chore(deps): bump the ruby-deps group with 5 updates

[dependabot]

Bumps the ruby-deps group with 5 updates:

Package	From	To
pagy	43.3.0	43.3.1
rails-html-sanitizer	1.6.2	1.7.0
haml_lint	0.70.0	0.71.0
web-console	4.2.1	4.3.0
rubocop	1.84.2	1.85.0

Updates pagy from 43.3.0 to 43.3.1

Release notes

Sourced from pagy's releases.

Version 43.3.1

Changes in 43.3.1

• Update assets for a few apps
• Fix pagy.ts /.js input_nav update

CHANGELOG

Version 43

We needed a leap version to unequivocally signal that it's not just a major version: it's a complete redesign of the legacy code at all levels, usage and API included.

Why 43? Because it's exactly one step beyond "The answer to the ultimate question of life, the Universe, and everything." 😉

Improvements

This version introduces several enhancements, such as new :countish and :keynav_js paginators and improved automation and configuration processes, reducing setup requirements by 99%. The update also includes a simpler API and new interactive development tools, making it a comprehensive upgrade from previous versions.

• New :countish Paginator
  • Faster than OFFSET and supporting the full UI
• New Keynav Pagination
  • The pagy-exclusive technique using the fastest keyset pagination alongside all frontend helpers.
• New interactive dev-tools
  • New PagyWand to integrate the pagy CSS with your app themes.
  • New Pagy AI available right inside your own app.
• Intelligent automation
  • Configuration requirements reduced by 99%.
  • Simplified JavaScript setup.
  • Automatic I18n loading.
• Simpler API
  • You solely need the pagy method and the @​pagy instance to paginate any collection and use any navigation tag and helper.
  • Methods are autoloaded only if used, and consume no memory otherwise.
  • Methods have narrower scopes and can be overridden without deep knowledge.
• New documentation
  • Very concise, straightforward, and easy to navigate and understand.

Upgrade to 43

See the Upgrade Guide

Changelog

Sourced from pagy's changelog.

Version 43.3.1

• Update assets for a few apps
• Fix pagy.ts /.js input_nav update

Commits

• 39b2be5 Merge branch 'dev'
• debc98c Version 43.3.1
• 8c4c5b3 Update gems
• 0655d3e Update RM run configurations
• e8acc65 Improve docs
• 61aa160 Parallelize e2e tests
• a100906 💎 Update assets for a few apps
• aa74bda Refactor e2e testing:
• 69533c3 Refactor PagyApp:
• bd839fd Add minitest-reporter and improve backatrace readability
• Additional commits viewable in compare view

Updates rails-html-sanitizer from 1.6.2 to 1.7.0

Release notes

Sourced from rails-html-sanitizer's releases.

v1.7.0 / 2026-02-24

• Add Rails::HTML::Sanitizer.allowed_uri? which delegates to Loofah::HTML5::Scrub.allowed_uri?, allowing the Rails framework to check URI safety without a direct dependency on Loofah.

  The minimum Loofah dependency is now ~> 2.25.

  Mike Dalessio @​flavorjones

Changelog

Sourced from rails-html-sanitizer's changelog.

v1.7.0 / 2026-02-24

• Add Rails::HTML::Sanitizer.allowed_uri? which delegates to Loofah::HTML5::Scrub.allowed_uri?, allowing the Rails framework to check URI safety without a direct dependency on Loofah.

  The minimum Loofah dependency is now ~> 2.25.

  Mike Dalessio

Commits

• a8a0413 version bump to v1.7.0
• ea9e7a4 Merge pull request #214 from rails/add-allowed-uri
• f26dc35 Add Rails::HTML::Sanitizer.allowed_uri? delegating to Loofah
• cc83f51 Merge pull request #213 from rails/flavorjones/ruby-4-support
• ee54515 dev: ruby 4 support
• 2a8fe89 Merge pull request #208 from rails/dependabot/bundler/rack-3.1.17
• 2b0ecc7 build(deps-dev): bump rack from 3.1.16 to 3.1.17
• c7ab9f2 Merge pull request #206 from rails/dependabot/bundler/rack-3.1.16
• 0283ca4 build(deps-dev): bump rack from 3.1.14 to 3.1.16
• ba7a284 Merge pull request #204 from rails/dependabot/bundler/rack-3.1.14
• Additional commits viewable in compare view

Updates haml_lint from 0.70.0 to 0.71.0

Release notes

Sourced from haml_lint's releases.

v0.71.0

What's Changed

• Revert SpaceInsideParens violations in wrapped tag attributes change (#627)

Full Changelog: sds/haml-lint@v0.70.0...v0.71.0

Changelog

Sourced from haml_lint's changelog.

0.71.0

• Revert SpaceInsideParens violations in wrapped tag attributes change

Commits

• 73f075e Cut version 0.71.0 (#630)
• 9ac6174 Gracefully degrade if Coveralls is down (#631)
• See full diff in compare view

Updates web-console from 4.2.1 to 4.3.0

Release notes

Sourced from web-console's releases.

v4.3.0

What's Changed

• Drop unused dependency on activemodel by @​sambostock in rails/web-console#336
• Use × as close button instead of letter X by @​luiscobot in rails/web-console#338
• Always permit IPv4-mapped IPv6 loopback addresses by @​zunda in rails/web-console#342
• Fix CI by @​fatkodima in rails/web-console#345
• Fix compatiblity with latest rails by @​fatkodima in rails/web-console#344

Changelog

Sourced from web-console's changelog.

4.3.0

• #342 Always permit IPv4-mapped IPv6 loopback addresses ([@​zunda]).
• Fixed Rails 8.2.0.alpha support
• Drop Rails 7.2 support
• Drop Ruby 3.1 support

Commits

• 90e3474 Release 4.3.0
• bdbb391 Merge pull request #344 from fatkodima/fix-filter-proxies
• 950462c Fix compatiblity with latest rails
• c1f9252 Merge pull request #345 from fatkodima/fix-ci
• 6bc7159 Fix CI
• 859bc60 Merge pull request #342 from zunda/bind-on-ipv6
• c66460a Always permit IPv4-mapped IPv6 loopback addresses
• f3d437c Merge pull request #338 from luiscobot/patch-1
• 5383121 replace close icon with ×
• 9a5c089 Merge pull request #336 from sambostock/drop-active-model
• Additional commits viewable in compare view

Updates rubocop from 1.84.2 to 1.85.0

Release notes

Sourced from rubocop's releases.

RuboCop v1.85.0

New features

• #14921: Add mise.toml as source for TargetRubyVersion. ([@​kitsane][])
• #14925: Add new Lint/UnreachablePatternBranch cop. ([@​sferik][])
• #14942: Add new Style/FileOpen cop. ([@​sferik][])
• #14939: Add new Style/MapJoin cop. ([@​sferik][])
• #14924: Add new Style/OneClassPerFile cop. ([@​sferik][])
• #14923: Add new Style/PartitionInsteadOfDoubleSelect cop. ([@​sferik][])
• #14811: Add new Style/PredicateWithKind cop. ([@​sferik][])
• #14938: Add new Style/ReduceToHash cop. ([@​sferik][])
• #14812: Add new Style/RedundantMinMaxBy cop. ([@​sferik][])
• #13501: Add new Style/RedundantStructKeywordInit cop. ([@​koic][])
• #14808: Add new Style/SelectByKind cop. ([@​sferik][])
• #14810: Add new Style/SelectByRange cop. ([@​sferik][])
• #14922: Add new Style/TallyMethod cop. ([@​sferik][])
• #14773: Add new Lint/DataDefineOverride cop. ([@​bbatsov][])
• #14781: Add new InternalAffairs/ItblockHandler cop. ([@​bbatsov][])
• #14911: Support built-in MCP server (experimental). ([@​koic][])

Bug fixes

• #14829: Allow classes without a superclass in Style/EmptyClassDefinition. ([@​koic][])
• #14873: Fix an error in Style/NegatedWhile when the last expression of an until condition is negated. ([@​koic][])
• #14827: Improve Style/EmptyClassDefinition message wording. ([@​bbatsov][])
• #14800: Fix false obsolete configuration error for extracted cops when loaded as plugins. ([@​bbatsov][])
• #14928: Fix a false positive for Lint/Void when nil is used in case branch. ([@​5hun-s][])
• #14857: Fix false positives in Style/IfUnlessModifier when modifier forms are used inside string interpolations. ([@​koic][])
• #8773: Fix false positives in Style/HashTransformKeys and Style/HashTransformValues. ([@​sferik][])
• #6963: Fix false positives in Lint/Void for each blocks where the return value may be meaningful (e.g., Enumerator#each). ([@​sferik][])
• #14931: Ignore directive comments inside comments. ([@​koic][])
• #14834: Fix Layout/IndentationWidth false positive for chained method blocks when EnforcedStyleAlignWith is start_of_line. ([@​krororo][])
• #14756: Fix Lint/Void to detect void expressions in case/when branches. ([@​bbatsov][])
• #14874: Fix a Parser::ClobberingError in Lint/UselessAssignment when autocorrecting a useless assignment that wraps a block containing another useless assignment. ([@​koic][])
• #14880: Fix a false negative in Layout/MultilineAssignmentLayout when using numblock or itblock with SupportedTypes: ['block']. ([@​bbatsov][])
• #11462: Fix over-indentation when autocorrecting nested hashes with Layout/FirstHashElementIndentation. ([@​ydakuka][])
• #14880: Recognize block on different line from left side of multi-line assignment in Layout/MultilineAssignmentLayout. ([@​sanfrecce-osaka][])
• #14641: Fix false positive in Lint/RedundantSafeNavigation when using &.respond_to? with methods defined on Object (e.g., :class). ([@​bbatsov][])
• #14098: Mark Lint/SafeNavigationConsistency autocorrect as unsafe. ([@​bbatsov][])
• #14791: Fix autocorrect producing SyntaxError in Lint/InterpolationCheck when single quoted string contains double quotes with invalid interpolation. ([@​ydakuka][])

Changes

• #14872: Tweak autocorrection in Style/HashAsLastArrayItem when multiline hash elements. ([@​koic][])
• #14917: Change Style/EndlessMethod cop to consider receivers. ([@​fatkodima][])
• #14851: Reduce precision in 'Finished in X.X seconds' message to 5 decimal places. ([@​ZimbiX][])
• #14895: Rename class_definition to class_keyword in EnforcedStyle of Style/EmptyClassDefinition. ([@​koic][])
• #14956: Add support for String.new with interpolated strings to Style/RedundantInterpolationUnfreeze. ([@​lovro-bikic][])
• #14955: Register redundant parentheses around block body in Style/RedundantParentheses. ([@​lovro-bikic][])

... (truncated)

Changelog

Sourced from rubocop's changelog.

1.85.0 (2026-02-26)

New features

• #14921: Add mise.toml as source for TargetRubyVersion. ([@​kitsane][])
• #14925: Add new Lint/UnreachablePatternBranch cop. ([@​sferik][])
• #14942: Add new Style/FileOpen cop. ([@​sferik][])
• #14939: Add new Style/MapJoin cop. ([@​sferik][])
• #14924: Add new Style/OneClassPerFile cop. ([@​sferik][])
• #14923: Add new Style/PartitionInsteadOfDoubleSelect cop. ([@​sferik][])
• #14811: Add new Style/PredicateWithKind cop. ([@​sferik][])
• #14938: Add new Style/ReduceToHash cop. ([@​sferik][])
• #14812: Add new Style/RedundantMinMaxBy cop. ([@​sferik][])
• #13501: Add new Style/RedundantStructKeywordInit cop. ([@​koic][])
• #14808: Add new Style/SelectByKind cop. ([@​sferik][])
• #14810: Add new Style/SelectByRange cop. ([@​sferik][])
• #14922: Add new Style/TallyMethod cop. ([@​sferik][])
• #14773: Add new Lint/DataDefineOverride cop. ([@​bbatsov][])
• #14781: Add new InternalAffairs/ItblockHandler cop. ([@​bbatsov][])
• #14911: Support built-in MCP server (experimental). ([@​koic][])

Bug fixes

• #14829: Allow classes without a superclass in Style/EmptyClassDefinition. ([@​koic][])
• #14873: Fix an error in Style/NegatedWhile when the last expression of an until condition is negated. ([@​koic][])
• #14827: Improve Style/EmptyClassDefinition message wording. ([@​bbatsov][])
• #14800: Fix false obsolete configuration error for extracted cops when loaded as plugins. ([@​bbatsov][])
• #14928: Fix a false positive for Lint/Void when nil is used in case branch. ([@​5hun-s][])
• #14857: Fix false positives in Style/IfUnlessModifier when modifier forms are used inside string interpolations. ([@​koic][])
• #8773: Fix false positives in Style/HashTransformKeys and Style/HashTransformValues. ([@​sferik][])
• #6963: Fix false positives in Lint/Void for each blocks where the return value may be meaningful (e.g., Enumerator#each). ([@​sferik][])
• #14931: Ignore directive comments inside comments. ([@​koic][])
• #14834: Fix Layout/IndentationWidth false positive for chained method blocks when EnforcedStyleAlignWith is start_of_line. ([@​krororo][])
• #14756: Fix Lint/Void to detect void expressions in case/when branches. ([@​bbatsov][])
• #14874: Fix a Parser::ClobberingError in Lint/UselessAssignment when autocorrecting a useless assignment that wraps a block containing another useless assignment. ([@​koic][])
• #14880: Fix a false negative in Layout/MultilineAssignmentLayout when using numblock or itblock with SupportedTypes: ['block']. ([@​bbatsov][])
• #11462: Fix over-indentation when autocorrecting nested hashes with Layout/FirstHashElementIndentation. ([@​ydakuka][])
• #14880: Recognize block on different line from left side of multi-line assignment in Layout/MultilineAssignmentLayout. ([@​sanfrecce-osaka][])
• #14641: Fix false positive in Lint/RedundantSafeNavigation when using &.respond_to? with methods defined on Object (e.g., :class). ([@​bbatsov][])
• #14098: Mark Lint/SafeNavigationConsistency autocorrect as unsafe. ([@​bbatsov][])
• #14791: Fix autocorrect producing SyntaxError in Lint/InterpolationCheck when single quoted string contains double quotes with invalid interpolation. ([@​ydakuka][])

Changes

• #14872: Tweak autocorrection in Style/HashAsLastArrayItem when multiline hash elements. ([@​koic][])
• #14917: Change Style/EndlessMethod cop to consider receivers. ([@​fatkodima][])
• #14851: Reduce precision in 'Finished in X.X seconds' message to 5 decimal places. ([@​ZimbiX][])
• #14895: Rename class_definition to class_keyword in EnforcedStyle of Style/EmptyClassDefinition. ([@​koic][])
• #14956: Add support for String.new with interpolated strings to Style/RedundantInterpolationUnfreeze. ([@​lovro-bikic][])
• #14955: Register redundant parentheses around block body in Style/RedundantParentheses. ([@​lovro-bikic][])

Commits

• aa2797e Cut 1.85
• c0f3332 Update Changelog
• 934465c Fix MCP version number and add missing language to source blocks
• 0774181 Fix nav placement, code blocks, and minor doc issues
• bb1eae4 Update version example in installation docs to 1.84
• 276d1f0 Standardize code blocks to AsciiDoc [source] syntax
• 9c62a14 Merge pull request #14956 from lovro-bikic/redundant-interpolation-unfreeze-s...
• d011fde Merge pull request #14955 from lovro-bikic/redundant-parentheses-block-body
• 113f35c Add support for String.new with interpolated strings to Style/RedundantInterp...
• dc58188 Register redundant parentheses around block body in Style/RedundantParentheses
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions