Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Deprecations / Replacements

Warning

The following dependencies are either deprecated or have replacements available.

Datasource	Package	Replacement PR?
npm	faker
npm	popper.js

Pending Approval

The following branches are pending approval. To create them, click on a checkbox below.

• chore(deps): update actions/labeler action to v6
• chore(deps): update actions/stale action to v10
• chore(deps): update dependency brakeman to v8
• chore(deps): update dependency faker to v6
• chore(deps): update dependency image_processing to v2
• chore(deps): update dependency noticed to v3
• chore(deps): update dependency pagy to v43
• chore(deps): update dependency shoulda-matchers to v8
• chore(deps): update dependency start-server-and-test to v3
• chore(deps): update postgres docker tag to v18
• fix(deps): update babel monorepo to v8 (@babel/core, @babel/preset-env)
• fix(deps): update datatables-net monorepo (major)
• fix(deps): update dependency jquery to v4
• 🔐 Create all pending approval PRs at once 🔐

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): replace dependency faker with @faker-js/faker ^5.5.3
• chore(deps): update actions/checkout action to v6.0.3
• chore(deps): update dependency brakeman to v7.1.2
• chore(deps): update dependency sweetalert2 to v11.26.25
• chore(deps): update dependency twilio-ruby to v7.10.7
• chore(deps): update github/codeql-action action to v4.36.2
• chore(deps): update qltysh/qlty-action action to v2.2.1
• chore(deps): update ruby docker tag
• fix(deps): update dependency bootstrap to v5.3.8
• chore(deps): update dependency caxlsx to v4.5.0
• chore(deps): update dependency docx to v0.13.0
• chore(deps): update dependency friendly_id to "~> 5.7.0"
• chore(deps): update dependency jbuilder to v2.15.1
• chore(deps): update dependency luxon to v3.7.2
• chore(deps): update dependency rswag-ui to v2.17.0
• chore(deps): update dependency rubocop-rspec to v3.10.2
• chore(deps): update dependency selenium-webdriver to v4.45.0
• chore(deps): update dependency standard to v1.55.0
• chore(deps): update dependency strong_migrations to v2.8.0
• chore(deps): update postgres docker tag to v12.22
• chore(deps): update postgres docker tag to v14.22
• chore(deps): update ruby on rails packages
• fix(deps): update dependency sass to v1.101.0
• 🔐 Create all rate-limited PRs at once 🔐

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• chore(deps): update dependency caxlsx_rails to v0.7.2
• chore(deps): update dependency spring to v4.7.0
• chore(deps): update actions/checkout action to v7
• chore(deps): update dependency rubocop-capybara to v3

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update dependency esbuild to v0.28.1 [security]
• chore(deps): update dependency rexml to v3.4.2 [security]
• chore(deps): update dependency view_component to v4.9.0 [security]
• Click on this checkbox to rebase all open PRs at once

Detected Dependencies

bundler (1)

Gemfile (95)

• ruby 4.0.3 → [Updates: 4.0.5]
• rails "~> 8.0" → [Updates: "~> 8.0"]
• after_party lock file @ 2.1.0
• amazing_print lock file @ 2.0.0
• authtrail lock file @ 1.0.0
• azure-storage-blob lock file @ 2.0.3
• blueprinter lock file @ 1.3.0
• bugsnag lock file @ 6.30.0
• caxlsx "~> 4.4" → [Updates: "~> 4.4"]
• caxlsx_rails "~> 0.7.1" → [Updates: "~> 0.7.1"]
• cssbundling-rails "~> 1.4"
• delayed_job_active_record lock file @ 4.1.11
• devise lock file @ 5.0.4
• devise_invitable lock file @ 2.0.12
• draper lock file @ 4.0.6
• filterrific lock file @ 5.2.7
• flipper lock file @ 1.4.2
• flipper-active_record lock file @ 1.4.2
• flipper-ui lock file @ 1.4.2
• friendly_id "~> 5.6.0" → [Updates: "~> 5.7.0"]
• groupdate lock file @ 6.8.0
• httparty lock file @ 0.24.2
• image_processing "~> 1.14" → [Updates: "~> 2.0"]
• jbuilder lock file @ 2.14.1 → [Updates: undefined]
• jsbundling-rails lock file @ 1.3.1
• lograge lock file @ 0.14.0
• net-imap lock file @ 0.6.4.1
• net-pop lock file @ 0.1.2
• net-smtp lock file @ 0.5.1
• noticed lock file @ 2.9.3 → [Updates: undefined]
• oj lock file @ 3.17.3
• pagy lock file @ 9.4.0 → [Updates: undefined]
• paranoia lock file @ 3.1.0
• pdf-forms lock file @ 1.5.2
• pg lock file @ 1.6.3
• pghero lock file @ 3.8.0
• pg_query lock file @ 6.2.2
• pretender lock file @ 1.0.0
• puma "~> 8.0"
• pundit lock file @ 2.5.2
• rack-attack lock file @ 6.8.0
• rack-cors lock file @ 3.0.0
• request_store lock file @ 1.7.0
• rexml lock file @ 3.4.1 → [Updates: undefined]
• rswag-api lock file @ 2.17.0
• rswag-ui lock file @ 2.16.0 → [Updates: undefined]
• sablon lock file @ 0.4.3
• scout_apm lock file @ 6.2.0
• scout_apm_logging "~> 2.1"
• sprockets-rails lock file @ 3.5.2
• stimulus-rails lock file @ 1.3.4
• strong_migrations lock file @ 2.6.0 → [Updates: undefined]
• turbo-rails "~> 2.0"
• twilio-ruby lock file @ 7.10.5 → [Updates: undefined]
• view_component lock file @ 4.8.0 → [Updates: undefined]
• wicked lock file @ 2.0.0
• brakeman lock file @ 7.1.1 → [Updates: undefined]
• prosopite lock file @ 2.2.0
• byebug lock file @ 13.0.0
• dotenv-rails lock file @ 3.2.0
• erb_lint lock file @ 0.9.0
• factory_bot_rails lock file @ 6.5.1
• faker lock file @ 3.8.0
• parallel_tests lock file @ 5.7.0
• pry lock file @ 0.16.0
• pry-byebug lock file @ 3.12.0
• rspec_junit_formatter lock file @ 0.6.0
• rspec-rails lock file @ 8.0.4
• rubocop-capybara lock file @ 2.23.0 → [Updates: undefined]
• rubocop-factory_bot lock file @ 2.28.0
• rubocop-performance lock file @ 1.26.1
• rubocop-rspec lock file @ 3.9.0 → [Updates: undefined]
• rubocop-rspec_rails lock file @ 2.32.0
• rswag-specs lock file @ 2.17.0
• shoulda-matchers lock file @ 7.0.1 → [Updates: undefined]
• standard lock file @ 1.54.0 → [Updates: undefined]
• standard-rails lock file @ 1.6.0
• annotaterb lock file @ 4.22.0
• bundler-audit lock file @ 0.9.3
• letter_opener lock file @ 1.10.0
• simplecov-mcp lock file @ 2.0.1
• spring lock file @ 4.6.0 → [Updates: undefined]
• spring-commands-rspec lock file @ 1.0.4
• traceroute lock file @ 0.8.1
• web-console "~> 4.3"
• capybara lock file @ 3.40.0
• capybara-screenshot lock file @ 1.0.27
• database_cleaner-active_record lock file @ 2.2.2
• docx lock file @ 0.10.0 → [Updates: undefined]
• email_spec lock file @ 2.3.1
• rails-controller-testing lock file @ 1.0.5
• rspec-retry lock file @ 0.6.2
• selenium-webdriver lock file @ 4.43.0 → [Updates: undefined]
• simplecov lock file @ 0.22.0
• webmock lock file @ 3.26.2

docker-compose (2)

.devcontainer/docker-compose.yml

docker-compose.yml (1)

• postgres 12.5 → [Updates: 12.22, 18.3]

dockerfile (2)

.devcontainer/Dockerfile

Dockerfile (3)

• node 24-alpine
• ruby 4.0.3-alpine → [Updates: 4.0.4-alpine]
• ruby 4.0.3-alpine → [Updates: 4.0.4-alpine]

github-actions (21)

.github/workflows/add-labels-based-on-column.yml (1)

• rubyforgood/add-label-to-cards v3.3

.github/workflows/after-deploy.yml (1)

• Firelemons/on-deploy v2.2.1

.github/workflows/codeql-analysis.yml (4)

• actions/checkout v6.0.2 → [Updates: v6.0.3, v7.0.0]
• github/codeql-action v4.36.0 → [Updates: v4.36.2]
• github/codeql-action v4.36.0 → [Updates: v4.36.2]
• github/codeql-action v4.36.0 → [Updates: v4.36.2]

.github/workflows/combine_and_report.yml (4)

• actions/checkout v6.0.2 → [Updates: v6.0.3, v7.0.0]
• actions/download-artifact v8
• test-summary/action v2
• actions/github-script v9

.github/workflows/docker.yml (2)

• actions/checkout v6.0.2 → [Updates: v6.0.3, v7.0.0]
• actions/upload-artifact v7

.github/workflows/erb_lint.yml (2)

• actions/checkout v6.0.2 → [Updates: v6.0.3, v7.0.0]
• ruby/setup-ruby v1

.github/workflows/factory_bot_lint.yml (3)

• actions/checkout v6.0.2 → [Updates: v6.0.3, v7.0.0]
• ruby/setup-ruby v1
• postgres 14.8 → [Updates: 14.22, 18.3]

.github/workflows/issue-auto-close-done.yml (1)

• dessant/issue-states v3

.github/workflows/issue-auto-unassign.yml (2)

• rubyforgood/unassign-issues v1.3
• bjthompson805/move-issues v1

.github/workflows/label.yml (1)

• actions/labeler v5 → [Updates: v6]

.github/workflows/npm_lint_and_test.yml (2)

• actions/checkout v6.0.2 → [Updates: v6.0.3, v7.0.0]
• actions/setup-node v6

.github/workflows/rake-after_party.yml (3)

• actions/checkout v6.0.2 → [Updates: v6.0.3, v7.0.0]
• ruby/setup-ruby v1
• postgres 14.8 → [Updates: 14.22, 18.3]

.github/workflows/remove-helped-wanted.yml (1)

• andymckay/labeler 1.0.4

.github/workflows/remove-label-based-on-column.yml (1)

• rubyforgood/remove-label-from-cards 2.0

.github/workflows/rspec.yml (6)

• actions/checkout v6.0.2 → [Updates: v6.0.3, v7.0.0]
• ruby/setup-ruby v1
• actions/setup-node v6
• qltysh/qlty-action v2.2.0 → [Updates: v2.2.1]
• actions/upload-artifact v7
• postgres 14.8 → [Updates: 14.22, 18.3]

.github/workflows/ruby_lint.yml (2)

• actions/checkout v6.0.2 → [Updates: v6.0.3, v7.0.0]
• ruby/setup-ruby v1

.github/workflows/security.yml (2)

• actions/checkout v6.0.2 → [Updates: v6.0.3, v7.0.0]
• ruby/setup-ruby v1

.github/workflows/spec_checker.yml (2)

• actions/checkout v6.0.2 → [Updates: v6.0.3, v7.0.0]
• ruby/setup-ruby v1

.github/workflows/stale.yml (1)

• actions/stale v9 → [Updates: v10]

.github/workflows/toc.yml (1)

• technote-space/toc-generator v4

.github/workflows/yaml_lint.yml (2)

• actions/checkout v6.0.2 → [Updates: v6.0.3, v7.0.0]
• ibiqlik/action-yamllint v3

npm (1)

package.json (39)

• @babel/core ^7.29.7 → [Updates: ^8.0.0]
• @fortawesome/fontawesome-free ^7.2.0
• @hotwired/stimulus ^3.2.2
• @hotwired/turbo-rails ^8.0.23
• @popperjs/core ^2.11.8
• @rails/actioncable ^8.1.300
• @rails/actiontext ^8.1.300
• @rails/activestorage ^8.1.300
• @rails/ujs ^7.1.600
• @stimulus-components/rails-nested-form ^5.0.0
• add-to-calendar-button ^2.14.0
• bootstrap 5.3.6 → [Updates: 5.3.8]
• bootstrap-datepicker ^1.10.1
• bootstrap-scss ^5.3.8
• chart.js ^4.5.1
• chartjs-adapter-luxon ^1.3.1
• datatables.net-dt ^1.13.11 → [Updates: ^2.0.0]
• esbuild ^0.28.0 → [Updates: ^0.28.0]
• jquery ^3.7.1 → [Updates: ^4.0.0]
• js-cookie ^3.0.8
• jstz ^2.1.1
• lodash ^4.18.1
• luxon ^3.6.1 → [Updates: ^3.6.1]
• popper.js ^1.16.1
• sass 1.77.6 → [Updates: 1.101.0]
• select2 ^4.1.0
• select2-bootstrap-5-theme ^1.3.0
• strftime ^0.10.3
• sweetalert2 ^11.3.5 → [Updates: ^11.3.5]
• tom-select ^2.6.1
• trix ^2.1.19
• @babel/preset-env ^7.29.7 → [Updates: ^8.0.0]
• faker ^5.5.3 → [Updates: ^6.0.0, ^5.5.3]
• jest ^30.4.2
• jest-environment-jsdom ^30.4.1
• markdown-toc ^1.2.0
• standard ^17.1.2
• start-server-and-test ^2.1.5 → [Updates: ^3.0.0]
• node 24.x

---

• Check this box to trigger a request for Renovate to run again on this repository