Bump the patch-and-minor-dependencies group with 5 updates

[dependabot]

Bumps the patch-and-minor-dependencies group with 5 updates:

Package	From	To
prism	1.7.0	1.8.0
puma	7.1.0	7.2.0
roda	3.99.0	3.100.0
sequel	5.99.0	5.100.0
tilt	2.6.1	2.7.0

Updates prism from 1.7.0 to 1.8.0

Release notes

Sourced from prism's releases.

v1.8.0

Added

• Optimize ruby visitor.
• Report unterminated construct errors at opening token.

Changed

• Correctly expose ripper state.
• Use one file for versioned parser classes.
• Fix denominator of rational float literal.
• Decouple ripper translator from ripper library.
• Sync Prism::Translation::ParserCurrent with Ruby 4.0.

Changelog

Sourced from prism's changelog.

[1.8.0] - 2026-01-12

Added

• Optimize ruby visitor.
• Report unterminated construct errors at opening token.

Changed

• Correctly expose ripper state.
• Use one file for versioned parser classes.
• Fix denominator of rational float literal.
• Decouple ripper translator from ripper library.
• Sync Prism::Translation::ParserCurrent with Ruby 4.0.

[Unreleased]

Commits

• 90c0578 Merge pull request #3848 from k0kubun/ruby-4-0-1-prism
• 8d1894c Revert updating prism in typecheck
• 9c12be6 Bump to v1.8.0
• 290cc3b Merge pull request #3841 from Earlopain/ripper-translator-state
• b3e79f0 Merge pull request #3846 from ruby/dependabot/bundler/gemfiles/3.1/ruby-deps-...
• 6f9e938 Merge pull request #3845 from ruby/dependabot/maven/java-wasm/java-deps-35ed5...
• acb7e70 Bump org.junit.jupiter:junit-jupiter-engine
• 6631788 Bump the ruby-deps group across 7 directories with 1 update
• 295b613 Merge pull request #3847 from Earlopain/parser-version-location
• 458f622 Use one file for versioned parser classes
• Additional commits viewable in compare view

Updates puma from 7.1.0 to 7.2.0

Release notes

Sourced from puma's releases.

v7.2.0

7.2.0 On The Corner

• Features

  • Add workers :auto (#3827)
  • Make it possible to restrict control server commands to stats (#3787)

• Bugfixes

  • Don't break if WEB_CONCURRENCY is set to a blank string (#3837)
  • Don't share server between worker 0 and descendants on refork (#3602)
  • Fix phase check race condition in Puma::Cluster#check_workers (#3690)
  • Fix advertising of CLI config before config files are loaded (#3823)

• Performance

  • 17% faster HTTP parsing through pre-interning env keys (#3825)
  • Implement dsize and dcompact functions for Puma::HttpParser, which makes Puma's C-extension GC-compactible (#3828)

• Refactor

  • Remove NoMethodError rescue in Reactor#select_loop (#3831)
  • Various cleanups in the C extension (#3814)
  • Monomorphize handle_request return (#3802)

• Docs

  • Change link to docs/deployment.md in README.md (#3848)
  • Fix formatting for each signal description in signals.md (#3813)
  • Update deployment and Kubernetes docs with Puma configuration tips (#3807)
  • Rename master to main (#3809, #3808, #3800)
  • Fix some minor typos in the docs (#3804)
  • Add GOVERNANCE.md, MAINTAINERS (#3826)
  • Remove Code Climate badge (#3820)
  • Add @​joshuay03 to the maintainer list

• CI

  • Use Minitest 6 where applicable (#3859)
  • Many test suite improvements and flake fixes (#3861, #3863, #3860, #3852, #3857, #3856, #3845, #3843, #3842, #3841, #3822, #3817, #3764)

New Contributors

• @​moozzi made their first contribution in puma/puma#3848
• @​ybiquitous made their first contribution in puma/puma#3813
• @​jrafanie made their first contribution in puma/puma#3804

Full Changelog: puma/puma@v7.1.0...v7.2.0

Changelog

Sourced from puma's changelog.

7.2.0 / 2026-01-20

• Features

  • Add workers :auto (#3827)
  • Make it possible to restrict control server commands to stats (#3787)

• Bugfixes

  • Don't break if WEB_CONCURRENCY is set to a blank string (#3837)
  • Don't share server between worker 0 and descendants on refork (#3602)
  • Fix phase check race condition in Puma::Cluster#check_workers (#3690)
  • Fix advertising of CLI config before config files are loaded (#3823)

• Performance

  • 17% faster HTTP parsing through pre-interning env keys (#3825)
  • Implement dsize and dcompact functions for Puma::HttpParser, which makes Puma's C-extension GC-compactible (#3828)

• Refactor

  • Remove NoMethodError rescue in Reactor#select_loop (#3831)
  • Various cleanups in the C extension (#3814)
  • Monomorphize handle_request return (#3802)

• Docs

  • Change link to docs/deployment.md in README.md (#3848)
  • Fix formatting for each signal description in signals.md (#3813)
  • Update deployment and Kubernetes docs with Puma configuration tips (#3807)
  • Rename master to main (#3809, #3808, #3800)
  • Fix some minor typos in the docs (#3804)
  • Add GOVERNANCE.md, MAINTAINERS (#3826)
  • Remove Code Climate badge (#3820)
  • Add @​joshuay03 to the maintainer list

• CI

  • Use Minitest 6 where applicable (#3859)
  • Many test suite improvements and flake fixes (#3861, #3863, #3860, #3852, #3857, #3856, #3845, #3843, #3842, #3841, #3822, #3817, #3764)

Commits

• 96b5aa6 v7.2.0 (#3864)
• 5d7d1dd Add workers :auto (#3827)
• b8c4783 ci: fix ci - remove append_as_bytes logic, misc changes (#3861)
• 44a3ac4 Fix PR label manager when maintainer comments [ci skip] (#3863)
• 43f5d89 Add GOVERNANCE.md, MAINTAINERS (#3826)
• 21afa66 Use Minitest 6 where applicable (#3859)
• ec7dd61 ci: Update test_http11.rb for TruffleRuby - string size (#3860)
• fa89dbe ci: add ruby 4.0 and rails 8.1 (#3852)
• 98ff11d Fix flaky test test_horrible_queries (#3857)
• da162d7 ci: fix tests.yml (#3856)
• Additional commits viewable in compare view

Updates roda from 3.99.0 to 3.100.0

Changelog

Sourced from roda's changelog.

=== 3.100.0 (2026-01-12)

• Add sec_fetch_site_csrf plugin, for CSRF protection using Sec-Fetch-Site header (jeremyevans)

Commits

• 5a869c8 Bump version to 3.100.0
• b05ee58 Add Ruby 4.0 to CI
• 483272f Add sec_fetch_site_csrf plugin, for CSRF protection using Sec-Fetch-Site header
• See full diff in compare view

Updates sequel from 5.99.0 to 5.100.0

Changelog

Sourced from sequel's changelog.

=== 5.100.0 (2026-01-01)

• Do not report associations with :is_used option as unused in the unused_associations plugin (jeremyevans)

• Make Postgres::PGRange#to_s an alias of #inspect, showing friendly output (jeremyevans)

• Add single_statement_dataset_destroy plugin, so that dataset.destroy uses a single DELETE statement (jeremyevans)

• Support :collate option in set_column_type (jeremyevans)

Commits

• 25ee6b9 Bump version to 5.100.0
• 5c85ac9 Simplify Sequel::SQL::PlaceholderLiteralString literalization with hash repla...
• fbed5ce Add Ruby 4.0 to CI
• 6a91246 Fix single_statement_dataset_destroy plugin test
• 76ce889 Simplify mocking replacement
• b237f26 Remove use of minitest stub
• dd2ee9c Add spec for postgres adapter use_cursor with map/hash/set methods
• 9f7c775 Do not report associations with :is_used option as unused in the unused_assoc...
• 3032873 Make Postgres::PGRange#to_s an alias of #inspect, showing friendly output
• f0d9189 Add single_statement_dataset_destroy plugin, so that dataset.destroy uses a s...
• Additional commits viewable in compare view

Updates tilt from 2.6.1 to 2.7.0

Changelog

Sourced from tilt's changelog.

2.7.0 (2026-01-09)

• Support passing template-specific options to Tilt::Pipeline.new (LevitatingBusinessMan) (#24)
• Remove deprecated creole template (jeremyevans)
• Make the rendering of Prawn templates idempotent (rickenharp) (#20)

Commits

• 2b1189f Bump version to 2.7.0
• ac414e7 Minor changes to Tile::Pipeline.new options support
• df4b7e3 allow additional options to pipeline
• f9193d5 Drop JRuby 9.4 from CI
• 712e75d Remove use of minitest mocks
• d3aa2a0 Add Ruby 4.0 to CI
• 8454c9f Require URI in haml test to work around test failure on Ruby 4.0
• e271cab Fix class name in coffeescript documentation
• 1bca970 Remove deprecated creole template
• 7e5263e Mention Tilt::StaticTemplate in README
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions