Update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
annotate	2.6.5 → 2.7.5				minor
archivesspace-client	0.4.2 → 0.5.1				minor	0.6.0
bootsnap (changelog)	1.23.0 → 1.24.3				minor	1.24.5 (+1)
datatables.net-bs4 (source)	2.3.7 → 2.3.8			dependencies	patch
honeybadger (source, changelog)	"6.5.5" → "6.6.0"				minor	6.6.1
lux-design-system	7.6.2 → 7.7.1			dependencies	minor
postcss (source)	8.5.13 → 8.5.14			dependencies	patch	8.5.15
ruby (source)	4.0.2 → 4.0.3				patch	4.0.5 (+1)
ruby	4.0.2-slim → 4.0.3-slim			final	patch	4.0.5-slim (+1)
solargraph (source, changelog)	0.48.0 → 0.58.3				minor	0.59.2 (+2)
spring (changelog)	4.4.2 → 4.5.0				minor
sqlite3 (changelog)	2.9.3-aarch64-linux-gnu → 2.9.4				patch
vite (source)	8.0.10 → 8.0.11			devDependencies	patch	8.0.14 (+2)
vite-plugin-ruby (source)	5.2.1 → 5.2.2			devDependencies	patch
vite_rails (source, changelog)	3.10.0 → 3.11.0				minor
vue (source)	3.5.32 → 3.5.34			dependencies	patch

---

Release Notes

ctran/annotate_models (annotate)

v2.7.5

Compare Source

See https://github.com/ctran/annotate_models/releases/tag/v2.7.5

v2.7.4

Compare Source

• Fix with_comment format in annotate_models_rake #​560

v2.7.3

Compare Source

See https://github.com/ctran/annotate_models/releases/tag/v2.7.3

v2.7.2

Compare Source

See https://github.com/ctran/annotate_models/releases/tag/v2.7.2

v2.7.1

Compare Source

See https://github.com/ctran/annotate_models/releases/tag/v2.7.1

v2.7.0

Compare Source

See https://github.com/ctran/annotate_models/releases/tag/v2.7.0

v2.6.10: Revert incompatible change

Compare Source

Revert "Prefer SQL column type over normalized AR type"

v2.6.9

Compare Source

• Support foreigh key #​241
• Check if model has skip tag in annotate_model_file #​167
• Fix issue where serializer-related flags weren't being honored #​246
• Prefer SQL column type over normalized AR type #​231

v2.6.8

Compare Source

• Nothing annotated unless options[:model_dir] is specified, #​234

v2.6.7

Compare Source

• Nothing annotated unless options[:model_dir] is specified, #​234

v2.6.6

Compare Source

• Makes it possible to wrap annotations, #​225
• Fix single model generation, #​214
• Fix default value for Rails 4.2, #​212
• Don't crash on inherited models in subdirectories, #​232
• Process model_dir in rake task, #​197

rails/bootsnap (bootsnap)

v1.24.3

Compare Source

• Fix the 1.24.2 workaround to parse Ruby files with UTF-8 even when the LANG environment variable
  is unset or set to C.

v1.24.2

Compare Source

• Workaround two Ruby bugs in RubyVM::InstructionSequence.compile_file, that were causing
  files to be loaded with the old Ruby parser instead of Prism, causing issues with some pattern matching syntax.
  Ref: https://bugs.ruby-lang.org/issues/22023

v1.24.1

Compare Source

• Fix encoding of Ruby source files loaded when BOOTSNAP_READONLY is set.
  Files would incorectly be loaded in ASCII-8BIT causing literal strings outside
  the pure ASCII range to have ASCII-8BIT encoding instead of UTF-8.
  This bug was introduced in 1.24.0.

v1.24.0

Compare Source

• Added a hook API to customize Ruby compilation.

DataTables/Dist-DataTables-Bootstrap4 (datatables.net-bs4)

v2.3.8

Compare Source

DataTables Bootstrap4 2.3.8

honeybadger-io/honeybadger-ruby (honeybadger)

v6.6.0

Compare Source

Features

• ignore solid_cable_messages queries (#​817) (5292bb6)

v6.5.6

Compare Source

Bug Fixes

• attach environment and hostname to metric events (#​815) (0762115)

postcss/postcss (postcss)

v8.5.14

Compare Source

• Fixed custom syntax regression (by @​43081j).

ruby/ruby (ruby)

v4.0.3: 4.0.3

Compare Source

What's Changed

• Prohibit def_method on marshal-loaded ERB instances (CVE-2026-41316)

Full Changelog

castwide/solargraph (solargraph)

v0.58.3

Compare Source

• Ignore workspace dependencies in cache processes (#​1174)

v0.58.2

Compare Source

• Avoid rbs pollution (#​1146)
• Fix 'solargraph pin --references ClassName' private method call (#​1150)
• Improve memory efficiency of Position class (#​1054)
• Raise InvalidOffsetError for offsets > text (#​1155)

v0.58.1

Compare Source

• Normalize line endings to LF (#​1142)

v0.58.0

Compare Source

• Faster constant resolution (#​1083)
• [regression] Handle RBS static method aliases (#​1094)
• More type fills and shims (#​1005)
• Fix resolution in blocks in type checker (#​890)
• Annotation fixes for strong typechecking (#​1057)
• Remove dead code (#​1077)
• Fix flakey spec (#​1080)
• Fix bad sexpr generation in op_asgn (#​1089)
• Opt-in for MFA requirement (#​730)
• [regression] Fix resolution issues with namespaces from YARD (#​1097)
• Improve a pin combination case around selfy types (#​1024)
• Rescue reference errors in hosts (#​1105)
• Relax bundler runtime dependency version constraint to support newer versions (#​1125)
• Remove stale Pathname test (#​1135)
• Enable strong type checking in CI (#​928)
• Stale sg-ignore
• Use rbs 3.9.5 in tests (#​1136)
• Drop broken 'namespaces' method (#​1065)
• Add ActiveRecord example from RBS (#​1074)
• Keep workspace directories as absolute paths (#​1076)
• Handle bad gem_dir from gemspec object (#​1079)
• Test for absolute require paths (#​1137)
• [regression] Fix resolution of ambiguous argument types (#​1098)
• Remove sg-ignore for String#=~ (#​1138)
• Allow levels to be changed for typechecking rules in .solargraph.yml (#​1126)

v0.57.0

Compare Source

• Support ActiveSupport::Concern pattern for class methods (#​948)
• More CI checks (#​996)
• Linting / type annotation fixes (#​999)
• Avoid overlapping chdir calls in multiple threads (#​1007)
• Fix kwarg generation in ApiMap::SourceToYard (#​1003)
• Enable Steep typechecking of Solargraph code (#​1004)
• Fix convention requires (#​1008)
• Plugin Util: Add Combination Priority (#​1010)
• [regression] Fix crash while typechecking files with Struct use (#​1031)
• Remove yard reference from gemfile (#​1033)
• Allow newer RBS gem versions, exclude incompatible ones (#​995)
• Look for external requires before cataloging bench (#​1021)
• Remove Library#folding_ranges (#​904)
• Complain in strong type-checking if an @​sg-ignore line is not needed (#​1011)
• Document a log level env variable (#​894)
• Fix hole in type checking evaluation (#​1009)
• Improve typechecking error message (#​1014)
• Internal strict type-checking fixes (#​1013)
• Reproduce and fix a ||= (or-asgn) evaluation issue (#​1017)
• Define closure for Pin::Symbol, for completeness (#​1027)
• Fix 'all!' config to reporters (#​1018)
• Fix DocMap.all_rbs_collection_gems_in_memory return type (#​1037)
• Fix RuboCop linting errors in regular expressions (#​1038)
• Resolve class aliases via Constant pins (#​1029)
• Speed-up LSP completion response times (#​1035)
• Revert "Resolve class aliases via Constant pins (#​1029)" (#​1041)
• Avoid stack errors when resolving method aliases (#​1040)
• [regression] Refine order of object convention method pins (#​1036)
• Fix crash while generating activesupport pins (#​1043)
• Type annotation improvements (#​1016)
• Resolve class aliases via Constant pins (#​1048)
• Understand "Parser::AST::Node < AST::Node" in RBS (#​1060)
• Factor out require_paths logic to its own class (#​1062)
• Fix type errors found in strong typechecking (#​1045)
• Run plugin specs separately for perf insights (#​1046)
• Run specs from solargraph-rails configured against current code in CI (#​892)
• Fix Convention/Plugin pins not being updated on file change (#​1028)
• Fix solargraph-rails check (#​1073)
• Flow sensitive typing handles x.is_a? without an argument (#​1070)
• Refactor reference pin handling (#​1058)

v0.56.2

Compare Source

• Add support for Ruby Data.define (#​970)
• Ensure that pin locations are always populated (#​965)
• Improve struct support (#​992)
• Include Rakefile, Gemfile, and gemspec files in config by default (#​984)
• Use Open3 to cache gemspecs (#​1000)
• Eager load node processors (#​1002)

v0.56.1

Compare Source

• Library avoids blocking on pending yardoc caches (#​990)
• DocMap checks for default Gemfile (#​989)
• [Bug fix] Fixed an error in rbs/fills/tuple.rbs (#​993)

v0.56.0

Compare Source

• [regression] Gem caching perf and logging fixes #​983

v0.55.5

Compare Source

• Flatten results of DocMap external bundle query (#​981)
• [breaking] Reimplement global conventions (#​877)
• GemPins pin merging improvements (#​946)
• Support class-scoped aliases and attributes from RBS (#​952)
• Restructure ComplexType specs towards YARD doc compliance (#​969)
• Use Prism (#​974)
• Document pages (#​977)
• Enable disabled-but-working specs (#​978)
• Map RBS 'untyped' type (RBS::Types::Bases::Any) to 'undefined' (#​979)
• Re-enable support for .gem_rbs_collection directories (#​942)
• [breaking] Comply with YARD documentation on Hash tag format (#​968)
• Ignore directory paths in Workspace#would_require? (#​988)

v0.55.4

Compare Source

• Flatten results of DocMap external bundle query (#​981)

v0.55.3

Compare Source

• Nil guards in flow-sensitive typing (patch release) (#​980)

v0.55.2

Compare Source

• Require external bundle (#​972)

v0.55.1

Compare Source

• Fix inline Struct definition (#​962)
• Ensure DocMap requires bundler when loading gemspecs (#​963)
• DelegatedMethod improvements (#​953)

v0.55.0

Compare Source

• Flow-sensitive typing - automatically downcast from is_a? calls (#​856)
• Tuple enabler: infer literal types and use them for signature selection (#​836)
• Signature selection improvements (#​907)
• Add support for Ruby Structs (#​939)
• [regression] Fix interface change breaking solargraph-rails (#​940)
• [regression] Add back bundler/require support for solargraph-rails (#​941)
• Add specs for initialize capabilities (#​955)
• Create MethodAlias pins from YARD (#​945)
• MessageWorker prioritizes synchronization (#​956)
• initialize/new method pin cleanups (#​949)
• Clip rebinds blocks when cursor is not part of receiver (#​958)

v0.54.5

Compare Source

• Repair unknown encoding errors (#​936, #​935)
• Index arbitrary pinsets (#​937)
• Separate YARD cache from doc map cache (#​938)

v0.54.4

Compare Source

• Delete files from Library hash (#​932)
• Clip#define returns variable pins (#​934, #​933)

v0.54.3

Compare Source

• Improve inspect()/desc()/to_s() methods for better debugging output (#​913)
• Fix generic resolution in Hash types (#​906)
• Stop parsing RBS type parameter constraints as the type name (#​918)
• Fix pin inference stack (#​922)
• Refactor pin equality for performance (#​925)
• Improve ApiMap catalog speed by preserving static pin indexes (#​930)
• Update jaro_winkler dependency (#​931)

v0.54.2

Compare Source

• Resolve generics correctly on mixin inclusion (#​898)
• Pick correct String#split overload (#​905)
• Fix type sent into YARD method (#​912)
• Early CancelRequest handling (#​914)
• Destructure partial yield types (#​915)
• Dependency versions (#​916)

v0.54.1

Compare Source

• Retire more RubyVM-specific code (#​797)
• Add additional docs for key classes, modules and methods (#​802)
• Populate location information from RBS files (#​768)
• Consolidate parameter handling into Pin::Callable (#​844)
• Adjust local variable presence to start after assignment, not before (#​864)
• Resolve params from ref tags (#​872)
• Reduce use of ComplexType.parse() to preserve rooted? information (#​870)
• Ensure yield return types are qualified (#​886)
• Understand type of 'def foo; @​foo ||= bar; end' reader methods (#​888)
• Improvements to #inspect output on pins and chains (#​895)
• Block method resolution improvements (#​885)
• Understand mass assignment into instance variables (#​893)
• Library sync and cache invalidation (#​903)
• Handle super and yield scenarios from blocks (#​891)
• Allow core and stdlib documentation to be uncached (#​899)
• Surface variable names in LSP, e.g., textDocument/hover (#​910)
• Keep idle progress notifications alive (#​911)

v0.54.0

Compare Source

• Add support for simple block argument destructuring (#​821)
• Benchmark the typecheck command (#​852)
• Send Gem Caching Progress Notifications to LSP Clients (#​855)
• [breaking] Fix more complex_type_spec.rb cases (#​813)
• Mass assignment support - e.g., a, b = ['1', '2'] (#​843)
• Memoize result of Chain#infer (#​857)
• Ignore malformed mixins and overloads (#​862)
• Drop Parser::ParserGem::ClassMethods#returns_from_node (#​866)
• Refactor TypeChecker#argument_problems_for for type safety (#​867)
• Specify more type behavior for variable reassignment (#​863)
• One-step source synchronization (#​871)
• Show cache progress in shell commands (#​874)
• Fix miscellaneous scan errors (#​875)
• Synchronous libraries (#​876)
• Fix parsing of Set#classify method signature from RBS (#​878)
• Sync Library#diagnose (#​882)
• Doesn't false-alarm over splatted non-final args in typechecking (#​883)
• Remove accidental inclusion of Module's methods in objects (#​884)
• Remove another splat-related false alarm in strict typechecking (#​889)
• Change require path warn to debug (#​897)

v0.53.4

Compare Source

• [regression] Restore 'Unresolved call' typecheck for stdlib objects (#​849)
• Lazy dynamic rebinding (#​851)
• Restore fill for Class#allocate (#​848)
• [regression] Ensure YardMap gems have return type for Class.new (#​850)
• Create implicit .new pins in namespace method queries (#​853)

v0.53.3

Compare Source

• Remove redundant core fills (#​824, #​841)
• Resolve self type in variable assignments (#​839)
• Eliminate splat-related false-alarms in strict typechecking (#​840)
• Dynamic block binding with yieldreceiver (#​842)
• Resolve generics by descending through context type (#​847)

v0.53.2

Compare Source

• Fix a self-type-related false-positive in strict typechecking (#​834)
• DocMap fetches gem dependencies (#​835)
• Use configured command path to spawn solargraph processes (#​837)

v0.53.1

Compare Source

• Reject nil requires in live code (#​831)
• RbsMap adds mixins to current namespace (#​832)

v0.53.0

Compare Source

• Fix crash on generic methods (#​762)
• Add more type annotations to the codebase (#​763 et al.)
• Address remaining typecheck issues at 'typed' level and add CI task (#​764)
• Fix crash during strict typechecking (#​766)
• DeepInference: Fix some bugs, add docs, refactor (#​767)
• Include "self type" methods like Enumerable#each from RBS files (#​769)
• Handle RBS global, module alias, class variable and class instance variable declarations (#​770)
• Add support for generic includes via RBS (#​773)
• Handle parsing tuples of tuples in tags (#​775)
• Retire the RubyVM parser (#​776)
• Improve block handling in signature selection (#​780)
• Require Ruby >= 3 (#​791)
• Cache YARD and RBS (#​781)
  • Language server generates gem documentation in the background
• Fix bug handling Array(A, B) syntax while resolving generics (#​784)
• Fix typeDefinitions for neovim (#​792)
• Infer block-pass symbols (#​793)
• Add #to_rbs methods to pins, use for better .inspect() output (#​789)
• Remove deprecated commands (#​790)
• Add :if support to NodeChainer for if statements as lvalues (#​805)
• Fix ApiMap::Cache (#​806)
• Map mixins from RBS (#​808)
• Fix issue with wrong signature selection by call with block node (#​815)
• Keep gem pins in memory (#​811)
• Refactor gems command (#​816)
• Use return type of literal blocks in inference (#​818)
• Insert Module methods (#​820)
• Revise documentation formatting (#​823)

v0.52.0

Compare Source

• Chains resolve identical names with different contexts (#​679)
• Handle symbol tags in method tag values (#​744)
• Infer more specific Array types when possible (#​745)
• Handle interpolated symbol literals (#​747)
• Handle combined conditions, else clauses in case statements (#​746)
• fix: support find require xxx.rb in local workspace. (#​722)
• Don't require redundant attribute @​return and @​param tags (#​748)
• Use @​yieldreturn tags for type inference (#​749)
• Fix type annotations identified at 'typed' level (#​750)
• Support RBS class aliases (#​751)
• Better support for generics via Class @​param tags (#​743)
• Generic module support through RBS (#​757)
• Fix inference of begin expression types (#​754)
• Add argument to satisfy typechecker on which signature to use (#​755)
• Fix RBS ingestion implicit initializer issues, missing param types (#​756)
• Validate zsuper arity
• Use yard-solargraph plugin (#​759)
• Add missing RBS types

v0.51.2

Compare Source

• Fix exception from parser when anonymous block forwarding is used (#​740)
• Parameterized Object types
• Remove extraneous comment from method examples

v0.51.1

Compare Source

• Format example code
• Block infers yieldreceiver from chain

v0.51.0

Compare Source

• Resolve self in yieldreceiver tags
• Include absolute paths in config (#​674)
• Enable diagnostics by default
• Fix cache resolution (#​704)
• Modify rubocop option for rubocop < 1.30 (#​665)
• Include absolute paths in config (#​674)
• Enable diagnostics by default
• Remove RSpec convention (#​716)
• Include convention pins in document_symbols (#​724)
• Implement Go To Type Definition (#​717)
• Remove e2mmap dependency (#​699)
• Update rbs to 3.0
• Relax reverse_markdown dependency (#​729)
• Fix Ruby 3.4 and move all parsing to whitequark (#​739)
• Add Pin::DelegatedMethod (#​602)
• Complete global methods from a file inside namespaces (#​714)
• gemspec dashes and required path slashes (#​697)

v0.50.0

Compare Source

• Remove .travis.yml as its not longer used (#​627)
• Fix empty string case when processing requires (#​644)
• Fix scope() method call on wrong object (#​670)
• Parse comments that start with multiple hashes (#​667)
• Use XDG_CACHE_HOME if it exists (#​664)
• Add rbs mention to readme (#​693)
• Remove Atom from the readme (#​692)
• Add more metadata to the gemspec (#​691)
• Do not deprecate clear command
• Library#locate_ref returns nil for unresolved requires (#​675)
• Hide deprecated commands
• List command
• Fixes (or ignores) ffi crash (#​676)
• increase sleep time on cataloger (#​677)
• YardMap ignores absolute paths (#​678)
• Clarify macros vs. directives
• Infer complex types from method calls
• Default cache uses XDG_CACHE_HOME default (#​664)

v0.49.0

Compare Source

• Better union type handling
• First version of RBS support
• Dependency updates
• Update RuboCop config options
• RBS core and stdlib mapping
• Anonymous splats and multisig arity
• Infinite loop when checking if a class is a superclass (#​641)

rails/spring (spring)

v4.5.0

Compare Source

• Skip spring without error if spring is not in installed bundler groups.

• Adds a Spring.after_environment_load hook that runs immediately after the Rails application environment is
  loaded in the Spring server process, but before GC.compact/Process.warmup and before the server enters its
  wait loop. This hook enables applications to preload expensive test infrastructure (e.g. test helpers, fixture
  caches, datastore connections) into the Spring server so that forked test workers inherit that work via
  copy-on-write instead of paying it on every invocation.

• Fixed crashes when a client disconnects mid-handshake (e.g. on connect timeout). Previously, Errno::EPIPE
  raised in Spring::Server#serve or Spring::Application#serve would propagate up through the accept loop and
  kill the process, leaving a stale socket that broke every subsequent client. Both crash sites are now rescued,
  including writes that happen inside the rescue Exception handler in Application#serve while reporting an earlier failure to the gone client.

• Eagerly autoload framework base classes (ActionMailer::Base, ActionController::Base,
  ActionController::API) at the end of preload so their ActiveSupport.on_load hooks fire in the parent
  process. Without this, the reloader probe in #serve materializes Rails internals (notably Action View's
  CacheExpiry::ViewReloader) in a half-initialized state and triggers an expensive FileUpdateChecker rebuild
  on every prepend_view_path inside each fork. See rails/rails#51308 for the lazy-init contract this aligns
  with.

sparklemotion/sqlite3-ruby (sqlite3)

v2.9.4

Compare Source

• Vendored sqlite is updated to v3.53.1 (from v3.53.0). #​704 @​flavorjones

vitejs/vite (vite)

v8.0.11

Compare Source

Features

• update rolldown to 1.0.0-rc.18 (#​22360) (3f80524)

Bug Fixes

• deps: update all non-major dependencies (#​22334) (672c962)
• deps: update all non-major dependencies (#​22382) (5c0cfcb)
• glob: align hmr matcher options with glob enumeration (#​22306) (30028f9)
• make separate object instance for each environment (#​22276) (7c2aa3b)

Documentation

• create-vite: list react-compiler templates in README (#​22347) (7c3a61f)
• explain mergeConfig skips null/undefined (#​22325) (2151f70)
• mention native config loader in CLI options (#​22348) (0420c5d)
• update evan's x handle (640202a)

Miscellaneous Chores

• deps: update dependency tsdown to ^0.21.10 (#​22333) ([3b51e05](https://redirect.git

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Container Scanning Status: ❌ Failure

NAME         INSTALLED        FIXED IN          TYPE  VULNERABILITY        SEVERITY  EPSS           RISK   
net-imap     0.4.19           0.4.20            gem   GHSA-j3g3-5qv5-52mj  Medium    0.5% (67th)    0.3    
resolv       0.3.0            0.3.1             gem   GHSA-xh69-987w-hrp8  Medium    0.2% (44th)    0.1    
erb          4.0.3            4.0.3.1           gem   GHSA-q339-8rmv-2mhv  High      0.1% (28th)    < 0.1  
libc-bin     2.41-12+deb13u2  2.41-12+deb13u3   deb   CVE-2026-4437        High      < 0.1% (24th)  < 0.1  
libc6        2.41-12+deb13u2  2.41-12+deb13u3   deb   CVE-2026-4437        High      < 0.1% (24th)  < 0.1  
net-imap     0.4.19           0.4.24            gem   GHSA-75xq-5h9v-w6px  Medium    < 0.1% (25th)  < 0.1  
net-imap     0.6.2            0.6.4             gem   GHSA-75xq-5h9v-w6px  Medium    < 0.1% (25th)  < 0.1  
libc-bin     2.41-12+deb13u2  2.41-12+deb13u3   deb   CVE-2026-4046        High      < 0.1% (19th)  < 0.1  
libc6        2.41-12+deb13u2  2.41-12+deb13u3   deb   CVE-2026-4046        High      < 0.1% (19th)  < 0.1  
addressable  2.8.10           2.9.0             gem   GHSA-h27x-rffw-24p4  High      < 0.1% (19th)  < 0.1  
libc-bin     2.41-12+deb13u2  2.41-12+deb13u3   deb   CVE-2026-4438        Medium    < 0.1% (17th)  < 0.1  
libc6        2.41-12+deb13u2  2.41-12+deb13u3   deb   CVE-2026-4438        Medium    < 0.1% (17th)  < 0.1  
net-imap     0.4.19           0.4.24            gem   GHSA-vcgp-9326-pqcp  High      < 0.1% (11th)  < 0.1  
net-imap     0.6.2            0.6.4             gem   GHSA-vcgp-9326-pqcp  High      < 0.1% (11th)  < 0.1  
json         2.18.0           2.19.2            gem   GHSA-3m6g-2423-7cp3  High      < 0.1% (10th)  < 0.1  
libsystemd0  257.9-1~deb13u1  257.13-1~deb13u1  deb   CVE-2026-40225       Medium    < 0.1% (13th)  < 0.1  
libudev1     257.9-1~deb13u1  257.13-1~deb13u1  deb   CVE-2026-40225       Medium    < 0.1% (13th)  < 0.1  
net-imap     0.4.19           0.4.24            gem   GHSA-87pf-fpwv-p7m7  Medium    < 0.1% (14th)  < 0.1  
net-imap     0.6.2            0.6.4             gem   GHSA-87pf-fpwv-p7m7  Medium    < 0.1% (14th)  < 0.1  
net-imap     0.4.19           0.4.24            gem   GHSA-hm49-wcqc-g2xg  Medium    < 0.1% (13th)  < 0.1  
net-imap     0.6.2            0.6.4             gem   GHSA-hm49-wcqc-g2xg  Medium    < 0.1% (13th)  < 0.1  
net-imap     0.4.19           0.4.24            gem   GHSA-q2mw-fvj9-vvcw  Low       < 0.1% (24th)  < 0.1  
net-imap     0.6.2            0.6.4             gem   GHSA-q2mw-fvj9-vvcw  Low       < 0.1% (24th)  < 0.1  
libsystemd0  257.9-1~deb13u1  257.13-1~deb13u1  deb   CVE-2026-29111       Medium    < 0.1% (6th)   < 0.1  
libudev1     257.9-1~deb13u1  257.13-1~deb13u1  deb   CVE-2026-29111       Medium    < 0.1% (6th)   < 0.1  
rexml        3.3.9            3.4.2             gem   GHSA-c2f4-jgmc-q2r5  Low       < 0.1% (14th)  < 0.1  
zlib         3.1.1            3.1.2             gem   GHSA-g857-hhfv-j68w  Medium    < 0.1% (2nd)   < 0.1  
libsystemd0  257.9-1~deb13u1  257.13-1~deb13u1  deb   CVE-2026-4105        Medium    < 0.1% (1st)   < 0.1  
libudev1     257.9-1~deb13u1  257.13-1~deb13u1  deb   CVE-2026-4105        Medium    < 0.1% (1st)   < 0.1  
libsystemd0  257.9-1~deb13u1  257.13-1~deb13u1  deb   CVE-2026-40226       Medium    < 0.1% (1st)   < 0.1  
libudev1     257.9-1~deb13u1  257.13-1~deb13u1  deb   CVE-2026-40226       Medium    < 0.1% (1st)   < 0.1  
uri          0.13.2           0.13.3            gem   GHSA-j4pr-3wm6-xx2r  Low       < 0.1% (0th)   < 0.1  
sed          4.9-2            4.9-2+deb13u1     deb   CVE-2026-5958        Low       < 0.1% (0th)   < 0.1  

[renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Gemfile

Artifact update for archivesspace-client resolved to version 0.6.0, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 0.5.1
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

File name: Gemfile

Artifact update for bootsnap resolved to version 1.24.5, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 1.24.3
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/