chore(deps): update all non-major bundler dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
bcrypt	'~> 3.1.20' → '~> 3.1.21'
bootsnap	'~> 1.19.0' → '~> 1.20.1'
brakeman (source, changelog)	'~> 7.1.1' → '~> 7.1.2'
pg	'~> 1.6.2' → '~> 1.6.3'
rqrcode (changelog)	'~> 3.1', '>= 3.1.1' → '~> 3.2'
rubocop-rails (source, changelog)	'~> 2.34', '>= 2.34.2' → '~> 2.34', '>= 2.34.3'
rubocop-rspec (changelog)	'~> 3.8' → '~> 3.9'
sidekiq (source, changelog)	'~> 8.0.10' → '~> 8.1.0'
simple_form (changelog)	'~> 5.4.0' → '~> 5.4.1'

---

Release Notes

presidentbeef/brakeman (brakeman)

v7.1.2

Compare Source

• Update ruby_parser to remove version restriction (Chedli Bourguiba)
• Raise minimum required Ruby to 3.2.0
• Use Minitest 6.0
• Reduce SQL injection false positives from count calls
• Ignore more Haml attribute builder methods

whomwah/rqrcode (rqrcode)

v3.2.0

Compare Source

Added

• Comprehensive benchmarking suite in benchmark/ directory for measuring performance and memory usage across all export formats (SVG, PNG, HTML, ANSI)
• benchmark_helper.rb providing shared utilities for IPS, memory, and stack profiling
• Rake tasks for running benchmarks individually or all at once
• benchmark/README.md explaining usage, metrics, and interpretation of results
• AGENTS.md as a development guide for AI agents

Changed

• SVG rendering: Improved by +130% (from 184 i/s to 424 i/s) with 71% memory reduction
• HTML rendering: Now the fastest export format at 1,876 i/s (rendering-only benchmark)
• Memory efficiency: HTML now uses 6x less memory than SVG (previously 22x)
• Updated minimum Ruby version requirement to >= 3.2.0
• Updated GitHub workflow Ruby matrix to test only supported versions (3.2, 3.3, 3.4, 4.0)
• Updated README.md with benchmark documentation and contribution guidelines

rubocop/rubocop-rails (rubocop-rails)

v2.34.3

Compare Source

Bug fixes

• #​1473: Fix an error for Rails/SelectMap when select(:column_name).map(&:column_name) with parentheses. ([@​koic][])
• #​1569: Fix an error in Rails/SelectMap when multiple select calls are present before map. ([@​koic][])

rubocop/rubocop-rspec (rubocop-rspec)

v3.9.0

Compare Source

• Fix a false positive for RSpec/LeakyLocalVariable when variables are used only in example metadata (e.g., skip messages). ([@​ydah])
• Fix a false positive for RSpec/ScatteredSetup when the hook is defined inside a class method. ([@​d4rky-pl])
• Fix a false positive for RSpec/DescribedClass inside dynamically evaluated blocks (class_eval, module_eval, instance_eval, class_exec, module_exec, instance_exec). ([@​sucicfilip])
• Add new cop RSpec/Output. ([@​kevinrobell-st])

sidekiq/sidekiq (sidekiq)

v8.1.0

Compare Source

• retry_for and retry are now mutually exclusive [#​6878, Saidbek]
• perform_inline now enforces strict_args! [#​6718, Saidbek]
• Integrate Herb linting for ERB templates [#​6760, Saidbek]
• Remove CSRF code, use Sec-Fetch-Site header [#​6874, deve1212]
• Allow custom Web UI assets_path for CDN purposes [#​6865, stanhu]
• Upgrade to connection_pool 3.0
• Allow idle connection reaping after N seconds.
  You can activate this beta feature like below.
  Feedback requested: is this feature stable and useful for you in production?
  This feature may or may not be enabled by default in Sidekiq 9.0.

Sidekiq.configure_server do |cfg|
  cfg.reap_idle_redis_connections(60)
end

heartcombo/simple_form (simple_form)

v5.4.1

Compare Source

• Ruby 4.0 support (no changes required)
• Support procs on validators for minlength/maxlength, and improve validators logic across the board to match Rails #​1859

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone Europe/Amsterdam, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.68%. Comparing base (656f5a2) to head (5513e8f).
⚠️ Report is 2 commits behind head on staging.

Additional details and impacted files

@@             Coverage Diff             @@
##           staging    #1195      +/-   ##
===========================================
+ Coverage    77.62%   77.68%   +0.05%     
===========================================
  Files           54       54              
  Lines         1341     1340       -1     
===========================================
  Hits          1041     1041              
+ Misses         300      299       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[lodewiges]

updating connection pool to 3.0.0 breaks something

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.