Skip to content

Bump puma from 7.2.0 to 8.0.1#76

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/puma-8.0.1
Closed

Bump puma from 7.2.0 to 8.0.1#76
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/puma-8.0.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 6, 2026
edited
Loading

Bumps puma from 7.2.0 to 8.0.1.

Release notes

Sourced from puma's releases.

v8.0.1

  • Bugfixes

    • Fix prune_bundler stripping user-configured BUNDLE_* env vars (e.g. BUNDLE_WITHOUT) on re-exec, which caused workers to crash on boot (#3929)

  • Performance

    • Use blocks for debug logging to avoid creating log messages when debug is disabled (#3920)

  • Docs

    • Fix incorrect hook names in gRPC docs (#3923)
    • Reword v8 upgrade guide IPv6 bullet for clarity (#3928)

v8.0.0 - Into the Arena

Read our Version 8 Upgrade Guide.

  • Features

    • Add env["puma.mark_as_io_bound"] API and max_io_threads config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (#3816, #3894)
    • Add single and cluster DSL hooks for mode-specific configuration (#3621)
    • Add on_force option to shutdown_debug to only dump thread backtraces on forced (non-graceful) shutdown (#3671)
    • Add API to dynamically update min and max thread counts at runtime via update_thread_pool_min_max and ServerPluginControl (#3658)
    • Use SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (#3829)

  • Bugfixes

    • Fix phased restart for fork_worker to avoid forking from stale worker 0 when it has been replaced (#3853)

  • Performance

    • JRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (#3838)
    • Cache downcased header key in str_headers to avoid redundant String#downcase calls, reducing allocations by ~50% per response (#3874)

  • Refactor

    • Collect env processing into dedicated client_env.rb module (#3582)
    • Move event to default configuration (#3872)

  • Docs

    • Add gRPC guide for configuring gRPC lifecycle hooks in clustered mode (#3885)
    • Add 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (#3900)
    • Correct default values for persistent_timeout and worker_boot_timeout in DSL docs (#3912)
    • Add file descriptor limit warning in test helper for contributors (#3893)

  • Breaking changes

    • Default production bind address changed from 0.0.0.0 to :: (IPv6) when a non-loopback IPv6 interface is available; falls back to 0.0.0.0 if IPv6 is unavailable (#3847)

v7.2.1

  • Bugfixes
    • Limit and anchor PROXY protocol v1 parsing to prevent abuse via crafted inputs (#3947)
    • Parse PROXY protocol only once per connection to prevent injection on keep-alive requests (#3947)

Security advisories

... (truncated)

Changelog

Sourced from puma's changelog.

8.0.1 / 2026-04-27

  • Bugfixes

    • Fix prune_bundler stripping user-configured BUNDLE_* env vars (e.g. BUNDLE_WITHOUT) on re-exec, which caused workers to crash on boot (#3929)

  • Performance

    • Use blocks for debug logging to avoid creating log messages when debug is disabled (#3920)

  • Docs

    • Fix incorrect hook names in gRPC docs (#3923)
    • Reword v8 upgrade guide IPv6 bullet for clarity (#3928)

8.0.0 / 2026-03-27

  • Features

    • Add env["puma.mark_as_io_bound"] API and max_io_threads config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (#3816, #3894)
    • Add single and cluster DSL hooks for mode-specific configuration (#3621)
    • Add on_force option to shutdown_debug to only dump thread backtraces on forced (non-graceful) shutdown (#3671)
    • Add API to dynamically update min and max thread counts at runtime via update_thread_pool_min_max and ServerPluginControl (#3658)
    • Use SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (#3829)

  • Bugfixes

    • Fix phased restart for fork_worker to avoid forking from stale worker 0 when it has been replaced (#3853)

  • Performance

    • JRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (#3838)
    • Cache downcased header key in str_headers to avoid redundant String#downcase calls, reducing allocations by ~50% per response (#3874)

  • Refactor

    • Collect env processing into dedicated client_env.rb module (#3582)
    • Move event to default configuration (#3872)

  • Docs

    • Add gRPC guide for configuring gRPC lifecycle hooks in clustered mode (#3885)
    • Add 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (#3900)
    • Correct default values for persistent_timeout and worker_boot_timeout in DSL docs (#3912)
    • Add file descriptor limit warning in test helper for contributors (#3893)

  • Breaking changes

    • Default production bind address changed from 0.0.0.0 to :: (IPv6) when a non-loopback IPv6 interface is available; falls back to 0.0.0.0 if IPv6 is unavailable (#3847)

7.2.1 / 2026-05-27

  • Bugfixes
    • Limit and anchor PROXY protocol v1 parsing to prevent abuse via crafted inputs (#3947)
    • Parse PROXY protocol only once per connection to prevent injection on keep-alive requests (#3947)
Commits
  • cee7e61 Release v8.0.1 (#3932)
  • f955caf Fix prune_bundler stripping user-configured BUNDLE_* env vars on re-exec (#3929)
  • 97996aa ci: test_error_logger.rb - fix TruffleRuby error (#3930)
  • 03825bc Build(deps): Bump actions/github-script from 8 to 9 (#3925)
  • 053efae Reword v8 upgrade guide ipv6 bullet (#3928)
  • b19f35a Fix incorrect hook names in gRPC docs (#3923)
  • eeabe4b Use blocks for debug logging to avoid creating messages if debug disabled (#3...
  • 08f63d4 Release v8.0.0 (#3914)
  • 7406cc1 Fix IPv4-mapped IPv6 addresses in REMOTE_ADDR and request logs (#3916)
  • e090243 Build(deps): Bump actions/checkout from 4 to 6 (#3915)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels May 6, 2026
@dependabot dependabot Bot requested review from Copilot and removed request for Copilot May 6, 2026 18:57
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels May 6, 2026
@dependabot dependabot Bot mentioned this pull request May 6, 2026
Closed
@lewispb
Copy link
Copy Markdown
Member

lewispb commented Jun 2, 2026

@dependabot rebase

@dependabot
Bump puma from 7.2.0 to 8.0.1
cbb6fa1 
Bumps [puma](https://github.com/puma/puma) from 7.2.0 to 8.0.1.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](puma/puma@v7.2.0...v8.0.1)

---
updated-dependencies:
- dependency-name: puma
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Copilot AI review requested due to automatic review settings June 2, 2026 13:39
@dependabot dependabot Bot force-pushed the dependabot/bundler/puma-8.0.1 branch from e615c29 to cbb6fa1 Compare June 2, 2026 13:39
Copilot AI reviewed Jun 2, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@lewispb lewispb closed this Jun 2, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Jun 2, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/bundler/puma-8.0.1 branch June 2, 2026 13:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lewispb