Bump the bundler group across 1 directory with 3 updates

[dependabot]

Bumps the bundler group with 3 updates in the / directory: faraday, action_text-trix and httparty.

Updates faraday from 2.14.0 to 2.14.1

Release notes

Sourced from faraday's releases.

v2.14.1

Security Note

This release contains a security fix, we recommend all users to upgrade as soon as possible. A Security Advisory with more details will be posted shortly.

What's Changed

• Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by @​Copilot in lostisland/faraday#1642
• Add RFC document for Options architecture refactoring plan by @​Copilot in lostisland/faraday#1644
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in lostisland/faraday#1655
• Explicit top-level namespace reference by @​c960657 in lostisland/faraday#1657

New Contributors

• @​Copilot made their first contribution in lostisland/faraday#1642

Full Changelog: lostisland/faraday@v2.14.0...v2.14.1

Commits

• 16cbd38 Version bump to 2.14.1
• a6d3a3a Merge commit from fork
• b23f710 Explicit top-level namespace reference (#1657)
• 49ba4ac Bump actions/checkout from 5 to 6 (#1655)
• 51a49bc Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...
• 894f65c Add RFC document for Options architecture refactoring plan (#1644)
• 397e3de Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...
• d98c65c Update Faraday-specific AI agent guidelines
• 56c18ec Add AI agent guidelines specific to Faraday repository
• See full diff in compare view

Updates action_text-trix from 2.1.15 to 2.1.16

Release notes

Sourced from action_text-trix's releases.

v2.1.16

Security

• Attachment href attributes are now validated using DOMPurify.isValidAttribute() before rendering as anchor tags. @​flavorjones

Added

• New .editorElements and .editorElement properties have been added to <trix-toolbar> elements for accessing associated <trix-editor> elements. @​seanpdoyle #1127
• <trix-editor> elements can now function without an associated <input type="hidden"> element when using ElementInternals. This is configured by setting willCreateInput = false in the before-trix-initialize event and using the [name] attribute for form submissions. @​seanpdoyle #1128
• Alt text can now be set on attachment preview images via attachment.setAttributes({ alt: "..." }) in trix-attachment-add event handlers. @​seanpdoyle #1198
• Attachment preview URLs can be customized using the new setPreviewURL() and getPreviewURL() methods on ManagedAttachment, accessible from event handlers. @​seanpdoyle #1210
• A new trix-before-render event is dispatched before rendering, with a customizable render property for advanced use cases like morph-style rendering integration. @​seanpdoyle #1252
• When no associated <input> element is present, HTML content within <trix-editor> tags is now safely sanitized and loaded as the initial editor value. @​seanpdoyle #1253

New Contributors

• @​flavorjones made their first contribution in basecamp/trix#1234
• @​MatheusRich made their first contribution in basecamp/trix#1162

Full Changelog: basecamp/trix@v2.1.15...v2.1.16

Commits

• 5c8b688 v2.1.16
• 73c20cf Fix XSS vulnerability in attachment href rendering
• 07a5e47 Make "yarn version" commit changes to the ruby gem, too
• 1771514 Merge pull request #1271 from basecamp/flavorjones/ci-sauce-labs
• 04f803e ci: stabilize Sauce Labs with SC5 tunnel
• 93f5270 Merge pull request #1270 from basecamp/flavorjones/fix-minitest-errors
• 31045c9 action_text-trix: pin minitest to < 6
• 13eebda yarn build
• 696643d Merge pull request #1269 from basecamp/flavorjones/revert-mousedown-click-change
• 42f69dd Revert "Toolbar Button: Handle click instead of mousedown"
• Additional commits viewable in compare view

Updates httparty from 0.22.0 to 0.24.0

Release notes

Sourced from httparty's releases.

v0.24.0

What's Changed

• Force binary encoding throughout by @​jnunemaker in jnunemaker/httparty#823
• set Content-Type for Hash body in requests by @​jnunemaker in jnunemaker/httparty#828
• feat: stream multipart file uploads to reduce memory usage by @​jnunemaker in jnunemaker/httparty#829
• fix: prevent SSRF via absolute URL bypassing base_uri by @​jnunemaker in jnunemaker/httparty#830

Full Changelog: jnunemaker/httparty@v0.23.2...v0.24.0

0.23.2

What's Changed

• Add changelog_uri metadata to gemspec by @​baraidrissa in jnunemaker/httparty#817
• Fix multipart with files in binary mode and fields including non-ASCII characters by @​rdimartino in jnunemaker/httparty#822

New Contributors

• @​baraidrissa made their first contribution in jnunemaker/httparty#817
• @​rdimartino made their first contribution in jnunemaker/httparty#822

Full Changelog: jnunemaker/httparty@v0.23.1...v0.23.2

v0.23.1

• Add foul option to class level jnunemaker/httparty@d268387

Full Changelog: jnunemaker/httparty@v0.23.0...v0.23.1

v0.23.0

What's Changed

• new: foul mode to rescue all common network errors: https://github.com/jnunemaker/httparty/blob/891a4a8093afd4cacecab2719223e3170d07f1c0/examples/party_foul_mode.rb
• docs: replace master branch to main for better view by @​bestony in jnunemaker/httparty#803
• Update README.md by @​tradesmanhelix in jnunemaker/httparty#811

New Contributors

• @​ashishra0 made their first contribution with foul mode
• @​bestony made their first contribution in jnunemaker/httparty#803
• @​tradesmanhelix made their first contribution in jnunemaker/httparty#811

Full Changelog: jnunemaker/httparty@v0.22.0...v0.23.0

Commits

• 55ec76e Release 0.24.0
• ddfbc8d Merge pull request #830 from jnunemaker/fix-ssrf-base-uri-bypass
• 0529bcd fix: prevent SSRF via absolute URL bypassing base_uri (GHSA-hm5p-x4rq-38w4)
• 05f38fd Merge pull request #829 from jnunemaker/memory
• 8901c23 feat: stream multipart file uploads to reduce memory usage
• 091bd6a Merge pull request #828 from jnunemaker/issue-826
• 59c0ac5 feat: set Content-Type for Hash body in requests
• 5c8b45e Merge pull request #823 from jnunemaker/mixed-encodings
• 6419cb3 Force binary encoding throughout
• c74571f Release 0.23.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.