple fixes for encrypted files
  • Some files with passwords > 32 bytes long (yob/pdf-reader#555)
  • Some files that contain cipher text with a 16 byte IV and no further blocks (yob/pdf-reader#561)
  • Some files that encrypted data with no padding (yob/pdf-reader#564)
• Add jruby 10 to CI matrix (yob/pdf-reader#552)

Commits

• ecaa285 change release step to use a full ruby 3.4 image
• 99a55fc Move back to an official release of spoom
• 61a80cd We can go back to an upstream release of spoom now
• b457579 Oops, I think I need to install spoom before using it here
• a899fee prepare for relesae
• 435942e remove unused config file for parlour
• b3155c0 Merge pull request #567 from yob/fix-stack-overflow-in-page-ancestors
• 6402349 Avoid infinite recursion when a PDF has a loop in the ancestorsof a Page object
• b26c569 Add more type annotations to ObjectHash class
• c08babc change Parse to typed: strict
• Additional commits viewable in compare view

Updates rexml from 3.4.1 to 3.4.2

Release notes

Sourced from rexml's releases.

REXML 3.4.2 - 2025-08-26

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

... (truncated)

Changelog

Sourced from rexml's changelog.

3.4.2 - 2025-08-26 {#version-3-4-2}

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

... (truncated)

Commits

• f36916f Add 3.4.2 entry (#284)
• 5859bde Added XML declaration check & Source#skip_spaces method (#282)
• 1d876e3 Bump actions/checkout from 4 to 5 (#283)
• c87bda8 Remove ostruct from dev deps (#281)
• c60ae02 Remove bundler from dev deps (#277)
• 9b084d7 Fix & Deprecate REXML::Text#text_indent (#275)
• 04a589a Fix a bug that XPath can't be used for no document element (#268)
• 66232ea Remove redundant return statements (#266)
• 63f3e97 Use Safe Navigation (&.) from Ruby 2.3 (#265)
• d427fc5 Avoid redundant calls for doctype (#264)
• Additional commits viewable in compare view

Updates sass-embedded from 1.89.2 to 1.91.0

Commits

• 3f8ad41 v1.91.0
• 40b2aa7 Bump sass from 1.90.0 to 1.91.0 in /ext/sass (#326)
• d30688d Update rubocop requirement from ~> 1.79.1 to ~> 1.80.0 (#325)
• 399e19c Bump actions/setup-java from 4 to 5 (#324)
• 086f00d Test jruby-10 on windows-11-arm
• ac1571c Test jruby-head on windows-11-arm
• 69bfec3 Remove i386 from Rakefile
• faadf00 Bump actions/checkout from 4 to 5 (#323)
• 6d13553 Update Rakefile
• 8411a4c Update Rakefile
• Additional commits viewable in compare view

Updates traces from 0.15.2 to 0.18.1

Changelog

Sourced from traces's changelog.

v0.18.1

• Don't call prepare in traces/provider.rb. It can cause circular loading warnings.

v0.18.0

• W3C Baggage Support - Full support for W3C Baggage specification for application-specific context propagation.

New Context Propagation Interfaces

Traces#trace_context and Traces.trace_context are insufficient for efficient inter-process tracing when using OpenTelemetry. That is because OpenTelemetry has it's own "Context" concept with arbitrary key-value storage (of which the current span is one such key/value pair). Unfortunately, OpenTelemetry requires those values to be propagated "inter-process" while ignores them for "intra-process" tracing.

Therefore, in order to propagate this context, we introduce 4 new methods:

• Traces.current_context - Capture the current trace context for local propagation between execution contexts (threads, fibers).
• Traces.with_context(context) - Execute code within a specific trace context, with automatic restoration when used with blocks.
• Traces.inject(headers = nil, context = nil) - Inject W3C Trace Context headers into a headers hash for distributed propagation.
• Traces.extract(headers) - Extract trace context from W3C Trace Context headers.

The default implementation is built on top of Traces.trace_context, however these methods can be replaced by the backend. In that case, the context object is opaque, in other words it is library-specific, and you should not assume it is an instance of Traces::Context.

v0.17.0

• Remove support for resource: keyword argument with no direct replacement – use an attribute instead.

v0.16.0

• Introduce traces:provider:list command to list all available trace providers.

v0.14.0

Introduce Traces::Config to Expose prepare Hook

The traces gem uses aspect-oriented programming to wrap existing methods to emit traces. However, while there are some reasonable defaults for emitting traces, it can be useful to customize the behavior and level of detail. To that end, the traces gem now optionally loads a config/traces.rb which includes a prepare hook that can be used to load additional providers.

# config/traces.rb
def prepare
require 'traces/provider/async'
require 'traces/provider/async/http'
end

The prepare method is called immediately after the traces backend is loaded. You can require any provider you want in this file, or even add your own custom providers.

Commits

• 3770cd2 Bump patch version.
• 168f6ae Don't call prepare in traces/provider.rb.
• c6a24b9 Bump minor version.
• 450e504 Missing documentation.
• 34c81e5 Use test backend for testing.
• 6a369f0 Modernize code.
• 71dd325 Add Traces.current_context and Traces.with_context.
• 8a5bf9f Bump minor version.
• 10ffdc4 Clean up bake task output.
• b6dae25 Drop support for resource: keyword argument.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions