Skip to content

chore(deps): bump the ruby-deps group across 1 directory with 2 updates#2573

Merged
mroderick merged 1 commit intomasterfrom
dependabot/bundler/ruby-deps-29286dab1a
Apr 16, 2026
Merged

chore(deps): bump the ruby-deps group across 1 directory with 2 updates#2573
mroderick merged 1 commit intomasterfrom
dependabot/bundler/ruby-deps-29286dab1a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 14, 2026

Bumps the ruby-deps group with 2 updates in the / directory: pagy and commonmarker.

Updates pagy from 43.5.0 to 43.5.1

Release notes

Sourced from pagy's releases.

Version 43.5.1

Changes in 43.5.1

  • Remove ghost code from cli; improve tests

CHANGELOG

Version 43

We needed a leap version to unequivocally signal that it's not just a major version: it's a complete redesign of the legacy code at all levels, usage and API included.

Why 43? Because it's exactly one step beyond "The answer to the ultimate question of life, the Universe, and everything." 😉

Improvements

This version introduces several enhancements, such as new :countish and :keynav_js paginators and improved automation and configuration processes, reducing setup requirements by 99%. The update also includes a simpler API and new interactive development tools, making it a comprehensive upgrade from previous versions.

  • New :countish Paginator
    • Faster than OFFSET and supporting the full UI
  • New Keynav Pagination
    • The pagy-exclusive technique using the fastest keyset pagination alongside all frontend helpers.
  • New interactive dev-tools
    • New PagyWand to integrate the pagy CSS with your app themes.
    • New Pagy AI available right inside your own app.
  • Intelligent automation
  • Simpler API
    • You solely need the pagy method and the @​pagy instance to paginate any collection and use any navigation tag and helper.
    • Methods are autoloaded only if used, and consume no memory otherwise.
    • Methods have narrower scopes and can be overridden without deep knowledge.
  • New documentation
    • Very concise, straightforward, and easy to navigate and understand.

Upgrade to 43

See the Upgrade Guide

Changelog

Sourced from pagy's changelog.

Version 43.5.1

  • Remove ghost code from cli; improve tests
Commits

Updates commonmarker from 2.7.0 to 2.8.1

Release notes

Sourced from commonmarker's releases.

v2.8.1

What's Changed

Full Changelog: gjtorikian/commonmarker@v2.8.0...v2.8.1

v2.8.0

What's Changed

New Contributors

Full Changelog: gjtorikian/commonmarker@v2.7.0...v2.8.0

Changelog

Sourced from commonmarker's changelog.

[v2.8.1] - 14-04-2026

What's Changed

Full Changelog: gjtorikian/commonmarker@v2.8.0...v2.8.1

[v2.8.0] - 12-04-2026

What's Changed

New Contributors

Full Changelog: gjtorikian/commonmarker@v2.7.0...v2.8.0

Commits
  • 31016cf Merge pull request #457 from gjtorikian/release/v2.8.1
  • 8087370 [skip test] update changelog
  • 6da0eef Merge pull request #456 from gjtorikian/new-fix-release
  • bc2c4c4 fix: re-release 2.8.1 due to publishing error
  • 3ad6390 Merge pull request #454 from gjtorikian/release/v2.8.0
  • 72f3e61 [skip test] update changelog
  • 69192fe Merge pull request #450 from gjtorikian/dependabot/cargo/comrak-0.52.0
  • 13729a4 Add build.rs to fix Windows mingw Oniguruma symbol collision
  • a5044e2 Fix Windows mingw build: allow multiple Oniguruma definitions
  • 66ed2e1 Merge branch 'main' into dependabot/cargo/comrak-0.52.0
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the ruby-deps group across 1 directory with 2 updates
6420681 
Bumps the ruby-deps group with 2 updates in the / directory: [pagy](https://github.com/ddnexus/pagy) and [commonmarker](https://github.com/gjtorikian/commonmarker).


Updates `pagy` from 43.5.0 to 43.5.1
- [Release notes](https://github.com/ddnexus/pagy/releases)
- [Changelog](https://github.com/ddnexus/pagy/blob/master/docs/CHANGELOG.md)
- [Commits](ddnexus/pagy@43.5.0...43.5.1)

Updates `commonmarker` from 2.7.0 to 2.8.1
- [Release notes](https://github.com/gjtorikian/commonmarker/releases)
- [Changelog](https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md)
- [Commits](gjtorikian/commonmarker@v2.7.0...v2.8.1)

---
updated-dependencies:
- dependency-name: pagy
  dependency-version: 43.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ruby-deps
- dependency-name: commonmarker
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ruby-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies ruby Pull requests that update Ruby code labels Apr 14, 2026
@mroderick
Copy link
Copy Markdown
Collaborator

mroderick commented Apr 16, 2026

Dependency Upgrade Review: Group PR (pagy + commonmarker)

PR Scope

Dependency-only — Only changes Gemfile.lock. No code changes. Group update with 2 dependencies.

Package From To Risk
pagy 43.5.0 43.5.1 Very Low
commonmarker 2.7.0 2.8.1 Low

1. pagy (43.5.0 → 43.5.1)

Changes:

  • "Remove ghost code from cli; improve tests" - internal cleanup only
  • No API changes or bug fixes affecting the application

Usage in Repository:

  • Extensively used via include Pagy::Method in ApplicationController
  • Controllers using pagination: EventsController, DashboardController, Admin::WorkshopInvitationLogsController, Admin::MembersController, Admin::SponsorsController, Admin::FeedbackController, Admin::Chapters::FeedbackController
  • Views using Pagy helpers: pagy.info_tag, pagy.series_nav, pagy_bootstrap_nav

Test Coverage:

  • Feature tests in spec/features/listing_events_spec.rb explicitly test pagination (20 items per page)
  • Tests verify pagination works for past events, upcoming meetings

Compatibility: Compatible — Patch version bump with only internal test improvements and dead code removal.

2. commonmarker (2.7.0 → 2.8.1)

Changes:

  • 2.8.0: Bump comrak (Rust markdown parser) from 0.51.0 to 0.52.0, documentation improvements
  • 2.8.1: Re-release due to publishing error
  • Build fixes for Windows mingw (not relevant for Heroku/Linux deployment)

Usage in Repository:

  • Single usage in ApplicationHelper#dot_markdown: Commonmarker.to_html(text).html_safe
  • Used for rendering Markdown content in views

Test Coverage:

  • spec/helpers/application_helper_spec.rb has tests for #dot_markdown
  • Tests verify CommonMark rendering (bold, italic) and HTML sanitization (script tag removal)

Compatibility: Compatible — Minor version bump with underlying parser upgrade. The Commonmarker.to_html() API remains unchanged. Tests cover the rendering and sanitization behavior.

Overall Compatibility Assessment

Compatible — Both dependencies have good test coverage for their usage patterns. The changes are:

  • Patch version (pagy): Internal cleanup only
  • Minor version (commonmarker): Parser upgrade with no API changes

Test Coverage

  • Pagination: ✅ Feature tests verify pagination at 20 items per page
  • Markdown rendering: ✅ Helper tests verify CommonMark rendering and HTML sanitization

Confidence Rating

High — Both dependencies are well-tested in this codebase. Changes are minimal and backward-compatible.

mroderick
mroderick approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@mroderick mroderick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved after dependency upgrade review. See comment for full analysis. Both pagy and commonmarker updates are safe to merge.

@mroderick mroderick merged commit 914a01f into master Apr 16, 2026
15 checks passed
@mroderick mroderick deleted the dependabot/bundler/ruby-deps-29286dab1a branch April 16, 2026 17:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mroderick mroderick mroderick approved these changes

Assignees

No one assigned

Labels

dependencies ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mroderick