Skip to content

Bump the bundler group with 3 updates #929

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump the bundler group with 3 updates #929

dependabot wants to merge 1 commit into from
+6 −6

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 1, 2026
edited
Loading

Bumps the bundler group with 3 updates: puma, devise and selenium-webdriver.

Updates puma from 7.1.0 to 7.2.0

Release notes

Sourced from puma's releases.

v7.2.0

7.2.0 On The Corner

  • Features

    • Add workers :auto (#3827)
    • Make it possible to restrict control server commands to stats (#3787)

  • Bugfixes

    • Don't break if WEB_CONCURRENCY is set to a blank string (#3837)
    • Don't share server between worker 0 and descendants on refork (#3602)
    • Fix phase check race condition in Puma::Cluster#check_workers (#3690)
    • Fix advertising of CLI config before config files are loaded (#3823)

  • Performance

    • 17% faster HTTP parsing through pre-interning env keys (#3825)
    • Implement dsize and dcompact functions for Puma::HttpParser, which makes Puma's C-extension GC-compactible (#3828)

  • Refactor

    • Remove NoMethodError rescue in Reactor#select_loop (#3831)
    • Various cleanups in the C extension (#3814)
    • Monomorphize handle_request return (#3802)

  • Docs

    • Change link to docs/deployment.md in README.md (#3848)
    • Fix formatting for each signal description in signals.md (#3813)
    • Update deployment and Kubernetes docs with Puma configuration tips (#3807)
    • Rename master to main (#3809, #3808, #3800)
    • Fix some minor typos in the docs (#3804)
    • Add GOVERNANCE.md, MAINTAINERS (#3826)
    • Remove Code Climate badge (#3820)
    • Add @​joshuay03 to the maintainer list

  • CI

New Contributors

Full Changelog: puma/puma@v7.1.0...v7.2.0

Changelog

Sourced from puma's changelog.

7.2.0 / 2026-01-20

  • Features

    • Add workers :auto (#3827)
    • Make it possible to restrict control server commands to stats (#3787)

  • Bugfixes

    • Don't break if WEB_CONCURRENCY is set to a blank string (#3837)
    • Don't share server between worker 0 and descendants on refork (#3602)
    • Fix phase check race condition in Puma::Cluster#check_workers (#3690)
    • Fix advertising of CLI config before config files are loaded (#3823)

  • Performance

    • 17% faster HTTP parsing through pre-interning env keys (#3825)
    • Implement dsize and dcompact functions for Puma::HttpParser, which makes Puma's C-extension GC-compactible (#3828)

  • Refactor

    • Remove NoMethodError rescue in Reactor#select_loop (#3831)
    • Various cleanups in the C extension (#3814)
    • Monomorphize handle_request return (#3802)

  • Docs

    • Change link to docs/deployment.md in README.md (#3848)
    • Fix formatting for each signal description in signals.md (#3813)
    • Update deployment and Kubernetes docs with Puma configuration tips (#3807)
    • Rename master to main (#3809, #3808, #3800)
    • Fix some minor typos in the docs (#3804)
    • Add GOVERNANCE.md, MAINTAINERS (#3826)
    • Remove Code Climate badge (#3820)
    • Add @​joshuay03 to the maintainer list

  • CI

Commits

Updates devise from 4.9.4 to 5.0.0

Release notes

Sourced from devise's releases.

v5.0.0

https://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23

v5.0.0.rc

https://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31

Changelog

Sourced from devise's changelog.

5.0.0 - 2026-01-23

no changes

5.0.0.rc - 2025-12-31

  • breaking changes

    • Drop support to Ruby < 2.7

    • Drop support to Rails < 7.0

    • Remove deprecated :bypass option from sign_in helper, use bypass_sign_in instead. #5803

    • Remove deprecated devise_error_messages! helper, use render "devise/shared/error_messages", resource: resource instead. #5803

    • Remove deprecated scope second argument from sign_in(resource, :admin) controller test helper, use sign_in(resource, scope: :admin) instead. #5803

    • Remove deprecated Devise::TestHelpers, use Devise::Test::ControllerHelpers instead. #5803

    • Remove deprecated Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION #5598

    • Remove deprecated Devise.activerecord51? method.

    • Remove SecretKeyFinder and use app.secret_key_base as the default secret key for Devise.secret_key if a custom Devise.secret_key is not provided.

      This is potentially a breaking change because Devise previously used the following order to find a secret key:

      app.credentials.secret_key_base > app.secrets.secret_key_base > application.config.secret_key_base > application.secret_key_base

      Now, it always uses application.secret_key_base. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for recoverable, lockable, and confirmable will be invalid. #5645

    • Change password instructions button label on devise view from Send me reset password instructions to Send me password reset instructions #5515

    • Change <br> tags separating form elements to wrapping them in <p> tags #5494

    • Replace [data-turbo-cache=false] with [data-turbo-temporary] on devise/shared/error_messages partial. This has been deprecated by Turbo since v7.3.0 (released on Mar 1, 2023).

      If you are using an older version of Turbo and the default devise template, you'll need to copy it over to your app and change that back to [data-turbo-cache=false].

  • enhancements

    • Add Rails 8 support.

      • Routes are lazy-loaded by default in test and development environments now so Devise loads them before Devise.mappings call. #5728

    • New apps using Rack 3.1+ will be generated using config.responder.error_status = :unprocessable_content, since :unprocessable_entity has been deprecated by Rack.

      Latest versions of Rails transparently convert :unprocessable_entity -> :unprocessable_content, and Devise will use that in the failure app to avoid Rack deprecation warnings for apps that are configured with :unprocessable_entity. They can also simply change their error_status to :unprocessable_content in latest Rack versions to avoid the warning.

    • Add Ruby 3.4 and 4.0 support.

    • Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. #5568

    • Password length validator is changed from

      validates_length_of :password, within: password_length, allow_blank: true`

      to

      validates_length_of :password, minimum: proc { password_length.min }, maximum: proc { password_length.max }, allow_blank: true

... (truncated)

Commits
  • c51da69 Release v5, no changes since RC
  • e9c534d Fix "Test is missing assertions" warnings
  • 731074b Stop updating copyright every year [ci skip]
  • 35920d2 Exclude Rails main + Ruby 3.2
  • 00a9778 Release v5.0.0.rc
  • 119a40f Fix gemspec and readme, Devise v5 will support Rails >= 7, not 6
  • 1096b60 Remove deprecated Devise.activerecord51? method
  • fc46631 Ensure auth keys at the start of the i18n msg are properly cased
  • 356b094 Downcase authentication keys and humanize error message (#4834)
  • 9a149ff Return 401 for sessions#destroy action with no user signed in (#4878)
  • Additional commits viewable in compare view

Updates selenium-webdriver from 4.39.0 to 4.40.0

Release notes

Sourced from selenium-webdriver's releases.

Selenium 4.40.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

What's Changed

... (truncated)

Changelog

Sourced from selenium-webdriver's changelog.

4.40.0 (2026-01-18)

  • add synchronization and error handling for socket interactions (#16487)
  • mark low level bidi implementation as private api (#16475)
  • ensure driver process is always stopped (#15635)
  • create user-friendly method for enabling bidi (#14284)
  • Add force encoding to remove warnings caused by json 3.0 (#16728)
  • use SE_DEBUG to enable debugging (#16816)
  • ensure the grid is properly restarted in tests when there is a problem (#16842)
  • wait for grid to be ready when starting server (#16896)
  • check driver status endpoint rather than socket connection (#16877)
  • [build] update ruby gems with bazel (#16924)
Commits
  • b3333f1 [build] Prepare for release of Selenium 4.40 (#16931)
  • 6ccbd4d [rb] use default bundler version for lowest supported ruby version
  • 950d737 [rb] add a //rb:steep run target (#16925)
  • 5d30222 [build] update ruby gems with bazel (#16924)
  • 11fd819 [rb] add a //rb:lint-unsafe run target
  • a37f963 [rb] check driver status endpoint rather than socket connection (#16877)
  • af3a846 [rb] wait for grid to be ready when starting server (#16896)
  • bb520e7 [rb] fix incorrect debug label
  • 967cb02 [rb] update ruby versions (#16891)
  • d58b3a4 [rb] should not need long client timeout in tests (#16847)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the bundler group with 3 updates
f751411 
Bumps the bundler group with 3 updates: [puma](https://github.com/puma/puma), [devise](https://github.com/heartcombo/devise) and [selenium-webdriver](https://github.com/SeleniumHQ/selenium).


Updates `puma` from 7.1.0 to 7.2.0
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](puma/puma@v7.1.0...v7.2.0)

Updates `devise` from 4.9.4 to 5.0.0
- [Release notes](https://github.com/heartcombo/devise/releases)
- [Changelog](https://github.com/heartcombo/devise/blob/main/CHANGELOG.md)
- [Commits](heartcombo/devise@v4.9.4...v5.0.0)

Updates `selenium-webdriver` from 4.39.0 to 4.40.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](SeleniumHQ/selenium@selenium-4.39.0...selenium-4.40.0)

---
updated-dependencies:
- dependency-name: puma
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bundler
- dependency-name: devise
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: bundler
- dependency-name: selenium-webdriver
  dependency-version: 4.40.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bundler
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Feb 1, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 1, 2026

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot bot closed this Feb 1, 2026
@dependabot dependabot bot deleted the dependabot/bundler/bundler-85229aa704 branch February 1, 2026 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants