Bump the ruby-deps group with 14 updates

[dependabot]

Bumps the ruby-deps group with 14 updates:

Package	From	To
rake	13.3.0	13.3.1
aws-sdk-s3	1.199.1	1.202.0
activesupport	8.0.3	8.1.1
async	2.33.0	2.34.0
aws-partitions	1.1168.0	1.1179.0
aws-sdk-core	3.233.0	3.236.0
aws-sdk-kms	1.113.0	1.116.0
bigdecimal	3.2.3	3.3.1
console	1.34.0	1.34.2
google-protobuf	4.32.1	4.33.0
haml	6.3.0	7.0.1
json	2.15.0	2.15.2
minitest	5.25.5	5.26.0
uri	1.0.3	1.1.0

Updates rake from 13.3.0 to 13.3.1

Commits

• f0001c3 v13.3.1
• a644c80 Merge pull request #483 from luke-gru/fix_test_warnings
• 2465ea5 silence warnings during execution of rake tasks in Rakefile (ex: rake test)
• df25fb1 Merge pull request #610 from pvdb/fix_testhelper_require
• ec12ac9 Merge pull request #635 from nevans/deconstruct_keys-for-nil-keys
• 4664a69 Merge pull request #666 from ruby/dependabot/github_actions/ruby/setup-ruby-1...
• 7a0bf15 Bump ruby/setup-ruby from 1.265.0 to 1.266.0
• b3ed789 Merge pull request #665 from ruby/dependabot/github_actions/ruby/setup-ruby-1...
• 1e7ef52 Bump ruby/setup-ruby from 1.263.0 to 1.265.0
• 77225e1 Merge pull request #664 from ruby/dependabot/github_actions/ruby/setup-ruby-1...
• Additional commits viewable in compare view

Updates aws-sdk-s3 from 1.199.1 to 1.202.0

Changelog

Sourced from aws-sdk-s3's changelog.

1.202.0 (2025-10-28)

• Feature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.

1.201.0 (2025-10-21)

• Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

• Issue - Fix multipart upload to respect request_checksum_calculation when_required mode.

1.200.0 (2025-10-15)

• Feature - Add lightweight thread pool executor for multipart download_file, upload_file and upload_stream.

• Feature - Add custom executor support for Aws::S3::TransferManager.

Commits

• See full diff in compare view

Updates activesupport from 8.0.3 to 8.1.1

Release notes

Sourced from activesupport's releases.

8.1.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• Respect remove_hidden_field_autocomplete config in form builder hidden_field.

  Rafael Mendonça França

Action Pack

• Allow methods starting with underscore to be action methods.

  Disallowing methods starting with an underscore from being action methods was an unintended side effect of the performance optimization in 207a254.

  Fixes #55985.

  Rafael Mendonça França

Active Job

• Only index new serializers.

  Jesse Sharps

Action Mailer

• No changes.

Action Cable

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 8.1.1 (October 28, 2025)

• No changes.

Rails 8.1.0 (October 22, 2025)

• Remove deprecated passing a Time object to Time#since.

  Rafael Mendonça França

• Remove deprecated Benchmark.ms method. It is now defined in the benchmark gem.

  Rafael Mendonça França

• Remove deprecated addition for Time instances with ActiveSupport::TimeWithZone.

  Rafael Mendonça França

• Remove deprecated support for to_time to preserve the system local time. It will now always preserve the receiver timezone.

  Rafael Mendonça França

• Deprecate config.active_support.to_time_preserves_timezone.

  Rafael Mendonça França

• Standardize event name formatting in assert_event_reported error messages.

  The event name in failure messages now uses .inspect (e.g., name: "user.created") to match assert_events_reported and provide type clarity between strings and symbols. This only affects tests that assert on the failure message format itself.

  George Ma

• Fix Enumerable#sole to return the full tuple instead of just the first element of the tuple.

  Olivier Bellone

• Fix parallel tests hanging when worker processes die abruptly.

  Previously, if a worker process was killed (e.g., OOM killed, kill -9) during parallel test execution, the test suite would hang forever waiting for the dead worker.

  Joshua Young

• Add config.active_support.escape_js_separators_in_json.

  Introduce a new framework default to skip escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON.

