chore(deps): bump pagy from 43.5.5 to 43.5.6 in the ruby-deps group across 1 directory

[dependabot]

Bumps the ruby-deps group with 1 update in the / directory: pagy.

Updates pagy from 43.5.5 to 43.5.6

Release notes

Sourced from pagy's releases.

Version 43.5.6

Changes in 43.5.6

• Validate I18n locale input, coerce dev_tools wand_scale, add input-safety docs (#908)
  • Coerce dev_tools wand_scale to a float
  • Validate the I18n locale against a BCP 47 pattern
  • Update docs and comments about safety

CHANGELOG

Version 43

We needed a leap version to unequivocally signal that it's not just a major version: it's a complete redesign of the legacy code at all levels, usage and API included.

Why 43? Because it's exactly one step beyond "The answer to the ultimate question of life, the Universe, and everything." 😉

Improvements

This version introduces several enhancements, such as new :countish and :keynav_js paginators and improved automation and configuration processes, reducing setup requirements by 99%. The update also includes a simpler API and new interactive development tools, making it a comprehensive upgrade from previous versions.

• New :countish Paginator
  • Faster than OFFSET and supporting the full UI
• New Keynav Pagination
  • The pagy-exclusive technique using the fastest keyset pagination alongside all frontend helpers.
• New interactive dev-tools
  • New PagyWand to integrate the pagy CSS with your app themes.
  • New Pagy AI available right inside your own app.
• Intelligent automation
  • Configuration requirements reduced by 99%.
  • Simplified JavaScript setup.
  • Automatic I18n loading.
• Simpler API
  • You solely need the pagy method and the @​pagy instance to paginate any collection and use any navigation tag and helper.
  • Methods are autoloaded only if used, and consume no memory otherwise.
  • Methods have narrower scopes and can be overridden without deep knowledge.
• New documentation
  • Very concise, straightforward, and easy to navigate and understand.

Upgrade to 43

See the Upgrade Guide

... (truncated)

Changelog

Sourced from pagy's changelog.

Version 43.5.6

• Validate I18n locale input, coerce dev_tools wand_scale, add input-safety docs (#908)
  • Coerce dev_tools wand_scale to a float
  • Validate the I18n locale against a BCP 47 pattern
  • Update docs and comments about safety

Commits

• ef90524 Merge branch 'dev'
• d6e546f Version 43.5.6
• efcf096 💎 Validate I18n locale input, coerce dev_tools wand_scale, add input-safety d...
• cbc77eb Update gems and packages
• 2641e8c Improve docs
• See full diff in compare view

[mroderick]

Dependency Upgrade Review: pagy v43.5.5 → v43.5.6 (+ json v2.19.8 → v2.19.9)

PR Scope

Dependency-only — only Gemfile.lock changed. Two dependencies bumped:

• pagy 43.5.5 → 43.5.6 (primary, intentional)
• json 2.19.8 → 2.19.9 (transitive dependency of pagy, side-effect bump)

Changes in pagy

Five commits, all in the 43.5.6 patch. The substantive change is input validation and safety (#908):

• Validate I18n locale input against a BCP 47 pattern
• Coerce dev_tools wand_scale to a float
• Docs and safety improvements

No breaking changes. No behavioural changes to the pagination API.

Changes in json

A security fix — buffer overflow fix for JSON.generate(object, io) (CVE-Pending).

Usage in Repository

• pagy: Used in 8 controllers via standard pagy() calls (dashboard, events, admin controllers). Configured minimally in config/initializers/pagy.rb (page size, overflow mode). Views render pagination via the shared pagination partial.
• json: Not used directly in application code — only in spec files (JSON.parse).

Compatibility Assessment

Compatible. The pagy changes are in I18n locale validation and dev_tools — neither touches the standard pagination API surface this app uses. The json fix is for a specific edge case (JSON.generate(object, io)) that isn't used in this codebase.

Test Coverage

Limited — only spec/controllers/events_controller_spec.rb references pagy. JSON is used in several spec files for response parsing. The test suite (make test) can validate the upgrade locally if desired.

Confidence Rating

High — both upgrades are patch-level with no API changes affecting this codebase. The pagy changes are in unrelated features (I18n validation, dev_tools). The json bump is a security fix for an unused code path.