Skip to content

Update dependency puma to v8#299

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/puma-8.x
Open

Update dependency puma to v8#299
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/puma-8.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 23, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
puma (source, changelog) "~> 7.0""~> 8.0" age confidence

Release Notes

puma/puma (puma)

v8.0.1

Compare Source

  • Bugfixes

    • Fix prune_bundler stripping user-configured BUNDLE_* env vars (e.g. BUNDLE_WITHOUT) on re-exec, which caused workers to crash on boot ([#​3929])

  • Performance

    • Use blocks for debug logging to avoid creating log messages when debug is disabled ([#​3920])

  • Docs

    • Fix incorrect hook names in gRPC docs ([#​3923])
    • Reword v8 upgrade guide IPv6 bullet for clarity ([#​3928])

v8.0.0

Compare Source

  • Features

    • Add env["puma.mark_as_io_bound"] API and max_io_threads config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads ([#​3816], [#​3894])
    • Add single and cluster DSL hooks for mode-specific configuration ([#​3621])
    • Add on_force option to shutdown_debug to only dump thread backtraces on forced (non-graceful) shutdown ([#​3671])
    • Add API to dynamically update min and max thread counts at runtime via update_thread_pool_min_max and ServerPluginControl ([#​3658])
    • Use SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable ([#​3829])

  • Bugfixes

    • Fix phased restart for fork_worker to avoid forking from stale worker 0 when it has been replaced ([#​3853])

  • Performance

    • JRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies ([#​3838])
    • Cache downcased header key in str_headers to avoid redundant String#downcase calls, reducing allocations by ~50% per response ([#​3874])

  • Refactor

    • Collect env processing into dedicated client_env.rb module ([#​3582])
    • Move event to default configuration ([#​3872])

  • Docs

    • Add gRPC guide for configuring gRPC lifecycle hooks in clustered mode ([#​3885])
    • Add 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory ([#​3900])
    • Correct default values for persistent_timeout and worker_boot_timeout in DSL docs ([#​3912])
    • Add file descriptor limit warning in test helper for contributors ([#​3893])

  • Breaking changes

    • Default production bind address changed from 0.0.0.0 to :: (IPv6) when a non-loopback IPv6 interface is available; falls back to 0.0.0.0 if IPv6 is unavailable ([#​3847])

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 23, 2026
edited
Loading

Container Scanning Status: ❌ Failure

NAME                     INSTALLED        FIXED IN         TYPE  VULNERABILITY        SEVERITY  EPSS           RISK   
net-imap                 0.4.19           0.4.20           gem   GHSA-j3g3-5qv5-52mj  Medium    0.5% (67th)    0.3    
resolv                   0.3.0            0.3.1            gem   GHSA-xh69-987w-hrp8  Medium    0.3% (50th)    0.1    
erb                      4.0.3            4.0.3.1          gem   GHSA-q339-8rmv-2mhv  High      0.1% (28th)    < 0.1  
erb                      6.0.1            6.0.1.1          gem   GHSA-q339-8rmv-2mhv  High      0.1% (28th)    < 0.1  
erb                      6.0.2            6.0.4            gem   GHSA-q339-8rmv-2mhv  High      0.1% (28th)    < 0.1  
addressable              2.8.10           2.9.0            gem   GHSA-h27x-rffw-24p4  High      < 0.1% (19th)  < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28387       High      < 0.1% (14th)  < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28387       High      < 0.1% (14th)  < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28387       High      < 0.1% (14th)  < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28389       High      < 0.1% (13th)  < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28390       High      < 0.1% (13th)  < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28389       High      < 0.1% (13th)  < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28390       High      < 0.1% (13th)  < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28389       High      < 0.1% (13th)  < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28390       High      < 0.1% (13th)  < 0.1  
picomatch                4.0.3            4.0.4            npm   GHSA-3v7f-55p6-f55p  Medium    < 0.1% (17th)  < 0.1  
json                     2.18.0           2.19.2           gem   GHSA-3m6g-2423-7cp3  High      < 0.1% (10th)  < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-31789       Critical  < 0.1% (8th)   < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-31789       Critical  < 0.1% (8th)   < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-31789       Critical  < 0.1% (8th)   < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28388       High      < 0.1% (6th)   < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28388       High      < 0.1% (6th)   < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28388       High      < 0.1% (6th)   < 0.1  
picomatch                4.0.3            4.0.4            npm   GHSA-c2c7-rcm5-vvqj  High      < 0.1% (5th)   < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-31790       High      < 0.1% (4th)   < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-31790       High      < 0.1% (4th)   < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-31790       High      < 0.1% (4th)   < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-2673        High      < 0.1% (4th)   < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-2673        High      < 0.1% (4th)   < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-2673        High      < 0.1% (4th)   < 0.1  
zlib                     3.1.1            3.1.2            gem   GHSA-g857-hhfv-j68w  Medium    < 0.1% (2nd)   < 0.1  
rexml                    3.3.9            3.4.2            gem   GHSA-c2f4-jgmc-q2r5  Low       < 0.1% (6th)   < 0.1  
bcrypt                   3.1.21           3.1.22           gem   GHSA-f27w-vcwj-c954  Medium    < 0.1% (0th)   < 0.1  
uri                      0.13.2           0.13.3           gem   GHSA-j4pr-3wm6-xx2r  Low       < 0.1% (0th)   < 0.1  
net-imap                 0.4.19           0.4.24           gem   GHSA-vcgp-9326-pqcp  High      N/A            N/A    
net-imap                 0.6.2            0.6.4            gem   GHSA-vcgp-9326-pqcp  High      N/A            N/A    
devise                   5.0.3            5.0.4            gem   GHSA-jp94-3292-c3xv  Medium    N/A            N/A    
net-imap                 0.4.19           0.4.24           gem   GHSA-75xq-5h9v-w6px  Medium    N/A            N/A    
net-imap                 0.4.19           0.4.24           gem   GHSA-87pf-fpwv-p7m7  Medium    N/A            N/A    
net-imap                 0.4.19           0.4.24           gem   GHSA-hm49-wcqc-g2xg  Medium    N/A            N/A    
net-imap                 0.6.2            0.6.4            gem   GHSA-75xq-5h9v-w6px  Medium    N/A            N/A    
net-imap                 0.6.2            0.6.4            gem   GHSA-87pf-fpwv-p7m7  Medium    N/A            N/A    
net-imap                 0.6.2            0.6.4            gem   GHSA-hm49-wcqc-g2xg  Medium    N/A            N/A    
net-imap                 0.4.19           0.4.24           gem   GHSA-q2mw-fvj9-vvcw  Low       N/A            N/A    
net-imap                 0.6.2            0.6.4            gem   GHSA-q2mw-fvj9-vvcw  Low       N/A            N/A

@renovate renovate Bot force-pushed the renovate/puma-8.x branch from ab8b754 to d264ca8 Compare May 11, 2026 01:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants