Build(deps): Bump puma from 4.3.6 to 5.0.0 (PR #10692)

Bumps puma from 4.3.6 to 5.0.0.

Release notes

Sourced from puma's releases.

5.0 - Spoony Bard

5.0.0

Spoony_Bard

  • Features

    • Allow compiling without OpenSSL and dynamically load files needed for SSL, add 'no ssl' CI (#2305)
    • EXPERIMENTAL: Add fork_worker option and refork command for reduced memory usage by forking from a worker process instead of the master process. (#2099)
    • EXPERIMENTAL: Added wait_for_less_busy_worker config. This may reduce latency on MRI through inserting a small delay before re-listening on the socket if worker is busy (#2079).
    • EXPERIMENTAL: Added nakayoshi_fork option. Reduce memory usage in preloaded cluster-mode apps by GCing before fork and compacting, where available. (#2093, #2256)
    • Added pumactl thread-backtraces command to print thread backtraces (#2054)
    • Added incrementing requests_count to Puma.stats. (#2106)
    • Increased maximum URI path length from 2048 to 8192 bytes (#2167, #2344)
    • lowlevel_error_handler is now called during a forced threadpool shutdown, and if a callable with 3 arguments is set, we now also pass the status code (#2203)
    • Faster phased restart and worker timeout (#2220)
    • Added state_permission to config DSL to set state file permissions (#2238)
    • Added Puma.stats_hash, which returns a stats in Hash instead of a JSON string (#2086, #2253)
    • rack.multithread and rack.multiprocess now dynamically resolved by max_thread and workers respectively (#2288)
  • Deprecations, Removals and Breaking API Changes

    • --control has been removed. Use --control-url (#1487)
    • worker_directory has been removed. Use directory.
    • min_threads now set by environment variables PUMA_MIN_THREADS and MIN_THREADS. (#2143)
    • max_threads now set by environment variables PUMA_MAX_THREADS and MAX_THREADS. (#2143)
    • max_threads default to 5 in MRI or 16 for all other interpreters. (#2143)
    • preload by default if workers > 1 (#2143)
    • Puma::Plugin.workers_supported? has been removed. Use Puma.forkable? instead. (#2143)
    • tcp_mode has been removed without replacement. (#2169)
    • Daemonization has been removed without replacement. (#2170)
    • Changed #connected_port to #connected_ports (#2076)
    • Configuration: environment is read from RAILS_ENV, if RACK_ENV can't be found (#2022)
    • Log binding on http:// for TCP bindings to make it clickable
  • Bugfixes

    • Fix JSON loading issues on phased-restarts (#2269)
    • Improve shutdown reliability (#2312, #2338)
    • Close client http connections made to an ssl server with TLSv1.3 (#2116)
    • Do not set user_config to quiet by default to allow for file config (#2074)
    • Always close SSL connection in Puma::ControlCLI (#2211)
    • Windows update extconf.rb for use with ssp and varied Ruby/MSYS2 combinations (#2069)
    • Ensure control server Unix socket is closed on shutdown (#2112)
    • Preserve BUNDLE_GEMFILE env var when using prune_bundler (#1893)
    • Send 408 request timeout even when queue requests is disabled (#2119)
    • Rescue IO::WaitReadable instead of EAGAIN for blocking read (#2121)
    • Ensure BUNDLE_GEMFILE is unspecified in workers if unspecified in master when using prune_bundler (#2154)
    • Rescue and log exceptions in hooks defined by users (on_worker_boot, after_worker_fork etc) (#1551)
    • Read directly from the socket in #read_and_drop to avoid raising further SSL errors (#2198)
    • Set Connection: closed header when queue requests is disabled (#2216)
    • Pass queued requests to thread pool on server shutdown (#2122)
    • Fixed a few minor concurrency bugs in ThreadPool that may have affected non-GVL Rubies (#2220)
Changelog

Sourced from puma's changelog.

5.0.0

  • Features

    • Allow compiling without OpenSSL and dynamically load files needed for SSL, add 'no ssl' CI (#2305)
    • EXPERIMENTAL: Add fork_worker option and refork command for reduced memory usage by forking from a worker process instead of the master process. (#2099)
    • EXPERIMENTAL: Added wait_for_less_busy_worker config. This may reduce latency on MRI through inserting a small delay before re-listening on the socket if worker is busy (#2079).
    • EXPERIMENTAL: Added nakayoshi_fork option. Reduce memory usage in preloaded cluster-mode apps by GCing before fork and compacting, where available. (#2093, #2256)
    • Added pumactl thread-backtraces command to print thread backtraces (#2054)
    • Added incrementing requests_count to Puma.stats. (#2106)
    • Increased maximum URI path length from 2048 to 8192 bytes (#2167, #2344)
    • lowlevel_error_handler is now called during a forced threadpool shutdown, and if a callable with 3 arguments is set, we now also pass the status code (#2203)
    • Faster phased restart and worker timeout (#2220)
    • Added state_permission to config DSL to set state file permissions (#2238)
    • Added Puma.stats_hash, which returns a stats in Hash instead of a JSON string (#2086, #2253)
    • rack.multithread and rack.multiprocess now dynamically resolved by max_thread and workers respectively (#2288)
  • Deprecations, Removals and Breaking API Changes

    • --control has been removed. Use --control-url (#1487)
    • worker_directory has been removed. Use directory.
    • min_threads now set by environment variables PUMA_MIN_THREADS and MIN_THREADS. (#2143)
    • max_threads now set by environment variables PUMA_MAX_THREADS and MAX_THREADS. (#2143)
    • max_threads default to 5 in MRI or 16 for all other interpreters. (#2143)
    • preload by default if workers > 1 (#2143)
    • Puma::Plugin.workers_supported? has been removed. Use Puma.forkable? instead. (#2143)
    • tcp_mode has been removed without replacement. (#2169)
    • Daemonization has been removed without replacement. (#2170)
    • Changed #connected_port to #connected_ports (#2076)
    • Configuration: environment is read from RAILS_ENV, if RACK_ENV can't be found (#2022)
    • Log binding on http:// for TCP bindings to make it clickable
  • Bugfixes

    • Fix JSON loading issues on phased-restarts (#2269)
    • Improve shutdown reliability (#2312, #2338)
    • Close client http connections made to an ssl server with TLSv1.3 (#2116)
    • Do not set user_config to quiet by default to allow for file config (#2074)
    • Always close SSL connection in Puma::ControlCLI (#2211)
    • Windows update extconf.rb for use with ssp and varied Ruby/MSYS2 combinations (#2069)
    • Ensure control server Unix socket is closed on shutdown (#2112)
    • Preserve BUNDLE_GEMFILE env var when using prune_bundler (#1893)
    • Send 408 request timeout even when queue requests is disabled (#2119)
    • Rescue IO::WaitReadable instead of EAGAIN for blocking read (#2121)
    • Ensure BUNDLE_GEMFILE is unspecified in workers if unspecified in master when using prune_bundler (#2154)
    • Rescue and log exceptions in hooks defined by users (on_worker_boot, after_worker_fork etc) (#1551)
    • Read directly from the socket in #read_and_drop to avoid raising further SSL errors (#2198)
    • Set Connection: closed header when queue requests is disabled (#2216)
    • Pass queued requests to thread pool on server shutdown (#2122)
    • Fixed a few minor concurrency bugs in ThreadPool that may have affected non-GVL Rubies (#2220)
    • Fix out_of_band hook never executed if the number of worker threads is > 1 (#2177)
    • Fix ThreadPool#shutdown timeout accuracy (#2221)
    • Fix UserFileDefaultOptions#fetch to properly use default (#2233)
Commits
  • 13e18e8 Puma 5
  • 4be4069 Merge pull request #2370 from MSP-Greg/fix-2368
  • b895566 Fix my errors in 2368
  • 038a0d9 Documentation - add version info, misc fixes [ci skip] (#2368)
  • 18f1810 test/helper.rb -TimeoutEveryTestCase - set non MRI timeouts to 60 sec
  • 0ab0eec Leave DISABLE_SSL undocumented
  • 1ebdf11 Merge pull request #2305 from MSP-Greg/no-ssl
  • 7b3c08a Merge pull request #2365 from MSP-Greg/test-timeout
  • 5b56986 Merge pull request #2364 from MSP-Greg/share-cert
  • fe2c25b README.md - add 'SSL Connection Support' section
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don’t alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a “Dependabot enabled” badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

GitHub