build(deps): bump the bundler group across 1 directory with 7 updates

[dependabot]

Bumps the bundler group with 7 updates in the / directory:

Package	From	To
puma	8.0.0	8.0.1
bigdecimal	4.1.1	4.1.2
json	2.19.3	2.19.4
minitest	6.0.3	6.0.5
mustermann	3.0.4	3.1.1
parallel	2.0.0	2.1.0
rake	13.3.1	13.4.2

Updates puma from 8.0.0 to 8.0.1

Release notes

Sourced from puma's releases.

v8.0.1

• Bugfixes

  • Fix prune_bundler stripping user-configured BUNDLE_* env vars (e.g. BUNDLE_WITHOUT) on re-exec, which caused workers to crash on boot (#3929)

• Performance

  • Use blocks for debug logging to avoid creating log messages when debug is disabled (#3920)

• Docs

  • Fix incorrect hook names in gRPC docs (#3923)
  • Reword v8 upgrade guide IPv6 bullet for clarity (#3928)

Changelog

Sourced from puma's changelog.

8.0.1 / 2026-04-27

• Bugfixes

  • Fix prune_bundler stripping user-configured BUNDLE_* env vars (e.g. BUNDLE_WITHOUT) on re-exec, which caused workers to crash on boot (#3929)

• Performance

  • Use blocks for debug logging to avoid creating log messages when debug is disabled (#3920)

• Docs

  • Fix incorrect hook names in gRPC docs (#3923)
  • Reword v8 upgrade guide IPv6 bullet for clarity (#3928)

Commits

• cee7e61 Release v8.0.1 (#3932)
• f955caf Fix prune_bundler stripping user-configured BUNDLE_* env vars on re-exec (#3929)
• 97996aa ci: test_error_logger.rb - fix TruffleRuby error (#3930)
• 03825bc Build(deps): Bump actions/github-script from 8 to 9 (#3925)
• 053efae Reword v8 upgrade guide ipv6 bullet (#3928)
• b19f35a Fix incorrect hook names in gRPC docs (#3923)
• eeabe4b Use blocks for debug logging to avoid creating messages if debug disabled (#3...
• See full diff in compare view

Updates bigdecimal from 4.1.1 to 4.1.2

Release notes

Sourced from bigdecimal's releases.

v4.1.2

What's Changed

• Optimize BigDecimal#to_s by @​byroot in ruby/bigdecimal#519
• Fix calloc-transposed-args warning by @​nobu in ruby/bigdecimal#520
• Use '0'+n for converting single digit to char by @​tompng in ruby/bigdecimal#521
• Revert "Add a workaround for slow BigDecimal#to_f when it has large N_significant_digits" by @​tompng in ruby/bigdecimal#522
• BigMath.exp overflow/underflow check by @​tompng in ruby/bigdecimal#523
• Fix unary minus on unsigned type warning by @​tompng in ruby/bigdecimal#525
• Update dtoa to version from Ruby 4.0 by @​jhawthorn in ruby/bigdecimal#528
• Bump version to v4.1.2 by @​tompng in ruby/bigdecimal#529

New Contributors

• @​jhawthorn made their first contribution in ruby/bigdecimal#528

Full Changelog: ruby/bigdecimal@v4.1.1...v4.1.2

Changelog

Sourced from bigdecimal's changelog.

4.1.2

• Fix dtoa Ractor-safety bug. Update dtoa to version from Ruby 4.0 GH-528

  @​jhawthorn

• Optimize BigDecimal#to_s GH-519

  @​byroot

Commits

• 9160561 Bump version to v4.1.2 (#529)
• 8050ec7 Update dtoa to version from Ruby 4.0 (#528)
• f8a02b2 Merge pull request #526 from ruby/dependabot/github_actions/step-security/har...
• ac9a5cd Bump step-security/harden-runner from 2.16.1 to 2.17.0
• 6b51b99 Fix unary minus on unsigned type warning (#525)
• 50b80b1 BigMath.exp overflow/underflow check (#523)
• fc54487 Revert "Add a workaround for slow BigDecimal#to_f when it has large N_signifi...
• 72937b7 Use '0'+n for converting single digit to char (#521)
• 8ac1498 Merge pull request #517 from ruby/dependabot/github_actions/rubygems/release-...
• 3c89db5 Merge pull request #518 from ruby/dependabot/github_actions/step-security/har...
• Additional commits viewable in compare view

Updates json from 2.19.3 to 2.19.4

Release notes

Sourced from json's releases.

v2.19.4

What's Changed

• Fix parsing of out of range floats (very large exponents that lead to either 0.0 or Inf).

Full Changelog: ruby/json@v2.19.2...v2.19.4

Changelog

Sourced from json's changelog.

2026-04-19 (2.19.4)

• Fix parsing of out of range floats (very large exponents that lead to either 0.0 or Inf).

Commits

• 6688a81 Release 2.19.4
• f1e6163 Fix references to NAN and INFINITY in documentation comments
• 18d5475 Reduce warnings
• 1072482 Fix parsing of negative out of bound floats.
• 20454ba Fix handling out of of range exponent in numbers
• 0e99fcb Fix json generation for symbols on TruffleRuby
• ac0670b Keep Integer#to_json optimized and adapt the test
• 35db859 Avoid extra String#+@ calls, interpolated strings are already mutable
• d0b47b0 Avoid method redefinition warnings in test_broken_bignum
• e871d07 test_broken_bignum: avoid fork and subprocess for robustness
• Additional commits viewable in compare view

Updates minitest from 6.0.3 to 6.0.5

Changelog

Sourced from minitest's changelog.

=== 6.0.5 / 2026-04-20

• 2 bug fixes:

  • Avoid circular requires in lib/minitest/server_plugin.rb.
  • Raise TypeError if assert_raises is passed anything but modules/classes.

=== 6.0.4 / 2026-04-14

• 1 bug fix:

  • Fixed refute_predicate to call assert_respond_to w/ include_all:true like assert_predicate does. (jparker)

Commits

• 89c3e62 Branching minitest to version 6.0.5
• 6790f86 - Raise TypeError if assert_raises is passed anything but modules/classes.
• 235fa5b - Avoid circular requires in lib/minitest/server_plugin.rb.
• 5f0482e prepped for release
• b12f87f - Fixed refute_predicate to call assert_respond_to w/ include_all:true like a...
• See full diff in compare view

Updates mustermann from 3.0.4 to 3.1.1

Changelog

Sourced from mustermann's changelog.

Changelog

Mustermann follows Semantic Versioning 2.0. Anything documented in the README or via YARD and not declared private is part of the public API.

Upcoming Releases

Mustermann 4.0.0

Breaking changes

• Mustermann::Pattern#match will now return Mustermann::Match instead of either MatchData or Mustermann::SimpleMatch. This object behaves similar to the previous return values, but also implements #params and #pattern.
• Moved Mustermann::Mapper and Mustermann::PatternCache from mustermann to mustermann-contrib.
• Removed special code for Sinatra 1.x. If you want to use Mustermann with Sinatra, please upgrade to any of the Sinatra versions released since 2017.

New features

• Mustermann::Rails now supports Rails up to version 8.2 (previously 5.0).
• Added Mustermann::Hybrid, a pattern that's a union of Sinatra, Rails and URI Template syntax. It is designed to be as compatible as possible with all three syntaxes.
• Added Mustermann::Set to mustermann, which is a collection of patterns with associated values, designed for building routing tables that dispatch efficiently as the number of routes grows.
• Reintroduce Mustermann::Router, now based on Mustermann::Set, for demonstration purposes and use in small applications or middleware. Simple and fast.
• The capture option now supports special class and symbol values, that both set an expected capture pattern and define a params converter.
• Mustermann::Pattern#+ and Mustermann::Pattern#| now return single patterns instead of composite patterns in significantly more cases, like having non-overlapping captures.
• Nicer inspect and pretty_print for patterns and other objects.

Here's an example using Mustermann::Hybrid, Mustermann::Set, and the new capture options:

require "mustermann/set"
set = Mustermann::Set.new(type: :hybrid, capture: { id: Integer, user_id: Integer, slug: :slug })
adding values is optional
set.add "/users",                "users.index"
set.add "/users/:id",            "users.show"
set.add "/posts",                "posts.index"
set.add "/users/:user_id/posts", "posts.index"
set.add "/posts/:id(-:slug)",    "posts.show" # slug is optional
match = set.match("/posts/42-awesome-post")
id is automatically converted to an Integer, and slug is available as a string
match.params # => { id: 42, slug: "awesome-post" }
You can access the pattern and value that matched
match.value   # => "posts.show"
match.pattern # => #<Mustermann::Hybrid:"/posts/:id(-:slug)">
Generate a path from a set value and params
set.expand("posts.index")              # => "/posts"
</tr></table>

... (truncated)

Commits

• 97a46ad v3.1.1
• 7445f32 remove visualizer injection into inspect and pretty_print, fixes #153
• e7721d8 Fix markup in README
• a33272b Move Rails pattern documentation from mustermann-contrib to mustermann
• 5cfd230 Fix code example
• 656eb61 Fix typo
• 518fb7e Increase version to 3.1.1
• 8fd53a0 Improve Mustermann::Pattern#hash to reduce the chance of collisions on JRuby ...
• c01b375 Small README improvements
• 408bf34 update changelog
• Additional commits viewable in compare view

Updates parallel from 2.0.0 to 2.1.0

Changelog

Sourced from parallel's changelog.

2.1.0

Added

• support different serializers
• support for HMac verified serializer to secure hardened environments

2.0.1

Added

• require mfa for gem release

Commits

• cd5ba09 v2.1.0
• 71eb9a3 Merge pull request #373 from grosser/grosser/hmac
• 1fdf79a prevent pipe injection
• fa1cc25 Merge pull request #372 from tagliala/chore/remove-regex-match
• 9aed9a4 Prefer String#include? and match? over =~
• de62c89 Merge pull request #371 from tagliala/chore/remove-old-spec
• 1df9204 Remove stale Darwin hwprefs spec
• d20c207 Merge pull request #368 from grosser/grosser/speed
• a55c3bc speed up tests
• f9c570b v2.0.1
• Additional commits viewable in compare view

Updates rake from 13.3.1 to 13.4.2

Commits

• 503b8ec v13.4.2
• 46038e7 Merge pull request #723 from ruby/fix/testopts-preserve-existing-value
• 604a3d9 Isolate TESTOPTS env in TestRakeTestTask setup/teardown
• 5886caa Preserve ENV["TESTOPTS"] when verbose is enabled
• 92193ac v13.4.1
• b74be0b Merge pull request #721 from ruby/fix/add-options-to-gemspec
• 829f66d Add lib/rake/options.rb to gemspec
• 2d55bc4 v13.4.0
• 1415070 Exclude dependabot updates from release note
• b3dc948 Merge pull request #713 from pvdb/simplify_standard_system_dir
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.