Bump puma from 6.6.1 to 7.0.0

[dependabot]

Bumps puma from 6.6.1 to 7.0.0.

Release notes

Sourced from puma's releases.

v7.0.0 - Romantic Warrior

7.0.0

• Breaking changes
  • Set default max_keep_alive to 999 (#3719)
  • Increase persistent_timeout default to 65 seconds (#3378)
  • Raise an ArgumentError if no block given to hooks (#3377)
  • Don't set env['HTTP_VERSION'] for Rack > 3.1 (#3711, #3576)
  • Runner.rb - remove ruby_engine method, deprecated Nov-2024 (#3701)
  • Set conditional config defaults after CLI options are parsed and config files are loaded (#3297)
  • Response headers set to lowercase (#3704)
  • Update minimum Ruby version to 3.0 (#3698)
  • Rename callback hooks (#3438)

Old hook name	New hook name
on_worker_boot	before_worker_boot
on_worker_shutdown	before_worker_shutdown
on_restart	before_restart
on_booted	after_booted
on_stopped	after_stopped
on_refork	before_refork
on_thread_start	before_thread_start
on_thread_exit	before_thread_exit
on_worker_fork	before_worker_fork

• Features

  • Fix long tail response problem with keepalive connections (#3678) (Previously released in 7.0.0.pre1, this was a high effort change)
  • Introduce support for fiber-per-request. (#3101)
  • Add support for rack.response_finished (#3681)
  • Feature/support custom logger with request logs (#3140)

• Bugfixes

  • Fixes a bug where triggering hooks in the ThreadPool fails (#3716)
  • Fix error_logger inproperly logging env[QUERY_STRING] (#3713, #3625)
  • Fix handling of invalid Transfer-Encoding header errors (#3702)
  • Fix socket leak on monitor wakeup NoMethodError in Reactor#select_loop (#3696, #3695)
  • CI: puma_socket.rb fixup socket/request writes (#3684)
  • Warn when RUBY_MN_THREADS env var is set (#3721)
  • Improve the DSL preload_app! doc (#3712)
  • Fix the ability to focus individual tests (#3705)
  • Set env['rack.hijack'] to client.method(:full_hijack) (#3073)

• Performance

  • server.rb - initialize ivars @reactor and @env_set_http_version (#3714)

• Refactor

... (truncated)

Changelog

Sourced from puma's changelog.

7.0.0

• Breaking changes
  • Set default max_keep_alive to 999 (#3719)
  • Increase persistent_timeout default to 65 seconds (#3378)
  • Raise an ArgumentError if no block given to hooks (#3377)
  • Don't set env['HTTP_VERSION'] for Rack > 3.1 (#3711, #3576)
  • Runner.rb - remove ruby_engine method, deprecated Nov-2024 (#3701)
  • Set conditional config defaults after CLI options are parsed and config files are loaded (#3297)
  • Response headers set to lowercase (#3704)
  • Update minimum Ruby version to 3.0 (#3698)
  • Rename callback hooks (#3438)

Old hook name	New hook name
on_worker_boot	before_worker_boot
on_worker_shutdown	before_worker_shutdown
on_restart	before_restart
on_booted	after_booted
on_stopped	after_stopped
on_refork	before_refork
on_thread_start	before_thread_start
on_thread_exit	before_thread_exit
on_worker_fork	before_worker_fork

• Features

  • Fix long tail response problem with keepalive connections (#3678) (Previously released in 7.0.0.pre1, this was a high effort change)
  • Introduce support for fiber-per-request. (#3101)
  • Add support for rack.response_finished (#3681)
  • Feature/support custom logger with request logs (#3140)

• Bugfixes

  • Fixes a bug where triggering hooks in the ThreadPool fails (#3716)
  • Fix error_logger inproperly logging env[QUERY_STRING] (#3713, #3625)
  • Fix handling of invalid Transfer-Encoding header errors (#3702)
  • Fix socket leak on monitor wakeup NoMethodError in Reactor#select_loop (#3696, #3695)
  • CI: puma_socket.rb fixup socket/request writes (#3684)
  • Warn when RUBY_MN_THREADS env var is set (#3721)
  • Improve the DSL preload_app! doc (#3712)
  • Fix the ability to focus individual tests (#3705)
  • Set env['rack.hijack'] to client.method(:full_hijack) (#3073)

• Performance

  • server.rb - initialize ivars @reactor and @env_set_http_version (#3714)

• Refactor

  • Simplify Puma::DSL#process_hook logic (#3710)
  • Dry up deprecation warnings and fix deprecation warnings when running CI. (#3709, #3708)
  • Ensure and enforce that configs are loaded before options are accessed (#3616)

... (truncated)

Commits

• 89a448e v7.0.0 (#3722)
• daba989 Warn when RUBY_MN_THREADS env var is set (#3721)
• 95e4235 Set default keepalive connections to 999 (#3719)
• fa2458c Fixes a bug where triggering hooks in the ThreadPool fails (#3716)
• 4d08ab8 :bug Fix error_logger inproperly logging env[QUERY_STRING] (#3713)
• 57ca334 server.rb - initialize ivars @reactor and @env_set_http_version (#3714)
• eb96ef0 Simplify Puma::DSL#process_hook logic (#3710)
• 7738e66 Improve the DSL preload_app! doc (#3712)
• f8bdea7 Dry up deprecation warnings and fix deprecation warnings when running CI. (#3...
• bd987e0 don't set env['HTTP_VERSION'] for Rack > 3.1 (#3711)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (da45486) to head (ea704ea).

Additional details and impacted files

@@            Coverage Diff            @@
##              main     #2443   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           57        57           
  Lines         2287      2287           
=========================================
  Hits          2287      2287           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[david-a-wheeler]

This changes the major version number. A lot of hook names have been completely removed to maximize unnecessary pain during upgrades. I see no reason they can't support the old interfaces. Sigh.

We'll want to update, but we need to do this carefully. In particular, we want to make sure we don't silently break the rack plug-ins that implement rate limiting on attackers. That shouldn't be a problem, but it could be, and tests might not detect the problem.

[dependabot]

Superseded by #2445.