Bump the bundler group across 1 directory with 3 updates

[dependabot]

Bumps the bundler group with 3 updates in the / directory: sidekiq, rexml and fugit.

Updates sidekiq from 6.5.5 to 7.3.2

Changelog

Sourced from sidekiq's changelog.

7.3.2

• Adjust ActiveRecord batch iteration to restart an interrupted batch from the beginning. Each batch should be processed as a single transaction in order to be idempotent. #6405
• Fix typo in S::DeadSet#kill #6397
• Fix CSS issue with bottom bar in Web UI #6414

7.3.1

• Don't count job interruptions as failures in metrics #6386
• Add frozen string literal to a number of .rb files.
• Fix frozen string error with style_tag and script_tag #6371
• Fix an error on Ruby 2.7 because of usage of Hash#except #6376

7.3.0

• NEW FEATURE Add Sidekiq::IterableJob, iteration support for long-running jobs. [#6286, fatkodima] Iterable jobs are interruptible and can restart quickly if running during a deploy. You must ensure that each_iteration doesn't take more than Sidekiq's -t timeout (default: 25 seconds). Iterable jobs must not implement perform.

class ProcessArrayJob
  include Sidekiq::IterableJob
  def build_enumerator(*args, **kwargs)
    array_enumerator(args, **kwargs)
  end
  def each_iteration(arg)
    puts arg
  end
end
ProcessArrayJob.perform_async(1, 2, 3)

See the Iteration wiki page and the RDoc in Sidekiq::IterableJob. This feature should be considered BETA until the next minor release.

• SECURITY The Web UI no longer allows extensions to use <script>. Adjust CSP to disallow inline scripts within the Web UI. Please see examples/webui-ext for how to register Web UI extensions and use dynamic CSS and JS. This will make Sidekiq immune to XSS attacks. #6270
• Add config option, :skip_default_job_logging to disable Sidekiq's default start/finish job logging. #6200
• Allow Sidekiq::Limiter.redis to use Redis Cluster #6288
• Retain CurrentAttributeѕ after inline execution #6307
• Ignore non-existent CurrentAttributes attributes when restoring #6341
• Raise default Redis {read,write,connect} timeouts from 1 to 3 seconds to minimize ReadTimeoutErrors #6162
• Add logger as a dependency since it will become bundled in Ruby 3.5 #6320
• Ignore unsupported locales in the Web UI #6313

... (truncated)

Commits

• e26cba9 changes
• 88133f5 Fix missing require in test
• 57baa35 Reduce max-width for redis-url elements (#6414)
• 164b690 bump
• 96c5ee9 Iterable Jobs: Update cursor after processing iteration (#6405)
• ed8b217 add test cases
• 7f692c1 Fix bug in Deadset#kill ex param
• 16b7115 formatting
• bd2aac5 prep for release
• ce29f51 remove need for S::Component in job_logger, see #6385
• Additional commits viewable in compare view

Updates rexml from 3.3.3 to 3.3.6

Release notes

Sourced from rexml's releases.

REXML 3.3.6 - 2024-08-22

Improvements

• Removed duplicated entity expansions for performance.

  • GH-194
  • Patch by Viktor Ivarsson.

• Improved namespace conflicted attribute check performance. It was too slow for deep elements.

  • Reported by l33thaxor.

Fixes

• Fixed a bug that default entity expansions are counted for security check. Default entity expansions should not be counted because they don't have a security risk.

  • GH-198
  • GH-199
  • Patch Viktor Ivarsson

• Fixed a parser bug that parameter entity references in internal subsets are expanded. It's not allowed in the XML specification.

  • GH-191
  • Patch by NAITOH Jun.

• Fixed a stream parser bug that user-defined entity references in text aren't expanded.

  • GH-200
  • Patch by NAITOH Jun.

Thanks

• Viktor Ivarsson

• NAITOH Jun

• l33thaxor

REXML 3.3.5 - 2024-08-12

Fixes

• Fixed a bug that REXML::Security.entity_expansion_text_limit check has wrong text size calculation in SAX and pull parsers.
  • GH-193
  • GH-195
  • Reported by Viktor Ivarsson.
  • Patch by NAITOH Jun.

... (truncated)

Changelog

Sourced from rexml's changelog.

3.3.6 - 2024-08-22 {#version-3-3-6}

Improvements

• Removed duplicated entity expansions for performance.

  • GH-194
  • Patch by Viktor Ivarsson.

• Improved namespace conflicted attribute check performance. It was too slow for deep elements.

  • Reported by l33thaxor.

Fixes

• Fixed a bug that default entity expansions are counted for security check. Default entity expansions should not be counted because they don't have a security risk.

  • GH-198
  • GH-199
  • Patch Viktor Ivarsson

• Fixed a parser bug that parameter entity references in internal subsets are expanded. It's not allowed in the XML specification.

  • GH-191
  • Patch by NAITOH Jun.

• Fixed a stream parser bug that user-defined entity references in text aren't expanded.

  • GH-200
  • Patch by NAITOH Jun.

Thanks

• Viktor Ivarsson

• NAITOH Jun

• l33thaxor

3.3.5 - 2024-08-12 {#version-3-3-5}

Fixes

• Fixed a bug that REXML::Security.entity_expansion_text_limit check has wrong text size calculation in SAX and pull parsers.
  • GH-193
  • GH-195
  • Reported by Viktor Ivarsson.
  • Patch by NAITOH Jun.

... (truncated)

Commits

• 95871f3 Add 3.3.6 entry
• 7cb5eae parser tree: improve namespace conflicted attribute check performance
• 6109e01 Fix a bug that Stream parser doesn't expand the user-defined entity reference...
• cb15858 parser: keep the current namespaces instead of stack of Set
• 2b47b16 parser: move duplicated end tag check to BaseParser
• 35e1681 test tree-parser: move common method to base class
• 6e00a14 test: fix indent
• df3a0cc test: fix indent
• fdbffe7 Use loop instead of recursive call for Element#namespace
• 6422fa3 Use loop instead of recursive call for Element#root
• Additional commits viewable in compare view

Updates fugit from 1.11.0 to 1.11.1

Changelog

Sourced from fugit's changelog.

fugit 1.11.1 released 2024-08-15

• Prevent nat parsing chocking on long input (> 256 chars), gh-104

Commits

• 228b53d Release 1.11.1
• 2a0ec27 Upgrade Ruby test matrix versions
• ad2c1c9 Lower time expectations for labby rubies, gh-104
• 767ef55 Add spec for Fugit.parse() and .do_parse, gh-104
• 025ad7b Bring in spec helpers from raabro
• a9a2628 Add Fugit::Nat.parse() spec input len > 256 gh-104
• 2a11805 Add note about nat 256 char limit, gh-104
• 6a75274 Peg Fugit::Nat.parse(s) at 256 chars, gh-104
• d2f6cf3 Prepare 1.11.1
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[sarahcrack]

@dependabot rebase

[github-actions]

Review app deployed to https://get-into-teaching-app-review-4177.test.teacherservices.cloud

[sarahcrack]

Leaving this update for the time being as per info from Spencer: sidekiq requires a higher version of redis which we do have in review, but not in production, the versions are slightly different.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml