build(deps): bump the bundler-production-dependencies group across 1 directory with 6 updates #5

dependabot · 2025-05-22T03:30:42Z

Bumps the bundler-production-dependencies group with 3 updates in the /src/email directory: net-smtp, puma and sinatra.

Updates net-smtp from 0.4.0 to 0.5.1

Release notes

v0.5.1

What's Changed

Clarify the license of net-smtp by @tmtm in ruby/net-smtp#85

Enabled windows-latest on GHA by @hsbt in ruby/net-smtp#87

Fix typo in test methods by @tas50 in ruby/net-smtp#89

Restore gemspec file to gem package by @hsbt in ruby/net-smtp#90

New Contributors

@tas50 made their first contribution in ruby/net-smtp#89

Full Changelog: ruby/net-smtp@v0.5.0...v0.5.1

v0.5.0

What's Changed

Allow case-insensitive strings for SASL mechanism by @nevans in ruby/net-smtp#64

Remove unused private auth_method by @nevans in ruby/net-smtp#67

Delegate checking auth args to the authenticator by @nevans in ruby/net-smtp#73

Make #auth_capable? public by @nevans in ruby/net-smtp#63

Updated docs, especially TLS and SASL-related by @nevans in ruby/net-smtp#66

Renew test certificates by @sorah in ruby/net-smtp#75

Fix version extraction to work with non ASCII characters with any LANG by @kateinoigakukun in ruby/net-smtp#76

Replace non-ASCII EM DASH (U+2014) with ASCII hyphen (U+002D) by @kateinoigakukun in ruby/net-smtp#78

Use reusing workflow for Ruby versions by @m-nakamura145 in ruby/net-smtp#79

Add XOAUTH2 authenticator by @mantas in ruby/net-smtp#80

Make the test suite compatible with --enable-frozen-string-literal by @casperisfine in ruby/net-smtp#81

version 0.5.0 by @tmtm in ruby/net-smtp#82

New Contributors

@sorah made their first contribution in ruby/net-smtp#75

@kateinoigakukun made their first contribution in ruby/net-smtp#76

@m-nakamura145 made their first contribution in ruby/net-smtp#79

@mantas made their first contribution in ruby/net-smtp#80

@casperisfine made their first contribution in ruby/net-smtp#81

Full Changelog: ruby/net-smtp@v0.4.0.1...v0.5.0

v0.4.0.1

Full Changelog: ruby/net-smtp@v0.4.0...v0.4.0.1

Changelog

Sourced from net-smtp's changelog.

NEWS

Version 0.5.0 (2024-03-27)

Improvements

Allow case-insensitive strings for SASL mechanism ruby/net-smtp#64

Make #auth_capable? public ruby/net-smtp#63

Add XOAUTH2 authenticator ruby/net-smtp#80

Others

Remove unused private auth_method ruby/net-smtp#67

Delegate checking auth args to the authenticator ruby/net-smtp#73

Updated docs, especially TLS and SASL-related ruby/net-smtp#66

Renew test certificates ruby/net-smtp#75

Fix version extraction to work with non ASCII characters with any LANG ruby/net-smtp#76

Replace non-ASCII EM DASH (U+2014) with ASCII hyphen (U+002D) ruby/net-smtp#78

Use reusing workflow for Ruby versions ruby/net-smtp#79

Make the test suite compatible with --enable-frozen-string-literal ruby/net-smtp#81

Commits

a0075eb Bump up v0.5.1
afaa298 Merge pull request #90 from ruby/restore-gemspec
d496a82 Resolve to wrong references in ruby/ruby repo
cfdcfe0 Restore gemspec file to package because it's required by rbinstall.rb in ruby...
53482b8 Merge pull request #89 from tas50/master
85da49c Fix typo in test methods
fe2635b Merge pull request #87 from ruby/enable-windows-test
38f0e36 Exclude Ruby 2.6 and 2.7 from Windows CI
76db00b Handle Errno::ECONNABORTED on Windows platform
265823a Enabled windows-latest on GHA
Additional commits viewable in compare view

Updates puma from 6.4.0 to 6.6.0

Release notes

Sourced from puma's releases.

6.6.0 - Return to Forever

Some stuff for JRuby users (SIGUSR2 trap), reforkers (see below), and a few debug/logging/observability related goodies.

Features

Option to turn off SIGUSR2 trapping (#3570, #3567)

Shorten ThreadPool trimmer and reaper thread names (#3383)

Add after_refork hook (#3386)

Add busy threads stat (#3517)

Add a debug log before running each type of hook (#3375)

Allow alternative schemes in Binder (#3348, #3302)

Avoid spawning Threadpool#trim thread if pool size is fixed (#3384)

Bugfixes

Change HttpParserError to be subclass of StandardError (#3590, #3552)

added test cases

fix update phased restart symlink folder

Performance

Only ping worker 0 during phased restart if using fork worker (#3568)

Refactor

Fix multi-delimiter split to get status app token (#3505)

Change ping to use const (#3595)

Fixup use of Puma::Const::PipeRequest constants (#3565)

Update DSL hook processing logic to be consistent (#3376)

6.5.0 - Sky's Version

They say good things come to wait, and you've all had to wait a long time for 6.5.0 because @nateberkopec had another daughter: Sky!

Features

Print RUBY_DESCRIPTION when Puma starts (#3407)

Set the worker process count automatically when using WEB_CONCURRENCY=auto (#3439, #3437)

Mark as ractor-safe (#3486, #3422)

Add option enable_keep_alives. true (the default) mimics existing behavior, but now you can use false to disable keepalive to reduce queue tail latency (#3496)

Add parameters to Puma methods to allow CI to change ENV in isolation (#3485)

Add ssl_ciphersuites option for TLSv1.3 ciphers (#3359, #3343)

You can now use --threads 5 or threads 5 to config max/min threads with a single number (used to need to say 5:5) (#3309)

Option to turn off systemd plugin (#3425, #3424)

Add on_stopped hook (#3411, #3380)

Bugfixes

Handle blank environment variables when loading config (#3539)

lib/rack/handler/puma.rb - fix for rackup v1.0.1, adjust Gemfile (#3532, #3531)

null_io.rb - add external_encoding, set_encoding, binmode, binmode? (#3214)

Implement NullIO#seek and #pos to mimic IO (#3468)

add support in rack handler & fix regression in binder for linux abstract namespace sockets (#3508)

... (truncated)

Changelog

Sourced from puma's changelog.

6.6.0 / 2025-01-29

Features

Option to turn off SIGUSR2 trapping (#3570, #3567)

Shorten ThreadPool trimmer and reaper thread names (#3383)

Add after_refork hook (#3386)

Add busy threads stat (#3517)

Add a debug log before running each type of hook (#3375)

Allow alternative schemes in Binder (#3348, #3302)

Avoid spawning Threadpool#trim thread if pool size is fixed (#3384)

Bugfixes

Change HttpParserError to be subclass of StandardError (#3590, #3552)

added test cases

fix update phased restart symlink folder

Performance

Only ping worker 0 during phased restart if using fork worker (#3568)

Refactor

Fix multi-delimiter split to get status app token (#3505)

Change ping to use const (#3595)

Fixup use of Puma::Const::PipeRequest constants (#3565)

Update DSL hook processing logic to be consistent (#3376)

6.5.0 / 2024-11-23

Features

Print RUBY_DESCRIPTION when Puma starts (#3407)

Set the worker process count automatically when using WEB_CONCURRENCY=auto (#3439, #3437)

Mark as ractor-safe (#3486, #3422)

Add option enable_keep_alive. true mimics existing behavior, but now can use false to disable keepalive to reduce queue tail latency (#3496)

Add parameters to Puma methods to allow CI to change ENV in isolation (#3485)

Add ssl_ciphersuites option for TLSv1.3 ciphers (#3359, #3343)

You can now use --threads 5 or threads 5 to config max/min threads with a single number (used to need to say 5:5) (#3309)

Option to turn off systemd plugin (#3425, #3424)

Add on_stopped hook (#3411, #3380)

Bugfixes

Handle blank environment variables when loading config (#3539)

lib/rack/handler/puma.rb - fix for rackup v1.0.1, adjust Gemfile (#3532, #3531)

null_io.rb - add external_encoding, set_encoding, binmode, binmode? (#3214)

Implement NullIO#seek and #pos to mimic IO (#3468)

add support in rack handler & fix regression in binder for linux abstract namespace sockets (#3508)

Use actual thread local for Puma::Server.current. (#3360)

client.rb - fix request chunked body handling (#3338, #3337)

Properly handle two requests seen in the initial buffer (#3332)

Fix response repeated status line when request is invalid or errors are raised (#3308, #3307)

Fix child processes not being reaped when Process.detach used (#3314, #3313)

... (truncated)

Commits

5a58290 Merge branch '6-6'
6cfddb3 Finalize date
045ed0f I can type...
34234ac const.rb - set 6.6 code name
ce9a704 Zenspider zenspider/minitest cleanup (#3604)
2819ce2 6.6.0
9058575 Fix warnings
41e2744 Fix multi-delimiter split to get status app token (#3505)
54f680d Add test for worker 0 ping with SIGURG (#3579)
edd2a17 CI: test_plugin_systemd.rb - fixups for intermittent retries (#3594)
Additional commits viewable in compare view

Updates sinatra from 3.1.0 to 4.1.1

Changelog

Sourced from sinatra's changelog.

4.1.1 / 2024-11-20

Fix: Restore WEBrick support (#2067)

4.1.0 / 2024-11-18

New: Add host_authorization setting (#2053)

Defaults to .localhost, .test and any IP address in development mode.

Security: addresses CVE-2024-21510.

Fix: Return an instance of Sinatra::IndifferentHash when calling #except (#2044)

Fix: Address warning from URI for Ruby 3.4 (#2060)

Fix: rackup no longer depends on WEBrick, recommend Puma instead (4a558503)

Fix: Zeitwerk 2.7.0+ compatibility (#2050)

Fix: Address warning about Hash construction for Ruby 3.4 (#2028)

Fix: Declare missing dependencies for Ruby 3.5 (#2032)

Fix: Compatibility with --enable-frozen-string-literal (#2033)

Fix: Rack 3.1 compatibility (#2035)

Don't depend on Rack::Logger

Don't delete content-length header when Rack::Files is used

4.0.0. / 2024-01-19

New: Add support for Rack 3 (#1857)

Note: you may want to read the [Rack 3 Upgrade Guide]

Require Ruby 2.7.8 as minimum Ruby version (#1993)

Breaking change: Drop support for Rack 2 (#1857)

Note: when using Sinatra to start the web server, you now need the rackup gem installed

Breaking change: Remove the IndifferentHash initializer (#1982)

Breaking change: Disable session_hijacking protection by default (#1984)

Breaking change: Remove Rack::Protection::EncryptedCookie (#1989)

Note: cookies are still encrypted (by [Rack::Session::Cookie])

#1857: sinatra/sinatra#1857 #1993: sinatra/sinatra#1993 #1982: sinatra/sinatra#1982 #1984: sinatra/sinatra#1984 #1989: sinatra/sinatra#1989 [Rack::Session::Cookie]: https://github.com/rack/rack-session [Rack 3 Upgrade Guide]: https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md

3.2.0 / 2023-12-29

New: Add #except method to Sinatra::IndifferentHash (#1940)

New: Use Exception#detailed_message to show backtrace (#1952)

... (truncated)

Commits

7b50a1b 4.1.1 release (#2068)
3f6c577 Restore WEBrick support (#2067)
38cd687 Multiple \<dd> tags breaks the website HTML (#2066)
80c3ad6 Update CHANGELOG with correct CVE (#2064)
73f3291 4.1.0 release (#2063)
cd3e00d Add HostAuthorization rack-protection middleware (#2053)
8c4cd0b Return an instance of Sinatra::IndifferentHash when calling #except (#2044)
3c888f7 Address URI depreciation (#2060)
0d33ef8 CI: don't test falcon on Ruby 2.7
4a55850 Remove WEBrick
Additional commits viewable in compare view

Updates opentelemetry-sdk from 1.3.1 to 1.4.1

Release notes

Sourced from opentelemetry-sdk's releases.

opentelemetry-sdk 1.4.1

v1.4.1 / 2024-03-21

FIXED: ForwardingLogger should forward block param.

opentelemetry-sdk 1.4.0

v1.4.0 / 2024-01-25

ADDED: Add spans to Trace::ExportError

opentelemetry-sdk 1.3.2

v1.3.2 / 2024-01-23

FIXED: Reduce allocations on GraphQL hot paths

FIXED: Add context to metrics reporting of buffer-full events

Changelog

Sourced from opentelemetry-sdk's changelog.

v1.4.1 / 2024-03-21

FIXED: ForwardingLogger should forward block param.

v1.4.0 / 2024-01-25

ADDED: Add spans to Trace::ExportError

v1.3.2 / 2024-01-23

FIXED: Reduce allocations on GraphQL hot paths

FIXED: Add context to metrics reporting of buffer-full events

Commits

40171ab release: Release opentelemetry-sdk 1.4.1 (was 1.4.0) (#1621)
b1d6d05 fix: ForwardingLogger should foward block param (#1616)
bffcb77 chore: Implement shared RuboCop configuration (#1587)
540b77e chore: Replace positive? with 'greater than 0' (#1586)
4d94aa4 release: Release opentelemetry-sdk 1.4.0 (was 1.3.2) (#1583)
200ea02 feat: add spans to Trace::ExportError (#1582)
4b37bb3 re-add spans using splat operator (#1580)
d89ca85 release: Release opentelemetry-sdk 1.3.2 (was 1.3.1) (#1579)
9da08e4 Add context to metrics reporting of buffer-full events (#1566)
98c629e fix: Reduce allocations on GraphQL hot paths (#1544)
See full diff in compare view

Updates opentelemetry-exporter-otlp from 0.26.1 to 0.26.3

Release notes

Sourced from opentelemetry-exporter-otlp's releases.

opentelemetry-exporter-otlp 0.26.3

v0.26.3 / 2024-02-01

FIXED: do not log request failure in backoff?

opentelemetry-exporter-otlp 0.26.2

v0.26.2 / 2024-01-23

FIXED: Align endpoint environment variable handling with spec

FIXED: Require csv for ruby-3.4 compatibility

FIXED: Add context to metrics reporting of buffer-full events

Changelog

Sourced from opentelemetry-exporter-otlp's changelog.

v0.26.3 / 2024-02-01

FIXED: do not log request failure in backoff?

v0.26.2 / 2024-01-23

FIXED: Align endpoint environment variable handling with spec

FIXED: Require csv for ruby-3.4 compatibility

FIXED: Add context to metrics reporting of buffer-full events

Commits

f7f851f release: Release opentelemetry-exporter-otlp 0.26.3 (was 0.26.2) (#1589)
975f4b3 don't log failure from backoff (#1588)
c29d4cf release: Release opentelemetry-exporter-otlp 0.26.2 (was 0.26.1) (#1577)
eb89cd6 fix: require csv for ruby-3.4 compatibility (#1560)
d08bc1a Consider OTLP export failures handleable errors (#1565)
afc7bc5 fix(exporter/otlp): align endpoint environment varaible handling with spec (#...
062f688 test: Skip flaky truffleruby test (#1512)
See full diff in compare view

Updates opentelemetry-instrumentation-all from 0.51.1 to 0.60.0

Changelog

Sourced from opentelemetry-instrumentation-all's changelog.

v0.60.0 / 2024-02-20

ADDED: Add support gruf 2.19

ADDED: Faraday add support for internal spans

v0.59.0 / 2024-02-16

BREAKING CHANGE: GraphQL Legacy Tracer perf improvements #867.

v0.58.0 / 2024-02-15

CHANGED: upgrade mysql2 instrumentation

v0.57.0 / 2024-02-08

BREAKING CHANGE: Move shared sql behavior to helper gems

v0.56.0 / 2024-01-09

BREAKING CHANGE: Use ActiveSupport instead of patches #703

v0.55.0 / 2024-01-06

CHANGED: Upgrade Trilogy and Rack #796

v0.54.0 / 2023-11-28

ADDED: Updated excon to include connect spans

v0.53.0 / 2023-11-28

CHANGED: Performance optimization cache attribute hashes #723

v0.52.0 / 2023-11-21

BREAKING CHANGE: Drop Support for EoL Rails 6.0 #680

BREAKING CHANGE: Use ActiveSupport Instrumentation instead of Money Patches #677

CHANGED: Drop Support for EoL Rails 6.0 #680

CHANGED: Use ActiveSupport Instrumentation instead of Money Patches #677

Commits

c95e919 release: Release 3 gems (#881)
a005a98 release: Release 2 gems (#871)
4006903 release: Release 2 gems (#868)
4dd3f8c release: Release 8 gems (#857)
c89d681 refactor!: Move shared sql behavior to helper gems (#529)
e0b4dcf chore: Update rubocop to 1.60.1 (#823)
8916598 chore: Update rubocop version to 1.60.0 (#818)
7589a34 chore: Bump rubocop-performance 1.20.0 (#780)
1c925e7 release: Release 3 gems (#808)
6ef33f2 release: Release opentelemetry-instrumentation-all 0.55.0 (was 0.54.0) (#799)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

…directory with 6 updates Bumps the bundler-production-dependencies group with 3 updates in the /src/email directory: [net-smtp](https://github.com/ruby/net-smtp), [puma](https://github.com/puma/puma) and [sinatra](https://github.com/sinatra/sinatra). Updates `net-smtp` from 0.4.0 to 0.5.1 - [Release notes](https://github.com/ruby/net-smtp/releases) - [Changelog](https://github.com/ruby/net-smtp/blob/master/NEWS.md) - [Commits](ruby/net-smtp@v0.4.0...v0.5.1) Updates `puma` from 6.4.0 to 6.6.0 - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](puma/puma@v6.4.0...v6.6.0) Updates `sinatra` from 3.1.0 to 4.1.1 - [Changelog](https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md) - [Commits](sinatra/sinatra@v3.1.0...v4.1.1) Updates `opentelemetry-sdk` from 1.3.1 to 1.4.1 - [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-ruby/blob/main/sdk/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-ruby@opentelemetry-sdk/v1.3.1...opentelemetry-sdk/v1.4.1) Updates `opentelemetry-exporter-otlp` from 0.26.1 to 0.26.3 - [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-ruby@opentelemetry-exporter-otlp/v0.26.1...opentelemetry-exporter-otlp/v0.26.3) Updates `opentelemetry-instrumentation-all` from 0.51.1 to 0.60.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-ruby-contrib/blob/main/instrumentation/all/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-ruby-contrib@opentelemetry-instrumentation-all/v0.51.1...opentelemetry-instrumentation-all/v0.60.0) --- updated-dependencies: - dependency-name: net-smtp dependency-version: 0.5.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: bundler-production-dependencies - dependency-name: puma dependency-version: 6.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: bundler-production-dependencies - dependency-name: sinatra dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: bundler-production-dependencies - dependency-name: opentelemetry-sdk dependency-version: 1.4.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: bundler-production-dependencies - dependency-name: opentelemetry-exporter-otlp dependency-version: 0.26.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: bundler-production-dependencies - dependency-name: opentelemetry-instrumentation-all dependency-version: 0.60.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: bundler-production-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-09-16T11:29:56Z

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

dependabot · 2025-10-07T07:56:06Z