chore(deps): bump the ruby-deps group with 6 updates

[dependabot]

Bumps the ruby-deps group with 6 updates:

Package	From	To
pagy	43.5.1	43.5.3
tzinfo-data	1.2026.1	1.2026.2
puma	8.0.0	8.0.1
view_component	4.7.0	4.8.0
irb	1.17.0	1.18.0
bullet	8.1.0	8.1.1

Updates pagy from 43.5.1 to 43.5.3

Release notes

Sourced from pagy's releases.

Version 43.5.3

Changes in 43.5.3

• Autoload series, a_lambda and page_label
• Add Hungarian localization file for Pagy (#896)

CHANGELOG

Version 43

We needed a leap version to unequivocally signal that it's not just a major version: it's a complete redesign of the legacy code at all levels, usage and API included.

Why 43? Because it's exactly one step beyond "The answer to the ultimate question of life, the Universe, and everything." 😉

Improvements

This version introduces several enhancements, such as new :countish and :keynav_js paginators and improved automation and configuration processes, reducing setup requirements by 99%. The update also includes a simpler API and new interactive development tools, making it a comprehensive upgrade from previous versions.

• New :countish Paginator
  • Faster than OFFSET and supporting the full UI
• New Keynav Pagination
  • The pagy-exclusive technique using the fastest keyset pagination alongside all frontend helpers.
• New interactive dev-tools
  • New PagyWand to integrate the pagy CSS with your app themes.
  • New Pagy AI available right inside your own app.
• Intelligent automation
  • Configuration requirements reduced by 99%.
  • Simplified JavaScript setup.
  • Automatic I18n loading.
• Simpler API
  • You solely need the pagy method and the @​pagy instance to paginate any collection and use any navigation tag and helper.
  • Methods are autoloaded only if used, and consume no memory otherwise.
  • Methods have narrower scopes and can be overridden without deep knowledge.
• New documentation
  • Very concise, straightforward, and easy to navigate and understand.

Upgrade to 43

See the Upgrade Guide

... (truncated)

Changelog

Sourced from pagy's changelog.

Version 43.5.3

• Autoload series, a_lambda and page_label
• Add Hungarian localization file for Pagy (#896)

Version 43.5.2

• Add type validation for page and limit keys type (close #895)
• Simplify series_nav_js removing "pagy-rjs" CSS class (Fix #894)

Commits

• 5f08538 Merge branch 'dev'
• 874833c Version 43.5.3
• 4a0fba2 💎 Autoload series, a_lambda and page_label
• 55e0802 Improve Ferrum test stability
• d9b37f9 Improve page segment file
• 876b61f 💎 Add Hungarian localization file for Pagy (#896)
• 187e0da Merge branch 'dev'
• d67d69b Version 43.5.2
• 1f2d27d Update libs
• f3e3342 💎 Add type validation for page and limit keys type (close #895)
• Additional commits viewable in compare view

Updates tzinfo-data from 1.2026.1 to 1.2026.2

Release notes

Sourced from tzinfo-data's releases.

v1.2026.2

Based on version 2026b of the IANA Time Zone Database (https://lists.iana.org/hyperkitty/list/[email protected]/message/VX2Z3CBO6KHTYZNBBKFFWM7ZCI6TVCXP/).

Commits

• 256b802 Update to JRuby 10.1.
• 2b9af11 Update to tzdata version 2026b.
• See full diff in compare view

Updates puma from 8.0.0 to 8.0.1

Release notes

Sourced from puma's releases.

v8.0.1

• Bugfixes

  • Fix prune_bundler stripping user-configured BUNDLE_* env vars (e.g. BUNDLE_WITHOUT) on re-exec, which caused workers to crash on boot (#3929)

• Performance

  • Use blocks for debug logging to avoid creating log messages when debug is disabled (#3920)

• Docs

  • Fix incorrect hook names in gRPC docs (#3923)
  • Reword v8 upgrade guide IPv6 bullet for clarity (#3928)

Changelog

Sourced from puma's changelog.

8.0.1 / 2026-04-27

• Bugfixes

  • Fix prune_bundler stripping user-configured BUNDLE_* env vars (e.g. BUNDLE_WITHOUT) on re-exec, which caused workers to crash on boot (#3929)

• Performance

  • Use blocks for debug logging to avoid creating log messages when debug is disabled (#3920)

• Docs

  • Fix incorrect hook names in gRPC docs (#3923)
  • Reword v8 upgrade guide IPv6 bullet for clarity (#3928)

Commits

• cee7e61 Release v8.0.1 (#3932)
• f955caf Fix prune_bundler stripping user-configured BUNDLE_* env vars on re-exec (#3929)
• 97996aa ci: test_error_logger.rb - fix TruffleRuby error (#3930)
• 03825bc Build(deps): Bump actions/github-script from 8 to 9 (#3925)
• 053efae Reword v8 upgrade guide ipv6 bullet (#3928)
• b19f35a Fix incorrect hook names in gRPC docs (#3923)
• eeabe4b Use blocks for debug logging to avoid creating messages if debug disabled (#3...
• See full diff in compare view

Updates view_component from 4.7.0 to 4.8.0

Release notes

Sourced from view_component's releases.

4.8.0

• Add compile.view_component ActiveSupport::Notifications event for eager compilation at boot time.

  Joel Hawksley, GitHub Copilot

Changelog

Sourced from view_component's changelog.

4.8.0

• Add compile.view_component ActiveSupport::Notifications event for eager compilation at boot time.

  Joel Hawksley, GitHub Copilot

Commits

• d7e8cb4 Merge pull request #2615 from ViewComponent/release-4-8-0
• 091e30a fix flaky tesT
• 9e0dae4 release 4.8.0
• ef90407 Merge pull request #2613 from ViewComponent/instrument-compilation
• d920918 clean up test
• 3cc6d61 simplify test
• d7947fc Add compile.view_component ActiveSupport::Notifications event for eager compi...
• 5d84af8 Merge pull request #2612 from ViewComponent/dependabot/bundler/propshaft-1.3.2
• 8f4ef89 Bump propshaft from 1.3.1 to 1.3.2
• 9ae4d79 Merge pull request #2611 from ViewComponent/dependabot/bundler/yard-0.9.43
• Additional commits viewable in compare view

Updates irb from 1.17.0 to 1.18.0

Release notes

Sourced from irb's releases.

v1.18.0

What's Changed

✨ Enhancements

• Completely migrate to prism by @​tompng in ruby/irb#1160
• Suppress error highlight for some incomplete code by @​tompng in ruby/irb#1173
• Display command description in doc dialog on tab completion by @​st0012 in ruby/irb#1180
• Add startup banner with Ruby logo, version info, and tips by @​st0012 in ruby/irb#1183
• Highlight the method name in method calls by @​shugo in ruby/irb#1189
• Add --nobanner option to suppress startup banner by @​st0012 in ruby/irb#1200

🐛 Bug Fixes

• Make ls command work for BasicObjects by @​eikes in ruby/irb#1177
• Fix IRB crash when typing string literal with control/meta sequence by @​tompng in ruby/irb#1182
• Wait for pager to terminate by @​tompng in ruby/irb#1192
• Fix incorrect dash in startup message by @​st0012 in ruby/irb#1206
• Colorize KEYWORD_DO_BLOCK (added in head Prism) by @​tompng in ruby/irb#1207

🛠 Other Changes

• Silence default_external warning in tests by @​Earlopain in ruby/irb#1172
• Ruby >= 4.1.0 allows trailing comma in method signature by @​eikes in ruby/irb#1178
• Fix display_document test fails in tty environment by @​tompng in ruby/irb#1185
• Use Prism::ParseResult#continuable? if possible by @​tompng in ruby/irb#1184
• Do not open nesting for character literals by @​shugo in ruby/irb#1190
• Fix random EPIPE failure in SIGINT restore tests by @​k0kubun in ruby/irb#1191
• Bump version to 1.18.0 by @​st0012 in ruby/irb#1208

New Contributors

• @​Earlopain made their first contribution in ruby/irb#1172
• @​eikes made their first contribution in ruby/irb#1178
• @​shugo made their first contribution in ruby/irb#1190

Full Changelog: ruby/irb@v1.17.0...v1.18.0

Commits

• 31e068a Bump version to 1.18.0 (#1208)
• f49d6b5 Colorize KEYWORD_DO_BLOCK (added in head Prism) (#1207)
• 96342e7 Fix incorrect dash in startup message (#1206)
• 9b930c8 Add --nobanner option to suppress startup banner (#1200)
• 9dc2a85 Bump rubygems/release-gem from 1.1.4 to 1.2.0
• 454964c Bump actions/upload-pages-artifact from 4 to 5
• b9719d1 Bump step-security/harden-runner from 2.16.0 to 2.17.0
• ee2af9f Highlight the method name in method calls (#1189)
• 75ad68d Bump actions/configure-pages from 5 to 6
• 6f757b9 Bump actions/deploy-pages from 4 to 5
• Additional commits viewable in compare view

Updates bullet from 8.1.0 to 8.1.1

Changelog

Sourced from bullet's changelog.

8.1.1 (04/23/2026)

• Fix ActiveRecord 8.1 patch-level method signature compatibility; test against Rails 8.1.3.
• Handle string associations in safelist for Action Text
• Enhance N+1 query detection by including caller stack in association calls
• Update external links in README.md

Commits

• 4a6d5cf 🔧 chore(release): bump version to 8.1.1
• 78fa0f4 Merge pull request #769 from PhilippeBo/rails_compatibility
• e758042 Fix ActiveRecord 8.1 patch-level method signature compatibility; test against...
• ec551da 🐛 fix: handle string associations in safelist for Action Text
• d01d0ae Merge pull request #767 from kazuki-hanai/patch-1
• f5027a6 Update external links in README.md
• 260791d Merge pull request #765 from Abdelrhman-Yasser/improve-nplus1-stacktrace
• d5c7d6c Enhance N+1 query detection by including caller stack in association calls
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[mroderick]

Dependency Upgrade Review: Ruby Dependencies Group (6 packages)

PR Scope

Dependency-only - Only Gemfile.lock is modified. All changes are patch or minor version bumps.

Changes Summary

Package	From	To	Risk	Notes
pagy	43.5.1	43.5.3	Low	Autoload fixes + Hungarian locale
tzinfo-data	1.2026.1	1.2026.2	Low	IANA tzdata 2026b update
puma	8.0.0	8.0.1	Low	Bugfix for prune_bundler env vars
view_component	4.7.0	4.8.0	Low	New instrumentation event only
irb	1.17.0	1.18.0	Low	REPL improvements, bug fixes
bullet	8.1.0	8.1.1	Low	AR 8.1 compatibility fix

---

Detailed Analysis

pagy (43.5.1 → 43.5.3)

• Changes: Autoload series, a_lambda, page_label; add Hungarian localization
• Usage: Heavily used across the app (events_controller, dashboard_controller, admin/*_controller)
• Impact: No breaking changes. Autoload fixes improve performance; new locale is additive
• Tests: Controller specs cover pagination behaviour

tzinfo-data (1.2026.1 → 1.2026.2)

• Changes: IANA Time Zone Database 2026b (Paraguay DST change)
• Usage: Platform-agnostic tzdata for Windows; no direct code references
• Impact: Timezone data update only — safe to merge

puma (8.0.0 → 8.0.1)

• Changes: Bugfix for prune_bundler stripping BUNDLE_* env vars
• Usage: Production web server; config in config/puma.rb
• Impact: Fixes worker crash on boot — this is a positive fix
• Tests: Capybara uses Puma as test server (spec/support/capybara.rb)

view_component (4.7.0 → 4.8.0)

• Changes: Adds compile.view_component ActiveSupport::Notifications event
• Usage: One component (ChaptersSidebarComponent) with spec coverage
• Impact: Purely additive instrumentation; no API changes
• Tests: spec/components/chapters_sidebar_component_spec.rb passes

irb (1.17.0 → 1.18.0)

• Changes: REPL enhancements (banner, syntax highlighting), bug fixes
• Usage: Development console only (locked in Gemfile due to byebug)
• Impact: No runtime impact; development tooling improvements only

bullet (8.1.0 → 8.1.1)

• Changes: ActiveRecord 8.1 patch compatibility, Action Text safelist fix, N+1 stack traces
• Usage: Dev/test environment N+1 query detection
• Impact: Compatibility fixes — this is a positive fix
• Tests: Bullet runs during test suite (spec/spec_helper.rb)

---

Compatibility Assessment

Compatible — All upgrades are patch or minor versions with no breaking changes. Changes are either bug fixes, additive features, or data updates that don'''t affect the application'''s use of these libraries.

Test Coverage

• Pagy: Covered by controller specs that test pagination
• ViewComponent: Has dedicated component spec
• Bullet: Runs during entire test suite
• Puma: Used by Capybara for integration tests
• tzinfo-data/irb: No direct tests needed

Confidence Rating

High — All changes are well-documented patch releases. The application uses standard, well-tested APIs from each dependency. Test suite covers the critical paths.

[mroderick]

Approved: High confidence upgrade. All 6 dependencies are patch/minor releases with no breaking changes. Changes include bug fixes (puma, bullet), autoload improvements (pagy), timezone data update (tzinfo-data), REPL enhancements (irb), and additive instrumentation (view_component). Test coverage exists for all critical paths.