chore(deps): update all non-major bundler dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
bcrypt	'~> 3.1.20' → '~> 3.1.21'
bootsnap	'~> 1.19.0' → '~> 1.20.1'
brakeman (source, changelog)	'~> 7.1.1' → '~> 7.1.2'
pg	'~> 1.6.2' → '~> 1.6.3'
rqrcode (changelog)	'~> 3.1', '>= 3.1.1' → '~> 3.2'
rubocop-rails (source, changelog)	'~> 2.34', '>= 2.34.2' → '~> 2.34', '>= 2.34.3'
rubocop-rspec (changelog)	'~> 3.8' → '~> 3.9'
sidekiq (source, changelog)	'~> 8.0.10' → '~> 8.1.0'
simple_form (changelog)	'~> 5.4.0' → '~> 5.4.1'

---

Release Notes

presidentbeef/brakeman (brakeman)

v7.1.2

Compare Source

• Update ruby_parser to remove version restriction (Chedli Bourguiba)
• Raise minimum required Ruby to 3.2.0
• Use Minitest 6.0
• Reduce SQL injection false positives from count calls
• Ignore more Haml attribute builder methods

whomwah/rqrcode (rqrcode)

v3.2.0

Compare Source

Added

• Comprehensive benchmarking suite in benchmark/ directory for measuring performance and memory usage across all export formats (SVG, PNG, HTML, ANSI)
• benchmark_helper.rb providing shared utilities for IPS, memory, and stack profiling
• Rake tasks for running benchmarks individually or all at once
• benchmark/README.md explaining usage, metrics, and interpretation of results
• AGENTS.md as a development guide for AI agents

Changed

• SVG rendering: Improved by +130% (from 184 i/s to 424 i/s) with 71% memory reduction
• HTML rendering: Now the fastest export format at 1,876 i/s (rendering-only benchmark)
• Memory efficiency: HTML now uses 6x less memory than SVG (previously 22x)
• Updated minimum Ruby version requirement to >= 3.2.0
• Updated GitHub workflow Ruby matrix to test only supported versions (3.2, 3.3, 3.4, 4.0)
• Updated README.md with benchmark documentation and contribution guidelines

rubocop/rubocop-rails (rubocop-rails)

v2.34.3

Compare Source

Bug fixes

• #​1473: Fix an error for Rails/SelectMap when select(:column_name).map(&:column_name) with parentheses. ([@​koic][])
• #​1569: Fix an error in Rails/SelectMap when multiple select calls are present before map. ([@​koic][])

rubocop/rubocop-rspec (rubocop-rspec)

v3.9.0

Compare Source

• Fix a false positive for RSpec/LeakyLocalVariable when variables are used only in example metadata (e.g., skip messages). ([@​ydah])
• Fix a false positive for RSpec/ScatteredSetup when the hook is defined inside a class method. ([@​d4rky-pl])
• Fix a false positive for RSpec/DescribedClass inside dynamically evaluated blocks (class_eval, module_eval, instance_eval, class_exec, module_exec, instance_exec). ([@​sucicfilip])
• Add new cop RSpec/Output. ([@​kevinrobell-st])

sidekiq/sidekiq (sidekiq)

v8.1.0

Compare Source

• retry_for and retry are now mutually exclusive [#​6878, Saidbek]
• perform_inline now enforces strict_args! [#​6718, Saidbek]
• Integrate Herb linting for ERB templates [#​6760, Saidbek]
• Remove CSRF code, use Sec-Fetch-Site header [#​6874, deve1212]
• Allow custom Web UI assets_path for CDN purposes [#​6865, stanhu]
• Upgrade to connection_pool 3.0
• Allow idle connection reaping after N seconds.
  You can activate this beta feature like below.
  Feedback requested: is this feature stable and useful for you in production?
  This feature may or may not be enabled by default in Sidekiq 9.0.

Sidekiq.configure_server do |cfg|
  cfg.reap_idle_redis_connections(60)
end

heartcombo/simple_form (simple_form)

v5.4.1

Compare Source

• Ruby 4.0 support (no changes required)
• Support procs on validators for minlength/maxlength, and improve validators logic across the board to match Rails #​1859

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone Europe/Amsterdam, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.62%. Comparing base (656f5a2) to head (dab638d).

Additional details and impacted files

@@           Coverage Diff            @@
##           staging    #1195   +/-   ##
========================================
  Coverage    77.62%   77.62%           
========================================
  Files           54       54           
  Lines         1341     1341           
========================================
  Hits          1041     1041           
  Misses         300      300           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[lodewiges]

updating connection pool to 3.0.0 breaks something