Update Mend: high confidence minor and patch dependency updates

[mend-for-github-com]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
brakeman (source, changelog)	6.1.1 -> 6.2.2
capybara (changelog)	3.39.2 -> 3.40.0
cssbundling-rails (changelog)	1.3.3 -> 1.4.1
debug	1.9.1 -> 1.9.2
delayed_job (changelog)	4.1.11 -> 4.1.13
delayed_job_active_record	4.1.8 -> 4.1.11
eslint-plugin-import	2.27.5 -> 2.31.0
image_processing	1.12.2 -> 1.13.0
jbuilder (changelog)	2.11.5 -> 2.13.0
jsbundling-rails (changelog)	1.2.1 -> 1.3.1
listen (changelog)	3.8.0 -> 3.9.0
minitest (changelog)	">= 5.15.0", "< 5.22.0" -> ">= 5.15.0", "< 5.25.3"
propshaft	0.8.0 -> 0.9.1
qunit (source)	2.19.4 -> 2.22.0
rack (changelog)	3.0.8 -> 3.1.8
rake (changelog)	13.1.0 -> 13.2.1
redis (changelog)	5.0.8 -> 5.3.0
rexml (changelog)	3.2.6 -> 3.3.9
rubocop-minitest (source, changelog)	0.34.3 -> 0.36.0
sprockets-rails (changelog)	3.4.2 -> 3.5.2
stackprof (changelog)	0.2.25 -> 0.2.26
stimulus-rails (source)	1.3.0 -> 1.3.4
terser (changelog)	1.1.20 -> 1.2.4
trix (source)	2.0.5 -> 2.1.8
webmock (changelog)	3.19.1 -> 3.24.0
webpack	4.46.0 -> 4.47.0
webrick	1.8.1 -> 1.9.0

---

Release Notes

presidentbeef/brakeman (brakeman)

v6.2.2

Compare Source

• Ignore more native gems when building gem
• Revamp command injection in pipeline* calls
• New end-of-support dates for Rails

v6.2.1

Just a packaging fix for brakeman.gem

v6.2.0

• Add --show-ignored option (Gabriel Zayas)
• Add optional support for Prism parser
• Warn about unscoped finds with find_by!
• Treat ::X and X the same, for now (Jill Klang)
• Fix compatibility with default frozen string literals (Jean Boussier)
• Remediation advice for command injection (Nicholas Barone)
• Fix Ruby warnings in test suite (Jean Boussier)
• Support YAML aliases in secret configs (Chedli Bourguiba)
• Add initial Rails 8 support (Ron Shinall)
• Handle mass assignment with splats
• Add support for symbolic links (Lu Zhu)

v6.1.2

Compare Source

• Update Highline to 3.0
• Add EOL date for Ruby 3.3.0
• Avoid copying Sexps that are too large
• Avoid detecting ViewComponentContrib::Base as dynamic render paths (vividmuimui)
• Remove deprecated use of Kernel#open("|...")
• Remove safe_yaml gem dependency
• Avoid detecting Phlex components as dynamic render paths (Máximo Mussini)

teamcapybara/capybara (capybara)

v3.40.0

Compare Source

Release date: 2024-01-26

Changned

• Dropped support for Ruby 2.7, 3.0+ is now required
• Dropped support for Selenium < 4.8
• Use the new headless option on chromedriver with registered selenium driver [Neil Carvalho]

Added

• Capybara::Result#to_ary to support multiple assignment [Sean Doyle]
• has_element? and related matchers [Sean Doyle]
• Rack 3 support

Fixed

• Forward save_screenshot options to selenium - Issue 2738
• Rack test - don't auto submit forms with multiple inputs [Mitchell Henke]
• Table row selector matches cell values in order - Issue 2686 [Jeff Parr]
• Table row selector fixes for first column - Issue 2685 [Jeff Par]

rails/cssbundling-rails (cssbundling-rails)

v1.4.1

Compare Source

What's Changed

• Disable loading .env file when running foreman for development by @​Flixt in https://github.com/rails/cssbundling-rails/pull/155
• Overwrite bin/dev by force to deal with new default bin/dev file coming in Rails 8 by @​dhh

Full Changelog: rails/cssbundling-rails@v1.4.0...v1.4.1

v1.4.0

Compare Source

What's Changed

• Fix bun/bootstrap escaping issue by @​dhh in 09d81cb
• Synchronize bin/dev from jsbundling-rails to cssbundling-rails by @​dorianmarie in https://github.com/rails/cssbundling-rails/pull/151
• Use Thor's apply instead of a prerequisite task by @​jonathanhefner in https://github.com/rails/cssbundling-rails/pull/150
• Fix running "rails new --css bootstrap" on 7.1 by @​skipkayhil in https://github.com/rails/cssbundling-rails/pull/147
• PNPM Support by @​ksylvest in https://github.com/rails/cssbundling-rails/pull/145

New Contributors

• @​sedubois made their first contribution in https://github.com/rails/cssbundling-rails/pull/129
• @​dorianmarie made their first contribution in https://github.com/rails/cssbundling-rails/pull/151
• @​jonathanhefner made their first contribution in https://github.com/rails/cssbundling-rails/pull/150
• @​tylerpaige made their first contribution in https://github.com/rails/cssbundling-rails/pull/148
• @​skipkayhil made their first contribution in https://github.com/rails/cssbundling-rails/pull/147
• @​ksylvest made their first contribution in https://github.com/rails/cssbundling-rails/pull/145

Full Changelog: rails/cssbundling-rails@v1.3.3...v1.4.0

ruby/debug (debug)

v1.9.2

Compare Source

What's Changed

• config
  • Make irb_console toggleable with config update by @​st0012 in https://github.com/ruby/debug/pull/1057
• internal
  • Stop assuming Array#each is written in C by @​k0kubun in https://github.com/ruby/debug/pull/1061
  • Add base64 gem to the dependencies by @​y-yagi in https://github.com/ruby/debug/pull/1066
  • Support Ruby 3.4's new error message format by @​hsbt in https://github.com/ruby/debug/pull/1080
  • catch up ruby 3.4.0 error related changes by @​ko1 in https://github.com/ruby/debug/pull/1083
  • Fix syntax warnings by @​casperisfine in https://github.com/ruby/debug/pull/1072
  • Drop base64 dependency by @​Earlopain in https://github.com/ruby/debug/pull/1071
  • Fix ENOENT error when readline is not loaded by @​lazyatom in https://github.com/ruby/debug/pull/1073
  • Remove and Restore irb configuration like irbrc while irb console tests by @​hsbt in https://github.com/ruby/debug/pull/1067
  • Use rb_iseqw_to_iseq to get iseq pointer by @​peterzhu2118 in https://github.com/ruby/debug/pull/1093
• tests
  • Add Ruby 3.3 to CI matrix by @​st0012 in https://github.com/ruby/debug/pull/1058
  • Use ruby/actions workflow for ruby versions by @​m-nakamura145 in https://github.com/ruby/debug/pull/1065
  • Separate setup and execution steps in CI by @​ono-max in https://github.com/ruby/debug/pull/1088
  • Fix flakey test "test_reponse_returns_correct_threads_info" by @​ono-max in https://github.com/ruby/debug/pull/1089
  • Add Launchable in CI by @​ono-max in https://github.com/ruby/debug/pull/1090
• doc
  • Correct the irb command's description by @​st0012 in https://github.com/ruby/debug/pull/1056
  • Fix prelude doc example to use curly braces by @​adam12 in https://github.com/ruby/debug/pull/1052
  • Mention IRB console in readme by @​st0012 in https://github.com/ruby/debug/pull/1092

New Contributors

• @​Earlopain made their first contribution in https://github.com/ruby/debug/pull/1071
• @​lazyatom made their first contribution in https://github.com/ruby/debug/pull/1073
• @​m-nakamura145 made their first contribution in https://github.com/ruby/debug/pull/1065

Full Changelog: ruby/debug@v1.9.1...v1.9.2

collectiveidea/delayed_job (delayed_job)

v4.1.13

Compare Source

=======================

• Enable Rails 8

v4.1.12

Compare Source

=======================

• Add missing require for extract_options
• Fix rails 7.2 ActiveSupport::ProxyObject deprecation
• Multiple contributors on current and legacy test suite improvements

collectiveidea/delayed_job_active_record (delayed_job_active_record)

v4.1.11

Compare Source

What's Changed

• Rails 8 by @​albus522 in https://github.com/collectiveidea/delayed_job_active_record/pull/242
• Fix some typos by @​jdufresne in https://github.com/collectiveidea/delayed_job_active_record/pull/240
• Prepare 4.1.11 release by @​albus522 in https://github.com/collectiveidea/delayed_job_active_record/pull/243

