Bump the "all" group with 1 updates across multiple ecosystems

[dependabot]

Bumps the all group with 11 updates:

Package	From	To
omniauth-rails_csrf_protection	1.0.2	2.0.0
sorbet-runtime	0.6.12798	0.6.12825
sorbet	0.6.12798	0.6.12825
sorbet-static-and-runtime	0.6.12798	0.6.12825
connection_pool	2.5.5	3.0.2
json	2.16.0	2.17.1
rbi	0.3.7	0.3.8
rdoc	6.15.1	6.17.0
sorbet-static	0.6.12798	0.6.12825
stringio	3.1.8	3.1.9
yard	0.9.37	0.9.38

Updates omniauth-rails_csrf_protection from 1.0.2 to 2.0.0

Release notes

Sourced from omniauth-rails_csrf_protection's releases.

Version 2.0.0

• Stop using deprecated ActiveSupport::Configurable when this gem is running against Action Pack version 8.1 and later (#23, #24)

Commits

• 2348375 Bump to 2.0.0
• c283d1d Update README to add OmniAuth's built-in solution
• 2cf722b Add workaround for deprecated AS::Configurable
• 431597e Silence #to_time warning in Rails 8.0.x
• 5e9c8a2 Print Ruby version in the test output
• 3e62c05 Remove unnecessary logger gem entry in Gemfile
• f9810a5 Update build matrix and fix build errors
• 14b611d Merge pull request #22 from nevans/update-ci-for-rails-8
• 8688c86 Add rails 7.2 and 8.0 to the build matrix
• See full diff in compare view

Updates sorbet-runtime from 0.6.12798 to 0.6.12825

Release notes

Sourced from sorbet-runtime's releases.

sorbet 0.6.12824.20251205155401-2f23153d6

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12824', :group => :development
gem 'sorbet-runtime', '0.6.12824'

sorbet 0.6.12823.20251205153446-8e9dcf469

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12823', :group => :development
gem 'sorbet-runtime', '0.6.12823'

sorbet 0.6.12822.20251205181837-f9e948f8b

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12822', :group => :development
gem 'sorbet-runtime', '0.6.12822'

sorbet 0.6.12821.20251205143919-2274f1b22

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12821', :group => :development
gem 'sorbet-runtime', '0.6.12821'

sorbet 0.6.12820.20251205140758-9659de922

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12820', :group => :development
gem 'sorbet-runtime', '0.6.12820'

sorbet 0.6.12819.20251205165026-258e72595

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12819', :group => :development
gem 'sorbet-runtime', '0.6.12819'

sorbet 0.6.12818.20251205133355-ada846ce8

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12818', :group => :development
gem 'sorbet-runtime', '0.6.12818'

sorbet 0.6.12817.20251205144321-a9789cfd4

... (truncated)

Commits

• See full diff in compare view

Updates sorbet from 0.6.12798 to 0.6.12825

Release notes

Sourced from sorbet's releases.

sorbet 0.6.12824.20251205155401-2f23153d6

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12824', :group => :development
gem 'sorbet-runtime', '0.6.12824'

sorbet 0.6.12823.20251205153446-8e9dcf469

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12823', :group => :development
gem 'sorbet-runtime', '0.6.12823'

sorbet 0.6.12822.20251205181837-f9e948f8b

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12822', :group => :development
gem 'sorbet-runtime', '0.6.12822'

sorbet 0.6.12821.20251205143919-2274f1b22

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12821', :group => :development
gem 'sorbet-runtime', '0.6.12821'

sorbet 0.6.12820.20251205140758-9659de922

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12820', :group => :development
gem 'sorbet-runtime', '0.6.12820'

sorbet 0.6.12819.20251205165026-258e72595

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12819', :group => :development
gem 'sorbet-runtime', '0.6.12819'

sorbet 0.6.12818.20251205133355-ada846ce8

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12818', :group => :development
gem 'sorbet-runtime', '0.6.12818'

sorbet 0.6.12817.20251205144321-a9789cfd4

... (truncated)

Commits

• See full diff in compare view

Updates sorbet-static-and-runtime from 0.6.12798 to 0.6.12825

Release notes

Sourced from sorbet-static-and-runtime's releases.

sorbet 0.6.12824.20251205155401-2f23153d6

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12824', :group => :development
gem 'sorbet-runtime', '0.6.12824'

sorbet 0.6.12823.20251205153446-8e9dcf469

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12823', :group => :development
gem 'sorbet-runtime', '0.6.12823'

sorbet 0.6.12822.20251205181837-f9e948f8b

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12822', :group => :development
gem 'sorbet-runtime', '0.6.12822'

sorbet 0.6.12821.20251205143919-2274f1b22

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12821', :group => :development
gem 'sorbet-runtime', '0.6.12821'

sorbet 0.6.12820.20251205140758-9659de922

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12820', :group => :development
gem 'sorbet-runtime', '0.6.12820'

sorbet 0.6.12819.20251205165026-258e72595

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12819', :group => :development
gem 'sorbet-runtime', '0.6.12819'

sorbet 0.6.12818.20251205133355-ada846ce8

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12818', :group => :development
gem 'sorbet-runtime', '0.6.12818'

sorbet 0.6.12817.20251205144321-a9789cfd4

... (truncated)

Commits

• See full diff in compare view

Updates connection_pool from 2.5.5 to 3.0.2

Changelog

Sourced from connection_pool's changelog.

3.0.2

• Support :name keyword for backwards compatibility #210

3.0.1

• Add missing fork.rb to gemspec.

3.0.0

• BREAKING CHANGES ConnectionPool and ConnectionPool::TimedStack now use keyword arguments rather than positional arguments everywhere. Expected impact is minimal as most people use the with API, which is unchanged.

pool = ConnectionPool.new(size: 5, timeout: 5)
pool.checkout(1) # 2.x
pool.reap(30)    # 2.x
pool.checkout(timeout: 1) # 3.x
pool.reap(idle_seconds: 30) # 3.x

• Dropped support for Ruby <3.2.0

Commits

• 78bc41e bump, changes
• 955c64f Support :name keyword arg for backwards compat, #210
• 0dae4dd Fix missing fork.rb
• f0d6dd2 docs
• 84a66b9 refactor idle reaping for readability
• e7825d6 fix CI warning
• 9e03836 fork refactoring
• 6213bf5 ci tuning
• 5d3f6c1 Connection Pool 3.0 (#209)
• 949f950 Add benchmark to validate fast path performance
• See full diff in compare view

Updates json from 2.16.0 to 2.17.1

Release notes

Sourced from json's releases.

v2.17.0

What's Changed

• Improve JSON.load and JSON.unsafe_load to allow passing options as second argument.
• Fix the parser to no longer ignore invalid escapes in strings. Only \", \\, \b, \f, \n, \r, \t and \u are valid JSON escapes.
• Fixed JSON::Coder to use the depth it was initialized with.
• On TruffleRuby, fix the generator to not call to_json on the return value of as_json for Float::NAN.
• Fixed handling of state.depth: when to_json changes state.depth but does not restore it, it is reset automatically to its initial value. In particular, when a NestingError is raised, depth is no longer equal to max_nesting after the call to generate, and is reset to its initial value. Similarly when to_json raises an exception.

Full Changelog: ruby/json@v2.16.0...v2.17.0

Changelog

Sourced from json's changelog.

2025-12-04 (2.17.1)

• Fix a regression in parsing of unicode surogate pairs (\uXX\uXX) that could cause an invalid string to be returned.

2025-12-03 (2.17.0)

• Improve JSON.load and JSON.unsafe_load to allow passing options as second argument.
• Fix the parser to no longer ignore invalid escapes in strings. Only \", \\, \b, \f, \n, \r, \t and \u are valid JSON escapes.
• Fixed JSON::Coder to use the depth it was initialized with.
• On TruffleRuby, fix the generator to not call to_json on the return value of as_json for Float::NAN.
• Fixed handling of state.depth: when to_json changes state.depth but does not restore it, it is reset automatically to its initial value. In particular, when a NestingError is raised, depth is no longer equal to max_nesting after the call to generate, and is reset to its initial value. Similarly when to_json raises an exception.

Commits

• e5e4fd5 Release 2.17.1
• 0fce370 Fix a regression in parsing of unicode surogate pairs
• 4bdb2d1 Release 2.17.0
• ccca602 Fix handling of depth
• 7b62fac Fix duplicated test_unsafe_load_with_options test case
• e0257b9 Reproduce C ext behavior of ignoring mutated depth in arrays
• 386b36f Test and restore behavior around to_json changing depth
• c54de70 Improve JSON.load and JSON.unsafe_load to allow passing options as second...
• 65d62dc Merge pull request #909 from nobu/macro_args
• 8fb7279 Fix macro arguments
• Additional commits viewable in compare view

Updates rbi from 0.3.7 to 0.3.8

Release notes

Sourced from rbi's releases.

v0.3.8

What's Changed

✨ Enhancements

• Add support for T::Module[] by @​Morriar in Shopify/rbi#536

🐛 Bug Fixes

• Properly translate all the builtin generic types to RBS by @​Morriar in Shopify/rbi#537

🛠 Other Changes

• Remove outdated TODO comment by @​KaanOzkan in Shopify/rbi#525
• Fully-qualify uses of Sorbet's T by @​tavianator in Shopify/rbi#528
• Configure trusted publishing by @​egiurleo in Shopify/rbi#540

New Contributors

• @​tavianator made their first contribution in Shopify/rbi#528

Full Changelog: Shopify/rbi@v0.3.7...v0.3.8

Commits

• 4dbf003 Bump to v0.3.8
• a080201 Merge pull request #540 from Shopify/trusted-publisher
• f613401 Configure trusted publishing
• a72932b Merge pull request #538 from Shopify/dependabot/github_actions/actions/checko...
• fba81de Bump actions/checkout from 5.0.0 to 6.0.0
• c64086a Merge pull request #539 from Shopify/dependabot/github_actions/ruby/setup-rub...
• 752f729 Bump ruby/setup-ruby from 1.267.0 to 1.268.0
• 295427e Merge pull request #537 from Shopify/at-translate-builtins
• e4c07f9 Merge pull request #536 from Shopify/at-module
• cc00350 Properly translate all the builtin generic types to RBS
• Additional commits viewable in compare view

Updates rdoc from 6.15.1 to 6.17.0

Release notes

Sourced from rdoc's releases.

v6.17.0

What's Changed

✨ Enhancements

• Aliki: Add padding to TOC by @​Earlopain in ruby/rdoc#1481
• Apply markup in table cell by @​ksss in ruby/rdoc#1483
• Improve main sidebar by @​st0012 in ruby/rdoc#1485

🐛 Bug Fixes

• Aliki: Make hamburger toggle non-selectable by @​Earlopain in ruby/rdoc#1480
• Remove align-self from nav that restricted toc-list width by @​tompng in ruby/rdoc#1486
• Fix source code styling issues by @​st0012 in ruby/rdoc#1487

🛠 Other Changes

• Bump actions/checkout from 5.0.1 to 6.0.0 by @​dependabot[bot] in ruby/rdoc#1482

New Contributors

• @​ksss made their first contribution in ruby/rdoc#1483

Full Changelog: ruby/rdoc@v6.16.1...v6.17.0

v6.16.1

What's Changed

✨ Enhancements

• Add version query string to Aliki assets for cache busting by @​st0012 in ruby/rdoc#1476

Full Changelog: ruby/rdoc@v6.16.0...v6.16.1

v6.16.0

What's Changed

✨ Enhancements

• New theme: "Aliki" by @​st0012 in ruby/rdoc#1432

🐛 Bug Fixes

• searcher.js: handle missing RegExp.escape by @​byroot in ruby/rdoc#1442

🛠 Other Changes

• Bump rubygems/release-gem from 1.1.1 to 1.1.2 by @​dependabot[bot] in ruby/rdoc#1444
• Bump step-security/harden-runner from 2.13.1 to 2.13.2 by @​dependabot[bot] in ruby/rdoc#1448
• Regroup tests under folder structure by @​st0012 in ruby/rdoc#1443
• Change comment directive parsing by @​tompng in ruby/rdoc#1149
• Fix erb linting errors and remove unnecessary code by @​st0012 in ruby/rdoc#1449
• [Aliki] Set default overflow wrap behavior to avoid overflow on mobile by @​st0012 in ruby/rdoc#1453
• [Aliki] Set scroll-margin-top to all heading inside by @​tompng in ruby/rdoc#1454
• [Aliki] Add classes and modules list to class page's sidebar by @​st0012 in ruby/rdoc#1457
• [Aliki] Stable calculation of active toc by @​tompng in ruby/rdoc#1456
• [Aliki] Remove nav detail's nested padding-right by @​tompng in ruby/rdoc#1455
• Fix rb_define_method(singleton_class_of_module, ...) not to change nested module name by @​tompng in ruby/rdoc#1458

... (truncated)

Commits

• 108d617 Bump version to 6.17.0
• e70854b Fix source code styling issues (#1487)
• be2efc2 Remove align-self from nav that restricted toc-list width (#1486)
• f08d027 Improve main sidebar (#1485)
• d51bfc0 Apply markup in table cell (#1483)
• f85cf5c Aliki: Add padding to TOC (#1481)
• 52c1363 Bump actions/checkout from 5.0.1 to 6.0.0 (#1482)
• 156490d Aliki: Make hamburger toggle non-selectable (#1480)
• 6079cda Add version query string to Aliki assets for cache busting (#1476)
• c55c1f5 Bump version to 6.16.0 (#1474)
• Additional commits viewable in compare view

Updates sorbet-static from 0.6.12798 to 0.6.12825

Release notes

Sourced from sorbet-static's releases.

sorbet 0.6.12824.20251205155401-2f23153d6

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12824', :group => :development
gem 'sorbet-runtime', '0.6.12824'

sorbet 0.6.12823.20251205153446-8e9dcf469

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12823', :group => :development
gem 'sorbet-runtime', '0.6.12823'

sorbet 0.6.12822.20251205181837-f9e948f8b

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12822', :group => :development
gem 'sorbet-runtime', '0.6.12822'

sorbet 0.6.12821.20251205143919-2274f1b22

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12821', :group => :development
gem 'sorbet-runtime', '0.6.12821'

sorbet 0.6.12820.20251205140758-9659de922

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12820', :group => :development
gem 'sorbet-runtime', '0.6.12820'

sorbet 0.6.12819.20251205165026-258e72595

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12819', :group => :development
gem 'sorbet-runtime', '0.6.12819'

sorbet 0.6.12818.20251205133355-ada846ce8

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.12818', :group => :development
gem 'sorbet-runtime', '0.6.12818'

sorbet 0.6.12817.20251205144321-a9789cfd4

... (truncated)

Commits

• See full diff in compare view

Updates stringio from 3.1.8 to 3.1.9

Release notes

Sourced from stringio's releases.

stringio 3.1.9 - 2025-12-01

Improvements

• [DOC] Tweaks for StringIO#each_line

  • GH-165

• [DOC] Doc for StringIO.size

  • GH-175

• [DOC] Tweaks for StringIO#fsync

  • GH-173

• [DOC] Fix #seek link

  • GH-174

• Add a note about chilled string support to 3.1.8 release note

  • GH-180 fixes GH-179

Fixes

• JRuby: Removed use of RubyBasicObject.flags
  • GH-182

Thanks

• Burdette Lamar

• Charles Oliver Nutter

Changelog

Sourced from stringio's changelog.

3.1.9 - 2025-12-01

Improvements

• [DOC] Tweaks for StringIO#each_line

  • GH-165

• [DOC] Doc for StringIO.size

  • GH-175

• [DOC] Tweaks for StringIO#fsync

  • GH-173

• [DOC] Fix #seek link

  • GH-174

• Add a note about chilled string support to 3.1.8 release note

  • GH-180 fixes GH-179

Fixes

• JRuby: Removed use of RubyBasicObject.flags
  • GH-182

Thanks

• Burdette Lamar

• Charles Oliver Nutter

Commits

• 5f9b937 Add 3.1.9 release note
• 78da7ae Eliminate access of RubyBasicObject flags
• c3474bf Bump actions/checkout from 5 to 6 (#181)
• 69bb19a Add a note about chilled string support to 3.1.8 release note (#180)
• d026549 [DOC] Fix #seek link (#174)
• 67b5d88 [DOC] Tweaks for StringIO#fsync (#173)
• 95a1110 [DOC] Doc for StringIO.size (#171)
• ff332ab [DOC] Tweaks for StringIO#each_line (#165)
• 95c2a0c Development of 3.1.9 started.
• See full diff in compare view

Updates yard from 0.9.37 to 0.9.38

Release notes

Sourced from yard's releases.

Release v0.9.38

• Add support for complex constant assignment (#1599)
• Add support for Data type structs (#1600)
• Support multi method duck type syntax in type explainer (#1631)
• Improve Ruby 3.5 compatibility (#1616)
• Update documentation for various type annotations (#1615)
• JavaScript frontend updates (resizer, JS bugs, reduce console verbosity) for default template
• Fix beginless/endless range errors (#1549, #1625)
• Fix path structure in Templates.md documentation (#1588)
• Fix signature handling in overload (#1590)
• Fix handling of **nil with named block (#1623)
• Fix directives in empty class bodies (#1624)
• Fix parsing of array within array syntax (#1604)
• Fix parsing of visibility keywords in front of class methods (#1632)

Changelog

Sourced from yard's changelog.

0.9.38 - December 5th, 2025

• Add support for complex constant assignment (#1599)
• Add support for Data type structs (#1600)
• Support multi method duck type syntax in type explainer (#1631)
• Improve Ruby 3.5 compatibility (#1616)
• Update documentation for various type annotations (#1615)
• JavaScript frontend updates (resizer, JS bugs, reduce console verbosity) for default template
• Fix beginless/endless range errors (#1549, #1625)
• Fix path structure in Templates.md documentation (#1588)
• Fix signature handling in overload (#1590)
• Fix handling of **nil with named block (#1623)
• Fix directives in empty class bodies (#1624)
• Fix parsing of array within array syntax (#1604)
• Fix parsing of visibility keywords in front of class methods (#1632)

Commits

• 34796c5 Update version / changelog
• e946455 Add support for duck types with multiple methods to TypesExplainer (#1631)
• 2aedf50 Respect Ruby semantics for bare visibility with singleton defs (#1632)
• c29c0cd Fix directives in empty class bodies (#1624)
• d4c6174 Handle **nil with named block without errors (#1623)
• 1a4f63d Fix unexpected empty source map stacks (#1625)
• c92f02a Fix frozen string literal mutation
• 63e7995 Respect Ruby semantics for bare visibility with singleton defs
• 3987200 Support duck types with multiple methods
• c6b0b16 Fix unexpected empty source map stacks
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions