build(deps): bump the all-dependencies group with 3 updates

[dependabot]

Bumps the all-dependencies group with 3 updates: rubocop, actionview and minitest.

Updates rubocop from 1.73.2 to 1.74.0

Release notes

Sourced from rubocop's releases.

RuboCop v1.74.0

New features

• #13936: Adds new cop Style/ComparableBetween. (@​lovro-bikic)
• #13943: Allow writing steep annotation to method definition for Style/CommentedKeyword. (@​dak2)

Bug fixes

• #13969: Fix a false positive for Lint/SharedMutableDefault when capacity keyword argument is used. (@​koic)
• #13945: Fix a false positive for Style/DoubleNegation when calling define_method/define_singleton_method with a numblock. (@​earlopain)
• #13971: Fix false alarm for config obsoletion. (@​koic)
• #13960: Fix a false negative for Lint/ReturnInVoidContext when returning out of a block. (@​earlopain)
• #13947: Fix a false negative for Lint/UselessConstantScoping for constants defined in class << self. (@​earlopain)
• #13949: Fix a false negative for Lint/NonLocalExitFromIterator with numblocks. (@​earlopain)
• #13975: Fix false positives for Style/RedundantCurrentDirectoryInPath when using a complex current directory path in require_relative. (@​koic)
• #13963: Fix wrong autocorrect for Lint/LiteralAsCondition when the literal is followed by return, break, or next. (@​earlopain)
• #13946: Fix some false positives for Style/MethodCallWithArgsParentheses with EnforcedStyle: omit_parentheses style and numblocks. (@​earlopain)
• #13950: Fix sporadic errors about rubocop-rails or rubocop-performance extraction, even if they are already part of the Gemfile. (@​earlopain)
• #13981: Prevent redundant plugin loading when a duplicate plugin is specified in an inherited config. (@​koic)
• #13965: Update Lint/RedundantCopDisableDirective to register an offense when cop names are given with improper casing. (@​dvandersluis)
• #13948: Fix wrong autocorrect for Style/RescueModifier when using parallel assignment and the right-hand-side is not a bracketed array. (@​earlopain)

Changes

• #12851: Add EnforcedStyleForClasses and EnforcedStyleForModules configuration options to Style/ClassAndModuleChildren. (@​dvandersluis)
• #13979: Add Mode: conservative configuration to Style/FormatStringToken to make the cop only register offenses for strings given to printf, sprintf, format, and %. (@​dvandersluis)
• #13977: Allow TLS1_1 and TLS1_2 by default in Naming/VariableNumber to accommodate OpenSSL version parameter names. (@​koic)
• #13967: Make Lint/RedundantTypeConversion aware of redundant to_d. (@​koic)

Changelog

Sourced from rubocop's changelog.

1.74.0 (2025-03-13)

New features

• #13936: Adds new cop Style/ComparableBetween. ([@​lovro-bikic][])
• #13943: Allow writing steep annotation to method definition for Style/CommentedKeyword. ([@​dak2][])

Bug fixes

• #13969: Fix a false positive for Lint/SharedMutableDefault when capacity keyword argument is used. ([@​koic][])
• #13945: Fix a false positive for Style/DoubleNegation when calling define_method/define_singleton_method with a numblock. ([@​earlopain][])
• #13971: Fix false alarm for config obsoletion. ([@​koic][])
• #13960: Fix a false negative for Lint/ReturnInVoidContext when returning out of a block. ([@​earlopain][])
• #13947: Fix a false negative for Lint/UselessConstantScoping for constants defined in class << self. ([@​earlopain][])
• #13949: Fix a false negative for Lint/NonLocalExitFromIterator with numblocks. ([@​earlopain][])
• #13975: Fix false positives for Style/RedundantCurrentDirectoryInPath when using a complex current directory path in require_relative. ([@​koic][])
• #13963: Fix wrong autocorrect for Lint/LiteralAsCondition when the literal is followed by return, break, or next. ([@​earlopain][])
• #13946: Fix some false positives for Style/MethodCallWithArgsParentheses with EnforcedStyle: omit_parentheses style and numblocks. ([@​earlopain][])
• #13950: Fix sporadic errors about rubocop-rails or rubocop-performance extraction, even if they are already part of the Gemfile. ([@​earlopain][])
• #13981: Prevent redundant plugin loading when a duplicate plugin is specified in an inherited config. ([@​koic][])
• #13965: Update Lint/RedundantCopDisableDirective to register an offense when cop names are given with improper casing. ([@​dvandersluis][])
• #13948: Fix wrong autocorrect for Style/RescueModifier when using parallel assignment and the right-hand-side is not a bracketed array. ([@​earlopain][])

Changes

• #12851: Add EnforcedStyleForClasses and EnforcedStyleForModules configuration options to Style/ClassAndModuleChildren. ([@​dvandersluis][])
• #13979: Add Mode: conservative configuration to Style/FormatStringToken to make the cop only register offenses for strings given to printf, sprintf, format, and %. ([@​dvandersluis][])
• #13977: Allow TLS1_1 and TLS1_2 by default in Naming/VariableNumber to accommodate OpenSSL version parameter names. ([@​koic][])
• #13967: Make Lint/RedundantTypeConversion aware of redundant to_d. ([@​koic][])

Commits

• ba27193 Cut 1.74
• 448dc7f Update Changelog
• e2fc35a Add Mode: conservative configuration to Style/FormatStringToken to make t...
• a118624 Prevent redundant plugin loading
• b667815 [Fix #13975] Fix false positives for Style/RedundantCurrentDirectoryInPath
• f20e4c5 Allow TLS1_1 and TLS1_2 by default in Naming/VariableNumber
• 5a405d5 Update documentation for Style/FormatStringToken for clarity
• 5695986 Merge pull request #13972 from dvandersluis/issue/13965た
• 6bd6f89 [Fix #13965] Update Lint/RedundantCopDisableDirective to register an offens...
• 1776749 [Fix #13969] Fix a false positive for Lint/SharedMutableDefault
• Additional commits viewable in compare view

Updates actionview from 8.0.1 to 8.0.2

Release notes

Sourced from actionview's releases.

8.0.2

Active Support

• Fix setting to_time_preserves_timezone from new_framework_defaults_8_0.rb.

  fatkodima

• Fix Active Support Cache fetch_multi when local store is active.

  fetch_multi now properly yield to the provided block for missing entries that have been recorded as such in the local store.

  Jean Boussier

• Fix execution wrapping to report all exceptions, including Exception.

  If a more serious error like SystemStackError or NoMemoryError happens, the error reporter should be able to report these kinds of exceptions.

  Gannon McGibbon

• Fix RedisCacheStore and MemCacheStore to also handle connection pool related errors.

  These errors are rescued and reported to Rails.error.

  Jean Boussier

• Fix ActiveSupport::Cache#read_multi to respect version expiry when using local cache.

  zzak

• Fix ActiveSupport::MessageVerifier and ActiveSupport::MessageEncryptor configuration of on_rotation callback.

  verifier.rotate(old_secret).on_rotation { ... }

  Now both work as documented.

  Jean Boussier

• Fix ActiveSupport::MessageVerifier to always be able to verify both URL-safe and URL-unsafe payloads.

  This is to allow transitioning seemlessly from either configuration without immediately invalidating all previously generated signed messages.

  Jean Boussier, Florent Beaurain, Ali Sepehri

• Fix cache.fetch to honor the provided expiry when :race_condition_ttl is used.

... (truncated)

Changelog

Sourced from actionview's changelog.

Rails 8.0.2 (March 12, 2025)

• No changes.

Rails 8.0.2 (March 12, 2025)

• Respect html_options[:form] when collection_checkboxes generates the hidden <input>.

  Riccardo Odone

• Layouts have access to local variables passed to render.

  This fixes #31680 which was a regression in Rails 5.1.

  Mike Dalessio

• Argument errors related to strict locals in templates now raise an ActionView::StrictLocalsError, and all other argument errors are reraised as-is.

  Previously, any ArgumentError raised during template rendering was swallowed during strict local error handling, so that an ArgumentError unrelated to strict locals (e.g., a helper method invoked with incorrect arguments) would be replaced by a similar ArgumentError with an unrelated backtrace, making it difficult to debug templates.

  Now, any ArgumentError unrelated to strict locals is reraised, preserving the original backtrace for developers.

  Also note that ActionView::StrictLocalsError is a subclass of ArgumentError, so any existing code that rescues ArgumentError will continue to work.

  Fixes #52227.

  Mike Dalessio

• Fix stack overflow error in dependency tracker when dealing with circular dependencies

  Jean Boussier

Commits

• 3235827 Preparing for 8.0.2 release
• 6644442 Merge pull request #54617 from byroot/move-strict-warnings
• f1857b6 Merge pull request #54567 from flavorjones/flavorjones-document-sanitizer
• d89a641 Autolink FormBuilder#text_field [ci-skip]
• 3957dcf Autolink FormBuilder#fields_for [ci-skip]
• 1f3ba9b Avoid autolinking FormBuilder#fields_for to itself [ci-skip]
• 74cf3ff Autolink FormBuilder#form_with [ci-skip]
• 1239ba5 Autolink UncacheableFragmentError [ci-skip]
• ba1b691 Remove RDoc syntax in code example comments [ci-skip]
• 379d2fe Autolink FormTagHelper#checkbox_tag [ci-skip]
• Additional commits viewable in compare view

Updates minitest from 5.25.4 to 5.25.5

Changelog

Sourced from minitest's changelog.

=== 5.25.5 / 2025-03-12

• 4 bug fixes:

  • Bumped minimum ruby to 2.7.
  • Fixed expectation docs for must/wont_pattern_match. (jaredcwhite)
  • Reorder Minitest::Test.ancestors to allow reaching Minitest::Assertions#skipped? (Edouard-chin)
  • Update the ruby and rails compatibility tables. (bquorning)

Commits

• 4dcad89 prepped for release
• 8e2f840 - Bumped minimum ruby to 2.7.
• 7b63c6c Added notice to readme about development versions
• 7b88058 - Update the ruby and rails compatibility tables. (bquorning)
• 55ad48a - Reorder Minitest::Test.ancestors to allow reaching Minitest::Assertions#ski...
• 06bae5b Added ruby 3.4 to CI
• 8a59450 - Fixed expectation docs for must/wont_pattern_match. (jaredcwhite)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions