chore(deps-dev): bump the bundler group with 2 updates

[dependabot]

Bumps the bundler group with 2 updates: brakeman and shoulda-matchers.

Updates brakeman from 8.0.4 to 8.0.5

Release notes

Sourced from brakeman's releases.

8.0.5

• Add quote_schema_name to safe quote method list (changes by Zsolt Kozaroczy)
• Fix SQL injection false positive for compact_blank/compact on permitted params (changes by Arpit Jain)
• Fix inline render false positive for local named text (changes by Arpit Jain)
• Fix HAML crash on .raw calls (changes by Federico Franco)
• Fix Ruby version parsing - especially for non-CRuby versions (changes by Chris Southerland Jr)
• Fix TemplateAliasProcessor#template_name arity (changes by viralpraxis)
• Reduce false positives when using shell escaping (changes)

Changelog

Sourced from brakeman's changelog.

8.0.5 - 2026-06-12

• Add quote_schema_name to safe quote method list (Zsolt Kozaroczy)
• Fix SQL injection false positive for compact_blank/compact on permitted params (Arpit Jain)
• Fix inline render false positive for local named text (Arpit Jain)
• Fix HAML crash on .raw calls (Federico Franco)
• Fix Ruby version parsing - especially for non-CRuby versions (Chris Southerland Jr)
• Fix TemplateAliasProcessor#template_name arity (viralpraxis)
• Reduce false positives when using shell escaping

Commits

• 104443e Bump to 8.0.5
• 8e61e2a Update CHANGES
• f014c15 Merge pull request #2028 from kiskoza/fix/quote_schema_name
• 9227822 Merge pull request #2027 from arpitjain099/fix/brakeman-1915-render-partial-t...
• 6788d28 Merge pull request #2025 from arpitjain099/fix/sql-fp-compact-blank
• b7c3906 Add quote_schema_name to safe quote method list
• f95c500 test: update line number for still-warns SQL injection case after fixture shift
• 4fba779 base_processor: skip hash render-type extraction when type set positionally
• 1e63a41 Fix SQL injection false positive for compact_blank/compact on permitted params
• 7ff9e49 Merge pull request #2023 from FFederi/fix-haml-chained-raw-crash
• Additional commits viewable in compare view

Updates shoulda-matchers from 7.0.1 to 8.0.1

Release notes

Sourced from shoulda-matchers's releases.

v8.0.1

What's Changed

• fix: Prevent test-model leak without DescendantsTracker.clear by @​matsales28 in thoughtbot/shoulda-matchers#1713

Full Changelog: thoughtbot/shoulda-matchers@v8.0.0...v8.0.1

v8.0.0

8.0.0 - 2026-06-12

Backward-incompatible changes

• Drop support for Rails 7.1 and Ruby 3.2 by @​matsales28

Features

• Add support for validating multiple attributes at once by @​matsales28 (#1651)
• Add error for using with_options in define_enum_for matcher by @​matsales28 (#1693)
• Introduce support for deprecated associations API by @​stefannibrasil (#1690)

Bug fixes

• Prevent ActiveRecord constant leak in uniqueness matcher by @​matsales28 (#1694)

Improvements

• Add Ruby 4 support by @​stefannibrasil (#1697)
• Update Ruby versions to latest stable releases by @​matsales28 (#1708)
• Update Rails versions to latest stable releases by @​matsales28 (#1709)
• Improve validate_inclusion_of matcher boolean warn messages by @​stefannibrasil (#1692)
• Use a fixed date in validate_inclusion_of date attribute spec by @​HoangMinhBK (#1703)
• Require MFA for gem pushes by @​MatheusRich (#1702)
• Update README to reflect the v7 release by @​brendanthomas1 (#1695)
• Fix broken README anchor for should vs is_expected.to by @​LarytheLord (#1700)
• Fix foreign_type example in association_matcher docs by @​artinboghosian (#1705)

#1651: thoughtbot/shoulda-matchers#1651 #1690: thoughtbot/shoulda-matchers#1690 #1692: thoughtbot/shoulda-matchers#1692 #1693: thoughtbot/shoulda-matchers#1693 #1694: thoughtbot/shoulda-matchers#1694 #1695: thoughtbot/shoulda-matchers#1695 #1697: thoughtbot/shoulda-matchers#1697 #1700: thoughtbot/shoulda-matchers#1700 #1702: thoughtbot/shoulda-matchers#1702 #1703: thoughtbot/shoulda-matchers#1703 #1705: thoughtbot/shoulda-matchers#1705 #1708: thoughtbot/shoulda-matchers#1708 #1709: thoughtbot/shoulda-matchers#1709

Changelog

Sourced from shoulda-matchers's changelog.

8.0.1 - 2026-06-12

Bug fixes

• Fix validate_uniqueness_of raising "DescendantsTracker.clear was disabled" when config.enable_reloading is false by @​matsales28 (#1713)

#1713: thoughtbot/shoulda-matchers#1713

8.0.0 - 2026-06-12

Backward-incompatible changes

• Drop support for Rails 7.1 and Ruby 3.2 by @​matsales28

Features

• Add support for validating multiple attributes at once by @​matsales28 (#1651)
• Add error for using with_options in define_enum_for matcher by @​matsales28 (#1693)
• Introduce support for deprecated associations API by @​stefannibrasil (#1690)

Bug fixes

• Prevent ActiveRecord constant leak in uniqueness matcher by @​matsales28 (#1694)

Improvements

• Add Ruby 4 support by @​stefannibrasil (#1697)
• Update Ruby versions to latest stable releases by @​matsales28 (#1708)
• Update Rails versions to latest stable releases by @​matsales28 (#1709)
• Improve validate_inclusion_of matcher boolean warn messages by @​stefannibrasil (#1692)
• Use a fixed date in validate_inclusion_of date attribute spec by @​HoangMinhBK (#1703)
• Require MFA for gem pushes by @​MatheusRich (#1702)
• Update README to reflect the v7 release by @​brendanthomas1 (#1695)
• Fix broken README anchor for should vs is_expected.to by @​LarytheLord (#1700)
• Fix foreign_type example in association_matcher docs by @​artinboghosian (#1705)

#1651: thoughtbot/shoulda-matchers#1651 #1690: thoughtbot/shoulda-matchers#1690 #1692: thoughtbot/shoulda-matchers#1692 #1693: thoughtbot/shoulda-matchers#1693 #1694: thoughtbot/shoulda-matchers#1694 #1695: thoughtbot/shoulda-matchers#1695 #1697: thoughtbot/shoulda-matchers#1697 #1700: thoughtbot/shoulda-matchers#1700 #1702: thoughtbot/shoulda-matchers#1702 #1703: thoughtbot/shoulda-matchers#1703 #1705: thoughtbot/shoulda-matchers#1705 #1708: thoughtbot/shoulda-matchers#1708 #1709: thoughtbot/shoulda-matchers#1709

Commits

• cf3b368 Bump version to 8.0.1 [ci skip]
• 341d908 fix: Prevent test-model leak without DescendantsTracker.clear (#1713)
• c91c61c Bump version to 8.0.0 [ci skip] (#1711)
• 4510375 chore: Drop support for Rails 7.1 and Ruby 3.2 (#1710)
• 5a95f41 Update rails versions (#1709)
• 71635a1 chore: Update Ruby versions (#1708)
• d0c50c8 feat: Add support for validating multiple attributes at once (#1651)
• 2514729 Update association_matcher.rb (#1705)
• 6063887 fix: use a fixed date in validate_inclusion_of date attribute spec (#1703)
• 3a2456e Require MFA for gem pushes (#1702)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions