Bump doorkeeper from 5.9.2 to 5.9.3

[dependabot]

Bumps doorkeeper from 5.9.2 to 5.9.3.

Release notes

Sourced from doorkeeper's releases.

v5.9.3

• #1834 Fix default allow_token_introspection returning false when a custom application_class is configured. The default proc compared application objects with ==, which fails when the authorized client and the introspected token's application are resolved as different classes (e.g. a base Doorkeeper::Application vs. a configured subclass) even though they reference the same record. It now compares application ids instead.
• #1832 Fix confusing belongs_to :owner side effect: Doorkeeper::Models::Ownership is now included only when enable_application_owner? is set (read at include time), so models no longer expose a misleading owner association/reflection when the application owner feature is disabled and the schema lacks the owner columns.

Changelog

Sourced from doorkeeper's changelog.

5.9.3

• #1834 Fix default allow_token_introspection returning false when a custom application_class is configured. The default proc compared application objects with ==, which fails when the authorized client and the introspected token's application are resolved as different classes (e.g. a base Doorkeeper::Application vs. a configured subclass) even though they reference the same record. It now compares application ids instead.
• #1832 Fix confusing belongs_to :owner side effect: Doorkeeper::Models::Ownership is now included only when enable_application_owner? is set (read at include time), so models no longer expose a misleading owner association/reflection when the application owner feature is disabled and the schema lacks the owner columns.

Commits

• 4737ffe Release 5.9.3 🎉
• 90e4976 Merge pull request #1834 from 55728/fix/1833-allow-token-introspection-custom...
• bc3d9e5 Merge pull request #1832 from 55728/experiment/1831-gate-ownership
• 155ce8c Fix allow_token_introspection default for custom application_class (#1833)
• 1c7ef35 Gate belongs_to :owner on enable_application_owner? at include time
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Warning

Flaky specs

• rspec ./modules/backlogs/spec/features/backlogs/create_spec.rb[1:3:2]
• rspec ./spec/features/projects/project_autocomplete_spec.rb[1:1]

🤖 Ask Copilot to investigate

Copy the prompt below into a new comment on this PR to delegate the investigation to GitHub Copilot. It will look into the flakiness and open a separate pull request with you as reviewer.

@copilot The following spec(s) are flaky in CI (first seen on PR #23857, linked for reference only):

- `rspec ./modules/backlogs/spec/features/backlogs/create_spec.rb[1:3:2]`
- `rspec ./spec/features/projects/project_autocomplete_spec.rb[1:1]`

Treat this as a standalone task, unrelated to PR #23857. Create a new branch from origin/dev and open a new pull request targeting dev — do not stack it on PR #23857 or reuse that branch.

Follow the playbook in docs/development/testing/handling-flaky-tests/README.md to find the root cause and fix the underlying race — do not skip, delete, or weaken the spec to make it pass; disabling is a last resort per the playbook, and only with a bug ticket. Verify the fix by running the spec(s) repeatedly (e.g. `script/bulk_run_rspec --run-count 10`).

If you cannot reproduce the flake or are not confident in a fix after reasonable investigation, do not fabricate a change or skip the spec to force CI green. Instead, leave the pull request in draft and document what you tried, the suspected cause, and any leads in its description, then assign @dependabot[bot] to take over.

Once the fix is verified, title the PR after the spec(s) it fixes, and use the PR description to explain the root cause, how the change resolves it, and the before/after results. Label the PR `flaky-spec`, assign @dependabot[bot], and request a review from @dependabot[bot].
On every commit, set @dependabot[bot] as the sole co-author with a `Co-authored-by:` trailer (use their GitHub no-reply email so it links to their account), so it is traceable who dispatched the fix.