Bump the bundler group with 6 updates

[dependabot]

Bumps the bundler group with 6 updates:

Package	From	To
activejob	8.1.2.1	8.1.3
rake	13.0.6	13.4.2
rspec	3.12.0	3.13.2
rubyzip	3.2.2	3.4.0
sidekiq	8.1.1	8.1.6
standard	1.54.0	1.55.0

Updates activejob from 8.1.2.1 to 8.1.3

Release notes

Sourced from activejob's releases.

8.1.3

Active Support

• Fix JSONGemCoderEncoder to correctly serialize custom object hash keys.

  When hash keys are custom objects whose as_json returns a Hash, the encoder now calls to_s on the original key object instead of on the as_json result.

  Before: hash = {CustomKey.new(123) => "value"} hash.to_json # => {"{:id=>123}":"value"}

  After: hash.to_json # => {"custom_123":"value"}

  Dan Sharp

• Fix inflections to better handle overlapping acronyms.

  ActiveSupport::Inflector.inflections(:en) do |inflect|
    inflect.acronym "USD"
    inflect.acronym "USDC"
  end
  "USDC".underscore # => "usdc"

  Said Kaldybaev

• Silence Dalli 4.0+ warning when using ActiveSupport::Cache::MemCacheStore.

  zzak

Active Model

• Fix Ruby 4.0 delegator warning when calling inspect on attributes.

  Hammad Khan

• Fix NoMethodError when deserialising Type::Integer objects marshalled under Rails 8.0.

  The performance optimisation that replaced @range with @max/@min broke Marshal compatibility. Objects serialised under 8.0 (with @range) and deserialised under 8.1 (expecting @max/@min) would crash with undefined method '<=' for nil because Marshal.load restores instance variables without calling initialize.

... (truncated)

Changelog

Sourced from activejob's changelog.

Rails 8.1.3 (March 24, 2026)

• No changes.

Commits

• fa8f081 Preparing for 8.1.3 release
• 63cef3d Merge branch '8-1-sec' into 8-1-stable
• 0924172 Fix deprecation of sidekiq/testing in integration test adapter
• 3277c4e Fix deprecation of sidekiq/testing/inline
• See full diff in compare view

Updates rake from 13.0.6 to 13.4.2

Changelog

Sourced from rake's changelog.

=== 13.2.1

• Suppressed "internal:array:52:in 'Array#each'" from backtrace by @​hsbt in #554
• Bump actions/configure-pages from 4 to 5 by @​dependabot in #553

=== 13.2.0

• Fix rule example to be correct by @​zenspider in #525
• Switch to use test-unit by @​hsbt in #536
• Removed redundant block by @​hsbt in #537
• Use Struct instead of OpenStruct. by @​hsbt in #545
• Accept FileList object as directory task's target by @​gemmaro in #530
• Fix exception when exception has nil backtrace by @​janbiedermann in #451
• Add TruffleRuby on CI by @​andrykonchin in #551

=== 13.1.0

• Added dependabot.yml for actions by @​hsbt in #416
• Add Ruby 3.1 to the CI matrix by @​petergoldstein in #415
• (Performance) Remove unnecessary I/O syscalls for FileTasks by @​da2x in #393
• Skip test failure with JRuby by @​hsbt in #418
• Remove bin/rdoc by @​tnir in #421
• Remove bin/rake by @​tnir in #422
• Remove bin/bundle by @​tnir in #425
• Apply RuboCop linting for Ruby 2.3 by @​tnir in #423
• Update rubocop to work with Ruby 2.4 compatible by @​tnir in #424
• chore: fix typo in comments by @​tnir in #429
• Use 'test' as workflow name on Actions by @​tnir in #427
• docs: update CONTRIBUTING.rdoc by @​tnir in #428
• Add RuboCop job to Actions by @​tnir in #426
• Lock minitest-5.15.0 for Ruby 2.2 by @​hsbt in #442
• Eagerly require set in thread_pool.rb by @​jeremyevans in #440
• Avoid creating an unnecessary thread pool by @​jeremyevans in #441
• Add credit for maintenance in Rake 12/13 by @​tnir in #443
• Sh fully echoes commands which error exit by @​MarkDBlackwell in #147
• Correct RuboCop offenses by @​deivid-rodriguez in #444
• [StepSecurity] ci: Harden GitHub Actions by @​step-security-bot in #450
• Add ruby 3.2 to test matrix by @​hanneskaeufler in #458
• Missing 'do' on example by @​zzak in #467
• Try to use dependabot automerge by @​hsbt in #470
• Rewrite auto-merge feature for dependabot by @​hsbt in #471
• Update bundler in Dependabot by @​ono-max in #472
• Fix grammar in help text by @​mebezac in #381
• Try to use ruby/ruby/.github/workflows/ruby_versions.yml@master by @​hsbt in #475
• Use GitHub Pages Action for generating rdoc page by @​hsbt in #477
• Support #detailed_message when task failed by @​ksss in #486
• Debug at stop when task fail by @​ksss in #489
• Drop to support Ruby 2.2 by @​hsbt in #492
• Bump up setup-ruby by @​hsbt in #497
• Update development dependencies by @​hsbt in #505

Commits

• 503b8ec v13.4.2
• 46038e7 Merge pull request #723 from ruby/fix/testopts-preserve-existing-value
• 604a3d9 Isolate TESTOPTS env in TestRakeTestTask setup/teardown
• 5886caa Preserve ENV["TESTOPTS"] when verbose is enabled
• 92193ac v13.4.1
• b74be0b Merge pull request #721 from ruby/fix/add-options-to-gemspec
• 829f66d Add lib/rake/options.rb to gemspec
• 2d55bc4 v13.4.0
• 1415070 Exclude dependabot updates from release note
• b3dc948 Merge pull request #713 from pvdb/simplify_standard_system_dir
• Additional commits viewable in compare view

Updates rspec from 3.12.0 to 3.13.2

Commits

• See full diff in compare view

Updates rubyzip from 3.2.2 to 3.4.0

Release notes

Sourced from rubyzip's releases.

v3.4.0

Version 3.4.0

3.4.0 adds lib/rubyzip.rb to make including rubyzip in your Gemfile easier. See README.md for details.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

v3.3.1

Version 3.3.1

The 3.3.x line ensures that Zip::InputStream behaves more like standard Ruby IO classes.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

v3.3.0

Version 3.3.0

The 3.3.x line ensures that Zip::InputStream behaves more like standard Ruby IO classes.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

Changelog

Sourced from rubyzip's changelog.

3.4.0 (2026-06-14)

• Prevent entries from being extracted outside specified directory. #664. Thanks to @​connorshea for additional reporting on this.
• Use SecureRandom in place of insecure Random.
• Stop reading the central directory on first error.
• Add a check on number of declared entries in a zip file. Thanks to @​connorshea for reporting this.
• Add note to README re reporting security issues privately.
• Add lib/rubyzip.rb for Bundler auto-require. #660

Tooling/internal:

• Replace the test Excel spreadsheet fixture.
• Use assert_silent shorthand when expecting no output from a test.
• Clean up CentralDirectory instance variables.
• Add Ruby 4.0 to the Windows CI and update CI matrix in the README.
• List ZIP docs that we store here and link to online versions. #657

3.3.1 (2026-05-30)

• Reinstate default param for InputStream#sysread. #663

3.3.0 (2026-05-02)

• Refactor InputStream and AbstractInputStream. #661

Tooling/internal:

• Update Actions to use checkout@v5.
• Add Ruby4.0 to the CI matrix. #659

Commits

• 93f9e6f Update version number and Changelog for release.
• 17edfbf Prevent entries from being extracted outside specified directory.
• c590916 Replace the test Excel spreadsheet fixture.
• d07ee79 Use SecureRandom in place of insecure Random.
• ef5af4f Use assert_silent shorthand when expecting no output from a test.
• 31dfe7a Stop reading the central directory on first error.
• 8637792 Add a check on number of declared entries in a zip file.
• 73b4455 Clean up CentralDirectory instance variables.
• 033d0cf Add note to README re reporting security issues privately.
• c1ba5b3 Add Ruby 4.0 to the Windows CI and update CI matrix in the README.
• Additional commits viewable in compare view

Updates sidekiq from 8.1.1 to 8.1.6

Changelog

Sourced from sidekiq's changelog.

8.1.6

• Fix reported thread/memory leak when jobs fail #7006
• Users can limit data displayed on Busy page with the only parameter /busy?only=(jobs|processes) #6992
• Replace Rack::Utils usage with standard library APIs
• Several minor fixes from AI scanners.

8.1.5

• Fix sub-second precision when computing the retry_for deadline #7003
• Identify Sidekiq connnections in Redis with CLIENT SETINFO #6986
• Fix edge case where Web UI could show an empty Batch set #6987

8.1.4

• The TTIN signal is undeprecated as the INFO signal is not supported on Linux
• Show iteration job state on Busy page #6978

8.1.3

• Fix edge case leading to duplicate, concurrent execution #6379 If 2 Capsules process jobs from the same queue, long-running jobs could run in parallel during process shutdown.
• [SECURITY] Remove as much YAML usage as possible. #6950 Localization files in web/locales are now manually parsed. Sidekiq::CLI will now only require YAML if you use a -C .yml file.

8.1.2

• Initial release for kiq, Sidekiq's official terminal UI:

bundle exec kiq

Use REDIS_URL or REDIS_PROVIDER to point kiq to Redis.

• Mutation during iteration in SortedSet#each caused it to miss half of the jobs #6936
• Fix edge case resulting in nil crash on /busy page #6954

Commits

• 90da768 changes [ciskip]
• 94c8888 update changes [ciskip]
• 393b56c ensure that busy?only parameter survives Live Poll refresh, #6992
• 6008c4f remove more rack::utils usage
• f87657d Rename example erb to follow Herb's filenaming scheme
• 7a4302d Remove rack::utils usage, use CGI
• 88c4d7b bump
• 832b343 Implement parameter to limit data displayed on Busy page, fixes #6992
• 6820de0 Add unit tests for Sidekiq::JobUtil (#6999)
• b8393fa Add unit tests for Sidekiq::Paginator (#7000)
• Additional commits viewable in compare view

Updates standard from 1.54.0 to 1.55.0

Changelog

Sourced from standard's changelog.

1.55.0

• Updates rubocop to 1.87.0

Commits

• 9073e02 🇬🇦v1.55.0
• 1f1b4c5 Merge pull request #812 from standardrb/updates-2026-06-10
• 711cb6c Updating this test to deal with the changes with how Rubocop 1.87 reprots paths
• 7b68ae3 Fixes the lockfile
• 4aaa17d Updates rubocop to the latest
• 697036e Merge pull request #804 from standardrb/dependabot/github_actions/step-securi...
• 4395612 Bump step-security/harden-runner from 2.14.1 to 2.18.0
• b83a805 Merge pull request #803 from standardrb/dependabot/bundler/rake-13.4.2
• cd05aad Bump rake from 13.3.1 to 13.4.2
• ae9a02b Merge pull request #793 from standardrb/dependabot/bundler/ruby-lsp-0.26.8
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions