Bump the minor-and-patch group with 4 updates

[dependabot]

Bumps the minor-and-patch group with 4 updates: graphql, nokogiri, sorbet-static and sorbet-static-and-runtime.

Updates graphql from 2.5.23 to 2.6.1

Changelog

Sourced from graphql's changelog.

2.6.1

Bug fixes

• Lexer: in the Ruby lexer, count comments against a schema's max_token_count configuration

2.6.0

Breaking changes

• SDL: previously, GraphQL-Ruby didn't require object types and interfaces to explicitly name all transitively implemented interfaces. For example if Interface A implements Interface B, and Object O implements Interface A, GraphQL-Ruby didn't require the SDL to include implements ... & B, But it should have, according to the spec. This misbehavior has been corrected, but may cause some previously-accepted SDL strings to be rejected with errors. #5602

Bug fixes

• SDL: require types to name all implemented interfaces #5602
• Execution::Next: call Resolver #ready? methods #5611

2.5.25

Bug fixes

• Field extensions: correctly return false through for fields with extensions that don't define after_resolve #5610

2.5.24

New features

• Continue building Execution::Next: #5606, #5603, #5596, #5604, #5607

Commits

• d24f518 2.6.1
• 88d6c1c Merge commit from fork
• da5209d 2.6.0, add pro-1.30.0 checksum
• 19a6a93 Merge pull request #5602 from rmosolgo/sdl-transitive-deps-error
• a1e0b0e pro 1.30.0 and enterprise 1.7.0
• f4614bb Merge pull request #5611 from rmosolgo/exec-next-ready
• 7ce88f4 more migration docs
• be476f7 Fix ready error handling
• 0dfa6c6 Run Resolver#ready? with exec-next
• fc642c0 2.5.25
• Additional commits viewable in compare view

Updates nokogiri from 1.19.2 to 1.19.3

Release notes

Sourced from nokogiri's releases.

v1.19.3 / 2026-04-27

Fixed / Security

• Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
• [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.

46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem
8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem
3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem
9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem
71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem
40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem
8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem
77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem
2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem
248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem
78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem

Changelog

Sourced from nokogiri's changelog.

v1.19.3 / 2026-04-27

Fixed / Security

• Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
• [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.

Commits

• c139a3d version bump to v1.19.3
• 7501a63 fix: backtracking in CSS tokenizer rules (v1.19.x backport) (#3627)
• 03e7968 test: skip CSS tokenizer benchmarks on JRuby
• b984b7e fix: ReDoS in CSS tokenizer ident rule
• 0092623 fix: ReDoS in CSS tokenizer STRING rule
• ee17d33 fix: memory leak in XSLT transform (backport to v1.19.x) (#3624)
• ce188a3 doc: update CHANGELOG
• caeaac4 fix: memory leak in XSLT transform
• 25220bf dep(test): test against libxml-ruby v6 (#3618)
• 0caeb21 doc: add security warnings for untrusted XSLT stylesheets
• See full diff in compare view

Updates sorbet-static from 0.6.13153 to 0.6.13164

Release notes

Sourced from sorbet-static's releases.

sorbet 0.6.13163.20260424185700-84d98e16a

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13163', :group => :development
gem 'sorbet-runtime', '0.6.13163'

sorbet 0.6.13162.20260424165056-f03ff07be

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13162', :group => :development
gem 'sorbet-runtime', '0.6.13162'

sorbet 0.6.13161.20260424125552-26af6535d

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13161', :group => :development
gem 'sorbet-runtime', '0.6.13161'

sorbet 0.6.13160.20260423213124-60437dc3a

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13160', :group => :development
gem 'sorbet-runtime', '0.6.13160'

sorbet 0.6.13159.20260423173656-b4628b6b1

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13159', :group => :development
gem 'sorbet-runtime', '0.6.13159'

sorbet 0.6.13158.20260422170537-5c1ccccfb

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13158', :group => :development
gem 'sorbet-runtime', '0.6.13158'

sorbet 0.6.13157.20260422165159-ac57f1bb6

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13157', :group => :development
gem 'sorbet-runtime', '0.6.13157'

sorbet 0.6.13156.20260422164514-da579e95b

... (truncated)

Commits

• See full diff in compare view

Updates sorbet-static-and-runtime from 0.6.13153 to 0.6.13164

Release notes

Sourced from sorbet-static-and-runtime's releases.

sorbet 0.6.13163.20260424185700-84d98e16a

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13163', :group => :development
gem 'sorbet-runtime', '0.6.13163'

sorbet 0.6.13162.20260424165056-f03ff07be

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13162', :group => :development
gem 'sorbet-runtime', '0.6.13162'

sorbet 0.6.13161.20260424125552-26af6535d

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13161', :group => :development
gem 'sorbet-runtime', '0.6.13161'

sorbet 0.6.13160.20260423213124-60437dc3a

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13160', :group => :development
gem 'sorbet-runtime', '0.6.13160'

sorbet 0.6.13159.20260423173656-b4628b6b1

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13159', :group => :development
gem 'sorbet-runtime', '0.6.13159'

sorbet 0.6.13158.20260422170537-5c1ccccfb

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13158', :group => :development
gem 'sorbet-runtime', '0.6.13158'

sorbet 0.6.13157.20260422165159-ac57f1bb6

To use Sorbet add this line to your Gemfile:

gem 'sorbet', '0.6.13157', :group => :development
gem 'sorbet-runtime', '0.6.13157'

sorbet 0.6.13156.20260422164514-da579e95b

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions