Bump the minor-and-patch group across 1 directory with 6 updates

[dependabot]

Bumps the minor-and-patch group with 5 updates in the / directory:

Package	From	To
ruby-lsp	0.26.4	0.26.5
dalli	4.0.0	4.2.0
graphql	2.5.16	2.5.18
shopify-money	3.2.5	3.2.7
sorbet-static	0.6.12887	0.6.12908

Updates ruby-lsp from 0.26.4 to 0.26.5

Release notes

Sourced from ruby-lsp's releases.

v0.26.5

✨ Enhancements

• Sync URI::Source with Tapioca (Shopify/ruby-lsp#3891) by @​amomchilov
• Enable "toggle block style" refactor when there's no selection (Shopify/ruby-lsp#3818) by @​rolandcrosby-columntax
• Implement goto definition for send and public send (Shopify/ruby-lsp#3882) by @​sucicfilip

🐛 Bug Fixes

• Exclude magic comments from documentation (Shopify/ruby-lsp#3844) by @​thomasmarshall
• Skip adding documentation for require completions (Shopify/ruby-lsp#3874) by @​vinistock
• Use URI instead of path for read more keyword read more links (Shopify/ruby-lsp#3873) by @​vinistock

📦 Other Changes

• Upgrade Bundler to v4.0.0.beta2 (Shopify/ruby-lsp#3840) by @​vinistock
• Add detection reasons to auto-detection log messages (Shopify/ruby-lsp#3859) by @​adam12

Commits

• 7eb2eb7 Refactor release workflows (#3911)
• e25d484 Bump extension version to v0.9.33
• 3d510bf Merge pull request #3910 from Shopify/rmf-nix
• ff46475 Use nix to manage dependencies of this project
• 4c6c71e Merge pull request #3909 from reese/reese-bare-heredoc-highlighting
• 59da6a0 Fix bare heredoc syntax highlighting
• f397736 Merge pull request #3882 from sucicfilip/feature/goto-definition-for-send-and...
• 25bab9d Remove dupplication to get enclosing call and its name
• 939ee92 Remove redundant code for send and public_send definition handling
• 4505f5b Implement goto definition for send and public send
• Additional commits viewable in compare view

Updates dalli from 4.0.0 to 4.2.0

Changelog

Sourced from dalli's changelog.

4.2.0

Performance:

• Buffered I/O: Use socket.sync = false with explicit flush to reduce syscalls for pipelined operations
• get_multi optimizations: Use Set for O(1) server tracking lookups
• Raw mode optimization: Skip bitflags request in meta protocol when in raw mode (saves 2 bytes per request)

New Features:

• OpenTelemetry tracing support: Automatically instruments operations when OpenTelemetry SDK is present
  • Zero overhead when OpenTelemetry is not loaded
  • Traces get, set, delete, get_multi, set_multi, delete_multi, get_with_metadata, and fetch_with_lock
  • Spans include db.system: memcached and db.operation attributes
  • Single-key operations include server.address attribute
  • Multi-key operations include db.memcached.key_count attribute
  • get_multi spans include db.memcached.hit_count and db.memcached.miss_count for cache efficiency metrics
  • Exceptions are automatically recorded on spans with error status

4.1.0

New Features:

• Add set_multi for efficient bulk set operations using pipelined requests
• Add delete_multi for efficient bulk delete operations using pipelined requests
• Add fetch_with_lock for thundering herd protection using meta protocol's vivify/recache flags (requires memcached 1.6+)
• Add thundering herd protection support to meta protocol (requires memcached 1.6+):
  • N (vivify) flag for creating stubs on cache miss
  • R (recache) flag for winning recache race when TTL is below threshold
  • Response flags W (won recache), X (stale), Z (lost race)
  • delete_stale method for marking items as stale instead of deleting
• Add get_with_metadata for advanced cache operations with metadata retrieval (requires memcached 1.6+):
  • Returns hash with :value, :cas, :won_recache, :stale, :lost_recache
  • Optional :return_hit_status returns :hit_before (true/false for previous access)
  • Optional :return_last_access returns :last_access (seconds since last access)
  • Optional :skip_lru_bump prevents LRU update on access
  • Optional :vivify_ttl and :recache_ttl for thundering herd protection

Deprecations:

• Binary protocol is deprecated and will be removed in Dalli 5.0. Use protocol: :meta instead (requires memcached 1.6+)
• SASL authentication is deprecated and will be removed in Dalli 5.0. Consider using network-level security or memcached's TLS support

4.0.1

• Add :raw client option to skip serialization entirely, returning raw byte strings
• Handle OpenSSL::SSL::SSLError in connection manager

Commits

• 62f694f Add readfull->read optimization to v5.0 roadmap
• 2aa84d1 Revert IO#read change due to Ruby 3.1 and JRuby hangs
• 4dd583e Bump version to 4.2.0
• c8b8ae6 Deprecate Socket#readfull method
• 4de9b35 Use IO#read instead of manual readfull loop
• 3d9cbf7 Update CI improvements section in roadmap
• 35bf5c9 Add implementation plans for #1034 and #776/#941
• 0f1f663 Update v4.3.0 roadmap with detailed issue research
• a3a8e76 Enhance RDoc documentation for Instrumentation module
• 4e2a1f6 Add tests for raw mode and thundering herd flags, update roadmap
• Additional commits viewable in compare view

Updates graphql from 2.5.16 to 2.5.18

Changelog

Sourced from graphql's changelog.

2.5.18 (22 Jan 2026)

• GraphQL::Dashboard: properly require action_controller before using it #5510
• GraphQL::Dashboard: don't use config.asset_host for Dashboard assets since they're handled by the dashboard itself #5511

2.5.17 (21 Jan 2026)

Bug fixes

• GraphQL::Dashboard: fix routes compatibility with Devise #5505
• GraphQL::Dashboard: fix HTML/erb lint issues #5497
• Parser: improve check for invalid number followed by name #5492 #5492
• GraphQL::Field: optimize boot memory by removing Field.from_options #5495
• field, argument: improve API documentation for DSL methods #5491

Commits

• 398efef 2.5.18
• c81aa29 Merge pull request #5511 from rmosolgo/skip-asset-pipeline
• 179a4e1 Fix system tests now that config.asset_host is set
• 424a775 Merge pull request #5513 from duffuniverse/fix-docs-link-in-relay-subscriptio...
• 4c5da18 Merge pull request #5510 from rafaelfranca/patch-1
• 4150c5f Update internal link for compressed payloads section
• 74c58f6 Don't use config.asset_host for GraphQL::Dashboard assets
• e7e2e12 Require action_controller before using it
• 53260f8 2.5.17
• 8298e97 Merge pull request #5505 from rmosolgo/fix-engine-routes
• Additional commits viewable in compare view

Updates shopify-money from 3.2.5 to 3.2.7

Release notes

Sourced from shopify-money's releases.

v3.2.7

What's Changed

• Add support for XCG Shopify/money#475

Full Changelog: Shopify/money@v3.2.6...v3.2.7

v3.2.6

What's Changed

• Deprecation of infinite money objects Money.new(Float::Infinity)
• Allow comparing money objects with infinity Shopify/money#474

Full Changelog: Shopify/money@v3.2.5...v3.2.6

Commits

• 4476c73 Merge pull request #505 from Shopify/release_v3.2.7
• 52d8b26 Bump version to 3.2.7
• a186518 add xcg as supported currency
• 8d3bce6 bump to v3.2.6
• a6198b8 deprecate the use of infinity with money
• 9fe1134 correctly handle Float::INFINITY
• See full diff in compare view

Updates sorbet-static from 0.6.12887 to 0.6.12908

Release notes

Sourced from sorbet-static's releases.

sorbet 0.6.12907.20260129181839-da2049040

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12907', :group => :development
gem 'sorbet-runtime', '0.6.12907'

sorbet 0.6.12906.20260129154015-dc94ae822

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12906', :group => :development
gem 'sorbet-runtime', '0.6.12906'

sorbet 0.6.12905.20260129153947-6ac71ad31

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12905', :group => :development
gem 'sorbet-runtime', '0.6.12905'

sorbet 0.6.12904.20260128091224-d2d07c169

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12904', :group => :development
gem 'sorbet-runtime', '0.6.12904'

sorbet 0.6.12903.20260127155821-ca6ed6953

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12903', :group => :development
gem 'sorbet-runtime', '0.6.12903'

sorbet 0.6.12902.20260127155048-0e3ed53df

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12902', :group => :development
gem 'sorbet-runtime', '0.6.12902'

sorbet 0.6.12901.20260127100658-77c966f23

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12901', :group => :development
gem 'sorbet-runtime', '0.6.12901'

sorbet 0.6.12900.20260126131844-e554cf64f

... (truncated)

Commits

• See full diff in compare view

Updates sorbet-static-and-runtime from 0.6.12887 to 0.6.12908

Release notes

Sourced from sorbet-static-and-runtime's releases.

sorbet 0.6.12907.20260129181839-da2049040

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12907', :group => :development
gem 'sorbet-runtime', '0.6.12907'

sorbet 0.6.12906.20260129154015-dc94ae822

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12906', :group => :development
gem 'sorbet-runtime', '0.6.12906'

sorbet 0.6.12905.20260129153947-6ac71ad31

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12905', :group => :development
gem 'sorbet-runtime', '0.6.12905'

sorbet 0.6.12904.20260128091224-d2d07c169

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12904', :group => :development
gem 'sorbet-runtime', '0.6.12904'

sorbet 0.6.12903.20260127155821-ca6ed6953

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12903', :group => :development
gem 'sorbet-runtime', '0.6.12903'

sorbet 0.6.12902.20260127155048-0e3ed53df

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12902', :group => :development
gem 'sorbet-runtime', '0.6.12902'

sorbet 0.6.12901.20260127100658-77c966f23

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12901', :group => :development
gem 'sorbet-runtime', '0.6.12901'

sorbet 0.6.12900.20260126131844-e554cf64f

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions