Skip to content

chore(deps): bump the ruby-deps group across 1 directory with 17 updates#526

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/bundler/dev/ruby-deps-36f61cfe65
Open

chore(deps): bump the ruby-deps group across 1 directory with 17 updates#526
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/bundler/dev/ruby-deps-36f61cfe65

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps the ruby-deps group with 17 updates in the / directory:

Package From To
bootsnap 1.24.2 1.24.6
sqlite3 2.9.3 2.9.5
image_processing 1.14.0 2.0.2
tailwindcss-rails 4.4.0 4.6.0
view_component 4.8.0 4.12.0
puma 8.0.1 8.0.2
thruster 0.1.20 0.1.21
solid_cable 3.0.12 4.0.0
pagy 6.5.0 9.4.0
jbuilder 2.14.1 2.15.1
json 2.19.5 2.19.9
stripe 19.1.0 19.2.1
brakeman 8.0.4 8.0.5
rubocop 1.86.1 1.88.0
shoulda-matchers 7.0.1 8.0.1
selenium-webdriver 4.43.0 4.45.0
kamal 2.11.0 2.12.0

Updates bootsnap from 1.24.2 to 1.24.6

Release notes

Sourced from bootsnap's releases.

v1.24.4

What's Changed

  • Fix several compatibility issues with Ruby 4.0.4, particularly the should not compile with coverage error. See #547.
  • Fix Bootsnap.enable_frozen_string_literal to work even when coverage is enabled. Unfortunately only possible on Ruby 4.0.4+. On older rubies if coverage is enabled a warning will be issued and the feature won't work.
  • Reduced cache files header size from 64 to 32 bytes, and got rid of the random padding element.
  • Avoid leaking a private method in Object when testing for Parse.y bugs.

Full Changelog: rails/bootsnap@v1.24.3...v1.24.4

v1.24.3

  • Fix the 1.24.2 workaround to parse Ruby files with UTF-8 even when the LANG environment variable is unset or set to C.

Full Changelog: rails/bootsnap@v1.24.2...v1.24.3

Changelog

Sourced from bootsnap's changelog.

1.24.6

  • Fix detection of Ruby bug #22023 on some patch versions of Ruby 3.4, and properly apply the workaround.

1.24.5

  • No longer load the config file by default when setup is done manually. This is so cli applications like homebrew don't mistakenly load another app's boostnap config.

1.24.4

  • Fix several compatibility issues with Ruby 4.0.4, particularly the should not compile with coverage error. See #547.
  • Fix Bootsnap.enable_frozen_string_literal to work even when coverage is enabled. Unfortunately only possible on Ruby 4.0.4+. On older rubies if coverage is enabled a warning will be issued and the feature won't work.
  • Reduced cache files header size from 64 to 32 bytes, and got rid of the random padding element.
  • Avoid leaking a private method in Object when testing for Parse.y bugs.

1.24.3

  • Fix the 1.24.2 workaround to parse Ruby files with UTF-8 even when the LANG environment variable is unset or set to C.
Commits
  • 026e183 Release 1.24.6
  • 263e346 Merge pull request #556 from byroot/remove-canary
  • 7c31cd8 Check for [Bug #22023] by checking Ruby version rather than a canary
  • 54eba76 Merge pull request #554 from byroot/namespace-overflow
  • fe963d5 bs_cache_path: account for namespace length
  • 7b42db6 Merge pull request #553 from arpitjain099/chore/declare-workflow-perms
  • 113b184 ci: add permissions: contents: read to ci
  • d6ca050 Release 1.24.5
  • 579aa0e Merge pull request #552 from byroot/fix-bootsnap-config
  • 2884e89 Only load config file is directed to by .setup
  • Additional commits viewable in compare view

Updates sqlite3 from 2.9.3 to 2.9.5

Release notes

Sourced from sqlite3's releases.

2.9.5 / 2026-06-07

Dependencies

Security / Stability

78075b6337d3d182c6d2b4691049ed45cd220826160c9ea18946bf6a1de200dc  gems/sqlite3-2.9.5-aarch64-linux-gnu.gem
18c801185deb4adc01ddb281e8f672a39e3d1729979ca91e39439cd3eac0402d  gems/sqlite3-2.9.5-aarch64-linux-musl.gem
1bdfca0c7d63998c60b0f4a8e3c8df2d33800ccc4abd2d612eddbbbc92a4c48b  gems/sqlite3-2.9.5-arm-linux-gnu.gem
bae1109d12b2e9f588455967729b008e1ff4feb7761749df695019c9079913c6  gems/sqlite3-2.9.5-arm-linux-musl.gem
d0cf444a70fc9395d513cfbcc1e6719e224aa645314e3824cb0474c721425aa2  gems/sqlite3-2.9.5-arm64-darwin.gem
b00d5697994ee8589b6096694a2130aa5567db64373baca55ea98c9bf958f46a  gems/sqlite3-2.9.5-x64-mingw-ucrt.gem
c94b96b16f17796be6fa099d15218b52e396f55690c4760faaaefa21ebab9dd5  gems/sqlite3-2.9.5-x86-linux-gnu.gem
063a8c13cbadfe7f29453b1706cbdf91fca4a78d244f816ff20bac4fb259f1e4  gems/sqlite3-2.9.5-x86-linux-musl.gem
8e9caae38bd7ebb29cbeee3e7ab1d12dc2327d9a1b92c7fcf0dda05589627a81  gems/sqlite3-2.9.5-x86_64-darwin.gem
233dbcb6714148dd23bc5aeb33e8efd6eac974969564ddd5794c23d5f52b231e  gems/sqlite3-2.9.5-x86_64-linux-gnu.gem
e7d3a7474e8af0f96150c21abc203fbab5437206bfcdf11deab7741c0ca516f2  gems/sqlite3-2.9.5-x86_64-linux-musl.gem
04572973a3f943ad50a8adfffc8dd752a5f06e4c3db2026f71838fed8a982606  gems/sqlite3-2.9.5.gem

2.9.4 / 2026-05-05

ecabed721e6eaad54601d2685f09029d90025efc8d931040dc89cb3f8a2080ec  gems/sqlite3-2.9.4-aarch64-linux-gnu.gem
ffb4255947fb54c8c3eeca97460c9702b40de91ce390455ef7367ca6a3929a31  gems/sqlite3-2.9.4-aarch64-linux-musl.gem
9ee2008b9fbec984c3c165b0d7eedd2bd2a415100b761bfa3a4c6fbec9208bf6  gems/sqlite3-2.9.4-arm-linux-gnu.gem
8dc1fe4da6977992cd62decf4a93ccf6cc2e124a5e6a340160d52092f70e837a  gems/sqlite3-2.9.4-arm-linux-musl.gem
1d5aad413a815d236e96d43f05a1acc600b6cd086800770342a3f9c2877499ff  gems/sqlite3-2.9.4-arm64-darwin.gem
40997c549b19e2fdfcc5e271f6bdd4d502179742c0bfd678da23d0d09b929848  gems/sqlite3-2.9.4-x64-mingw-ucrt.gem
5cab40ea734796802853501bd23b6162eec391dc37f3bf04bc2ffbda9c8bf93d  gems/sqlite3-2.9.4-x86-linux-gnu.gem
936e2d4a428887fac15f55e26a18671fbb4e522bffaa43969fadf7b40ab25214  gems/sqlite3-2.9.4-x86-linux-musl.gem
f280c476e360b73e86165a5e59b72801385b4a6c3a47f8af5ecefb9d90bec17f  gems/sqlite3-2.9.4-x86_64-darwin.gem
537a3eda71b1df1336d0055cbebe55a7317c34870c192c7b6b9d8d0be6871847  gems/sqlite3-2.9.4-x86_64-linux-gnu.gem
3fc5e865b4be9a85d998203ef8d0c0fdcb92f20acf34a254346ff8a19088efec  gems/sqlite3-2.9.4-x86_64-linux-musl.gem
6161c5b9c17886b289558e6c8082b28a22a814736d2433c9a67f4c6bfcde5c97  gems/sqlite3-2.9.4.gem
</tr></table> 

... (truncated)

Changelog

Sourced from sqlite3's changelog.

2.9.5 / 2026-06-07

Dependencies

Security / Stability

2.9.4 / 2026-05-05

Commits
  • 747e7de version bump to v2.9.5
  • 2bd436d Fix use-after-free issue with custom functions (#710)
  • b24e1e6 Fix use-after-free issue with aggregate functions (#711)
  • 9abc955 dep: update vendored sqlite to 3.53.2 (#709)
  • a3f8e71 For sqlcipher builds, prefer sqlcipher's header (#708)
  • 9292033 build(deps): bump the actions group across 1 directory with 3 updates (#707)
  • b79c841 Introduce a security reporting policy
  • ae58899 version bump to v2.9.4
  • e16df53 Merge pull request #704 from sparklemotion/dep-sqlite-3.53.1
  • 2dc95ff dep: update vendored sqlite to 3.53.1
  • Additional commits viewable in compare view

Updates image_processing from 1.14.0 to 2.0.2

Changelog

Sourced from image_processing's changelog.

2.0.2 (2026-06-03)

  • Raise LoadError instead of ImageProcessing::Error when soft dependencies are missing (@​bdewater-thatch)

2.0.1 (2026-05-22)

  • [minimagick] Prevent remote shell execution when passing loader/saver options from user input

2.0.0 (2026-05-20)

  • mini_magick/ruby-vips are now soft dependencies and need to be manually added to the Gemfile (@​janko)

  • Avoid remote shell execution vulnerability in #apply when arguments are coming from user input (@​janko)

  • [vips] Unfuzzed loaders are now blocked by default (@​janko)

  • [vips] Sharpening after resize has been disabled by default (@​janko)

  • [minimagick] Remove deprecated :compose and :geometry keyword arguments for #composite (@​janko)

  • Ruby 3.0+ is now required (@​janko)

Commits
  • 7d89c01 Bump to 2.0.2
  • 7f38304 Create a new LoadError for missing dependencies
  • 996862c Warn and reraise LoadError instead of raising custom error (#143)
  • a64dbd5 Inline dhash-vips
  • 9489387 Bump to 2.0.1
  • 31b3d91 Prevent remote shell execution in loader/saver minimagick options
  • cd1353d Bump to 2.0.0
  • fb1c0ed Update documentation with recent changes
  • f9a1379 Use double quotes
  • ad46160 Add IRB and Benchmark to Gemfile
  • Additional commits viewable in compare view

Updates tailwindcss-rails from 4.4.0 to 4.6.0

Release notes

Sourced from tailwindcss-rails's releases.

v4.6.0 / 2026-06-17

Fixed

  • tailwindcss:watch now forwards stop signals (SIGINT/SIGTERM) to the spawned tailwindcss process, instead of letting it be orphaned. This happens when a process manager signals the watch task directly rather than the whole process group — most commonly Procfile-based managers like foreman in development. @​jordan-brough

v4.5.0 / 2026-06-15

Improved

  • New silent flag on tailwindcss:build and tailwindcss:watch tasks to suppress non-error output from the tailwindcss CLI (e.g., bin/rails tailwindcss:watch[silent]). Requires Tailwind CSS v4.3.1. #618 @​jordan-brough

New Contributors

Full Changelog: rails/tailwindcss-rails@v4.4.0...v4.5.0

Changelog

Sourced from tailwindcss-rails's changelog.

v4.6.0 / 2026-06-17

Fixed

  • tailwindcss:watch now forwards stop signals (SIGINT/SIGTERM) to the spawned tailwindcss process, instead of letting it be orphaned. This happens when a process manager signals the watch task directly rather than the whole process group — most commonly Procfile-based managers like foreman in development. @​jordan-brough

v4.5.0 / 2026-06-15

Improved

  • New silent flag on tailwindcss:build and tailwindcss:watch tasks to suppress non-error output from the tailwindcss CLI (e.g., bin/rails tailwindcss:watch[silent]). Requires Tailwind CSS v4.3.1. #618 @​jordan-brough
Commits
  • d4d95b3 version bump to v4.6.0
  • 900f700 Forward stop signals to tailwindcss watcher (#621)
  • c704ea5 dev: update Gemfile.lock
  • 2938f5a build(deps): bump ruby/setup-ruby in the github-actions group (#624)
  • e9773b5 version bump to v4.5.0
  • 35a521e doc: update CHANGELOG
  • 9a6a58a Support new --silent tailwind flag via [silent] (#618)
  • c169899 build(deps): bump actions/checkout in the github-actions group (#623)
  • 2d75b62 build(deps): bump ruby/setup-ruby in the github-actions group (#622)
  • b3b682d Merge pull request #616 from rails/dependabot/bundler/tailwindcss-ruby-4.3.0
  • Additional commits viewable in compare view

Updates view_component from 4.8.0 to 4.12.0

Release notes

Sourced from view_component's releases.

4.12.0

  • Fix stale render context on reused component instances. A ViewComponent::Base instance memoized its controller, helpers, request, view context, lookup context, view flow, and requested format details on first render via ||=. Rendering the same instance a second time (intentionally or via aliasing) reused that stale context, which could leak data across requests, sessions, or users. #render_in now resets these ivars on every call so each render derives its context from the current view.

    Joel Hawksley

  • Fix HTML-safety bypass in around_render. ViewComponent::Base#around_render could return HTML-unsafe strings that bypassed the escaping applied to normal #call return values, creating an XSS risk. The vulnerability was amplified in ViewComponent::Collection#render_in, which joined per-item results and unconditionally marked the output html_safe. HTML-unsafe strings returned from around_render are now escaped (with a warning) and Collection#render_in now uses safe_join so unsafe per-item output is escaped instead of laundered into a SafeBuffer. Joel Hawksley

4.11.0

  • Update render_in signature to accept **_ for compatibility with Rails #50623.

    Joel Hawksley

  • Fix translation scope resolution in nested lambda-backed slots. Relative t(".key") calls inside lambda-backed slots were resolving against an intermediate component's scope instead of the original partial's scope where the block was defined.

    Artin Boghosian

4.10.0

  • Fix NameError: uninitialized constant ViewComponent::SystemTestControllerNefariousPathError when booting in the test environment with eager_load = true.

    Joel Hawksley

  • Fix yielded content rendered at wrong location when using form helpers.

    Joel Hawksley, Markus

4.9.0

  • Fix path traversal vulnerability in ViewComponentsSystemTestController where sibling directories sharing a string prefix with the allowed temp directory could bypass the path containment check. The start_with? check has been replaced with a separator-aware prefix check, and nefarious path errors now return a 404 instead of an unhandled exception.

    Joel Hawksley

  • Fix preview route vulnerability where inherited methods on ViewComponent::Preview (such as render_with_template) could be invoked via the preview URL, allowing arbitrary internal Rails templates to be rendered with attacker-controlled locals and request parameters. render_args now raises AbstractController::ActionNotFound for any example not explicitly declared on the preview subclass.

    Joel Hawksley

  • Add yard-lint to CI.

    Joel Hawksley

Changelog

Sourced from view_component's changelog.

4.12.0

  • Fix stale render context on reused component instances. A ViewComponent::Base instance memoized its controller, helpers, request, view context, lookup context, view flow, and requested format details on first render via ||=. Rendering the same instance a second time (intentionally or via aliasing) reused that stale context, which could leak data across requests, sessions, or users. #render_in now resets these ivars on every call so each render derives its context from the current view.

    Joel Hawksley

  • Fix HTML-safety bypass in around_render. ViewComponent::Base#around_render could return HTML-unsafe strings that bypassed the escaping applied to normal #call return values, creating an XSS risk. The vulnerability was amplified in ViewComponent::Collection#render_in, which joined per-item results and unconditionally marked the output html_safe. HTML-unsafe strings returned from around_render are now escaped (with a warning) and Collection#render_in now uses safe_join so unsafe per-item output is escaped instead of laundered into a SafeBuffer.

    Joel Hawksley

4.11.0

  • Update render_in signature to accept **_ for compatibility with Rails #50623.

    Joel Hawksley

  • Fix translation scope resolution in nested lambda-backed slots. Relative t(".key") calls inside lambda-backed slots were resolving against an intermediate component's scope instead of the original partial's scope where the block was defined.

    Artin Boghosian

4.10.0

  • Fix NameError: uninitialized constant ViewComponent::SystemTestControllerNefariousPathError when booting in the test environment with eager_load = true.

    Joel Hawksley

  • Fix yielded content rendered at wrong location when using form helpers.

    Joel Hawksley, Markus

4.9.0

  • Fix path traversal vulnerability in ViewComponentsSystemTestController where sibling directories sharing a string prefix with the allowed temp directory could bypass the path containment check. The start_with? check has been replaced with a separator-aware prefix check, and nefarious path errors now return a 404 instead of an unhandled exception.

    Joel Hawksley

  • Fix preview route vulnerability where inherited methods on ViewComponent::Preview (such as render_with_template) could be invoked via the preview URL, allowing arbitrary internal Rails templates to be rendered with attacker-controlled locals and request parameters. render_args now raises AbstractController::ActionNotFound for any example not explicitly declared on the preview subclass.

    Joel Hawksley

  • Add yard-lint to CI.

    Joel Hawksley

Commits

Updates puma from 8.0.1 to 8.0.2

Release notes

Sourced from puma's releases.

v8.0.2

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)

Security advisories

Changelog

Sourced from puma's changelog.

8.0.2 / 2026-05-27

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)
Commits

Updates thruster from 0.1.20 to 0.1.21

Changelog

Sourced from thruster's changelog.

v0.1.21 / 2026-05-17

  • Build with Go 1.26.3
Commits

Updates solid_cable from 3.0.12 to 4.0.0

Release notes

Sourced from solid_cable's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: rails/solid_cable@v3.0.12...v4.0.0

Commits

Updates pagy from 6.5.0 to 9.4.0

Release notes

Sourced from pagy's releases.

Version 9.4.0

🚀 Try the upcoming v43! 🚀

Pagy is about to leap to the next level.

Try the new v43.0.0.rc*.

Leave your comments in the Version 43 discussion.

✴ What's new in 9.0+ ✴

  • Wicked-fast Keyset Pagination for big data! It works with ActiveRecord::Relation and Sequel::Dataset sets.
  • More Playground Apps to showcase, clone and develop pagy APPs without any setup on your side
  • Lots of refactorings and optimizations
  • See the Changelog for possible breaking changes

Changes in 9.4.0

  • Update aria translation for Tamil (#788)
  • Add Slovak localization with west_slavic pluralization rules (#787)

CHANGELOG

Version 9.3.4

✴ What's new in 9.0+ ✴

  • Wicked-fast Keyset Pagination for big data! It works with ActiveRecord::Relation and Sequel::Dataset sets.
  • More Playground Apps to showcase, clone and develop pagy APPs without any setup on your side
  • Lots of refactorings and optimizations
  • See the Changelog for possible breaking changes

Changes in 9.3.4

  • Fix method visibility in JsonApiExtra (#765)

CHANGELOG

Version 9.3.3

✴ What's new in 9.0+ ✴

  • Wicked-fast Keyset Pagination for big data! It works with ActiveRecord::Relation and Sequel::Dataset sets.
  • More Playground Apps to showcase, clone and develop pagy APPs without any setup on your side

... (truncated)

Changelog

Sourced from pagy's changelog.

Version 9.4.0

  • Update aria translation for Tamil (#788)
  • Add Slovak localization with west_slavic pluralization rules (#787)

Version 9.3.5

  • fix quoted identifiers in keyset (#780)
  • Fix clone command (#770)

Version 9.3.4

  • Fix method visibility in JsonApiExtra (#765)

Version 9.3.3

  • Add test for locales - to find problematic keys (#752)
  • Update locales: zh-CN, zh-HK, zh-TW (#751) (fix #608, fix #609, fix #610)
    • Remove :other from :aria_label key and code comment
    • Change :item_name which had :one_other keys to default to the :other key
    • Fix comment

Version 9.3.2

  • Improve gapped series computation by a few milliseconds

Version 9.3.1

  • Added qualified column names to the keyset query

Version 9.3.0

  • Remove the :typecast_latest variable
  • Add the :jsonify_keyset_attributes variable to override the encoding (#749)

Version 9.2.2

  • Replace inline templates with template block in sinatra apps
  • Replace the rails calendar app with a sinatra app
  • Add PagyApps::INDEX

Version 9.2.1

  • Improve bin/pagy to dynamically find apps and descriptions
  • Apps refactoring:
    • Update rails to 8.0
    • Replace rails AR keyset apps with sinatra apps
    • Improve consistency

Version 9.2.0

... (truncated)

Commits

Updates jbuilder from 2.14.1 to 2.15.1

Release notes

Sourced from jbuilder's releases.

v2.15.1

What's Changed

New Contributors

Full Changelog: rails/jbuilder@v2.15.0...v2.15.1

v2.15.0

What's Changed

New Contributors

Full Changelog: rails/jbuilder@v2.14.1...v2.15.0

Commits
  • 31eb6e9 Prepare for 2.15.1
  • 154b0fe Merge pull request #617 from rails/rm-fix-616
  • d3e763b Fix partial for Active Model when extra locals are passed in
  • 018083d Prepare for 2.15.0
  • 72cf067 Update devcontainer image to Ruby 4.0.4 and add devcontainer-lock.json
  • d35a962 Merge pull request #615 from taketo1113/ci-rails8.1-ruby4.0
  • cc42e7e CI: Add Rails 8.1 & Ruby 4.0 to CI Matrix
  • cd7482e Merge pull request #613 from affinity/moberegger/fix-inline-partial-locals-be
  • 58283a0 Merge pull request #612 from affinity/moberegger/optimize-_map_collection
  • 09ca3e1 Merge pull request #603 from taketo1113/update-rack-unprocessable_content
  • Additional commits viewable in compare view

Updates json from 2.19.5 to 2.19.9

Release notes

Sourced from json's releases.

v2.19.9

  • Fix buffer overflow that could lead to a crash when writing JSON directly into an IO with JSON.generate(object, io). [CVE-2026-54696].

Full Changelog: ruby/json@v2.19.8...v2.19.9

v2.19.8

What's Changed

  • Fix 1-byte buffer overread on EOS errors.
  • Handle invalid types passed as max_nesting option.

Full Changelog: ruby/json@v2.19.7...v2.19.8

v2.19.7

What's Changed

  • Fix some more edge cases with out of range floats.
  • Ensure the string provided to JSON.parse can't be mutated during parsing.
  • Add missing write barriers in State#dup.
  • Further validate generator depth config.

Full Changelog: ruby/json@v2.19.6...v2.19.7

v2.19.6

What's Changed

  • Cleanly handle overly large depth generator argument.
  • Add missing write barrier in ParserConfig.

Full Changelog: ruby/json@v2.19.5...v2.19.6

Changelog

Sourced from json's changelog.

2026-06-11 (2.19.9)

  • Fix buffer overflow that could lead to a crash when writing JSON directly into an IO with JSON.generate(object, io). [CVE-2026-54696].

2026-06-03 (2.19.8)

  • Fix 1-byte buffer overread on EOS errors.
  • Handle invalid types passed as max_nesting option.

2026-05-28 (2.19.7)

  • Fix some more edge cases with out of range floats.
  • Ensure the string provided to JSON.parse can't be mutated during parsing.
  • Add missing write barriers in State#dup.
  • Further validate generator depth config.

2026-05-28 (2.19.6)

  • Cleanly handle overly large depth generator argument.
  • Add missing write barrier in ParserConfig.
Commits
  • 2cff267 Release 2.19.9
  • fd6a65b generator.c: don't start with a stack buffer in IO case
  • 5233dd9 Release 2.19.8
  • 3f44b26 Prevent buffer over-read when generating EOF error
  • be8d068 Handle invalid types passed as max_nesting option
  • 59501c0 Get rid of all_images gem
  • c7a7b2b Add a security note in README
  • ab6c8f2 Release 2.19.7
  • f033b9d Fix some more edge cases with out of range floats
  • 5ca8a67 parser.c: Ensure the user provided string can't be mutated
  • Additional commits viewable in compare view

Updates stripe from 19.1.0 to 19.2.1

Release notes

Sourced from stripe's releases.

v19.2.1

  • #1874 Add "source" field to user-agent header

See the changelog for more details.

v19.2.0

This release changes the pinned API version to 2026-05-27.dahlia.

  • #1864 Update generated code
    • Add support for new resource V2::Commerce::ProductCatalogImport
    • Add support for create and retrieve methods on resource V2::Commerce::ProductCatalogImport
    • Add support for bizum_payments and scalapay_payments on Account::Capability, AccountCreateParams::Capability, and AccountUpdateParams::Capability
    • Add support for automatic_transfer_rules_by_currency on BalanceSettings::Payment::Payout and BalanceSettingsUpdateParams::Payment::Payout
    • Add support for start_of_day on BalanceSettings::Payment::SettlementTiming and BalanceSettingsUpdateParams::Payment::SettlementTiming
    • Add support for description on ChargeCreateParams::TransferDatum, PaymentIntent::TransferDatum, PaymentIntentCreateParams::TransferDatum, and PaymentIntentUpdateParams::TransferDatum
    • Add support for bizum on Charge::PaymentMethodDetail, ConfirmationToken::PaymentMethodPreview, ConfirmationTokenCreateParams::PaymentMethodDatum, PaymentAttemptRecord::PaymentMethodDetail, PaymentIntent::PaymentMethodOption, PaymentIntentConfirmParams::PaymentMethodDatum, PaymentIntentConfirmParams::PaymentMethodOption, PaymentIntentCreateParams::PaymentMethodDatum, PaymentIntentCreateParams::PaymentMethodOption, PaymentIntentUpdateParams::PaymentMethodDatum, PaymentIntentUpdateParams::PaymentMethodOption, PaymentMethodConfigurationCreateParams, PaymentMethodConfigurationUpdateParams, PaymentMethodConfiguration, PaymentMethodCreateParams, PaymentMethod, PaymentRecord::PaymentMethodDetail, SetupIntent::PaymentMethodOption, SetupIntentConfirmParams::PaymentMethodDatum, SetupIntentConfirmParams::PaymentMethodOption, SetupIntentCreateParams::PaymentMethodDatum, SetupIntentCreateParams::PaymentMethodOption, SetupIntentUpdateParams::PaymentMethodDatum, and SetupIntentUpdateParams::PaymentMethodOption
    • Add support for scalapay on Charge::PaymentMethodDetail, Checkout::Session::PaymentMethodOption, Checkout::SessionCreateParams::PaymentMethodOption, ConfirmationToken::PaymentMethodPreview, ConfirmationTokenCreateParams::PaymentMethodDatum, PaymentAttemptRecord::PaymentMethodDetail, PaymentIntent::PaymentMethodOption, PaymentIntentConfirmParams::PaymentMethodDatum, PaymentIntentConfirmParams::PaymentMethodOption, PaymentIntentCreateParams::PaymentMethodDatum, PaymentIntentCreateParams::PaymentMethodOption, PaymentIntentUpdateParams::PaymentMethodDatum, PaymentIntentUpdateParams::PaymentMethodOption, PaymentMethodConfigurationCreateParams, PaymentMethodConfigurationUpdateParams, PaymentMethodConfiguration, PaymentMethodCreateParams, PaymentMethod, PaymentRecord::PaymentMethodDetail, Refund::DestinationDetail, SetupIntentConfirmParams::PaymentMethodDatum, SetupIntentCreateParams::PaymentMethodDatum, and SetupIntentUpdateParams::PaymentMethodDatum
    • Add support for mandate on Charge::PaymentMethodDetail::Twint, PaymentAttemptRecord::PaymentMethodDetail::Twint, and PaymentRecord::PaymentMethodDetail::Twint
    • Change type of Checkout::SessionCreateParams::PaymentMethodOption::Twint.setup_future_usage, PaymentIntentConfirmParams::PaymentMethodOption::Twint.setup_future_usage, PaymentIntentCreateParams::PaymentMethodOption::Twint.setup_future_usage, and PaymentIntentUpdateParams::PaymentMethodOption::Twint.setup_future_usage from literal('none') to enum('none'|'off_session')
    • ⚠️ Change type of Checkout::Session::PaymentMethodOption::Twint.setup_future_usage and PaymentIntent::PaymentMethodOption::Twint.setup_future_usage from literal('none') to enum('none'|'off_session')
    • Add support for credited_items on InvoiceItem::ProrationDetail
    • Add support for discountable on InvoiceCreatePreviewParams::ScheduleDetail::Phase::AddInvoiceItem, SubscriptionCreateParams::AddInvoiceItem, SubscriptionSchedule::Phase::AddInvoiceItem, SubscriptionScheduleCreateParams::Phase::AddInvoiceItem, SubscriptionScheduleUpdateParams::Phase::AddInvoiceItem, and SubscriptionUpdateParams::AddInvoiceItem
    • Add support for billing_schedules on InvoiceCreatePreviewParams::SubscriptionDetail, SubscriptionCreateParams, SubscriptionUpdateParams, and Subscription
    • Add support for amount_paid_off_stripe on Invoice
    • Add support for twint on Mandate::PaymentMethodDetail and SetupAttempt::PaymentMethodDetail
    • Add support for metadata on PaymentIntent::TransferDatum, PaymentIntentCreateParams::TransferDatum, PaymentIntentUpdateParams::TransferDatum, and Subscription::PendingUpdate
    • Add support for payment_data on PaymentIntent::TransferDatum, PaymentIntentCreateParams::TransferDatum, and PaymentIntentUpdateParams::TransferDatum
    • Add support for blik_authorize on PaymentIntent::NextAction and SetupIntent::NextAction
    • Add support for payment_method_options on PaymentLinkCreateParams, PaymentLinkUpdateParams, and PaymentLink...

      Description has been truncated

Bumps the ruby-deps group with 17 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [bootsnap](https://github.com/rails/bootsnap) | `1.24.2` | `1.24.6` |
| [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) | `2.9.3` | `2.9.5` |
| [image_processing](https://github.com/janko/image_processing) | `1.14.0` | `2.0.2` |
| [tailwindcss-rails](https://github.com/rails/tailwindcss-rails) | `4.4.0` | `4.6.0` |
| [view_component](https://github.com/viewcomponent/view_component) | `4.8.0` | `4.12.0` |
| [puma](https://github.com/puma/puma) | `8.0.1` | `8.0.2` |
| [thruster](https://github.com/basecamp/thruster) | `0.1.20` | `0.1.21` |
| [solid_cable](https://github.com/rails/solid_cable) | `3.0.12` | `4.0.0` |
| [pagy](https://github.com/ddnexus/pagy) | `6.5.0` | `9.4.0` |
| [jbuilder](https://github.com/rails/jbuilder) | `2.14.1` | `2.15.1` |
| [json](https://github.com/ruby/json) | `2.19.5` | `2.19.9` |
| [stripe](https://github.com/stripe/stripe-ruby) | `19.1.0` | `19.2.1` |
| [brakeman](https://github.com/presidentbeef/brakeman) | `8.0.4` | `8.0.5` |
| [rubocop](https://github.com/rubocop/rubocop) | `1.86.1` | `1.88.0` |
| [shoulda-matchers](https://github.com/thoughtbot/shoulda-matchers) | `7.0.1` | `8.0.1` |
| [selenium-webdriver](https://github.com/SeleniumHQ/selenium) | `4.43.0` | `4.45.0` |
| [kamal](https://github.com/basecamp/kamal) | `2.11.0` | `2.12.0` |



Updates `bootsnap` from 1.24.2 to 1.24.6
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](rails/bootsnap@v1.24.2...v1.24.6)

Updates `sqlite3` from 2.9.3 to 2.9.5
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/sqlite3-ruby@v2.9.3...v2.9.5)

Updates `image_processing` from 1.14.0 to 2.0.2
- [Changelog](https://github.com/janko/image_processing/blob/master/CHANGELOG.md)
- [Commits](janko/image_processing@v1.14.0...v2.0.2)

Updates `tailwindcss-rails` from 4.4.0 to 4.6.0
- [Release notes](https://github.com/rails/tailwindcss-rails/releases)
- [Changelog](https://github.com/rails/tailwindcss-rails/blob/main/CHANGELOG.md)
- [Commits](rails/tailwindcss-rails@v4.4.0...v4.6.0)

Updates `view_component` from 4.8.0 to 4.12.0
- [Release notes](https://github.com/viewcomponent/view_component/releases)
- [Changelog](https://github.com/ViewComponent/view_component/blob/main/docs/CHANGELOG.md)
- [Commits](ViewComponent/view_component@v4.8.0...v4.12.0)

Updates `puma` from 8.0.1 to 8.0.2
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](puma/puma@v8.0.1...v8.0.2)

Updates `thruster` from 0.1.20 to 0.1.21
- [Changelog](https://github.com/basecamp/thruster/blob/main/CHANGELOG.md)
- [Commits](basecamp/thruster@v0.1.20...v0.1.21)

Updates `solid_cable` from 3.0.12 to 4.0.0
- [Release notes](https://github.com/rails/solid_cable/releases)
- [Commits](rails/solid_cable@v3.0.12...v4.0.0)

Updates `pagy` from 6.5.0 to 9.4.0
- [Release notes](https://github.com/ddnexus/pagy/releases)
- [Changelog](https://github.com/ddnexus/pagy/blob/9.4.0/CHANGELOG.md)
- [Commits](ddnexus/pagy@6.5.0...9.4.0)

Updates `jbuilder` from 2.14.1 to 2.15.1
- [Release notes](https://github.com/rails/jbuilder/releases)
- [Commits](rails/jbuilder@v2.14.1...v2.15.1)

Updates `json` from 2.19.5 to 2.19.9
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v2.19.5...v2.19.9)

Updates `stripe` from 19.1.0 to 19.2.1
- [Release notes](https://github.com/stripe/stripe-ruby/releases)
- [Changelog](https://github.com/stripe/stripe-ruby/blob/master/CHANGELOG.md)
- [Commits](stripe/stripe-ruby@v19.1.0...v19.2.1)

Updates `brakeman` from 8.0.4 to 8.0.5
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](presidentbeef/brakeman@v8.0.4...v8.0.5)

Updates `rubocop` from 1.86.1 to 1.88.0
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop@v1.86.1...v1.88.0)

Updates `shoulda-matchers` from 7.0.1 to 8.0.1
- [Release notes](https://github.com/thoughtbot/shoulda-matchers/releases)
- [Changelog](https://github.com/thoughtbot/shoulda-matchers/blob/main/CHANGELOG.md)
- [Commits](thoughtbot/shoulda-matchers@v7.0.1...v8.0.1)

Updates `selenium-webdriver` from 4.43.0 to 4.45.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](SeleniumHQ/selenium@selenium-4.43.0...selenium-4.45.0)

Updates `kamal` from 2.11.0 to 2.12.0
- [Release notes](https://github.com/basecamp/kamal/releases)
- [Commits](basecamp/kamal@v2.11.0...v2.12.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.24.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: sqlite3
  dependency-version: 2.9.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: image_processing
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ruby-deps
- dependency-name: tailwindcss-rails
  dependency-version: 4.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: view_component
  dependency-version: 4.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: puma
  dependency-version: 8.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: thruster
  dependency-version: 0.1.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: solid_cable
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ruby-deps
- dependency-name: pagy
  dependency-version: 9.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ruby-deps
- dependency-name: jbuilder
  dependency-version: 2.15.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: json
  dependency-version: 2.19.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: stripe
  dependency-version: 19.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: brakeman
  dependency-version: 8.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: rubocop
  dependency-version: 1.88.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: shoulda-matchers
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: ruby-deps
- dependency-name: selenium-webdriver
  dependency-version: 4.45.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
- dependency-name: kamal
  dependency-version: 2.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jun 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants