chore(deps): bump the ruby group with 10 updates

[dependabot]

Bumps the ruby group with 10 updates:

Package	From	To
html2rss-configs	68b2ea1	2075ecb
async	2.36.0	2.38.0
async-pool	0.11.1	0.11.2
brotli	0.7.0	0.8.0
dry-schema	1.15.0	1.16.0
io-event	1.14.2	1.14.3
json	2.18.1	2.19.1
mime-types-data	3.2026.0224	3.2026.0303
public_suffix	7.0.2	7.0.5
zlib	3.2.2	3.2.3

Updates html2rss-configs from 68b2ea1 to 2075ecb

Commits

• 2075ecb chore(deps): bump html2rss from 6b43db1 to 20731ec (#279)
• 34c8a68 feat: update FIA document URL for 2026 season (#281)
• See full diff in compare view

Updates async from 2.36.0 to 2.38.0

Release notes

Sourced from async's releases.

v2.38.0

• Rename Task#stop to Task#cancel for better clarity and consistency with common concurrency terminology. The old stop method is still available as an alias for backward compatibility, but it is recommended to use cancel going forward.
• Forward arguments from Task#wait -> Promise#wait, so task.wait(timeout: N) is supported.

v2.37.0

• Introduce Async::Loop for robust, time-aligned loops.
• Add support for Async::Promise#wait(timeout: N).

Changelog

Sourced from async's changelog.

v2.38.0

• Rename Task#stop to Task#cancel for better clarity and consistency with common concurrency terminology. The old stop method is still available as an alias for backward compatibility, but it is recommended to use cancel going forward.
• Forward arguments from Task#wait -> Promise#wait, so task.wait(timeout: N) is supported.

v2.37.0

• Introduce Async::Loop for robust, time-aligned loops.
• Add support for Async::Promise#wait(timeout: N).

Commits

• 9182cde Bump minor version.
• 3318a3e Update release notes.
• fd5ef0e Forward arguments Task#wait -> Promise#wait including timeout:.
• c5892ad Unify cancellation handling between Promise and Task.
• 30a5074 Rename Stop -> Cancel and related interfaces. (#447)
• 4ea6072 Remove Ruby v3.2 from test-select matrix.
• d6b241d Remove bad test - failed tasks are no longer children.
• 246c4ad Drop support for Ruby v3.2.
• 38238d3 Bump minor version.
• 8f33e35 Make idler test more specific.
• Additional commits viewable in compare view

Updates async-pool from 0.11.1 to 0.11.2

Commits

• 7f8c526 Bump patch version.
• b118aba Limit default concurrency to prevent allocation overshoot. Fixes #23.
• 234f900 Update Async::Task.current.sleep -> sleep.
• 4d4b2d8 Update copyrights.
• 0679802 Fix retire/release race condition when resource close yields. (#25)
• 2a25f2c Modernize code.
• See full diff in compare view

Updates brotli from 0.7.0 to 0.8.0

Commits

• 158827e Merge pull request #56 from miyucy/bump
• 1c5203a Bump to 0.8.0
• 3924c8f Merge pull request #55 from ollym/stream
• 06837ee Trim edge-case tests
• ceac568 Remove line APIs from Brotli::Reader
• e46c7f0 Simplify Reader#gets separator handling
• fc2470a Tighten Brotli extension and Ruby API
• 9e9dd24 Fix Reader gets buffering and paragraph mode
• a3f046a Simplify streaming wrappers and native state
• a4519a9 Copy streaming dictionary data on init
• Additional commits viewable in compare view

Updates dry-schema from 1.15.0 to 1.16.0

Release notes

Sourced from dry-schema's releases.

v1.16.0

Added

• Support JRuby (@​katafrakt in #512, @​timriley in 1a6202f)

Changed

• In JSON Schema output, represent values with an eql? constraint as "const" values. (@​adamransom in #514)

  require "dry/schema"
  Dry::Schema.load_extensions(:json_schema)
  schema = Dry::Schema.JSON do
  required(:version).value(:integer, eql?: 1)
  end
  schema.json_schema
  => {"$schema": "http://json-schema.org/draft-06/schema#", type: "object", properties: {version: {type: "integer", const: 1}}, required: ["version"]}

Fixed

• In JSON Schema output, fix representation of arrays that are a combinations of schemas. (@​adamransom in #516)
• Avoid mutation of arguments given to Dry::Schema::Messages::I18n#get. (@​flash-gordon in 51d48b6)

Compare v1.15.0 ... v1.16.0

Changelog

Sourced from dry-schema's changelog.

1.16.0 - 2026-03-03

Added

• Support JRuby (@​katafrakt in #512, @​timriley in 1a6202f)

Changed

• In JSON Schema output, represent values with an eql? constraint as "const" values. (@​adamransom in #514)

  require "dry/schema"
  Dry::Schema.load_extensions(:json_schema)
  schema = Dry::Schema.JSON do
  required(:version).value(:integer, eql?: 1)
  end
  schema.json_schema
  => {"$schema": "http://json-schema.org/draft-06/schema#", type: "object", properties: {version: {type: "integer", const: 1}}, required: ["version"]}

Fixed

• In JSON Schema output, fix representation of arrays that are a combinations of schemas. (@​adamransom in #516)
• Avoid mutation of arguments given to Dry::Schema::Messages::I18n#get. (@​flash-gordon in 51d48b6)

Commits

• 22b3af3 Prepare for v1.16.0
• 1a6202f Require dry-types with JRuby fix
• c87359b Fix bug with JSON Schema output for arrays with union items (#516)
• 2793dbe Add support for JSON Schema "const" (#514)
• 84fb371 Enable JRuby support (#512)
• 7799289 Mark JRuby as not supported
• 02acc36 File sync from hanakai-rb/repo-sync
• 90b7c00 File sync from hanakai-rb/repo-sync
• 51d48b6 Avoid argument mutation
• See full diff in compare view

Updates io-event from 1.14.2 to 1.14.3

Changelog

Sourced from io-event's changelog.

v1.14.3

• Fix several implementation bugs that could cause deadlocks on blocking writes.

v1.14.0

Enhanced IO::Event::PriorityHeap with deletion and bulk insertion methods

The {ruby IO::Event::PriorityHeap} now supports efficient element removal and bulk insertion:

• delete(element): Remove a specific element from the heap in O(n) time
• delete_if(&block): Remove elements matching a condition with O(n) amortized bulk deletion
• concat(elements): Add multiple elements efficiently in O(n) time

heap = IO::Event::PriorityHeap.new
Efficient bulk insertion - O(n) instead of O(n log n)
heap.concat([5, 2, 8, 1, 9, 3])
Remove specific element
removed = heap.delete(5)  # Returns 5, heap maintains order
Bulk removal with condition
count = heap.delete_if{|x| x.even?}  # Removes 2, 8 efficiently

The delete_if and concat methods are particularly efficient for bulk operations, using bottom-up heapification to maintain the heap property in O(n) time. This provides significant performance improvements:

• Bulk insertion: O(n log n) → O(n) for adding multiple elements
• Bulk deletion: O(k×n) → O(n) for removing k elements

Both methods maintain the heap invariant and include comprehensive test coverage with edge case validation.

v1.11.2

• Fix Windows build.

v1.11.1

• Fix read_nonblock when using the URing selector, which was not handling zero-length reads correctly. This allows reading available data without blocking.

v1.11.0

Introduce IO::Event::WorkerPool for off-loading blocking operations.

The {ruby IO::Event::WorkerPool} provides a mechanism for executing blocking operations on separate OS threads while properly integrating with Ruby's fiber scheduler and GVL (Global VM Lock) management. This enables true parallelism for CPU-intensive or blocking operations that would otherwise block the event loop.

... (truncated)

Commits

• 1878775 Bump patch version.
• 0de17dc Fix write deadlocks.
• 3422cfa Fix kqueue io_write_loop waiting.
• c87d341 Fix tcp test on Windows.
• a34ec07 Return something from IO_Event_Selector_nonblock_set on _WIN32.
• dc0c4da Improved implementation of blocking_operation_wait.
• acabc87 Add note about io_close pending submission.
• db78abf Don't access freed completion.
• See full diff in compare view

Updates json from 2.18.1 to 2.19.1

Release notes

Sourced from json's releases.

v2.19.1

What's Changed

• Fix a compiler dependent GC bug introduced in 2.18.0.

Full Changelog: ruby/json@v2.19.0...v2.19.1

v2.19.0

What's Changed

• Fix allow_blank parsing option to no longer allow invalid types (e.g. load([], allow_blank: true) now raise a type error).
• Add allow_invalid_escape parsing option to ignore backslashes that aren't followed by one of the valid escape characters.

Full Changelog: ruby/json@v2.18.1...v2.19.0

Changelog

Sourced from json's changelog.

2026-03-08 (2.19.1)

• Fix a compiler dependent GC bug introduced in 2.18.0.

2026-03-06 (2.19.0)

• Fix allow_blank parsing option to no longer allow invalid types (e.g. load([], allow_blank: true) now raise a type error).
• Add allow_invalid_escape parsing option to ignore backslashes that aren't followed by one of the valid escape characters.

Commits

• 4a42a04 Release 2.19.1
• 13689c2 Add missing GC_GUARD in fbuffer_append_str
• a11acc1 Release 2.19.0
• 0a4fb79 fbuffer.h: Use size_t over unsigned long
• a29fcdc Add depth validation to Jruby and TruffleRuby implementations
• de993aa Reject negative depth; add overflow guards to prevent hang/crash
• 6ccc102 Fix allow_blank parsing option to only consider strings.
• 3f32c47 Reimplement to_json methods in Ruby
• 93bc1b3 Remove unused load_uint8x16_4 function.
• a888d6d Use single quotes for allow_invalid_escape doc
• Additional commits viewable in compare view

Updates mime-types-data from 3.2026.0224 to 3.2026.0303

Changelog

Sourced from mime-types-data's changelog.

3.2026.0303 / 2026-03-03

• Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional] and the [Apache Tika media registry][tika] as of the release date.

Commits

• fe3596c deps: Bump the actions group with 4 updates
• a8eb365 Update mime-types-data 3.2026.0303 / 2026-03-03
• See full diff in compare view

Updates public_suffix from 7.0.2 to 7.0.5

Changelog

Sourced from public_suffix's changelog.

7.0.5 - 2026-03-03

Fixed

• Fix release crash caused by unconditional rubocop/yard requires in Rakefile.

7.0.4 - 2026-03-03

Fixed

• Fix release workflow.

7.0.3 - 2026-03-03

Changed

• Updated definitions.

Commits

• ef9de73 Release 7.0.5
• cb7b43e Release 7.0.4
• 7c1cf4a Fix release crash
• 59dba7a Release 7.0.3
• d7facd7 Updated list from source (#522)
• b169a65 build(deps): update rubocop requirement from ~> 1.84.0 to ~> 1.85.0 (#521)
• 271b9e8 Updated list from source (#520)
• 3ab9e48 Updated list from source (#519)
• 5ff9db4 Updated list from source (#518)
• 41400e0 Updated list from source (#517)
• Additional commits viewable in compare view

Updates zlib from 3.2.2 to 3.2.3

Release notes

Sourced from zlib's releases.

v3.2.3

What's Changed

• CVE-2026-27820: Buffer overflow vulnerability in Zlib::GzipReader

Full Changelog: ruby/zlib@v3.2.2...v3.2.3

Commits

• 899f9fd Merge branch 'CVE-2026-27820-3-4-4-0' into 3-2-stable
• d9c7876 Bump up to 3.2.3
• 608d2be Fix buffer overflow at ungetc
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[mergify]

Merge Queue Status

Rule: dependabot

---

• ✅ Entered queue — 2026-03-09 07:18 UTC
• ✅ Checks passed · on draft merge queue: embarking main (a9c32de), #1079 and #1080 together #1082
• ✅ Merged — 2026-03-09 07:19 UTC · at c48319434dbe7746c011cd67b521701638722540

This pull request spent 1 minute 50 seconds in the queue, including 1 minute 37 seconds running CI.

Required conditions to merge

• author=dependabot[bot]
  • chore(deps): bump the ruby group with 10 updates #1080
• base=main
• status-success=build