Update Mend: high confidence minor and patch dependency updates

[mend-for-g.yxqyang.asia]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
brakeman (source, changelog)	6.1.1 -> 6.2.2
capybara (changelog)	3.39.2 -> 3.40.0
connection_pool (changelog)	2.4.1 -> 2.5.3
cssbundling-rails (changelog)	1.3.3 -> 1.4.3
dalli (changelog)	3.2.6 -> 3.2.8
debug (changelog)	1.9.1 -> 1.10.0
delayed_job (changelog)	4.1.11 -> 4.1.13
delayed_job_active_record	4.1.8 -> 4.1.11
eslint-plugin-import	2.27.5 -> 2.31.0
google-cloud-storage (source)	1.45.0 -> 1.56.0
image_processing (changelog)	1.12.2 -> 1.14.0
jbuilder (changelog)	2.11.5 -> 2.13.0
jsbundling-rails (changelog)	1.2.1 -> 1.3.1
listen (changelog)	3.8.0 -> 3.9.0
minitest (changelog)	">= 5.15.0", "< 5.22.0" -> ">= 5.15.0", "< 5.25.6"
propshaft	0.8.0 -> 0.9.1
qunit (source)	2.19.4 -> 2.24.1
rake (changelog)	13.1.0 -> 13.2.1
redcarpet	"~> 3.2.3" -> "~> 3.6.0"
redis (changelog)	5.0.8 -> 5.4.0
rexml (changelog)	3.2.6 -> 3.4.1
rollup (source)	2.79.1 -> 2.79.2
rouge (source, changelog)	4.2.0 -> 4.5.2
rubocop-minitest (source, changelog)	0.34.3 -> 0.38.0
rubocop-performance (source, changelog)	1.20.1 -> 1.25.0
rubyzip (changelog)	2.3.2 -> 2.4.1
sidekiq (source, changelog)	7.2.0 -> 7.3.9
sprockets-rails (changelog)	3.4.2 -> 3.5.2
stackprof (changelog)	0.2.25 -> 0.2.27
stimulus-rails (source)	1.3.0 -> 1.3.4
terser (changelog)	1.1.20 -> 1.2.5
webmock (changelog)	3.19.1 -> 3.25.1
webpack	4.46.0 -> 4.47.0
webrick	1.8.1 -> 1.9.1

---

Release Notes

presidentbeef/brakeman (brakeman)

v6.2.2

Compare Source

• Ignore more native gems when building gem
• Revamp command injection in pipeline* calls
• New end-of-support dates for Rails

v6.2.1

Just a packaging fix for brakeman.gem

v6.2.0

• Add --show-ignored option (Gabriel Zayas)
• Add optional support for Prism parser
• Warn about unscoped finds with find_by!
• Treat ::X and X the same, for now (Jill Klang)
• Fix compatibility with default frozen string literals (Jean Boussier)
• Remediation advice for command injection (Nicholas Barone)
• Fix Ruby warnings in test suite (Jean Boussier)
• Support YAML aliases in secret configs (Chedli Bourguiba)
• Add initial Rails 8 support (Ron Shinall)
• Handle mass assignment with splats
• Add support for symbolic links (Lu Zhu)

v6.1.2

Compare Source

• Update Highline to 3.0
• Add EOL date for Ruby 3.3.0
• Avoid copying Sexps that are too large
• Avoid detecting ViewComponentContrib::Base as dynamic render paths (vividmuimui)
• Remove deprecated use of Kernel#open("|...")
• Remove safe_yaml gem dependency
• Avoid detecting Phlex components as dynamic render paths (Máximo Mussini)

teamcapybara/capybara (capybara)

v3.40.0

Compare Source

Release date: 2024-01-26

Changned

• Dropped support for Ruby 2.7, 3.0+ is now required
• Dropped support for Selenium < 4.8
• Use the new headless option on chromedriver with registered selenium driver [Neil Carvalho]

Added

• Capybara::Result#to_ary to support multiple assignment [Sean Doyle]
• has_element? and related matchers [Sean Doyle]
• Rack 3 support

Fixed

• Forward save_screenshot options to selenium - Issue 2738
• Rack test - don't auto submit forms with multiple inputs [Mitchell Henke]
• Table row selector matches cell values in order - Issue 2686 [Jeff Parr]
• Table row selector fixes for first column - Issue 2685 [Jeff Par]

mperham/connection_pool (connection_pool)

v2.5.3

Compare Source

• Fix TruffleRuby/JRuby crash [#​201]

v2.5.2

Compare Source

• Rollback inadvertant change to auto_reload_after_fork default. [#​200]

v2.5.1

Compare Source

• Pass options to TimedStack in checkout [#​195]
• Optimize connection lookup [#​196]
• Fixes for use with Ractors

v2.5.0

Compare Source

• Reap idle connections [#​187]

idle_timeout = 60
pool = ConnectionPool.new ...
pool.reap(idle_timeout, &:close)

• ConnectionPool#idle returns the count of connections not in use [#​187]

rails/cssbundling-rails (cssbundling-rails)

v1.4.3

Compare Source

What's Changed

• Improve package manager detection for Bun 1.2 compatibility by @​r3cha in https://github.com/rails/cssbundling-rails/pull/165
• Fixes a couple minor issues with bootstrap out of the box by @​mattrasband in https://github.com/rails/cssbundling-rails/pull/160

New Contributors

• @​mec made their first contribution in https://github.com/rails/cssbundling-rails/pull/167
• @​r3cha made their first contribution in https://github.com/rails/cssbundling-rails/pull/165
• @​mattrasband made their first contribution in https://github.com/rails/cssbundling-rails/pull/160

Full Changelog: rails/cssbundling-rails@v1.4.2...v1.4.3

v1.4.2

Compare Source

What's Changed

• Update for Tailwind CSS v4 by @​justalever in https://github.com/rails/cssbundling-rails/pull/164

Full Changelog: rails/cssbundling-rails@v1.4.1...v1.4.2

v1.4.1

Compare Source

What's Changed

• Disable loading .env file when running foreman for development by @​Flixt in https://github.com/rails/cssbundling-rails/pull/155
• Overwrite bin/dev by force to deal with new default bin/dev file coming in Rails 8 by @​dhh

Full Changelog: rails/cssbundling-rails@v1.4.0...v1.4.1

v1.4.0

Compare Source

What's Changed

• Fix bun/bootstrap escaping issue by @​dhh in 09d81cb
• Synchronize bin/dev from jsbundling-rails to cssbundling-rails by @​dorianmarie in https://github.com/rails/cssbundling-rails/pull/151
• Use Thor's apply instead of a prerequisite task by @​jonathanhefner in https://github.com/rails/cssbundling-rails/pull/150
• Fix running "rails new --css bootstrap" on 7.1 by @​skipkayhil in https://github.com/rails/cssbundling-rails/pull/147
• PNPM Support by @​ksylvest in https://github.com/rails/cssbundling-rails/pull/145

New Contributors

• @​sedubois made their first contribution in https://github.com/rails/cssbundling-rails/pull/129
• @​dorianmarie made their first contribution in https://github.com/rails/cssbundling-rails/pull/151
• @​jonathanhefner made their first contribution in https://github.com/rails/cssbundling-rails/pull/150
• @​tylerpaige made their first contribution in https://github.com/rails/cssbundling-rails/pull/148
• @​skipkayhil made their first contribution in https://github.com/rails/cssbundling-rails/pull/147
• @​ksylvest made their first contribution in https://github.com/rails/cssbundling-rails/pull/145

Full Changelog: rails/cssbundling-rails@v1.3.3...v1.4.0

petergoldstein/dalli (dalli)

v3.2.8

Compare Source

==========

• Handle IO::TimeoutError when establishing connection (eugeneius)
• Drop dependency on base64 gem (Earlopain)
• Address incompatibility with resolv-replace (y9v)
• Add rubygems.org metadata (m-nakamura145)

v3.2.7

Compare Source

==========

• Fix cascading error when there's an underlying network error in a pipelined get (eugeneius)
• Ruby 3.4/head compatibility by adding base64 to gemspec (tagliala)
• Add Ruby 3.3 to CI (m-nakamura145)
• Use Socket's connect_timeout when available, and pass timeout to the socket's send and receive timeouts (mlarraz)

ruby/debug (debug)

v1.10.0

Compare Source

What's Changed

• Remote debugging
  • Add option to try to connect to a range of TCP ports by @​gerymate in https://github.com/ruby/debug/pull/1119
• Bug fixes
  • do not include $FILENAME in globals by @​nyz93 in https://github.com/ruby/debug/pull/1105
  • Accept colon style Hash#inspect in test/console/print_test.rb by @​tompng in https://github.com/ruby/debug/pull/1111
  • Fix flaky tests by @​nobu in https://github.com/ruby/debug/pull/1116
  • Fix irb_test prompt assertion failure by @​tompng in https://github.com/ruby/debug/pull/1100
  • Improve RUBYOPT's handling in tests by @​st0012 in https://github.com/ruby/debug/pull/1097
  • allow puts without argument by @​ko1 in https://github.com/ruby/debug/pull/1124
  • port_range lvar is not defined by @​ko1 in https://github.com/ruby/debug/pull/1126
• Misc
  • Add changelog_uri to gemspec by @​fynsta in https://github.com/ruby/debug/pull/1106
  • Fix minor typos / grammar in README.md by @​ozydingo in https://github.com/ruby/debug/pull/1101

New Contributors

• @​nyz93 made their first contribution in https://github.com/ruby/debug/pull/1105
• @​fynsta made their first contribution in https://github.com/ruby/debug/pull/1106
• @​ozydingo made their first contribution in https://github.com/ruby/debug/pull/1101
• @​gerymate made their first contribution in https://github.com/ruby/debug/pull/1119

Full Changelog: ruby/debug@v1.9.2...v1.10.0

v1.9.2

Compare Source

What's Changed

• config
  • Make irb_console toggleable with config update by @​st0012 in https://github.com/ruby/debug/pull/1057
• internal
  • Stop assuming Array#each is written in C by @​k0kubun in https://github.com/ruby/debug/pull/1061
  • Add base64 gem to the dependencies by @​y-yagi in https://github.com/ruby/debug/pull/1066
  • Support Ruby 3.4's new error message format by @​hsbt in https://github.com/ruby/debug/pull/1080
  • catch up ruby 3.4.0 error related changes by @​ko1 in https://github.com/ruby/debug/pull/1083
  • Fix syntax warnings by @​casperisfine in https://github.com/ruby/debug/pull/1072
  • Drop base64 dependency by @​Earlopain in https://github.com/ruby/debug/pull/1071
  • Fix ENOENT error when readline is not loaded by @​lazyatom in https://github.com/ruby/debug/pull/1073
  • Remove and Restore irb configuration like irbrc while irb console tests by @​hsbt in https://github.com/ruby/debug/pull/1067
  • Use rb_iseqw_to_iseq to get iseq pointer by @​peterzhu2118 in https://github.com/ruby/debug/pull/1093
• tests
  • Add Ruby 3.3 to CI matrix by @​st0012 in https://github.com/ruby/debug/pull/1058
  • Use ruby/actions workflow for ruby versions by @​m-nakamura145 in https://github.com/ruby/debug/pull/1065
  • Separate setup and execution steps in CI by @​ono-max in https://github.com/ruby/debug/pull/1088
  • Fix flakey test "test_reponse_returns_correct_threads_info" by @​ono-max in https://github.com/ruby/debug/pull/1089
  • Add Launchable in CI by @​ono-max in https://github.com/ruby/debug/pull/1090
• doc
  • Correct the irb command's description by @​st0012 in https://github.com/ruby/debug/pull/1056
  • Fix prelude doc example to use curly braces by @​adam12 in https://github.com/ruby/debug/pull/1052
  • Mention IRB console in readme by @​st0012 in https://github.com/ruby/debug/pull/1092

New Contributors

• @​Earlopain made their first contribution in https://github.com/ruby/debug/pull/1071
• @​lazyatom made their first contribution in https://github.com/ruby/debug/pull/1073
• @​m-nakamura145 made their first contribution in https://github.com/ruby/debug/pull/1065

Full Changelog: ruby/debug@v1.9.1...v1.9.2

collectiveidea/delayed_job (delayed_job)

v4.1.13

Compare Source

=======================

• Enable Rails 8

v4.1.12

Compare Source

=======================

• Add missing require for extract_options
• Fix rails 7.2 ActiveSupport::ProxyObject deprecation
• Multiple contributors on current and legacy test suite improvements

collectiveidea/delayed_job_active_record (delayed_job_active_record)

v4.1.11

Compare Source

What's Changed

• Rails 8 by @​albus522 in https://github.com/collectiveidea/delayed_job_active_record/pull/242
• Fix some typos by @​jdufresne in https://github.com/collectiveidea/delayed_job_active_record/pull/240
• Prepare 4.1.11 release by @​albus522 in https://github.com/collectiveidea/delayed_job_active_record/pull/243

New Contributors

• @​jdufresne made their first contribution in https://github.com/collectiveidea/delayed_job_active_record/pull/240

Full Changelog: collectiveidea/delayed_job_active_record@v4.1.10...v4.1.11

v4.1.10

Compare Source

What's Changed

• Fix error in updated clear_all_connections handling by @​albus522 in https://github.com/collectiveidea/delayed_job_active_record/pull/236

Full Changelog: collectiveidea/delayed_job_active_record@v4.1.9...v4.1.10

v4.1.9

Compare Source

What's Changed

• Fix deprecation warning for clear_all_connections! by @​c960657 in https://github.com/collectiveidea/delayed_job_active_record/pull/226
• Optimize PG reservation query for PG >=9.5 by @​stevenharman in https://github.com/collectiveidea/delayed_job_active_record/pull/215
• Optimize mysql query with trilogy gem by @​taketo1113 in https://github.com/collectiveidea/delayed_job_active_record/pull/222
• Add trilogy gem to CI by @​taketo1113 in https://github.com/collectiveidea/delayed_job_active_record/pull/223
• Multiple test suite update contributors

New Contributors

• @​taketo1113 made their first contribution in https://github.com/collectiveidea/delayed_job_active_record/pull/222
• @​m-nakamura145 made their first contribution in https://github.com/collectiveidea/delayed_job_active_record/pull/224
• @​c960657 made their first contribution in https://github.com/collectiveidea/delayed_job_active_record/pull/226
• @​stevenharman made their first contribution in https://github.com/collectiveidea/delayed_job_active_record/pull/215

Full Changelog: collectiveidea/delayed_job_active_record@v4.1.8...v4.1.9

import-js/eslint-plugin-import (eslint-plugin-import)

v2.31.0

Compare Source

Added

• support eslint v9 ([#​2996], thanks [@​G-Rath] [@​michaelfaith])
• [order]: allow validating named imports ([#​3043], thanks [@​manuth])
• [extensions]: add the checkTypeImports option ([#​2817], thanks [@​phryneas])

Fixed

• ExportMap / flat config: include languageOptions in context ([#​3052], thanks [@​michaelfaith])
• [no-named-as-default]: Allow using an identifier if the export is both a named and a default export ([#​3032], thanks [@​akwodkiewicz])
• [export]: False positive for exported overloaded functions in TS ([#​3065], thanks [@​liuxingbaoyu])
• exportMap: export map cache is tainted by unreliable parse results ([#​3062], thanks [@​michaelfaith])
• exportMap: improve cacheKey when using flat config ([#​3072], thanks [@​michaelfaith])
• adjust "is source type module" checks for flat config ([#​2996], thanks [@​G-Rath])

Changed

• [Docs] [no-relative-packages]: fix typo ([#​3066], thanks [@​joshuaobrien])
• [Performance] [no-cycle]: dont scc for each linted file ([#​3068], thanks [@​soryy708])
• [Docs] [no-cycle]: add disableScc to docs ([#​3070], thanks [@​soryy708])
• [Tests] use re-exported RuleTester ([#​3071], thanks [@​G-Rath])
• [Docs] [no-restricted-paths]: fix grammar ([#​3073], thanks [@​unbeauvoyage])
• [Tests] [no-default-export], [no-named-export]: add test case (thanks [@​G-Rath])

v2.30.0

Compare Source

Added

• [dynamic-import-chunkname]: add allowEmpty option to allow empty leading comments ([#​2942], thanks [@​JiangWeixian])
• [dynamic-import-chunkname]: Allow empty chunk name when webpackMode: 'eager' is set; add suggestions to remove name in eager mode ([#​3004], thanks [@​amsardesai])
• [no-unused-modules]: Add ignoreUnusedTypeExports option ([#​3011], thanks [@​silverwind])
• add support for Flat Config ([#​3018], thanks [@​michaelfaith])

Fixed

• [no-extraneous-dependencies]: allow wrong path ([#​3012], thanks [@​chabb])
• [no-cycle]: use scc algorithm to optimize ([#​2998], thanks [@​soryy708])
• [no-duplicates]: Removing duplicates breaks in TypeScript ([#​3033], thanks [@​yesl-kim])
• [newline-after-import]: fix considerComments option when require ([#​2952], thanks [@​developer-bandi])
• [order]: do not compare first path segment for relative paths ([#​2682]) ([#​2885], thanks [@​mihkeleidast])

Changed

• [Docs] [no-extraneous-dependencies]: Make glob pattern description more explicit ([#​2944], thanks [@​mulztob])
• [no-unused-modules]: add console message to help debug [#​2866]
• [Refactor] ExportMap: make procedures static instead of monkeypatching exportmap ([#​2982], thanks [@​soryy708])
• [Refactor] ExportMap: separate ExportMap instance from its builder logic ([#​2985], thanks [@​soryy708])
• [Docs] [order]: Add a quick note on how unbound imports and --fix ([#​2640], thanks [@​minervabot])
• [Tests] appveyor -> GHA (run tests on Windows in both pwsh and WSL + Ubuntu) ([#​2987], thanks [@​joeyguerra])
• [actions] migrate OSX tests to GHA ([ljharb#37], thanks [@​aks-])
• [Refactor] exportMapBuilder: avoid hoisting ([#​2989], thanks [@​soryy708])
• [Refactor] ExportMap: extract "builder" logic to separate files ([#​2991], thanks [@​soryy708])
• [Docs] [order]: update the description of the pathGroupsExcludedImportTypes option ([#​3036], thanks [@​liby])
• [readme] Clarify how to install the plugin ([#​2993], thanks [@​jwbth])

v2.29.1

Compare Source

Fixed

• [no-extraneous-dependencies]: ignore export type { ... } from '...'

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

disabled