... (truncated)

Commits

• 90a1eaa Preparing for 8.1.1 release
• 234b569 Merge pull request #56008 from chaadow/fix_nesting_loop_rails
• 53c4ed8 Merge pull request #55973 from rails/fix-ci
• f77a1c3 Require 'rails' at the top of railltie files to ensure Rails is loaded first
• cd53d57 Merge pull request #55962 from coderhs/patch-1
• 1cdd190 Preparing for 8.1.0 release
• 096f1c7 Merge pull request #55943 from skipkayhil/hm-oyxvtrxvupxqzprn
• 1ace683 Preparing for 8.1.0.rc1 release
• d156ee0 Merge pull request #55871 from Shopify/refresh_event_reporter
• 48ca2f8 Load core extensions with require_relative
• Additional commits viewable in compare view

Updates async from 2.33.0 to 2.34.0

Changelog

Sourced from async's changelog.

v2.34.0

Kernel::Barrier Convenience Interface

Starting multiple concurrent tasks and waiting for them to finish is a common pattern. This change introduces a small ergonomic helper, Barrier, defined in Kernel, that encapsulates this behavior: it creates an Async::Barrier, yields it to a block, waits for completion (using Sync to run a reactor if needed), and ensures remaining tasks are stopped on exit.

require 'async'
Barrier do |barrier|
3.times do |i|
barrier.async do |task|
sleep(rand * 0.1)  # Simulate work
puts "Task #{i} completed"
end
end
end
All tasks are guaranteed to complete or be stopped when the block exits.

If an exception is raised by a task, it will be propagated to the caller, and any remaining tasks will be stopped. The parent: parameter can be used to specify a parent task for the barrier, otherwise it will use the current task if available, or create a new reactor if not.

Commits

• 7c0cbdf Bump minor version.
• ec27366 Introduce Kernel#Barrier as a top level scheduling operation. (#426)
• 170376f Fix flakey test - queue timeout may be slow in CI.
• See full diff in compare view

Updates aws-partitions from 1.1168.0 to 1.1179.0

Changelog

Sourced from aws-partitions's changelog.

1.1179.0 (2025-10-30)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1178.0 (2025-10-28)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1177.0 (2025-10-24)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1176.0 (2025-10-23)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1175.0 (2025-10-22)

• Feature - Added support for enumerating regions for Aws::RTBFabric.

1.1174.0 (2025-10-17)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1173.0 (2025-10-15)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1172.0 (2025-10-10)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1171.0 (2025-10-09)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1170.0 (2025-10-08)

• Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

... (truncated)

Commits

• See full diff in compare view

Updates aws-sdk-core from 3.233.0 to 3.236.0

Changelog

Sourced from aws-sdk-core's changelog.

3.236.0 (2025-10-30)

• Feature - Updated Aws::STS::Client with the latest API changes.

• Feature - Updated Aws::SSO::Client with the latest API changes.

• Feature - Update endpoint ruleset parameters casing

3.235.0 (2025-10-24)

• Feature - Updated Aws::SSOOIDC::Client with the latest API changes.

• Feature - Update endpoint ruleset parameters casing

3.234.0 (2025-10-21)

• Issue - Fix request_checksum_calculation when_required mode to only calculate checksums when explicitly provided by user.

• Feature - Add CREDENTIALS_CODE metric for static_profile_ prefixed methods in default credential chain.

Commits

• See full diff in compare view

Updates aws-sdk-kms from 1.113.0 to 1.116.0

Changelog

Sourced from aws-sdk-kms's changelog.

1.116.0 (2025-10-30)

• Feature - Add cross account VPC endpoint service connectivity support to CustomKeyStore.

1.115.0 (2025-10-21)

• Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.114.0 (2025-10-16)

• Feature - Update endpoint ruleset parameters casing

Commits

• See full diff in compare view

Updates bigdecimal from 3.2.3 to 3.3.1

Release notes

Sourced from bigdecimal's releases.

v3.3.1

What's Changed

• Fix modulo/remainder of negative zero by @​tompng in ruby/bigdecimal#441
• Unify all precision validation to be consistent with BigDecimal#add by @​tompng in ruby/bigdecimal#442
• Bump version to 3.3.1 by @​tompng in ruby/bigdecimal#443

Full Changelog: ruby/bigdecimal@v3.3.0...v3.3.1

v3.3.0

What's Changed

• Allow calling Rational#to_d without arguments by @​fsateler in ruby/bigdecimal#421
• Fix test_no_memory_leak failure by @​tompng in ruby/bigdecimal#424
• Change BigMath.sin and cos to always calculate in relative precision. by @​tompng in ruby/bigdecimal#422
• Faster exp calculation by @​tompng in ruby/bigdecimal#399
• Rename assert_relative_precision to assert_converge_in_precision by @​tompng in ruby/bigdecimal#425
• Add support for tangent function by @​rhannequin in ruby/bigdecimal#231
• Make bigdecimal.rb work in JRuby by @​tompng in ruby/bigdecimal#420
• BigMath methods common interface: coerce x, validate prec, check nan error by @​tompng in ruby/bigdecimal#415
• Round result of sqrt and BigMath methods by @​tompng in ruby/bigdecimal#427
• Update example calculation result in BigMath document by @​tompng in ruby/bigdecimal#428
• BigMath.log(0,n)==-Infinity just like Math.log(0) by @​tompng in ruby/bigdecimal#430
• Fix divmod and modulo by infinity to match Float#divmod and Float#modulo by @​tompng in ruby/bigdecimal#429
• Bump step-security/harden-runner from 2.13.0 to 2.13.1 by @​dependabot[bot] in ruby/bigdecimal#431
• Make internal BigMath method a private method by @​tompng in ruby/bigdecimal#432
• Improve performance of x**y when y is a huge value by @​tompng in ruby/bigdecimal#438
• Fix precision of x.power(y, prec) when the result is nearly infinity by @​tompng in ruby/bigdecimal#439
• Bump version to 3.3.0 by @​tompng in ruby/bigdecimal#437

New Contributors

• @​fsateler made their first contribution in ruby/bigdecimal#421

Full Changelog: ruby/bigdecimal@v3.2.3...v3.3.0

Changelog

Sourced from bigdecimal's changelog.

3.3.1

• All BigMath methods converts non integer precision with to_int

  @​tompng

3.3.0

• Allow calling to_d without arguments GH-421

  @​fsateler

• Calculate BigMath.sin and cos in relative precision GH-422

  @​tompng

• Add support for tangent function GH-231

  @​rhannequin

• BigMath methods accepts numeric as an argument GH-415

  @​tompng

• Round result of sqrt and BigMath methods GH-427

  @​tompng

Commits

• 2d932f4 Bump version to 3.3.1 (#443)
• 8f34991 Unify all precision validation to be consistent with BigDecimal#add (#442)
• a831065 Fix modulo/remainder of negative zero (#441)
• 0aa97bb Bump version to 3.3.0 (#437)
• f718178 Fix precision of x.power(y, prec) when the result is nearly infinity (#439)
• a267ca7 Improve performance of x**y when y is a huge value (#438)
• cb2458b Add newline at EOF [ci skip]
• d93b542 Make internal BigMath method a private method (#432)
• f107735 Merge pull request #431 from ruby/dependabot/github_actions/step-security/har...
• 6682fd8 Bump step-security/harden-runner from 2.13.0 to 2.13.1
• Additional commits viewable in compare view

Updates console from 1.34.0 to 1.34.2

Updates google-protobuf from 4.32.1 to 4.33.0

Commits

• See full diff in compare view

Updates haml from 6.3.0 to 7.0.1

Updates json from 2.15.0 to 2.15.2

Release notes

Sourced from json's releases.

v2.15.2

What's Changed

• Fix JSON::Coder to have one dedicated depth counter per invocation. After encountering a circular reference in JSON::Coder#dump, any further #dump call would raise JSON::NestingError.

Full Changelog: ruby/json@v2.15.1...v2.15.2

v2.15.1

What's Changed

• Fix incorrect escaping in the JRuby extension when encoding shared strings.

Full Changelog: ruby/json@v2.15.0...v2.15.1

Changelog

Sourced from json's changelog.

2025-10-25 (2.15.2)

• Fix JSON::Coder to have one dedicated depth counter per invocation. After encountering a circular reference in JSON::Coder#dump, any further #dump call would raise JSON::NestingError.

2025-10-07 (2.15.1)

• Fix incorrect escaping in the JRuby extension when encoding shared strings.

Commits

• 5e61cd7 Release 2.15.2
• 30969be Merge pull request #874 from byroot/coder-reset-nesting
• aefa671 Fix concurrent usage of JSON::Coder#dump
• 9e6067b Release 2.15.1
• 1e19097 Add a workflow to sync commits to ruby/ruby (#872)
• 1b1647f Update changelog
• eec466d Merge pull request #871 from tompng/fix_sliced_string_escape
• d7baf01 Fix sliced string escaping
• d867e39 Run jruby-head on Windows
• ec85851 Fix a typo in the changelog
• See full diff in compare view

Updates minitest from 5.25.5 to 5.26.0

Changelog

Sourced from minitest's changelog.

=== 5.26.0 / 2025-10-07

The Seattle.rb Nerd Party, Slightly Tipsy Edition!

• 2 minor enhancements:

  • Added extra documentation to Minitest::TestTask options.
  • Make parallelize_me! a no-op when n_threads=1.

• 9 bug fixes:

  • Bypass parallel_executor entirely when n_threads=1.
  • Don't require rubygems in Rakefile... it is 2025.
  • Ensure that minitest exits non-zero on Interrupt. (tavianator)
  • Fix Minitest.run sequence rdoc to include loop vars and read consistently.
  • Fix call to parallel_executor.shutdown when it isn't defined.
  • Removed some 1.8/1.9-based code from the assertions and expectations.
  • Still fighting with rdoc? Yup. Still fighting with rdoc...
  • Switched assert_equal's diff from Tempfile.open to Tempfile.create.
  • Use Regexp.escape for BASE_RE in case pwd has special chars. (astra_1993)

Commits

• f78aa72 prepped for release
• 5faf12f - Use Regexp.escape for BASE_RE in case pwd has special chars. (astra_1993)
• 839c5f0 - Bypass parallel_executor entirely when n_threads=1.
• 7c90742 - Switched assert_equal's diff from Tempfile.open to Tempfile.create.
• b3dcd38 clarify an assert_equal + newline + backslash n test output to be more readable
• 14c87ef Improve let tests to no longer be order dependent.
• 6c995cf - Ensure that minitest exits non-zero on Interrupt. (tavianator)
• 42ce806 - Removed some 1.8/1.9-based code from the assertions and expectations.
• a17393e - Still fighting with rdoc? Yup. Still fighting with rdoc...
• 68b3d0c - Don't require rubygems in Rakefile... it is 2025.
• Additional commits viewable in compare view

Updates uri from 1.0.3 to 1.1.0

Release notes

Sourced from uri's releases.

v1.1.0

What's Changed

• Update to use the latest version of setup-ruby and bump up to Ruby 3.4 by @​hsbt in ruby/uri#158
• Fix the mention to removed URI.escape/URI::Escape by @​y-yagi in ruby/uri#146
• Use a fully qualified name in warning messages by @​y-yagi in ruby/uri#150
• Support Ractor#value by @​hsbt in ruby/uri#163
• Removed unnecessary workaround by @​hsbt in ruby/uri#164
• Escape reserved characters in scheme name by @​nobu in ruby/uri#148
• [DOC] State that uri library is needed to call Kernel#URI by @​nobu in ruby/uri#167
• Prefer dedicated assertion methods by @​nobu in ruby/uri#169
• Fix the message for unexpected argument by @​nobu in ruby/uri#171
• Make URI::regexp schemes case sensitive (#38) by @​nobu in ruby/uri#170
• The local part should not contain leading or trailing dots in the EMAIL_REGEXP by @​nlevchuk in ruby/uri#124
• More checks in EMAIL_REGEXP by @​nobu in ruby/uri#172
• Do not allow empty host names, as they are not allowed by RFC 3986 by @​jeremyevans in ruby/uri#116
• Improve performance of URI::MailTo::EMAIL_REGEXP by @​nobu in ruby/uri#173
• Performance test stability by @​nobu in ruby/uri#174
• Update documents that used URI::Parser by @​nobu in ruby/uri#175
• Add a workflow to sync commits to ruby/ruby by @​k0kubun in ruby/uri#183
• Add irb to the Gemfile to fix the warning by @​y-yagi in ruby/uri#182
• Replace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by @​vivshaw in ruby/uri#166
• Switch a parsing behavior completely when switching a parser by @​y-yagi in ruby/uri#161
• improve error message by @​soda92 in ruby/uri#130
• Use generic version number to VERSION by @​hsbt in ruby/uri#187

New Contributors

• @​y-yagi made their first contribution in ruby/uri#146
• @​nlevchuk made their first contribution in ruby/uri#124
• @​vivshaw made their first contribution in ruby/uri#166
• @​soda92 made their first contribution in ruby/uri#130

Full Changelog: ruby/uri@v1.0.4...v1.1.0

v1.0.4

Security fixes

• CVE-2025-61594

---

Full Changelog: ruby/uri@v1.0.3...v1.0.4

Commits

• c41903b v1.1.0
• b433f34 Merge pull request #187 from ruby/switch-version-code
• 1fc4f04 Use generic version number to VERSION and generate VERSION_CODE from that
• e830680 Exclude dependabot updates from release note
• 70d245f Merge pull request #130 from soda92/improve-error-message
• d629c8c Merge pull request #161 from y-yagi/fix_changing_parser
• fec6733 Merge pull request #166 from vivshaw/vivshaw/correct-obsolete-parse
• 83f613a Merge pull request #182 from y-yagi/fix_irb_warning
• a4829f8 Update the latest versions of actions
• 52077e9 Merge tag 'v1.0.4'
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
haml	[>= 6.a, < 7]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions