Bump the dependencies group with 4 updates

[dependabot]

Bumps the dependencies group with 4 updates: sqlite3, bootsnap, secure_headers and honeybadger.

Updates sqlite3 from 2.9.4 to 2.9.5

Release notes

Sourced from sqlite3's releases.

2.9.5 / 2026-06-07

Dependencies

• Vendored sqlite is updated to v3.53.2 (from v3.53.1). #709 @​flavorjones

Security / Stability

• Fix use-after-free issue with custom functions, when the same function name is used with multiple arities. See GHSA-28hh-pr2h-2w89 for more information. #710 @​flavorjones
• Fix use-after-free issue with aggregate functions, if a statement is used after a soft database close. See GHSA-j7fr-3v8c-3qc3 for more information. #711 @​flavorjones

78075b6337d3d182c6d2b4691049ed45cd220826160c9ea18946bf6a1de200dc  gems/sqlite3-2.9.5-aarch64-linux-gnu.gem
18c801185deb4adc01ddb281e8f672a39e3d1729979ca91e39439cd3eac0402d  gems/sqlite3-2.9.5-aarch64-linux-musl.gem
1bdfca0c7d63998c60b0f4a8e3c8df2d33800ccc4abd2d612eddbbbc92a4c48b  gems/sqlite3-2.9.5-arm-linux-gnu.gem
bae1109d12b2e9f588455967729b008e1ff4feb7761749df695019c9079913c6  gems/sqlite3-2.9.5-arm-linux-musl.gem
d0cf444a70fc9395d513cfbcc1e6719e224aa645314e3824cb0474c721425aa2  gems/sqlite3-2.9.5-arm64-darwin.gem
b00d5697994ee8589b6096694a2130aa5567db64373baca55ea98c9bf958f46a  gems/sqlite3-2.9.5-x64-mingw-ucrt.gem
c94b96b16f17796be6fa099d15218b52e396f55690c4760faaaefa21ebab9dd5  gems/sqlite3-2.9.5-x86-linux-gnu.gem
063a8c13cbadfe7f29453b1706cbdf91fca4a78d244f816ff20bac4fb259f1e4  gems/sqlite3-2.9.5-x86-linux-musl.gem
8e9caae38bd7ebb29cbeee3e7ab1d12dc2327d9a1b92c7fcf0dda05589627a81  gems/sqlite3-2.9.5-x86_64-darwin.gem
233dbcb6714148dd23bc5aeb33e8efd6eac974969564ddd5794c23d5f52b231e  gems/sqlite3-2.9.5-x86_64-linux-gnu.gem
e7d3a7474e8af0f96150c21abc203fbab5437206bfcdf11deab7741c0ca516f2  gems/sqlite3-2.9.5-x86_64-linux-musl.gem
04572973a3f943ad50a8adfffc8dd752a5f06e4c3db2026f71838fed8a982606  gems/sqlite3-2.9.5.gem

Changelog

Sourced from sqlite3's changelog.

2.9.5 / 2026-06-07

Dependencies

• Vendored sqlite is updated to v3.53.2 (from v3.53.1). #709 @​flavorjones

Security / Stability

• Fix use-after-free issue with custom functions, when the same function name is used with multiple arities. See GHSA-28hh-pr2h-2w89 for more information. #710 @​flavorjones
• Fix use-after-free issue with aggregate functions, if a statement is used after a soft database close. See GHSA-j7fr-3v8c-3qc3 for more information. #711 @​flavorjones

Commits

• 747e7de version bump to v2.9.5
• 2bd436d Fix use-after-free issue with custom functions (#710)
• b24e1e6 Fix use-after-free issue with aggregate functions (#711)
• 9abc955 dep: update vendored sqlite to 3.53.2 (#709)
• a3f8e71 For sqlcipher builds, prefer sqlcipher's header (#708)
• 9292033 build(deps): bump the actions group across 1 directory with 3 updates (#707)
• b79c841 Introduce a security reporting policy
• See full diff in compare view

Updates bootsnap from 1.24.5 to 1.24.6

Changelog

Sourced from bootsnap's changelog.

1.24.6

• Fix detection of Ruby bug #22023 on some patch versions of Ruby 3.4, and properly apply the workaround.

Commits

• 026e183 Release 1.24.6
• 263e346 Merge pull request #556 from byroot/remove-canary
• 7c31cd8 Check for [Bug #22023] by checking Ruby version rather than a canary
• 54eba76 Merge pull request #554 from byroot/namespace-overflow
• fe963d5 bs_cache_path: account for namespace length
• 7b42db6 Merge pull request #553 from arpitjain099/chore/declare-workflow-perms
• 113b184 ci: add permissions: contents: read to ci
• See full diff in compare view

Updates secure_headers from 7.2.0 to 7.3.0

Release notes

Sourced from secure_headers's releases.

v7.3.0

Security

• CSP directive injection via sandbox, plugin-types, and report-to when given untrusted input — GHSA-rqq5-2gf9-4w4q. Reported by @​tonghuaroot. The 2020 source-list scrub was not applied to the sandbox, plugin-types, and report-to directive builders, so caller-supplied values containing ;, \n, or \r were emitted verbatim into the Content-Security-Policy header and could inject arbitrary directives. All three builders now share the same scrub (replace ;, \n, \r with a space and Kernel.warn).

[!IMPORTANT] You should never pass user-supplied input into your Content-Security-Policy configuration. CSP directive values are part of a security policy, not user data — any untrusted input creates a policy-injection risk. This fix is a defense-in-depth backstop; it is not a license to feed user input into CSP directives. Treat all CSP values as trusted, application-controlled configuration.

What's Changed

• Fix CSP injection via sandbox / plugin-types / report-to directives (GHSA-rqq5-2gf9-4w4q)
• Bump actions/checkout from 5 to 6 by @​dependabot in github/secure_headers#582
• Bump ruby/setup-ruby from 1.288.0 → 1.310.0 by @​dependabot in #584, #585, #587, #588, #589, #590, #591, #592
• Bump Version to 7.3.0 by @​KyFaSt in github/secure_headers#593

Full Changelog: github/secure_headers@v7.2.0...v7.3.0

Commits

• 65e2b48 Bump Version to 7.3.0 (#593)
• 286a79d Merge commit from fork
• c29127f Bump ruby/setup-ruby from 1.308.0 to 1.310.0 (#592)
• b79d64d Bump ruby/setup-ruby from 1.308.0 to 1.310.0
• 0cbcf12 Bump ruby/setup-ruby from 1.307.0 to 1.308.0 (#591)
• 8c5486b Bump ruby/setup-ruby from 1.307.0 to 1.308.0
• c3c5e09 Bump ruby/setup-ruby from 1.306.0 to 1.307.0 (#590)
• 7dd741e Bump ruby/setup-ruby from 1.306.0 to 1.307.0
• e8064e7 Bump ruby/setup-ruby from 1.302.0 to 1.306.0 (#589)
• 39df4ec Bump ruby/setup-ruby from 1.302.0 to 1.306.0
• Additional commits viewable in compare view

Updates honeybadger from 6.6.2 to 6.7.0

Release notes

Sourced from honeybadger's releases.

v6.7.0

6.7.0 (2026-06-05)

Features

• add after_notify hooks (#825) (950fee2)
• make backtrace limit configurable (#824) (f62ce3a)

Changelog

Sourced from honeybadger's changelog.

6.7.0 (2026-06-05)

Features

• add after_notify hooks (#825) (950fee2)
• make backtrace limit configurable (#824) (f62ce3a)

Commits

• 02cf495 chore(master): release 6.7.0 (#826)
• 950fee2 feat: add after_notify hooks (#825)
• f62ce3a feat: make backtrace limit configurable (#824)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions