Skip to content

build(deps): bump the bundler-production-dependencies group across 1 directory with 7 updates#323

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/src/email/bundler-production-dependencies-b5bb0f1e10
Open

build(deps): bump the bundler-production-dependencies group across 1 directory with 7 updates#323
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/src/email/bundler-production-dependencies-b5bb0f1e10

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the bundler-production-dependencies group with 7 updates in the /src/email directory:

Package From To
puma 6.6.0 8.0.2
sinatra 4.1.1 4.2.1
rackup 2.2.1 2.3.1
google-protobuf 4.31.1 4.35.0
opentelemetry-sdk 1.8.0 1.12.0
opentelemetry-exporter-otlp 0.30.0 0.34.0
opentelemetry-instrumentation-all 0.78.0 0.94.0

Updates puma from 6.6.0 to 8.0.2

Release notes

Sourced from puma's releases.

v8.0.2

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)

Security advisories

v8.0.1

  • Bugfixes

    • Fix prune_bundler stripping user-configured BUNDLE_* env vars (e.g. BUNDLE_WITHOUT) on re-exec, which caused workers to crash on boot (#3929)

  • Performance

    • Use blocks for debug logging to avoid creating log messages when debug is disabled (#3920)

  • Docs

    • Fix incorrect hook names in gRPC docs (#3923)
    • Reword v8 upgrade guide IPv6 bullet for clarity (#3928)

v8.0.0 - Into the Arena

Read our Version 8 Upgrade Guide.

  • Features

    • Add env["puma.mark_as_io_bound"] API and max_io_threads config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (#3816, #3894)
    • Add single and cluster DSL hooks for mode-specific configuration (#3621)
    • Add on_force option to shutdown_debug to only dump thread backtraces on forced (non-graceful) shutdown (#3671)
    • Add API to dynamically update min and max thread counts at runtime via update_thread_pool_min_max and ServerPluginControl (#3658)
    • Use SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (#3829)

  • Bugfixes

    • Fix phased restart for fork_worker to avoid forking from stale worker 0 when it has been replaced (#3853)

  • Performance

    • JRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (#3838)
    • Cache downcased header key in str_headers to avoid redundant String#downcase calls, reducing allocations by ~50% per response (#3874)

  • Refactor

    • Collect env processing into dedicated client_env.rb module (#3582)
    • Move event to default configuration (#3872)

  • Docs

    • Add gRPC guide for configuring gRPC lifecycle hooks in clustered mode (#3885)
    • Add 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (#3900)
    • Correct default values for persistent_timeout and worker_boot_timeout in DSL docs (#3912)
    • Add file descriptor limit warning in test helper for contributors (#3893)

... (truncated)

Changelog

Sourced from puma's changelog.

8.0.2 / 2026-05-27

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)

8.0.1 / 2026-04-27

  • Bugfixes

    • Fix prune_bundler stripping user-configured BUNDLE_* env vars (e.g. BUNDLE_WITHOUT) on re-exec, which caused workers to crash on boot (#3929)

  • Performance

    • Use blocks for debug logging to avoid creating log messages when debug is disabled (#3920)

  • Docs

    • Fix incorrect hook names in gRPC docs (#3923)
    • Reword v8 upgrade guide IPv6 bullet for clarity (#3928)

8.0.0 / 2026-03-27

  • Features

    • Add env["puma.mark_as_io_bound"] API and max_io_threads config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (#3816, #3894)
    • Add single and cluster DSL hooks for mode-specific configuration (#3621)
    • Add on_force option to shutdown_debug to only dump thread backtraces on forced (non-graceful) shutdown (#3671)
    • Add API to dynamically update min and max thread counts at runtime via update_thread_pool_min_max and ServerPluginControl (#3658)
    • Use SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (#3829)

  • Bugfixes

    • Fix phased restart for fork_worker to avoid forking from stale worker 0 when it has been replaced (#3853)

  • Performance

    • JRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (#3838)
    • Cache downcased header key in str_headers to avoid redundant String#downcase calls, reducing allocations by ~50% per response (#3874)

  • Refactor

    • Collect env processing into dedicated client_env.rb module (#3582)
    • Move event to default configuration (#3872)

  • Docs

    • Add gRPC guide for configuring gRPC lifecycle hooks in clustered mode (#3885)
    • Add 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (#3900)
    • Correct default values for persistent_timeout and worker_boot_timeout in DSL docs (#3912)
    • Add file descriptor limit warning in test helper for contributors (#3893)

  • Breaking changes

    • Default production bind address changed from 0.0.0.0 to :: (IPv6) when a non-loopback IPv6 interface is available; falls back to 0.0.0.0 if IPv6 is unavailable (#3847)

7.2.1 / 2026-05-27

  • Bugfixes

... (truncated)

Commits

Updates sinatra from 4.1.1 to 4.2.1

Changelog

Sourced from sinatra's changelog.

4.2.1 / 2025-10-10

4.2.0 / 2025-10-08

  • New: Add :static_headers setting for custom headers in static file responses (#2089)
  • Fix: Fix regex in etag_matches? to prevent ReDoS (#2121)
  • Fix: PATH_INFO can never be empty (#2114)
  • Fix: Fix malformed Content-Type headers (#2081)
  • Fix: Avoid crash for integer values in content_type parameters (#2078)
Commits

Updates rackup from 2.2.1 to 2.3.1

Changelog

Sourced from rackup's changelog.

Releases

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Commits
  • f3fa1d6 Bump patch version.
  • 583c7dc Fix WEBrick SERVER_PORT handling.
  • adc9596 Bump minor version.
  • 8e538be Update the webrick handler to support OPTIONS * requests. (#40)
  • 7a3e190 Update workflows.
  • 5d18f5a Update spec_server.rb
  • c6cdd47 Fix references from Rack::Server to Rackup::Server in comments
  • e3df7cb Provide a 'Changelog' link on rubygems.org/gems/rackup
  • 39d5226 Documentation for how to access handlers programatically.
  • 301b6dd Update releases.md - fixes #29.
  • See full diff in compare view

Updates google-protobuf from 4.31.1 to 4.35.0

Commits

Updates opentelemetry-sdk from 1.8.0 to 1.12.0

Release notes

Sourced from opentelemetry-sdk's releases.

opentelemetry-sdk 1.12.0

v1.12.0 / 2026-05-12

  • ADDED: Add git tag to source URI in gemspec (#2101)
  • FIXED: Consistent labels for otel.bsp.dropped_spans metric (#2108)

opentelemetry-sdk 1.11.0

v1.11.0 / 2026-04-07

  • ADDED: Min Ruby Version 3.3 (#2070)

opentelemetry-sdk 1.10.0

v1.10.0 / 2025-10-14

  • ADDED: Add span flags support for isRemote property

opentelemetry-sdk 1.9.0

v1.9.0 / 2025-09-16

  • ADDED: Add record_exception option for in_span

opentelemetry-sdk 1.8.1

v1.8.1 / 2025-08-14

  • FIXED: Remove patch constraint on Zipkin exporter
  • DOCS: Fix Resource merge documentation
Commits

Updates opentelemetry-exporter-otlp from 0.30.0 to 0.34.0

Release notes

Sourced from opentelemetry-exporter-otlp's releases.

opentelemetry-exporter-otlp 0.34.0

v0.34.0 / 2026-05-12

  • ADDED: Add git tag to source URI in gemspec (#2101)

opentelemetry-exporter-otlp 0.33.0

v0.33.0 / 2026-04-07

  • ADDED: Min Ruby Version 3.3 (#2070)
  • ADDED: Handle HTTP 2XX responses as successful in OTLP exporters (#2044)
  • FIXED: Issue with sending traces to IPv6 endpoints (#1935)

opentelemetry-exporter-otlp 0.32.0

v0.32.0 / 2026-03-10

  • ADDED: Replace cgi with uri for encode and decode (#2028)

opentelemetry-exporter-otlp 0.31.1

v0.31.1 / 2025-10-21

  • FIXED: Requires minimum SDK support for new parent_span_is_remote attribute

opentelemetry-exporter-otlp 0.31.0

v0.31.0 / 2025-10-14

  • ADDED: Add span flags support for isRemote property
Commits

Updates opentelemetry-instrumentation-all from 0.78.0 to 0.94.0

Release notes

Sourced from opentelemetry-instrumentation-all's releases.

opentelemetry-instrumentation-all 0.94.0

v0.94.0 / 2026-05-21

  • ADDED: Upgrade opentelemetry-instrumentation-trilogy to 0.69.0

opentelemetry-instrumentation-all 0.93.0

v0.93.0 / 2026-04-28

  • ADDED: Upgrade opentelemetry-instrumentation-rails to 0.42.0

opentelemetry-instrumentation-all 0.92.0

v0.92.0 / 2026-04-14

  • BREAKING CHANGE: Min Ruby Version 3.3 (#2125)
  • ADDED: Min Ruby Version 3.3 (#2125)
  • ADDED: Add release tag into source code url of gem metadata (#1984)
  • CHANGED: Update transitive dependencies for all instrumentation gems to new versions

opentelemetry-instrumentation-all 0.91.0

v0.91.0 / 2026-03-17

  • ADDED: Upgrade opentelemetry-instrumentation-anthropic to 0.4.0
  • ADDED: Upgrade opentelemetry-instrumentation-dalli to 0.29.2
  • ADDED: Upgrade opentelemetry-instrumentation-ethon to 0.28.0
  • ADDED: Upgrade opentelemetry-instrumentation-excon to 0.28.0
  • ADDED: Upgrade opentelemetry-instrumentation-faraday to 0.32.0
  • ADDED: Upgrade opentelemetry-instrumentation-grape to 0.6.0
  • ADDED: Upgrade opentelemetry-instrumentation-graphql to 0.31.2
  • ADDED: Upgrade opentelemetry-instrumentation-http to 0.29.0
  • ADDED: Upgrade opentelemetry-instrumentation-http_client to 0.28.0
  • ADDED: Upgrade opentelemetry-instrumentation-httpx to 0.7.0
  • ADDED: Upgrade opentelemetry-instrumentation-net_http to 0.28.0
  • ADDED: Upgrade opentelemetry-instrumentation-racecar to 0.6.1
  • ADDED: Upgrade opentelemetry-instrumentation-rack to 0.30.0
  • ADDED: Upgrade opentelemetry-instrumentation-rails to 0.40.0
  • ADDED: Upgrade opentelemetry-instrumentation-restclient to 0.27.0
  • ADDED: Upgrade opentelemetry-instrumentation-sinatra to 0.29.0
  • ADDED: Upgrade opentelemetry-instrumentation-trilogy to 0.67.0
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the bundler-production-dependencies group across 1 …
ecd857f 
…directory with 7 updates

Bumps the bundler-production-dependencies group with 7 updates in the /src/email directory:

| Package | From | To |
| --- | --- | --- |
| [puma](https://github.com/puma/puma) | `6.6.0` | `8.0.2` |
| [sinatra](https://github.com/sinatra/sinatra) | `4.1.1` | `4.2.1` |
| [rackup](https://github.com/rack/rackup) | `2.2.1` | `2.3.1` |
| [google-protobuf](https://github.com/protocolbuffers/protobuf) | `4.31.1` | `4.35.0` |
| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `1.8.0` | `1.12.0` |
| [opentelemetry-exporter-otlp](https://github.com/open-telemetry/opentelemetry-ruby) | `0.30.0` | `0.34.0` |
| [opentelemetry-instrumentation-all](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.78.0` | `0.94.0` |



Updates `puma` from 6.6.0 to 8.0.2
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](puma/puma@v6.6.0...v8.0.2)

Updates `sinatra` from 4.1.1 to 4.2.1
- [Changelog](https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md)
- [Commits](sinatra/sinatra@v4.1.1...v4.2.1)

Updates `rackup` from 2.2.1 to 2.3.1
- [Release notes](https://github.com/rack/rackup/releases)
- [Changelog](https://github.com/rack/rackup/blob/main/releases.md)
- [Commits](rack/rackup@v2.2.1...v2.3.1)

Updates `google-protobuf` from 4.31.1 to 4.35.0
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `opentelemetry-sdk` from 1.8.0 to 1.12.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases)
- [Commits](open-telemetry/opentelemetry-ruby@opentelemetry-sdk/v1.8.0...opentelemetry-sdk/v1.12.0)

Updates `opentelemetry-exporter-otlp` from 0.30.0 to 0.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases)
- [Commits](open-telemetry/opentelemetry-ruby@opentelemetry-exporter-otlp/v0.30.0...opentelemetry-exporter-otlp/v0.34.0)

Updates `opentelemetry-instrumentation-all` from 0.78.0 to 0.94.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases)
- [Commits](open-telemetry/opentelemetry-ruby-contrib@opentelemetry-instrumentation-all/v0.78.0...opentelemetry-instrumentation-all/v0.94.0)

---
updated-dependencies:
- dependency-name: puma
  dependency-version: 8.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: bundler-production-dependencies
- dependency-name: sinatra
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bundler-production-dependencies
- dependency-name: rackup
  dependency-version: 2.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bundler-production-dependencies
- dependency-name: google-protobuf
  dependency-version: 4.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bundler-production-dependencies
- dependency-name: opentelemetry-sdk
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bundler-production-dependencies
- dependency-name: opentelemetry-exporter-otlp
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bundler-production-dependencies
- dependency-name: opentelemetry-instrumentation-all
  dependency-version: 0.94.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bundler-production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants