Skip to content

Bump the bundler-dependencies group across 1 directory with 3 updates#6

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/bundler-dependencies-6d20ca8fef
Open

Bump the bundler-dependencies group across 1 directory with 3 updates#6
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/bundler-dependencies-6d20ca8fef

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown

Bumps the bundler-dependencies group with 3 updates in the / directory: sqlite3, bootsnap and brakeman.

Updates sqlite3 from 2.9.4 to 2.9.5

Release notes

Sourced from sqlite3's releases.

2.9.5 / 2026-06-07

Dependencies

Security / Stability

78075b6337d3d182c6d2b4691049ed45cd220826160c9ea18946bf6a1de200dc  gems/sqlite3-2.9.5-aarch64-linux-gnu.gem
18c801185deb4adc01ddb281e8f672a39e3d1729979ca91e39439cd3eac0402d  gems/sqlite3-2.9.5-aarch64-linux-musl.gem
1bdfca0c7d63998c60b0f4a8e3c8df2d33800ccc4abd2d612eddbbbc92a4c48b  gems/sqlite3-2.9.5-arm-linux-gnu.gem
bae1109d12b2e9f588455967729b008e1ff4feb7761749df695019c9079913c6  gems/sqlite3-2.9.5-arm-linux-musl.gem
d0cf444a70fc9395d513cfbcc1e6719e224aa645314e3824cb0474c721425aa2  gems/sqlite3-2.9.5-arm64-darwin.gem
b00d5697994ee8589b6096694a2130aa5567db64373baca55ea98c9bf958f46a  gems/sqlite3-2.9.5-x64-mingw-ucrt.gem
c94b96b16f17796be6fa099d15218b52e396f55690c4760faaaefa21ebab9dd5  gems/sqlite3-2.9.5-x86-linux-gnu.gem
063a8c13cbadfe7f29453b1706cbdf91fca4a78d244f816ff20bac4fb259f1e4  gems/sqlite3-2.9.5-x86-linux-musl.gem
8e9caae38bd7ebb29cbeee3e7ab1d12dc2327d9a1b92c7fcf0dda05589627a81  gems/sqlite3-2.9.5-x86_64-darwin.gem
233dbcb6714148dd23bc5aeb33e8efd6eac974969564ddd5794c23d5f52b231e  gems/sqlite3-2.9.5-x86_64-linux-gnu.gem
e7d3a7474e8af0f96150c21abc203fbab5437206bfcdf11deab7741c0ca516f2  gems/sqlite3-2.9.5-x86_64-linux-musl.gem
04572973a3f943ad50a8adfffc8dd752a5f06e4c3db2026f71838fed8a982606  gems/sqlite3-2.9.5.gem
Changelog

Sourced from sqlite3's changelog.

2.9.5 / 2026-06-07

Dependencies

Security / Stability

Commits
  • 747e7de version bump to v2.9.5
  • 2bd436d Fix use-after-free issue with custom functions (#710)
  • b24e1e6 Fix use-after-free issue with aggregate functions (#711)
  • 9abc955 dep: update vendored sqlite to 3.53.2 (#709)
  • a3f8e71 For sqlcipher builds, prefer sqlcipher's header (#708)
  • 9292033 build(deps): bump the actions group across 1 directory with 3 updates (#707)
  • b79c841 Introduce a security reporting policy
  • See full diff in compare view

Updates bootsnap from 1.24.5 to 1.24.6

Changelog

Sourced from bootsnap's changelog.

1.24.6

  • Fix detection of Ruby bug #22023 on some patch versions of Ruby 3.4, and properly apply the workaround.
Commits
  • 026e183 Release 1.24.6
  • 263e346 Merge pull request #556 from byroot/remove-canary
  • 7c31cd8 Check for [Bug #22023] by checking Ruby version rather than a canary
  • 54eba76 Merge pull request #554 from byroot/namespace-overflow
  • fe963d5 bs_cache_path: account for namespace length
  • 7b42db6 Merge pull request #553 from arpitjain099/chore/declare-workflow-perms
  • 113b184 ci: add permissions: contents: read to ci
  • See full diff in compare view

Updates brakeman from 8.0.4 to 8.0.5

Release notes

Sourced from brakeman's releases.

8.0.5

Changelog

Sourced from brakeman's changelog.

8.0.5 - 2026-06-12

  • Add quote_schema_name to safe quote method list (Zsolt Kozaroczy)
  • Fix SQL injection false positive for compact_blank/compact on permitted params (Arpit Jain)
  • Fix inline render false positive for local named text (Arpit Jain)
  • Fix HAML crash on .raw calls (Federico Franco)
  • Fix Ruby version parsing - especially for non-CRuby versions (Chris Southerland Jr)
  • Fix TemplateAliasProcessor#template_name arity (viralpraxis)
  • Reduce false positives when using shell escaping
Commits
  • 104443e Bump to 8.0.5
  • 8e61e2a Update CHANGES
  • f014c15 Merge pull request #2028 from kiskoza/fix/quote_schema_name
  • 9227822 Merge pull request #2027 from arpitjain099/fix/brakeman-1915-render-partial-t...
  • 6788d28 Merge pull request #2025 from arpitjain099/fix/sql-fp-compact-blank
  • b7c3906 Add quote_schema_name to safe quote method list
  • f95c500 test: update line number for still-warns SQL injection case after fixture shift
  • 4fba779 base_processor: skip hash render-type extraction when type set positionally
  • 1e63a41 Fix SQL injection false positive for compact_blank/compact on permitted params
  • 7ff9e49 Merge pull request #2023 from FFederi/fix-haml-chained-raw-crash
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the bundler-dependencies group with 3 updates in the / directory: [sqlite3](https://github.com/sparklemotion/sqlite3-ruby), [bootsnap](https://github.com/rails/bootsnap) and [brakeman](https://github.com/presidentbeef/brakeman).


Updates `sqlite3` from 2.9.4 to 2.9.5
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/sqlite3-ruby@v2.9.4...v2.9.5)

Updates `bootsnap` from 1.24.5 to 1.24.6
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](rails/bootsnap@v1.24.5...v1.24.6)

Updates `brakeman` from 8.0.4 to 8.0.5
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](presidentbeef/brakeman@v8.0.4...v8.0.5)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-version: 2.9.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bundler-dependencies
- dependency-name: bootsnap
  dependency-version: 1.24.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bundler-dependencies
- dependency-name: brakeman
  dependency-version: 8.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bundler-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants