chore(deps): bump the ruby-deps group with 5 updates

[dependabot]

Bumps the ruby-deps group with 5 updates:

Package	From	To
friendly_id	5.6.0	5.7.0
commonmarker	2.8.1	2.8.2
view_component	4.8.0	4.9.0
rubocop-rails	2.34.3	2.35.0
rollbar	3.7.0	3.8.0

Updates friendly_id from 5.6.0 to 5.7.0

Release notes

Sourced from friendly_id's releases.

v5.7.0

What's Changed

• Reduce gem size by excluding test files by @​yuri-zubov in norman/friendly_id#1042

New Contributors

• @​yuri-zubov made their first contribution in norman/friendly_id#1042

Full Changelog: norman/friendly_id@v5.6.0...v5.7.0

Changelog

Sourced from friendly_id's changelog.

FriendlyId Changelog

We would like to think our many contributors for suggestions, ideas and improvements to FriendlyId.

Commits

• c66779c Bump version to 5.7.0 (#1044)
• cf4b81c Reduce gem size by excluding test files (#1042)
• See full diff in compare view

Updates commonmarker from 2.8.1 to 2.8.2

Release notes

Sourced from commonmarker's releases.

v2.8.2

What's Changed

• Bump rb-sys from 0.9.126 to 0.9.127 by @​dependabot[bot] in gjtorikian/commonmarker#459
• Add alert_type accessors for alert nodes by @​fukayatsu in gjtorikian/commonmarker#460
• release for 2.8.2 by @​gjtorikian in gjtorikian/commonmarker#461
• [skip test] Release v2.8.2 by @​github-actions[bot] in gjtorikian/commonmarker#462

Full Changelog: gjtorikian/commonmarker@v2.8.1...v2.8.2

Changelog

Sourced from commonmarker's changelog.

[v2.8.2] - 09-05-2026

What's Changed

• Bump rb-sys from 0.9.126 to 0.9.127 by @​dependabot[bot] in gjtorikian/commonmarker#459
• Add alert_type accessors for alert nodes by @​fukayatsu in gjtorikian/commonmarker#460
• release for 2.8.2 by @​gjtorikian in gjtorikian/commonmarker#461

Full Changelog: gjtorikian/commonmarker@v2.8.1...v2.8.2

Commits

• 958a139 Merge pull request #462 from gjtorikian/release/v2.8.2
• 54acd71 [skip test] update changelog
• 0898c4c Merge pull request #461 from gjtorikian/bump-version-for-alert
• 6df2bac release for 2.8.2
• d96a850 Merge pull request #460 from fukayatsu/add-alert-type-getter
• d935437 Add alert_type accessors for alert nodes
• 98eda97 Merge pull request #459 from gjtorikian/dependabot/cargo/rb-sys-0.9.127
• 69a13de Bump rb-sys from 0.9.126 to 0.9.127
• See full diff in compare view

Updates view_component from 4.8.0 to 4.9.0

Release notes

Sourced from view_component's releases.

4.9.0

• Fix path traversal vulnerability in ViewComponentsSystemTestController where sibling directories sharing a string prefix with the allowed temp directory could bypass the path containment check. The start_with? check has been replaced with a separator-aware prefix check, and nefarious path errors now return a 404 instead of an unhandled exception.

  Joel Hawksley

• Fix preview route vulnerability where inherited methods on ViewComponent::Preview (such as render_with_template) could be invoked via the preview URL, allowing arbitrary internal Rails templates to be rendered with attacker-controlled locals and request parameters. render_args now raises AbstractController::ActionNotFound for any example not explicitly declared on the preview subclass.

  Joel Hawksley

• Add yard-lint to CI.

  Joel Hawksley

Changelog

Sourced from view_component's changelog.

4.9.0

• Fix path traversal vulnerability in ViewComponentsSystemTestController where sibling directories sharing a string prefix with the allowed temp directory could bypass the path containment check. The start_with? check has been replaced with a separator-aware prefix check, and nefarious path errors now return a 404 instead of an unhandled exception.

  Joel Hawksley

• Fix preview route vulnerability where inherited methods on ViewComponent::Preview (such as render_with_template) could be invoked via the preview URL, allowing arbitrary internal Rails templates to be rendered with attacker-controlled locals and request parameters. render_args now raises AbstractController::ActionNotFound for any example not explicitly declared on the preview subclass.

  Joel Hawksley

• Add yard-lint to CI.

  Joel Hawksley

Commits

• 458281b Merge pull request #2626 from ViewComponent/release-4-9-0
• 5eea779 release 4.9.0
• 9a4bac9 Merge commit from fork
• b70deae add changelog
• da99314 fix advisory
• a243dd2 reproduce advisory
• 765d7bc fix advisory
• cca62ec reproduce report
• 8c76bd3 Merge pull request #2625 from ViewComponent/2567-yardlint
• a59a5ae cleanup
• Additional commits viewable in compare view

Updates rubocop-rails from 2.34.3 to 2.35.0

Release notes

Sourced from rubocop-rails's releases.

RuboCop Rails v2.35.0

Bug fixes

• #1595: Fix a false negative for Rails/I18nLocaleTexts when using redirect_back_or_to with a flash message. (@​55728)
• #1587: Fix false positives for Rails/Presence with operator methods like <<, =~, and others. (@​eugeneius)
• #1586: Don't add unnecessary parentheses in Rails/Presence. (@​eugeneius)
• #1602: Fix an error in Rails/SelectMap when .select appears inside a subquery in an argument. (@​koic)
• #1604: Allow DatabaseTypeResolvable to fall back to an adapter configuration specified in a shared key. (@​codergeek121)
• #1582: Fix a false negative where local was incorrectly treated as a known environment name when using == comparison in Rails/UnknownEnv. (@​lovro-bikic)

Changes

• #1571: Add more detection patterns on Rails/ResponseParsedBody. (@​r7kamura)
• #1583: Extend Rails/StrongParametersExpect to detect params[:key] in method calls and raising finder methods. (@​koic)
• #1584: Add support for case statements to Rails/UnknownEnv. (@​lovro-bikic)
• #1592: Fix false negative for != comparison in Rails/UnknownEnv. (@​lovro-bikic)
• #1598: Use glob patterns compatible with Engine or Packwerk for cops targeting spec/ and test/ directories. (@​y-yagi)

Changelog

Sourced from rubocop-rails's changelog.

2.35.0 (2026-05-09)

Bug fixes

• #1595: Fix a false negative for Rails/I18nLocaleTexts when using redirect_back_or_to with a flash message. ([@​55728][])
• #1587: Fix false positives for Rails/Presence with operator methods like <<, =~, and others. ([@​eugeneius][])
• #1586: Don't add unnecessary parentheses in Rails/Presence. ([@​eugeneius][])
• #1602: Fix an error in Rails/SelectMap when .select appears inside a subquery in an argument. ([@​koic][])
• #1604: Allow DatabaseTypeResolvable to fall back to an adapter configuration specified in a shared key. ([@​codergeek121][])
• #1582: Fix a false negative where local was incorrectly treated as a known environment name when using == comparison in Rails/UnknownEnv. ([@​lovro-bikic][])

Changes

• #1571: Add more detection patterns on Rails/ResponseParsedBody. ([@​r7kamura][])
• #1583: Extend Rails/StrongParametersExpect to detect params[:key] in method calls and raising finder methods. ([@​koic][])
• #1584: Add support for case statements to Rails/UnknownEnv. ([@​lovro-bikic][])
• #1592: Fix false negative for != comparison in Rails/UnknownEnv. ([@​lovro-bikic][])
• #1598: Use glob patterns compatible with Engine or Packwerk for cops targeting spec/ and test/ directories. ([@​y-yagi][])

Commits

• aa320da Cut 2.35.0
• 9b730e1 Update Changelog
• 6fa91dd Fix KeyError when shared key has no adapter in database.yml
• 7fc1595 Merge pull request #1605 from codergeek121/support-shared-key
• 2201f5d Merge pull request #1603 from koic/fix_an_error_in_rails_select_map
• 82b8037 Fix support for shared key in database.yml
• 072a555 [Fix #1602] Fix an error in Rails/SelectMap
• bf79547 Merge pull request #1597 from 55728/fix-i18n-locale-texts-redirect-back-or-to
• 89a21e8 [Fix #1595] Fix a false negative for Rails/I18nLocaleTexts when using `redi...
• 2a59f84 Merge pull request #1598 from y-yagi/globs_cops_for_test
• Additional commits viewable in compare view

Updates rollbar from 3.7.0 to 3.8.0

Release notes

Sourced from rollbar's releases.

v3.8.0

• Fix JSON::GeneratorError for objects with invalid UTF-8 in to_s, rollbar/rollbar-gem#1199
• Allow not loading the rails middleware, rollbar/rollbar-gem#1198
• Update rollbar.js snippet to v3.1.0, rollbar/rollbar-gem#1201

Commits

• ffe382f Release v3.8.0 (#1203)
• 06bf6ac allow not loading the rails middleware (#1198)
• f0bc64b update rollbar.js snippet to 3.1.0 (#1201)
• 7a76936 ci: pin resque to version compatible with older rails (#1202)
• fb20a58 Fix JSON::GeneratorError for objects with invalid UTF-8 in to_s (#1199)
• f6f633c update tests and ci for ruby 4 (#1197)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions