chore(deps): bump the ruby group with 6 updates

[dependabot]

Bumps the ruby group with 6 updates:

Package	From	To
html2rss	e29ffd7	dec6eb6
bigdecimal	4.1.1	4.1.2
json	2.19.3	2.19.4
mime-types-data	3.2026.0407	3.2026.0414
protocol-http	0.62.0	0.62.2
protocol-websocket	0.20.2	0.21.0

Updates html2rss from e29ffd7 to dec6eb6

Commits

• dec6eb6 feat(strategy): add Botasaurus strategy (#357)
• b3a062a chore: install rubocop-yard & fix warnings
• See full diff in compare view

Updates bigdecimal from 4.1.1 to 4.1.2

Release notes

Sourced from bigdecimal's releases.

v4.1.2

What's Changed

• Optimize BigDecimal#to_s by @​byroot in ruby/bigdecimal#519
• Fix calloc-transposed-args warning by @​nobu in ruby/bigdecimal#520
• Use '0'+n for converting single digit to char by @​tompng in ruby/bigdecimal#521
• Revert "Add a workaround for slow BigDecimal#to_f when it has large N_significant_digits" by @​tompng in ruby/bigdecimal#522
• BigMath.exp overflow/underflow check by @​tompng in ruby/bigdecimal#523
• Fix unary minus on unsigned type warning by @​tompng in ruby/bigdecimal#525
• Update dtoa to version from Ruby 4.0 by @​jhawthorn in ruby/bigdecimal#528
• Bump version to v4.1.2 by @​tompng in ruby/bigdecimal#529

New Contributors

• @​jhawthorn made their first contribution in ruby/bigdecimal#528

Full Changelog: ruby/bigdecimal@v4.1.1...v4.1.2

Changelog

Sourced from bigdecimal's changelog.

4.1.2

• Fix dtoa Ractor-safety bug. Update dtoa to version from Ruby 4.0 GH-528

  @​jhawthorn

• Optimize BigDecimal#to_s GH-519

  @​byroot

Commits

• 9160561 Bump version to v4.1.2 (#529)
• 8050ec7 Update dtoa to version from Ruby 4.0 (#528)
• f8a02b2 Merge pull request #526 from ruby/dependabot/github_actions/step-security/har...
• ac9a5cd Bump step-security/harden-runner from 2.16.1 to 2.17.0
• 6b51b99 Fix unary minus on unsigned type warning (#525)
• 50b80b1 BigMath.exp overflow/underflow check (#523)
• fc54487 Revert "Add a workaround for slow BigDecimal#to_f when it has large N_signifi...
• 72937b7 Use '0'+n for converting single digit to char (#521)
• 8ac1498 Merge pull request #517 from ruby/dependabot/github_actions/rubygems/release-...
• 3c89db5 Merge pull request #518 from ruby/dependabot/github_actions/step-security/har...
• Additional commits viewable in compare view

Updates json from 2.19.3 to 2.19.4

Release notes

Sourced from json's releases.

v2.19.4

What's Changed

• Fix parsing of out of range floats (very large exponents that lead to either 0.0 or Inf).

Full Changelog: ruby/json@v2.19.2...v2.19.4

Changelog

Sourced from json's changelog.

2026-04-19 (2.19.4)

• Fix parsing of out of range floats (very large exponents that lead to either 0.0 or Inf).

Commits

• 6688a81 Release 2.19.4
• f1e6163 Fix references to NAN and INFINITY in documentation comments
• 18d5475 Reduce warnings
• 1072482 Fix parsing of negative out of bound floats.
• 20454ba Fix handling out of of range exponent in numbers
• 0e99fcb Fix json generation for symbols on TruffleRuby
• ac0670b Keep Integer#to_json optimized and adapt the test
• 35db859 Avoid extra String#+@ calls, interpolated strings are already mutable
• d0b47b0 Avoid method redefinition warnings in test_broken_bignum
• e871d07 test_broken_bignum: avoid fork and subprocess for robustness
• Additional commits viewable in compare view

Updates mime-types-data from 3.2026.0407 to 3.2026.0414

Changelog

Sourced from mime-types-data's changelog.

3.2026.0414 / 2026-04-14

• Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional] and the [Apache Tika media registry][tika] as of the release date.

Commits

• d237ee4 Update mime-types-data 3.2026.0414 / 2026-04-14
• See full diff in compare view

Updates protocol-http from 0.62.0 to 0.62.2

Release notes

Sourced from protocol-http's releases.

v0.62.2

No release notes provided.

v0.62.1

• Fix handling of Stream#read(0), it must return a mutable string (or clear the given buffer).

Changelog

Sourced from protocol-http's changelog.

Releases

v0.62.1

• Fix handling of Stream#read(0), it must return a mutable string (or clear the given buffer).

v0.61.0

• Introduce Protocol::HTTP::RefusedError for indicating a stream or request was refused before processing and can be safely retried. RequestRefusedError is provided as an alias for backwards compatibility.

v0.60.0

• Expose Protocol::HTTP::Body::Writable#count attribute to provide access to the number of chunks written to the body.

v0.59.0

• Introduce Protocol::HTTP::Middleware.load method for loading middleware applications from files.
• Prevent ZLib::BufError when deflating empty chunks by skipping deflation for empty chunks.

v0.58.1

• Protocol::HTTP::DuplicateHeaderError now includes the existing and new values for better debugging.

v0.58.0

• Move trailer validation to Headers#add method to ensure all additions are checked at the time of addition as this is a hard requirement.
• Introduce Headers#header method to enumerate only the main headers, excluding trailers. This can be used after invoking Headers#trailer! to avoid race conditions.
• Fix Headers#to_h so that indexed headers are not left in an inconsistent state if errors occur during processing.

v0.57.0

• Always use #parse when parsing header values from strings to ensure proper normalization and validation.
• Introduce Protocol::HTTP::InvalidTrailerError which is raised when a trailer header is not allowed by the current policy.
• Breaking: Headers#each now yields parsed values according to the current policy. For the previous behaviour, use Headers#fields.

v0.56.0

• Introduce Header::*.parse(value) which parses a raw header value string into a header instance.
• Introduce Header::*.coerce(value) which coerces any value (String, Array, etc.) into a header instance with normalization.
• Header::*#initialize now accepts arrays without normalization for efficiency, or strings for backward compatibility.
• Update Headers#[]= to use coerce(value) for smart conversion of user input.
• Normalization (e.g., lowercasing) is applied by parse, coerce, and << methods, but not by new when given arrays.

v0.55.0

• Breaking: Move Protocol::HTTP::Header::QuotedString to Protocol::HTTP::QuotedString for better reusability.
• Breaking: Handle cookie key/value pairs using QuotedString as per RFC 6265.
  • Don't use URL encoding for cookie key/value.
• Breaking: Remove Protocol::HTTP::URL and Protocol::HTTP::Reference – replaced by Protocol::URL gem.
  • Protocol::HTTP::URL -> Protocol::URL::Encoding.

... (truncated)

Commits

• a2f2d1c Bump patch version.
• 479d0bf Ensure binary encoding.
• 1ed69f0 Bump patch version.
• ee2318e Fix handling of zero length reads.
• See full diff in compare view

Updates protocol-websocket from 0.20.2 to 0.21.0

Release notes

Sourced from protocol-websocket's releases.

v0.21.0

• All frame reading and writing logic has been consolidated into Framer to improve performance.

Changelog

Sourced from protocol-websocket's changelog.

v0.21.0

• All frame reading and writing logic has been consolidated into Framer to improve performance.

Commits

• 6ae289f Bump minor version.
• 1cb666f Update release notes & documentation.
• dd2775d Move Frame#write -> Framer#write_frame and elide Frame@length.
• ae76bd5 Move all read logic to Framer.
• 1e0ca64 Remove redundant Frame.parse_header.
• ffc5ab6 Add missing require.
• 38eeb15 Optimize frame reading.
• c6446ac 100% documentation coverage.
• cee96bd Update autobahn server to use latest Ruby release.
• a01e03a Modernize code.
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-04-20 07:37 UTC · Rule: dependabot
• ✅ Checks passed · on draft merge queue: embarking main (38527f4) and #1137 together #1139
• ✅ Merged — 2026-04-20 07:38 UTC · at 8138d4a481105a26a5f8f4b0ad98f4bf36e47dfa · squash

This pull request spent 1 minute 36 seconds in the queue, including 1 minute 16 seconds running CI.

Required conditions to merge

• author=dependabot[bot]
  • chore(deps): bump the ruby group with 6 updates #1137
• base=main
• status-success=build