chore(deps): bump the ruby-deps group across 1 directory with 7 updates

[dependabot]

Bumps the ruby-deps group with 7 updates in the / directory:

Package	From	To
pagy	43.3.0	43.3.1
tzinfo-data	1.2025.3	1.2026.1
rails-html-sanitizer	1.6.2	1.7.0
haml_lint	0.70.0	0.72.0
web-console	4.2.1	4.3.0
faker	3.6.0	3.6.1
rubocop	1.84.2	1.85.1

Updates pagy from 43.3.0 to 43.3.1

Release notes

Sourced from pagy's releases.

Version 43.3.1

Changes in 43.3.1

• Update assets for a few apps
• Fix pagy.ts /.js input_nav update

CHANGELOG

Version 43

We needed a leap version to unequivocally signal that it's not just a major version: it's a complete redesign of the legacy code at all levels, usage and API included.

Why 43? Because it's exactly one step beyond "The answer to the ultimate question of life, the Universe, and everything." 😉

Improvements

This version introduces several enhancements, such as new :countish and :keynav_js paginators and improved automation and configuration processes, reducing setup requirements by 99%. The update also includes a simpler API and new interactive development tools, making it a comprehensive upgrade from previous versions.

• New :countish Paginator
  • Faster than OFFSET and supporting the full UI
• New Keynav Pagination
  • The pagy-exclusive technique using the fastest keyset pagination alongside all frontend helpers.
• New interactive dev-tools
  • New PagyWand to integrate the pagy CSS with your app themes.
  • New Pagy AI available right inside your own app.
• Intelligent automation
  • Configuration requirements reduced by 99%.
  • Simplified JavaScript setup.
  • Automatic I18n loading.
• Simpler API
  • You solely need the pagy method and the @​pagy instance to paginate any collection and use any navigation tag and helper.
  • Methods are autoloaded only if used, and consume no memory otherwise.
  • Methods have narrower scopes and can be overridden without deep knowledge.
• New documentation
  • Very concise, straightforward, and easy to navigate and understand.

Upgrade to 43

See the Upgrade Guide

Changelog

Sourced from pagy's changelog.

Version 43.3.1

• Update assets for a few apps
• Fix pagy.ts /.js input_nav update

Commits

• 39b2be5 Merge branch 'dev'
• debc98c Version 43.3.1
• 8c4c5b3 Update gems
• 0655d3e Update RM run configurations
• e8acc65 Improve docs
• 61aa160 Parallelize e2e tests
• a100906 💎 Update assets for a few apps
• aa74bda Refactor e2e testing:
• 69533c3 Refactor PagyApp:
• bd839fd Add minitest-reporter and improve backatrace readability
• Additional commits viewable in compare view

Updates tzinfo-data from 1.2025.3 to 1.2026.1

Release notes

Sourced from tzinfo-data's releases.

v1.2026.1

Based on version 2026a of the IANA Time Zone Database (https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/message/ASPLBE3A4BAEXIOQ3KZ6EJSJWBU6L53G/).

Commits

• 5e9d667 Update to tzdata version 2026a.
• 3a03d35 Rebuild modules for 2026 (adding an additional year of future data).
• 73971d9 Update copyright years.
• f73295c Update to Ruby 4.0.
• See full diff in compare view

Updates rails-html-sanitizer from 1.6.2 to 1.7.0

Release notes

Sourced from rails-html-sanitizer's releases.

v1.7.0 / 2026-02-24

• Add Rails::HTML::Sanitizer.allowed_uri? which delegates to Loofah::HTML5::Scrub.allowed_uri?, allowing the Rails framework to check URI safety without a direct dependency on Loofah.

  The minimum Loofah dependency is now ~> 2.25.

  Mike Dalessio @​flavorjones

Changelog

Sourced from rails-html-sanitizer's changelog.

v1.7.0 / 2026-02-24

• Add Rails::HTML::Sanitizer.allowed_uri? which delegates to Loofah::HTML5::Scrub.allowed_uri?, allowing the Rails framework to check URI safety without a direct dependency on Loofah.

  The minimum Loofah dependency is now ~> 2.25.

  Mike Dalessio

Commits

• a8a0413 version bump to v1.7.0
• ea9e7a4 Merge pull request #214 from rails/add-allowed-uri
• f26dc35 Add Rails::HTML::Sanitizer.allowed_uri? delegating to Loofah
• cc83f51 Merge pull request #213 from rails/flavorjones/ruby-4-support
• ee54515 dev: ruby 4 support
• 2a8fe89 Merge pull request #208 from rails/dependabot/bundler/rack-3.1.17
• 2b0ecc7 build(deps-dev): bump rack from 3.1.16 to 3.1.17
• c7ab9f2 Merge pull request #206 from rails/dependabot/bundler/rack-3.1.16
• 0283ca4 build(deps-dev): bump rack from 3.1.14 to 3.1.16
• ba7a284 Merge pull request #204 from rails/dependabot/bundler/rack-3.1.14
• Additional commits viewable in compare view

Updates haml_lint from 0.70.0 to 0.72.0

Release notes

Sourced from haml_lint's releases.

0.72.0

What's Changed

• Fix SpaceInsideParens violations in wrapped tag attributes by @​benmelz in sds/haml-lint#632

Full Changelog: sds/haml-lint@v0.71.0...v0.72.0

0.71.0

What's Changed

• Revert SpaceInsideParens violations in wrapped tag attributes change (#627)

Full Changelog: sds/haml-lint@v0.70.0...v0.71.0

Changelog

Sourced from haml_lint's changelog.

0.72.0

• Fix SpaceInsideParens violations in wrapped tag attributes

0.71.0

• Revert SpaceInsideParens violations in wrapped tag attributes change

Commits

• c7eec90 Cut version 0.72.0 (#634)
• 3de6799 Update rubocop requirement from 1.81.7 to 1.85.0 (#633)
• 117b72a Fix SpaceInsideParens violations in wrapped tag attributes (#632)
• 73f075e Cut version 0.71.0 (#630)
• 9ac6174 Gracefully degrade if Coveralls is down (#631)
• See full diff in compare view

Updates web-console from 4.2.1 to 4.3.0

Release notes

Sourced from web-console's releases.

v4.3.0

What's Changed

• Drop unused dependency on activemodel by @​sambostock in rails/web-console#336
• Use × as close button instead of letter X by @​luiscobot in rails/web-console#338
• Always permit IPv4-mapped IPv6 loopback addresses by @​zunda in rails/web-console#342
• Fix CI by @​fatkodima in rails/web-console#345
• Fix compatiblity with latest rails by @​fatkodima in rails/web-console#344

Changelog

Sourced from web-console's changelog.

4.3.0

• #342 Always permit IPv4-mapped IPv6 loopback addresses ([@​zunda]).
• Fixed Rails 8.2.0.alpha support
• Drop Rails 7.2 support
• Drop Ruby 3.1 support

Commits

• 90e3474 Release 4.3.0
• bdbb391 Merge pull request #344 from fatkodima/fix-filter-proxies
• 950462c Fix compatiblity with latest rails
• c1f9252 Merge pull request #345 from fatkodima/fix-ci
• 6bc7159 Fix CI
• 859bc60 Merge pull request #342 from zunda/bind-on-ipv6
• c66460a Always permit IPv4-mapped IPv6 loopback addresses
• f3d437c Merge pull request #338 from luiscobot/patch-1
• 5383121 replace close icon with ×
• 9a5c089 Merge pull request #336 from sambostock/drop-active-model
• Additional commits viewable in compare view

Updates faker from 3.6.0 to 3.6.1

Release notes

Sourced from faker's releases.

v3.6.1

It's Spring countdown in the Northern hemisphere 🌸

Security, performance improvements and bug fixes

• fix: polynomial regex on uncontrolled input by @​thdaraujo in faker-ruby/faker#3196
• perf: replaces list of postcodes in ja/address.yml with a 7-digit format by @​thdaraujo in faker-ruby/faker#3201
• Remove unnecessary whitespace from code blocks in READMEs by @​ryotaro-shirai in faker-ruby/faker#3209
• Document lazy load experiment results by @​stefannibrasil in faker-ruby/faker#3205
• [skip ci] Add-backtick by @​OzuAkira in faker-ruby/faker#3210
• Zeitwerk experiment changes and results [skip ci] by @​stefannibrasil in faker-ruby/faker#3213
• Remove duplicate reference link in README.md by @​yutasb in faker-ruby/faker#3217

Update development dependencies

• Bump rubocop from 1.84.0 to 1.84.1 by @​dependabot[bot] in faker-ruby/faker#3202
• Bump irb from 1.16.0 to 1.17.0 by @​dependabot[bot] in faker-ruby/faker#3203
• Bump rubocop version and fix offenses by @​stefannibrasil in faker-ruby/faker#3198
• Bump rdoc from 7.1.0 to 7.2.0 by @​dependabot[bot] in faker-ruby/faker#3204
• Bump rubocop to 1.84.2 by @​stefannibrasil in faker-ruby/faker#3215
• Bump rubocop-minitest from 0.38.2 to 0.39.1 by @​dependabot[bot] in faker-ruby/faker#3216
• Bump rubocop to v1.85.0 by @​stefannibrasil in faker-ruby/faker#3220

New Contributors

• @​ryotaro-shirai made their first contribution in faker-ruby/faker#3209
• @​OzuAkira made their first contribution in faker-ruby/faker#3210
• @​yutasb made their first contribution in faker-ruby/faker#3217

Full Changelog: faker-ruby/faker@v3.6.0...v3.6.1

Changelog

Sourced from faker's changelog.

v3.6.1 (2026-03-04)

It's almost Spring time in the Northern hemisphere 🌸

Security, performance improvements and bug fixes

• fix: polynomial regex on uncontrolled input by @​thdaraujo in faker-ruby/faker#3196
• perf: replaces list of postcodes in ja/address.yml with a 7-digit format by @​thdaraujo in faker-ruby/faker#3201
• Remove unnecessary whitespace from code blocks in READMEs by @​ryotaro-shirai in faker-ruby/faker#3209
• Document lazy load experiment results by @​stefannibrasil in faker-ruby/faker#3205
• [skip ci] Add-backtick by @​OzuAkira in faker-ruby/faker#3210
• Zeitwerk experiment changes and results [skip ci] by @​stefannibrasil in faker-ruby/faker#3213
• Remove duplicate reference link in README.md by @​yutasb in faker-ruby/faker#3217

Update development dependencies

• Bump rubocop from 1.84.0 to 1.84.1 by @​dependabot[bot] in faker-ruby/faker#3202
• Bump irb from 1.16.0 to 1.17.0 by @​dependabot[bot] in faker-ruby/faker#3203
• Bump rubocop version and fix offenses by @​stefannibrasil in faker-ruby/faker#3198
• Bump rdoc from 7.1.0 to 7.2.0 by @​dependabot[bot] in faker-ruby/faker#3204
• Bump rubocop to 1.84.2 by @​stefannibrasil in faker-ruby/faker#3215
• Bump rubocop-minitest from 0.38.2 to 0.39.1 by @​dependabot[bot] in faker-ruby/faker#3216
• Bump rubocop to v1.85.0 by @​stefannibrasil in faker-ruby/faker#3220

New Contributors

• @​ryotaro-shirai made their first contribution in faker-ruby/faker#3209
• @​OzuAkira made their first contribution in faker-ruby/faker#3210
• @​yutasb made their first contribution in faker-ruby/faker#3217

Full Changelog: faker-ruby/faker@v3.6.0...v3.6.1

---

Commits

• 200c04a Bump faker to v3.6.1 (#3221)
• 079e87d Bump rubocop to v1.85.0 (#3220)
• ae24592 Bump rubocop-minitest from 0.38.2 to 0.39.1 (#3216)
• 9ef1eca Remove duplicate markdown reference link definition in README (#3217)
• ecd2f14 Bump rubocop to 1.84.2 (#3215)
• a3624a8 Zeitwerk experiment changes and results [skip ci] (#3213)
• c734011 [skip ci]Add-backtick (#3210)
• bbd3f24 Document lazy load experiment results (#3205)
• 1ca97a0 Remove unnecessary whitespace in README.md and /lib/locales/README.md (#3209)
• 622580d Bump rdoc from 7.1.0 to 7.2.0 (#3204)
• Additional commits viewable in compare view

Updates rubocop from 1.84.2 to 1.85.1

Release notes

Sourced from rubocop's releases.

RuboCop v1.85.1

Bug fixes

• #14958: Fix false positives in Style/FileOpen when File.open is passed as an argument or returned from a method. (@​sferik)
• #14973: Fix Style/ReduceToHash false positive when accumulator is read in key/value. (@​sferik)
• #14964: Fix false positives in Style/RedundantParentheses when parenthesizing a range in a block body. (@​koic)

Changes

• #14969: Autoload formatters; they're required only when actually used. (@​lovro-bikic)

RuboCop v1.85.0

New features

• #14921: Add mise.toml as source for TargetRubyVersion. ([@​kitsane][])
• #14925: Add new Lint/UnreachablePatternBranch cop. (@​sferik)
• #14942: Add new Style/FileOpen cop. (@​sferik)
• #14939: Add new Style/MapJoin cop. (@​sferik)
• #14924: Add new Style/OneClassPerFile cop. (@​sferik)
• #14923: Add new Style/PartitionInsteadOfDoubleSelect cop. (@​sferik)
• #14811: Add new Style/PredicateWithKind cop. (@​sferik)
• #14938: Add new Style/ReduceToHash cop. (@​sferik)
• #14812: Add new Style/RedundantMinMaxBy cop. (@​sferik)
• #13501: Add new Style/RedundantStructKeywordInit cop. (@​koic)
• #14808: Add new Style/SelectByKind cop. (@​sferik)
• #14810: Add new Style/SelectByRange cop. (@​sferik)
• #14922: Add new Style/TallyMethod cop. (@​sferik)
• #14773: Add new Lint/DataDefineOverride cop. ([@​bbatsov][])
• #14781: Add new InternalAffairs/ItblockHandler cop. ([@​bbatsov][])
• #14911: Support built-in MCP server (experimental). (@​koic)

Bug fixes

• #14829: Allow classes without a superclass in Style/EmptyClassDefinition. (@​koic)
• #14873: Fix an error in Style/NegatedWhile when the last expression of an until condition is negated. (@​koic)
• #14827: Improve Style/EmptyClassDefinition message wording. ([@​bbatsov][])
• #14800: Fix false obsolete configuration error for extracted cops when loaded as plugins. ([@​bbatsov][])
• #14928: Fix a false positive for Lint/Void when nil is used in case branch. ([@​5hun-s][])
• #14857: Fix false positives in Style/IfUnlessModifier when modifier forms are used inside string interpolations. (@​koic)
• #8773: Fix false positives in Style/HashTransformKeys and Style/HashTransformValues. (@​sferik)
• #6963: Fix false positives in Lint/Void for each blocks where the return value may be meaningful (e.g., Enumerator#each). (@​sferik)
• #14931: Ignore directive comments inside comments. (@​koic)
• #14834: Fix Layout/IndentationWidth false positive for chained method blocks when EnforcedStyleAlignWith is start_of_line. ([@​krororo][])
• #14756: Fix Lint/Void to detect void expressions in case/when branches. ([@​bbatsov][])
• #14874: Fix a Parser::ClobberingError in Lint/UselessAssignment when autocorrecting a useless assignment that wraps a block containing another useless assignment. (@​koic)
• #14880: Fix a false negative in Layout/MultilineAssignmentLayout when using numblock or itblock with SupportedTypes: ['block']. ([@​bbatsov][])

... (truncated)

Changelog

Sourced from rubocop's changelog.

1.85.1 (2026-03-03)

Bug fixes

• #14958: Fix false positives in Style/FileOpen when File.open is passed as an argument or returned from a method. ([@​sferik][])
• #14973: Fix Style/ReduceToHash false positive when accumulator is read in key/value. ([@​sferik][])
• #14964: Fix false positives in Style/RedundantParentheses when parenthesizing a range in a block body. ([@​koic][])

Changes

• #14969: Autoload formatters; they're required only when actually used. ([@​lovro-bikic][])

1.85.0 (2026-02-26)

New features

• #14921: Add mise.toml as source for TargetRubyVersion. ([@​kitsane][])
• #14925: Add new Lint/UnreachablePatternBranch cop. ([@​sferik][])
• #14942: Add new Style/FileOpen cop. ([@​sferik][])
• #14939: Add new Style/MapJoin cop. ([@​sferik][])
• #14924: Add new Style/OneClassPerFile cop. ([@​sferik][])
• #14923: Add new Style/PartitionInsteadOfDoubleSelect cop. ([@​sferik][])
• #14811: Add new Style/PredicateWithKind cop. ([@​sferik][])
• #14938: Add new Style/ReduceToHash cop. ([@​sferik][])
• #14812: Add new Style/RedundantMinMaxBy cop. ([@​sferik][])
• #13501: Add new Style/RedundantStructKeywordInit cop. ([@​koic][])
• #14808: Add new Style/SelectByKind cop. ([@​sferik][])
• #14810: Add new Style/SelectByRange cop. ([@​sferik][])
• #14922: Add new Style/TallyMethod cop. ([@​sferik][])
• #14773: Add new Lint/DataDefineOverride cop. ([@​bbatsov][])
• #14781: Add new InternalAffairs/ItblockHandler cop. ([@​bbatsov][])
• #14911: Support built-in MCP server (experimental). ([@​koic][])

Bug fixes

• #14829: Allow classes without a superclass in Style/EmptyClassDefinition. ([@​koic][])
• #14873: Fix an error in Style/NegatedWhile when the last expression of an until condition is negated. ([@​koic][])
• #14827: Improve Style/EmptyClassDefinition message wording. ([@​bbatsov][])
• #14800: Fix false obsolete configuration error for extracted cops when loaded as plugins. ([@​bbatsov][])
• #14928: Fix a false positive for Lint/Void when nil is used in case branch. ([@​5hun-s][])
• #14857: Fix false positives in Style/IfUnlessModifier when modifier forms are used inside string interpolations. ([@​koic][])
• #8773: Fix false positives in Style/HashTransformKeys and Style/HashTransformValues. ([@​sferik][])
• #6963: Fix false positives in Lint/Void for each blocks where the return value may be meaningful (e.g., Enumerator#each). ([@​sferik][])
• #14931: Ignore directive comments inside comments. ([@​koic][])
• #14834: Fix Layout/IndentationWidth false positive for chained method blocks when EnforcedStyleAlignWith is start_of_line. ([@​krororo][])
• #14756: Fix Lint/Void to detect void expressions in case/when branches. ([@​bbatsov][])
• #14874: Fix a Parser::ClobberingError in Lint/UselessAssignment when autocorrecting a useless assignment that wraps a block containing another useless assignment. ([@​koic][])
• #14880: Fix a false negative in Layout/MultilineAssignmentLayout when using numblock or itblock with SupportedTypes: ['block']. ([@​bbatsov][])
• #11462: Fix over-indentation when autocorrecting nested hashes with Layout/FirstHashElementIndentation. ([@​ydakuka][])
• #14880: Recognize block on different line from left side of multi-line assignment in Layout/MultilineAssignmentLayout. ([@​sanfrecce-osaka][])

... (truncated)

Commits

• fd07672 Cut 1.85.1
• 5c41f90 Update Changelog
• 5e8e492 Merge pull request #14975 from sferik/fix_14973
• 90f3780 Fix Style/ReduceToHash false positive when accumulator is read in key/value
• 90c7959 Merge pull request #14972 from lovro-bikic/relevant-options-digest-cache
• 3c20e8d Cache relevant options digest
• e305f79 Merge pull request #14969 from lovro-bikic/autoload-formatter-constants
• 3f0a304 Autoload formatters; they're required only when actually used
• eb973f4 Merge pull request #14966 from koic/fix_false_positives_in_style_redundant_pa...
• 3338a40 [Fix #14964] Fix false positives in Style/RedundantParentheses
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions