chore(deps): bump the ruby group with 9 updates

[dependabot]

Bumps the ruby group with 9 updates:

Package	From	To
html2rss	e11e251	4a414ce
addressable	2.8.9	2.9.0
async	2.38.1	2.39.0
bigdecimal	4.1.0	4.1.1
io-event	1.14.5	1.15.1
mime-types-data	3.2026.0317	3.2026.0331
parallel	1.27.0	2.0.0
protocol-rack	0.22.0	0.22.1
regexp_parser	2.11.3	2.12.0

Updates html2rss from e11e251 to 4a414ce

Commits

• 4a414ce fix: compact Rendering#to_html output (#351)
• eebde08 docs: fix yard generation and stabilize with yard-lint (#350)
• See full diff in compare view

Updates addressable from 2.8.9 to 2.9.0

Changelog

Sourced from addressable's changelog.

Addressable 2.9.0

• fixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete remediation in 2.8.10)

Addressable 2.8.10

• fixes ReDoS vulnerability in Addressable::Template#match

Commits

• 0c3e858 Revving version and changelog
• 91915c1 Fixing additional vulnerable paths
• a091e39 Add many more adversarial test cases to ensure we don't have any ReDoS regres...
• 463a819 Regenerate gemspec on newer rubygems
• 0afcb0b Improve from O(n^2) to O(n)
• c87f768 Fix a ReDoS vulnerability in URI template matching
• See full diff in compare view

Updates async from 2.38.1 to 2.39.0

Release notes

Sourced from async's releases.

v2.39.0

• Async::Barrier#wait now returns the number of tasks that were waited for, or nil if there were no tasks to wait for. This provides better feedback about the operation, and allows you to know how many tasks were involved in the wait.

Changelog

Sourced from async's changelog.

v2.39.0

• Async::Barrier#wait now returns the number of tasks that were waited for, or nil if there were no tasks to wait for. This provides better feedback about the operation, and allows you to know how many tasks were involved in the wait.

Commits

• 886d62c Bump minor version.
• 2c89c3f Make the test more robust.
• 751b6aa Barrier waits return nil or number of tasks waited on.
• 7f00f35 Break the cycle between the task and the fiber as early as possible.
• See full diff in compare view

Updates bigdecimal from 4.1.0 to 4.1.1

Release notes

Sourced from bigdecimal's releases.

v4.1.1

What's Changed

• Define test as the default rake task by @​byroot in ruby/bigdecimal#509
• Add changelog for 4.1.0. by @​simi in ruby/bigdecimal#508
• Make BigDecimal object embedded by @​byroot in ruby/bigdecimal#507
• Remove unused minitest from Gemfile by @​byroot in ruby/bigdecimal#510
• Multiplication with 8-decdig batch by @​tompng in ruby/bigdecimal#501
• Increase VpMult batch size by @​tompng in ruby/bigdecimal#511
• Update to cover change in Bundler by @​brandonzylstra in ruby/bigdecimal#512
• tiny grammar fix in README.md by @​brandonzylstra in ruby/bigdecimal#513
• Add a workaround for slow BigDecimal#to_f when it has large N_significant_digits by @​tompng in ruby/bigdecimal#514
• Bump version to v4.1.1 by @​tompng in ruby/bigdecimal#516

New Contributors

• @​byroot made their first contribution in ruby/bigdecimal#509
• @​simi made their first contribution in ruby/bigdecimal#508
• @​brandonzylstra made their first contribution in ruby/bigdecimal#512

Full Changelog: ruby/bigdecimal@v4.1.0...v4.1.1

Changelog

Sourced from bigdecimal's changelog.

4.1.1

• Make BigDecimal object embedded GH-507

  @​byroot

• Multiplication with 16-decdig batch GH-501 GH-511

  @​tompng

Commits

• 219cb2e Bump version to v4.1.1 (#516)
• 3bf735f Add a workaround for slow BigDecimal#to_f when it has large N_significant_dig...
• ae1d238 tiny grammar fix in README.md (#513)
• 70caa24 Update to cover change in Bundler (#512)
• f0985b3 Increase VpMult batch size (#511)
• 32fb1de Multiplication with 8-decdig batch (#501)
• 1f2894f Remove unused minitest from Gemfile (#510)
• bf04ad4 Make BigDecimal object embedded (#507)
• 64834a8 Add changelog for 4.1.0. (#508)
• db5888a Define test as the default rake task (#509)
• See full diff in compare view

Updates io-event from 1.14.5 to 1.15.1

Release notes

Sourced from io-event's releases.

v1.15.1

No release notes provided.

v1.15.0

• Add bounds checks, in the unlikely event of a user providing an invalid offset that exceeds the buffer size. This prevents potential memory corruption and ensures safe operation when using buffered IO methods.

Changelog

Sourced from io-event's changelog.

Releases

v1.15.0

• Add bounds checks, in the unlikely event of a user providing an invalid offset that exceeds the buffer size. This prevents potential memory corruption and ensures safe operation when using buffered IO methods.

v1.14.4

• Allow epoll_pwait2 to be disabled via --disable-epoll_pwait2.

v1.14.3

• Fix several implementation bugs that could cause deadlocks on blocking writes.

v1.14.0

Enhanced IO::Event::PriorityHeap with deletion and bulk insertion methods

The {ruby IO::Event::PriorityHeap} now supports efficient element removal and bulk insertion:

• delete(element): Remove a specific element from the heap in O(n) time
• delete_if(&block): Remove elements matching a condition with O(n) amortized bulk deletion
• concat(elements): Add multiple elements efficiently in O(n) time

heap = IO::Event::PriorityHeap.new
Efficient bulk insertion - O(n) instead of O(n log n)
heap.concat([5, 2, 8, 1, 9, 3])
Remove specific element
removed = heap.delete(5)  # Returns 5, heap maintains order
Bulk removal with condition
count = heap.delete_if{|x| x.even?}  # Removes 2, 8 efficiently

The delete_if and concat methods are particularly efficient for bulk operations, using bottom-up heapification to maintain the heap property in O(n) time. This provides significant performance improvements:

• Bulk insertion: O(n log n) → O(n) for adding multiple elements
• Bulk deletion: O(k×n) → O(n) for removing k elements

Both methods maintain the heap invariant and include comprehensive test coverage with edge case validation.

v1.11.2

• Fix Windows build.

... (truncated)

Commits

• ccd0953 Bump patch version.
• 41f2033 Fix error handling - oops.
• fed29b7 Update copyrights.
• 5c20637 Bump minor version.
• 94d41f7 Clarify behavior of IO_Event_Selector_loop_yield to prevent self-transfer in ...
• 7313f0a Fix handling of closed IO objects in IO::Event::Selector::Select. (#165)
• aa47301 Add bounds check for offset.
• See full diff in compare view

Updates mime-types-data from 3.2026.0317 to 3.2026.0331

Changelog

Sourced from mime-types-data's changelog.

3.2026.0331 / 2026-03-31

• Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional] and the [Apache Tika media registry][tika] as of the release date.

Commits

• 8568213 Update mime-types-data 3.2026.0331 / 2026-03-31
• See full diff in compare view

Updates parallel from 1.27.0 to 2.0.0

Changelog

Sourced from parallel's changelog.

2.0.0

Changed

• Require Ruby >= 3.3
• Add Ruby 4 Ractor support

1.28.0

Fixed

• Dump undumpable exceptions without cause if that fixes the issue

Commits

• 090b054 v2.0.0
• 704149d Merge pull request #363 from grosser/grosser/rac4
• 6aee485 ruby 4 ractors
• 975c4a9 Merge pull request #362 from brandonzylstra/patch-1
• ce48269 Update Readme.md
• dab9b43 Merge pull request #361 from grosser/grosser/4
• 0ee6300 bump rubies
• e141db9 v1.28.0
• 679f6ec Merge pull request #360 from grosser/grosser/dump
• 0da8239 dump undumpable exceptions without cause if that fixes the issue
• Additional commits viewable in compare view

Updates protocol-rack from 0.22.0 to 0.22.1

Release notes

Sourced from protocol-rack's releases.

v0.22.1

• Rack 2 should not use to_ary.

Changelog

Sourced from protocol-rack's changelog.

v0.22.1

• Rack 2 should not use to_ary.

Commits

• 0177624 Bump patch version.
• 533c522 Modernize code.
• 7c1e555 Rack 2 should not use to_ary. (#36)
• See full diff in compare view

Updates regexp_parser from 2.11.3 to 2.12.0

Changelog

Sourced from regexp_parser's changelog.

[2.12.0] - 2026-04-04 - Janosch Müller

Added

• support for new unicode properties of Ruby 4.0.0

Commits

• 55f48a1 Release v2.12.0
• 2c97fc7 Disable gouteur for mutant
• 2d2babd Add ruby 4 unicode properties
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-04-06 07:20 UTC · Rule: dependabot
• ✅ Checks passed · on draft merge queue: embarking main (55fc01b), #1126 and #1127 together #1129
• ✅ Merged — 2026-04-06 07:22 UTC · at 58fe484ab1c3ab6307004f324607abbcba37ca12

This pull request spent 1 minute 47 seconds in the queue, including 1 minute 33 seconds running CI.

Required conditions to merge

• author=dependabot[bot]
  • chore(deps): bump the ruby group with 9 updates #1127
• base=main
• status-success=build