New Contributors

• @​jdufresne made their first contribution in https://github.com/collectiveidea/delayed_job_active_record/pull/240

Full Changelog: collectiveidea/delayed_job_active_record@v4.1.10...v4.1.11

v4.1.10

Compare Source

What's Changed

• Fix error in updated clear_all_connections handling by @​albus522 in https://github.com/collectiveidea/delayed_job_active_record/pull/236

Full Changelog: collectiveidea/delayed_job_active_record@v4.1.9...v4.1.10

v4.1.9

Compare Source

What's Changed

• Fix deprecation warning for clear_all_connections! by @​c960657 in https://github.com/collectiveidea/delayed_job_active_record/pull/226
• Optimize PG reservation query for PG >=9.5 by @​stevenharman in https://github.com/collectiveidea/delayed_job_active_record/pull/215
• Optimize mysql query with trilogy gem by @​taketo1113 in https://github.com/collectiveidea/delayed_job_active_record/pull/222
• Add trilogy gem to CI by @​taketo1113 in https://github.com/collectiveidea/delayed_job_active_record/pull/223
• Multiple test suite update contributors

New Contributors

• @​taketo1113 made their first contribution in https://github.com/collectiveidea/delayed_job_active_record/pull/222
• @​m-nakamura145 made their first contribution in https://github.com/collectiveidea/delayed_job_active_record/pull/224
• @​c960657 made their first contribution in https://github.com/collectiveidea/delayed_job_active_record/pull/226
• @​stevenharman made their first contribution in https://github.com/collectiveidea/delayed_job_active_record/pull/215

Full Changelog: collectiveidea/delayed_job_active_record@v4.1.8...v4.1.9

import-js/eslint-plugin-import (eslint-plugin-import)

v2.31.0

Compare Source

Added

• support eslint v9 ([#​2996], thanks [@​G-Rath] [@​michaelfaith])
• [order]: allow validating named imports ([#​3043], thanks [@​manuth])
• [extensions]: add the checkTypeImports option ([#​2817], thanks [@​phryneas])

Fixed

• ExportMap / flat config: include languageOptions in context ([#​3052], thanks [@​michaelfaith])
• [no-named-as-default]: Allow using an identifier if the export is both a named and a default export ([#​3032], thanks [@​akwodkiewicz])
• [export]: False positive for exported overloaded functions in TS ([#​3065], thanks [@​liuxingbaoyu])
• exportMap: export map cache is tainted by unreliable parse results ([#​3062], thanks [@​michaelfaith])
• exportMap: improve cacheKey when using flat config ([#​3072], thanks [@​michaelfaith])
• adjust "is source type module" checks for flat config ([#​2996], thanks [@​G-Rath])

Changed

• [Docs] [no-relative-packages]: fix typo ([#​3066], thanks [@​joshuaobrien])
• [Performance] [no-cycle]: dont scc for each linted file ([#​3068], thanks [@​soryy708])
• [Docs] [no-cycle]: add disableScc to docs ([#​3070], thanks [@​soryy708])
• [Tests] use re-exported RuleTester ([#​3071], thanks [@​G-Rath])
• [Docs] [no-restricted-paths]: fix grammar ([#​3073], thanks [@​unbeauvoyage])
• [Tests] [no-default-export], [no-named-export]: add test case (thanks [@​G-Rath])

v2.30.0

Compare Source

Added

• [dynamic-import-chunkname]: add allowEmpty option to allow empty leading comments ([#​2942], thanks [@​JiangWeixian])
• [dynamic-import-chunkname]: Allow empty chunk name when webpackMode: 'eager' is set; add suggestions to remove name in eager mode ([#​3004], thanks [@​amsardesai])
• [no-unused-modules]: Add ignoreUnusedTypeExports option ([#​3011], thanks [@​silverwind])
• add support for Flat Config ([#​3018], thanks [@​michaelfaith])

Fixed

• [no-extraneous-dependencies]: allow wrong path ([#​3012], thanks [@​chabb])
• [no-cycle]: use scc algorithm to optimize ([#​2998], thanks [@​soryy708])
• [no-duplicates]: Removing duplicates breaks in TypeScript ([#​3033], thanks [@​yesl-kim])
• [newline-after-import]: fix considerComments option when require ([#​2952], thanks [@​developer-bandi])
• [order]: do not compare first path segment for relative paths ([#​2682]) ([#​2885], thanks [@​mihkeleidast])

Changed

• [Docs] [no-extraneous-dependencies]: Make glob pattern description more explicit ([#​2944], thanks [@​mulztob])
• [no-unused-modules]: add console message to help debug [#​2866]
• [Refactor] ExportMap: make procedures static instead of monkeypatching exportmap ([#​2982], thanks [@​soryy708])
• [Refactor] ExportMap: separate ExportMap instance from its builder logic ([#​2985], thanks [@​soryy708])
• [Docs] [order]: Add a quick note on how unbound imports and --fix ([#​2640], thanks [@​minervabot])
• [Tests] appveyor -> GHA (run tests on Windows in both pwsh and WSL + Ubuntu) ([#​2987], thanks [@​joeyguerra])
• [actions] migrate OSX tests to GHA ([ljharb#37], thanks [@​aks-])
• [Refactor] exportMapBuilder: avoid hoisting ([#​2989], thanks [@​soryy708])
• [Refactor] ExportMap: extract "builder" logic to separate files ([#​2991], thanks [@​soryy708])
• [Docs] [order]: update the description of the pathGroupsExcludedImportTypes option ([#​3036], thanks [@​liby])
• [readme] Clarify how to install the plugin ([#​2993], thanks [@​jwbth])

v2.29.1

Compare Source

Fixed

• [no-extraneous-dependencies]: ignore export type { ... } from '...' when includeTypes is false ([#​2919], thanks [@​Pandemic1617])
• [no-unused-modules]: support export patterns with array destructuring ([#​2930], thanks [@​ljharb])
• [Deps] update tsconfig-paths ([#​2447], thanks [@​domdomegg])

v2.29.0

Compare Source

Added

• TypeScript config: add .cts and .mts extensions ([#​2851], thanks [@​Zamiell])
• [newline-after-import]: new option exactCount and docs update ([#​1933], thanks [@​anikethsaha] and [@​reosarevok])
• [newline-after-import]: fix exactCount with considerComments false positive, when there is a leading comment ([#​2884], thanks [@​kinland])

v2.28.1

Compare Source

Fixed

• [order]: revert breaking change to single nested group ([#​2854], thanks [@​yndajas])

Changed

• [Docs] remove duplicate fixable notices in docs ([#​2850], thanks [@​bmish])

v2.28.0

Compare Source

Fixed

• [no-duplicates]: remove duplicate identifiers in duplicate imports ([#​2577], thanks [@​joe-matsec])
• [consistent-type-specifier-style]: fix accidental removal of comma in certain cases ([#​2754], thanks [@​bradzacher])
• [Perf] ExportMap: Improve ExportMap.for performance on larger codebases ([#​2756], thanks [@​leipert])
• [no-extraneous-dependencies]/TypeScript: do not error when importing inline type from dev dependencies ([#​2735], thanks [@​andyogo])
• [newline-after-import]/TypeScript: do not error when re-exporting a namespaced import ([#​2832], thanks [@​laurens-dg])
• [order]: partial fix for [#​2687] (thanks [@​ljharb])
• [no-duplicates]: Detect across type and regular imports ([#​2835], thanks [@​benkrejci])
• [extensions]: handle . and .. properly ([#​2778], thanks [@​benasher44])
• [no-unused-modules]: improve schema (thanks [@​ljharb])
• [no-unused-modules]: report error on binding instead of parent export ([#​2842], thanks [@​Chamion])

Changed

• [Docs] [no-duplicates]: fix example schema ([#​2684], thanks [@​simmo])
• [Docs] [group-exports]: fix syntax highlighting ([#​2699], thanks [@​devinrhode2])
• [Docs] [extensions]: reference node ESM behavior ([#​2748], thanks [@​xM8WVqaG])
• [Refactor] [exports-last]: use array.prototype.findlastindex (thanks [@​ljharb])
• [Refactor] [no-anonymous-default-export]: use object.fromentries (thanks [@​ljharb])
• [Refactor] [no-unused-modules]: use array.prototype.flatmap (thanks [@​ljharb])

janko/image_processing (image_processing)

v1.13.0

Compare Source

• [minimagick] Use -append when calling #append with no arguments (@​janko)

• [vips] Avoid lines on the side when rotating by multiples of 90 degrees (@​etherbob)

• Add #resize_to_cover that allows resizing an image to cover a given rectangle without cropping the excess (@​brendon)

rails/jbuilder (jbuilder)

v2.13.0

Compare Source

What's Changed

• Redirect to @record or path in controller generator by @​jeromedalbert in https://github.com/rails/jbuilder/pull/569
• Return early from collection partial rendering if blank by @​tylerjc in https://github.com/rails/jbuilder/pull/560
• Add missing ':see_other' status code in generated destroy controller method by @​ldeld in https://github.com/rails/jbuilder/pull/538
• Remove OpenStruct references from Jbuilder by @​mtsmfm in https://github.com/rails/jbuilder/pull/567
• Use new params.expect syntax instead of params.require by @​jeromedalbert in https://github.com/rails/jbuilder/pull/573

New Contributors

• @​jeromedalbert made their first contribution in https://github.com/rails/jbuilder/pull/570
• @​tylerjc made their first contribution in https://github.com/rails/jbuilder/pull/560
• @​ldeld made their first contribution in https://github.com/rails/jbuilder/pull/538
• @​mtsmfm made their first contribution in https://github.com/rails/jbuilder/pull/567

Full Changelog: rails/jbuilder@v2.12.0...v2.13.0

v2.12.0

Compare Source

What's Changed

• Use OpenStruct only if available by @​yahonda in https://github.com/rails/jbuilder/pull/562
• Replace deprecated ProxyObject with BasicObject by @​Earlopain in https://github.com/rails/jbuilder/pull/563
• Avoid loading ActionController::API constant by @​nvasilevski in https://github.com/rails/jbuilder/pull/529
• Fixed a bug where #​501 broke compatibility with Enumerable by @​yuki24 in https://github.com/rails/jbuilder/pull/531
• Fix namespace issue when generating jbuilder views by @​hahmed in https://github.com/rails/jbuilder/pull/536
• Remove reliance on ERBTracker from rails by @​HParker in https://github.com/rails/jbuilder/pull/504
• Fix require path of dependency_tracker in railtie.rb by @​jalyna in https://github.com/rails/jbuilder/pull/552

New Contributors

• @​nvasilevski made their first contribution in https://github.com/rails/jbuilder/pull/529
• @​okuramasafumi made their first contribution in https://github.com/rails/jbuilder/pull/526
• @​berkos made their first contribution in https://github.com/rails/jbuilder/pull/528
• @​hahmed made their first contribution in https://github.com/rails/jbuilder/pull/536
• @​casperisfine made their first contribution in https://github.com/rails/jbuilder/pull/550
• @​jalyna made their first contribution in https://github.com/rails/jbuilder/pull/552
• @​yahonda made their first contribution in https://github.com/rails/jbuilder/pull/562
• @​Earlopain made their first contribution in https://github.com/rails/jbuilder/pull/563
• @​stefannibrasil made their first contribution in https://github.com/rails/jbuilder/pull/539

Full Changelog: rails/jbuilder@v2.11.5...v2.12.0

rails/jsbundling-rails (jsbundling-rails)

v1.3.1

Compare Source

What's Changed

• Move esbuild|rollup|webpack to devDependencies instead of dependencies by @​saltyshiomix in https://github.com/rails/jsbundling-rails/pull/194
• Include .gitattributes when building the gem by @​pokonski in https://github.com/rails/jsbundling-rails/pull/193
• Overwrite bin/dev by force to deal with new default bin/dev file coming in Rails 8 by @​dhh
• Disable loading .env file when running foreman for development by @​Flixt

Full Changelog: https://github.com/rails/jsbundling-rails/comp

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box