From 3df7289fd7fb0608f7838d36dce9804e7ea92097 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Apr 2026 06:22:31 +0000
Subject: [PATCH 1/6] chore(deps-dev): bump addressable from 2.8.0 to 2.9.0

Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.0 to 2.9.0.
- [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sporkmonger/addressable/compare/addressable-2.8.0...addressable-2.9.0)

---
updated-dependencies:
- dependency-name: addressable
  dependency-version: 2.9.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index bd53cda8..de2f6964 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -76,8 +76,8 @@ GEM
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.9.0)
+      public_suffix (>= 2.0.2, < 8.0)
     appraisal (2.4.1)
       bundler
       rake
@@ -191,7 +191,7 @@ GEM
     pry-byebug (3.8.0)
       byebug (~> 11.0)
       pry (~> 0.10)
-    public_suffix (4.0.6)
+    public_suffix (7.0.5)
     racc (1.8.1)
     rack (2.2.22)
     rack-test (2.0.2)

From 5bf91f2fbef2d03220ae0c7db1ac0f3076c5b7db Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Apr 2026 20:03:46 +0000
Subject: [PATCH 2/6] chore(deps): bump rack from 2.2.22 to 2.2.23

Bumps [rack](https://github.com/rack/rack) from 2.2.22 to 2.2.23.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v2.2.22...v2.2.23)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 2.2.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index de2f6964..4e68977b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -193,7 +193,7 @@ GEM
       pry (~> 0.10)
     public_suffix (7.0.5)
     racc (1.8.1)
-    rack (2.2.22)
+    rack (2.2.23)
     rack-test (2.0.2)
       rack (>= 1.3)
     rails (7.0.8.1)

From a9b975b0f1b83c9104f1b7a973fab94bf29f9ea3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Apr 2026 04:08:18 +0000
Subject: [PATCH 3/6] chore(deps): bump picomatch from 2.3.1 to 2.3.2

Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 697c4fde..f47e1d9c 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1087,9 +1087,9 @@ picocolors@^1.1.1:
   integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==
 
 picomatch@^2.2.3:
-  version "2.3.1"
-  resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42"
-  integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.2.tgz#5a942915e26b372dc0f0e6753149a16e6b1c5601"
+  integrity sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==
 
 pkg-dir@^4.2.0:
   version "4.2.0"

From 56d4768f478d45c74d59d4bafc6f4a574c9746eb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 3 Apr 2026 08:46:30 +0000
Subject: [PATCH 4/6] chore(deps): bump picomatch from 2.3.1 to 2.3.2 in
 /test/dummy

Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 test/dummy/yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/dummy/yarn.lock b/test/dummy/yarn.lock
index 5737741b..57ca9c0d 100644
--- a/test/dummy/yarn.lock
+++ b/test/dummy/yarn.lock
@@ -3788,9 +3788,9 @@ picocolors@^1.0.0, picocolors@^1.1.1:
   integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==
 
 picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3, picomatch@^2.3.1:
-  version "2.3.1"
-  resolved "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz"
-  integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.2.tgz#5a942915e26b372dc0f0e6753149a16e6b1c5601"
+  integrity sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==
 
 pkg-dir@^4.1.0, pkg-dir@^4.2.0:
   version "4.2.0"

From 1ff8980e0c51f4d68da49de8277c45759dfc4dec Mon Sep 17 00:00:00 2001
From: Justin Gordon <justin@shakacode.com>
Date: Wed, 8 Apr 2026 21:13:38 -1000
Subject: [PATCH 5/6] [codex] keep addressable compatible with Ruby 2.7

---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 4e68977b..ef0305ae 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -191,7 +191,7 @@ GEM
     pry-byebug (3.8.0)
       byebug (~> 11.0)
       pry (~> 0.10)
-    public_suffix (7.0.5)
+    public_suffix (5.1.1)
     racc (1.8.1)
     rack (2.2.23)
     rack-test (2.0.2)

From 6de2c35b84da8f745069e8fa266600bfa366f738 Mon Sep 17 00:00:00 2001
From: Justin Gordon <justin@shakacode.com>
Date: Wed, 8 Apr 2026 21:30:48 -1000
Subject: [PATCH 6/6] [codex] isolate JS package-manager caches in CI

---
 .github/workflows/ruby.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml
index 8b8280a6..e23d5bbd 100644
--- a/.github/workflows/ruby.yml
+++ b/.github/workflows/ruby.yml
@@ -101,7 +101,7 @@ jobs:
       uses: actions/cache@v3
       with:
         path: test/dummy/node_modules
-        key: dummy-app-node-modules-cache-${{ hashFiles('test/dummy/yarn.lock') }}
+        key: dummy-app-node-modules-cache-${{ matrix.js_package_manager.name }}-${{ hashFiles('test/dummy/yarn.lock') }}
     - uses: ruby/setup-ruby@v1
       with:
         bundler: 2.4.9
@@ -161,7 +161,7 @@ jobs:
       uses: actions/cache@v3
       with:
         path: test/dummy/node_modules
-        key: dummy-app-node-modules-cache-${{ hashFiles('test/dummy/yarn.lock') }}
+        key: dummy-app-node-modules-cache-${{ matrix.js_package_manager.name }}-${{ hashFiles('test/dummy/yarn.lock') }}
     - uses: ruby/setup-ruby@v1
       with:
         bundler: 2.4.9