Bump the dependencies group with 3 updates

[dependabot]

Bumps the dependencies group with 3 updates: puma, honeybadger and recaptcha.

Updates puma from 7.2.0 to 8.0.0

Release notes

Sourced from puma's releases.

v8.0.0 - Into the Arena

Read our Version 8 Upgrade Guide.

• Features

  • Add env["puma.mark_as_io_bound"] API and max_io_threads config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (#3816, #3894)
  • Add single and cluster DSL hooks for mode-specific configuration (#3621)
  • Add on_force option to shutdown_debug to only dump thread backtraces on forced (non-graceful) shutdown (#3671)
  • Add API to dynamically update min and max thread counts at runtime via update_thread_pool_min_max and ServerPluginControl (#3658)
  • Use SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (#3829)

• Bugfixes

  • Fix phased restart for fork_worker to avoid forking from stale worker 0 when it has been replaced (#3853)

• Performance

  • JRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (#3838)
  • Cache downcased header key in str_headers to avoid redundant String#downcase calls, reducing allocations by ~50% per response (#3874)

• Refactor

  • Collect env processing into dedicated client_env.rb module (#3582)
  • Move event to default configuration (#3872)

• Docs

  • Add gRPC guide for configuring gRPC lifecycle hooks in clustered mode (#3885)
  • Add 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (#3900)
  • Correct default values for persistent_timeout and worker_boot_timeout in DSL docs (#3912)
  • Add file descriptor limit warning in test helper for contributors (#3893)

• Breaking changes

  • Default production bind address changed from 0.0.0.0 to :: (IPv6) when a non-loopback IPv6 interface is available; falls back to 0.0.0.0 if IPv6 is unavailable (#3847)

Changelog

Sourced from puma's changelog.

8.0.0 / 2026-03-27

• Features

  • Add env["puma.mark_as_io_bound"] API and max_io_threads config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (#3816, #3894)
  • Add single and cluster DSL hooks for mode-specific configuration (#3621)
  • Add on_force option to shutdown_debug to only dump thread backtraces on forced (non-graceful) shutdown (#3671)
  • Add API to dynamically update min and max thread counts at runtime via update_thread_pool_min_max and ServerPluginControl (#3658)
  • Use SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (#3829)

• Bugfixes

  • Fix phased restart for fork_worker to avoid forking from stale worker 0 when it has been replaced (#3853)

• Performance

  • JRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (#3838)
  • Cache downcased header key in str_headers to avoid redundant String#downcase calls, reducing allocations by ~50% per response (#3874)

• Refactor

  • Collect env processing into dedicated client_env.rb module (#3582)
  • Move event to default configuration (#3872)

• Docs

  • Add gRPC guide for configuring gRPC lifecycle hooks in clustered mode (#3885)
  • Add 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (#3900)
  • Correct default values for persistent_timeout and worker_boot_timeout in DSL docs (#3912)
  • Add file descriptor limit warning in test helper for contributors (#3893)

• Breaking changes

  • Default production bind address changed from 0.0.0.0 to :: (IPv6) when a non-loopback IPv6 interface is available; falls back to 0.0.0.0 if IPv6 is unavailable (#3847)

Commits

• 08f63d4 Release v8.0.0 (#3914)
• 7406cc1 Fix IPv4-mapped IPv6 addresses in REMOTE_ADDR and request logs (#3916)
• e090243 Build(deps): Bump actions/checkout from 4 to 6 (#3915)
• 7d5dca1 Update SECURITY.md, native Github vuln reports [ci skip] (#3913)
• 66e6a32 Minor correction to defaults documented in dsl.rb (#3912)
• 3788eca ci: limit rack-conform to main pushes and scope ragel PR runs (#3908)
• 57b7799 ci: run turbo-rails only on latest stable Ruby and Rails (#3909)
• 6685d6b ci: replace skip-duplicate jobs with concurrency and trigger filters (#3907)
• 2848c82 ci: run push workflows only on main and release branches (#3906)
• 97a37bb Add release pre-merge checks and align Release.md [ci skip] (#3904)
• Additional commits viewable in compare view

Updates honeybadger from 6.5.3 to 6.5.5

Release notes

Sourced from honeybadger's releases.

v6.5.5

6.5.5 (2026-04-08)

Bug Fixes

• preserve API key path segment when parsing check_in URLs (#803) (229bbd2)
• remove Sidekiq server configuration from payloads (#768) (2425c6b), closes #767

v6.5.4

6.5.4 (2026-04-06)

Bug Fixes

• include jid in sidekiq enqueue.sidekiq event (#804) (0b46e6b)

Changelog

Sourced from honeybadger's changelog.

6.5.5 (2026-04-08)

Bug Fixes

• preserve API key path segment when parsing check_in URLs (#803) (229bbd2)
• remove Sidekiq server configuration from payloads (#768) (2425c6b), closes #767

6.5.4 (2026-04-06)

Bug Fixes

• include jid in sidekiq enqueue.sidekiq event (#804) (0b46e6b)

Commits

• 513c71f chore(master): release 6.5.5 (#806)
• 2425c6b fix: remove Sidekiq server configuration from payloads (#768)
• 229bbd2 fix: preserve API key path segment when parsing check_in URLs (#803)
• 2207aa4 chore(ci): reduce CI minutes consumption (#799)
• f2e3f4f chore(master): release 6.5.4 (#805)
• 0b46e6b fix: include jid in sidekiq enqueue.sidekiq event (#804)
• See full diff in compare view

Updates recaptcha from 5.21.1 to 5.21.2

Changelog

Sourced from recaptcha's changelog.

5.21.2

• make env fall back to Rails.env if it is unset

Commits

• 9b261bb v5.21.2
• 9978e7a cleanup
• feb2b6d Merge pull request #476 from duncantmiller/fix/skip-env-reliability-in-multit...
• d702043 Fix skip_env? to fall back to Rails.env when default_env is nil
• f68fe96 changelog
• eb99b5e Merge pull request #473 from jrodriigues/master
• f4c4f93 Fix changelog tag
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions