chore(deps): bump the bundler group with 3 updates

[dependabot]

Bumps the bundler group with 3 updates: sqlite3, rubocop-rails and rubocop-rspec.

Updates sqlite3 from 2.9.4 to 2.9.5

Release notes

Sourced from sqlite3's releases.

2.9.5 / 2026-06-07

Dependencies

• Vendored sqlite is updated to v3.53.2 (from v3.53.1). #709 @​flavorjones

Security / Stability

• Fix use-after-free issue with custom functions, when the same function name is used with multiple arities. See GHSA-28hh-pr2h-2w89 for more information. #710 @​flavorjones
• Fix use-after-free issue with aggregate functions, if a statement is used after a soft database close. See GHSA-j7fr-3v8c-3qc3 for more information. #711 @​flavorjones

78075b6337d3d182c6d2b4691049ed45cd220826160c9ea18946bf6a1de200dc  gems/sqlite3-2.9.5-aarch64-linux-gnu.gem
18c801185deb4adc01ddb281e8f672a39e3d1729979ca91e39439cd3eac0402d  gems/sqlite3-2.9.5-aarch64-linux-musl.gem
1bdfca0c7d63998c60b0f4a8e3c8df2d33800ccc4abd2d612eddbbbc92a4c48b  gems/sqlite3-2.9.5-arm-linux-gnu.gem
bae1109d12b2e9f588455967729b008e1ff4feb7761749df695019c9079913c6  gems/sqlite3-2.9.5-arm-linux-musl.gem
d0cf444a70fc9395d513cfbcc1e6719e224aa645314e3824cb0474c721425aa2  gems/sqlite3-2.9.5-arm64-darwin.gem
b00d5697994ee8589b6096694a2130aa5567db64373baca55ea98c9bf958f46a  gems/sqlite3-2.9.5-x64-mingw-ucrt.gem
c94b96b16f17796be6fa099d15218b52e396f55690c4760faaaefa21ebab9dd5  gems/sqlite3-2.9.5-x86-linux-gnu.gem
063a8c13cbadfe7f29453b1706cbdf91fca4a78d244f816ff20bac4fb259f1e4  gems/sqlite3-2.9.5-x86-linux-musl.gem
8e9caae38bd7ebb29cbeee3e7ab1d12dc2327d9a1b92c7fcf0dda05589627a81  gems/sqlite3-2.9.5-x86_64-darwin.gem
233dbcb6714148dd23bc5aeb33e8efd6eac974969564ddd5794c23d5f52b231e  gems/sqlite3-2.9.5-x86_64-linux-gnu.gem
e7d3a7474e8af0f96150c21abc203fbab5437206bfcdf11deab7741c0ca516f2  gems/sqlite3-2.9.5-x86_64-linux-musl.gem
04572973a3f943ad50a8adfffc8dd752a5f06e4c3db2026f71838fed8a982606  gems/sqlite3-2.9.5.gem

Changelog

Sourced from sqlite3's changelog.

2.9.5 / 2026-06-07

Dependencies

• Vendored sqlite is updated to v3.53.2 (from v3.53.1). #709 @​flavorjones

Security / Stability

• Fix use-after-free issue with custom functions, when the same function name is used with multiple arities. See GHSA-28hh-pr2h-2w89 for more information. #710 @​flavorjones
• Fix use-after-free issue with aggregate functions, if a statement is used after a soft database close. See GHSA-j7fr-3v8c-3qc3 for more information. #711 @​flavorjones

Commits

• 747e7de version bump to v2.9.5
• 2bd436d Fix use-after-free issue with custom functions (#710)
• b24e1e6 Fix use-after-free issue with aggregate functions (#711)
• 9abc955 dep: update vendored sqlite to 3.53.2 (#709)
• a3f8e71 For sqlcipher builds, prefer sqlcipher's header (#708)
• 9292033 build(deps): bump the actions group across 1 directory with 3 updates (#707)
• b79c841 Introduce a security reporting policy
• See full diff in compare view

Updates rubocop-rails from 2.35.3 to 2.35.4

Release notes

Sourced from rubocop-rails's releases.

RuboCop Rails v2.35.4

Bug fixes

• #1418: Fix a false positive for Rails/StrongParametersExpect when require is given an array literal, such as params.require([:foo, :bar]).permit(:baz). (@​koic)
• #1574: Fix an invalid autocorrection for Rails/StrongParametersExpect when permit receives a single dynamic argument, such as params.require(:user).permit(permitted_attributes). (@​koic)
• #1635: Fix Rails/StrongParametersExpect to allow params[:foo].inspect. (@​jdelStrother)

Changelog

Sourced from rubocop-rails's changelog.

2.35.4 (2026-06-07)

Bug fixes

• #1418: Fix a false positive for Rails/StrongParametersExpect when require is given an array literal, such as params.require([:foo, :bar]).permit(:baz). ([@​koic][])
• #1574: Fix an invalid autocorrection for Rails/StrongParametersExpect when permit receives a single dynamic argument, such as params.require(:user).permit(permitted_attributes). ([@​koic][])
• #1635: Fix Rails/StrongParametersExpect to allow params[:foo].inspect. ([@​jdelStrother][])

Commits

• a4d53a5 Cut 2.35.4
• e9e592d Update Changelog
• 84eb5fe [Doc] Update the doc for Rails/StrongParametersExpect
• 5490e3e Merge pull request #1636 from koic/fix_strong_parameters_expect_dynamic_permi...
• cfe75e9 [Fix #1574] Fix an invalid autocorrection for Rails/StrongParametersExpect
• 4817d57 Merge pull request #1633 from koic/doc_strong_parameters_expect_safety
• d9824c6 Merge pull request #1634 from koic/fix_strong_parameters_expect_array_require
• e30a80b Merge pull request #1635 from jdelStrother/params-inspect
• 70651a0 Allow inspect in Rails/StrongParametersExpect
• a8f6e0c [Doc] Document additional unsafety of Rails/StrongParametersExpect
• Additional commits viewable in compare view

Updates rubocop-rspec from 3.10.0 to 3.10.2

Release notes

Sourced from rubocop-rspec's releases.

RuboCop RSpec v3.10.2

• Fix false positives for RSpec/SpecFilePathFormat when CustomTransform maps a namespace to an empty string. (@​sakuro)
• Fix RSpec/MatchWithSimpleRegex to ignore regular expressions with options. (@​bquorning)

RuboCop RSpec v3.10.1

• Add Strict option to RSpec/SharedContext to flag shared_context whenever it contains examples, even alongside setup code. (@​Darhazer)
• Add NegatedMatcher configuration option RSpec/ExpectChange. (@​Darhazer)
• Fix RSpec/MatchWithSimpleRegex to ignore regular expressions with interpolations. (@​bquorning)

Changelog

Sourced from rubocop-rspec's changelog.

3.10.2 (2026-06-06)

• Fix false positives for RSpec/SpecFilePathFormat when CustomTransform maps a namespace to an empty string. ([@​sakuro])
• Fix RSpec/MatchWithSimpleRegex to ignore regular expressions with options. ([@​bquorning])

3.10.1 (2026-06-05)

• Add Strict option to RSpec/SharedContext to flag shared_context whenever it contains examples, even alongside setup code. ([@​Darhazer])
• Add NegatedMatcher configuration option RSpec/ExpectChange. ([@​Darhazer])
• Fix RSpec/MatchWithSimpleRegex to ignore regular expressions with interpolations. ([@​bquorning])

Commits

• 2488441 Merge pull request #2189 from rubocop/release
• c9e53cf Bump version to 3.10.2
• 7ae0a42 Merge pull request #2186 from sakuro/fix/spec-file-path-format-empty-custom-t...
• 8b0b5e9 Merge branch 'master' into fix/spec-file-path-format-empty-custom-transform
• dc4465c Merge pull request #2188 from rubocop/fix-2185
• d5de6b2 Consider regexp with options a non-simple regexp
• bad0cb3 🐛 Fix RSpec/SpecFilePathFormat false positives when CustomTransform maps ...
• ec3eeab Merge pull request #2183 from rubocop/fix-match-with-simple-regex-with-interp...
• 16bbf49 Bump version to 3.10.1
• 2a78abd Ignore interpolation in MatchWithSimpleRegex
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions