Skip to content

DEPS: Bump the gems group across 1 directory with 4 updates#15

Closed
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/bundler/gems-4206c9d44d
Closed

DEPS: Bump the gems group across 1 directory with 4 updates#15
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/bundler/gems-4206c9d44d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 22, 2026
edited
Loading

Bumps the gems group with 4 updates in the / directory: commonmarker, lefthook, puma and rake.

Updates commonmarker from 2.7.0 to 2.8.1

Release notes

Sourced from commonmarker's releases.

v2.8.1

What's Changed

Full Changelog: gjtorikian/commonmarker@v2.8.0...v2.8.1

v2.8.0

What's Changed

New Contributors

Full Changelog: gjtorikian/commonmarker@v2.7.0...v2.8.0

Changelog

Sourced from commonmarker's changelog.

[v2.8.1] - 14-04-2026

What's Changed

Full Changelog: gjtorikian/commonmarker@v2.8.0...v2.8.1

[v2.8.0] - 12-04-2026

What's Changed

New Contributors

Full Changelog: gjtorikian/commonmarker@v2.7.0...v2.8.0

Commits
  • 31016cf Merge pull request #457 from gjtorikian/release/v2.8.1
  • 8087370 [skip test] update changelog
  • 6da0eef Merge pull request #456 from gjtorikian/new-fix-release
  • bc2c4c4 fix: re-release 2.8.1 due to publishing error
  • 3ad6390 Merge pull request #454 from gjtorikian/release/v2.8.0
  • 72f3e61 [skip test] update changelog
  • 69192fe Merge pull request #450 from gjtorikian/dependabot/cargo/comrak-0.52.0
  • 13729a4 Add build.rs to fix Windows mingw Oniguruma symbol collision
  • a5044e2 Fix Windows mingw build: allow multiple Oniguruma definitions
  • 66ed2e1 Merge branch 'main' into dependabot/cargo/comrak-0.52.0
  • Additional commits viewable in compare view

Updates lefthook from 2.1.5 to 2.1.6

Release notes

Sourced from lefthook's releases.

v2.1.6

Changelog

  • bf73ea2f1ea5468c9af7a6f06b5ef8cd43e66040 fix(packaging): do not pipe stdout and stderr (#1382)
  • 04da00697cd8a6241023c1962feb720eeaa62698 fix(windows): normalize lefthook path for sh script (#1383)
  • de9597a1bf456d2cf0fbcb8816858b6e5cf6b609 fix: log full scoped name for skipped jobs (#1291)
  • eb3e70dbbd2442200ec8ff2140a3ee9daa7d9e70 fix: normalize root to always include trailing slash before path replacement (#1381)
  • f90f3f570ef9227ddf345a79cec687dac41a5d31 fix: skip pty allocation when stdout is not a terminal (#1393)
Changelog

Sourced from lefthook's changelog.

2.1.6 (2026-04-16)

Commits
  • 679ce27 2.1.6: fixes for Windows and AI tools execution
  • 04da006 fix(windows): normalize lefthook path for sh script (#1383)
  • eb3e70d fix: normalize root to always include trailing slash before path replacemen...
  • f90f3f5 fix: skip pty allocation when stdout is not a terminal (#1393)
  • 1481e9d docs: upgrade docmd (#1391)
  • de9597a fix: log full scoped name for skipped jobs (#1291)
  • bf73ea2 fix(packaging): do not pipe stdout and stderr (#1382)
  • See full diff in compare view

Updates puma from 7.2.0 to 8.0.0

Release notes

Sourced from puma's releases.

v8.0.0 - Into the Arena

Read our Version 8 Upgrade Guide.

  • Features

    • Add env["puma.mark_as_io_bound"] API and max_io_threads config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (#3816, #3894)
    • Add single and cluster DSL hooks for mode-specific configuration (#3621)
    • Add on_force option to shutdown_debug to only dump thread backtraces on forced (non-graceful) shutdown (#3671)
    • Add API to dynamically update min and max thread counts at runtime via update_thread_pool_min_max and ServerPluginControl (#3658)
    • Use SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (#3829)

  • Bugfixes

    • Fix phased restart for fork_worker to avoid forking from stale worker 0 when it has been replaced (#3853)

  • Performance

    • JRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (#3838)
    • Cache downcased header key in str_headers to avoid redundant String#downcase calls, reducing allocations by ~50% per response (#3874)

  • Refactor

    • Collect env processing into dedicated client_env.rb module (#3582)
    • Move event to default configuration (#3872)

  • Docs

    • Add gRPC guide for configuring gRPC lifecycle hooks in clustered mode (#3885)
    • Add 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (#3900)
    • Correct default values for persistent_timeout and worker_boot_timeout in DSL docs (#3912)
    • Add file descriptor limit warning in test helper for contributors (#3893)

  • Breaking changes

    • Default production bind address changed from 0.0.0.0 to :: (IPv6) when a non-loopback IPv6 interface is available; falls back to 0.0.0.0 if IPv6 is unavailable (#3847)
Changelog

Sourced from puma's changelog.

8.0.0 / 2026-03-27

  • Features

    • Add env["puma.mark_as_io_bound"] API and max_io_threads config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (#3816, #3894)
    • Add single and cluster DSL hooks for mode-specific configuration (#3621)
    • Add on_force option to shutdown_debug to only dump thread backtraces on forced (non-graceful) shutdown (#3671)
    • Add API to dynamically update min and max thread counts at runtime via update_thread_pool_min_max and ServerPluginControl (#3658)
    • Use SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (#3829)

  • Bugfixes

    • Fix phased restart for fork_worker to avoid forking from stale worker 0 when it has been replaced (#3853)

  • Performance

    • JRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (#3838)
    • Cache downcased header key in str_headers to avoid redundant String#downcase calls, reducing allocations by ~50% per response (#3874)

  • Refactor

    • Collect env processing into dedicated client_env.rb module (#3582)
    • Move event to default configuration (#3872)

  • Docs

    • Add gRPC guide for configuring gRPC lifecycle hooks in clustered mode (#3885)
    • Add 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (#3900)
    • Correct default values for persistent_timeout and worker_boot_timeout in DSL docs (#3912)
    • Add file descriptor limit warning in test helper for contributors (#3893)

  • Breaking changes

    • Default production bind address changed from 0.0.0.0 to :: (IPv6) when a non-loopback IPv6 interface is available; falls back to 0.0.0.0 if IPv6 is unavailable (#3847)
Commits
  • 08f63d4 Release v8.0.0 (#3914)
  • 7406cc1 Fix IPv4-mapped IPv6 addresses in REMOTE_ADDR and request logs (#3916)
  • e090243 Build(deps): Bump actions/checkout from 4 to 6 (#3915)
  • 7d5dca1 Update SECURITY.md, native Github vuln reports [ci skip] (#3913)
  • 66e6a32 Minor correction to defaults documented in dsl.rb (#3912)
  • 3788eca ci: limit rack-conform to main pushes and scope ragel PR runs (#3908)
  • 57b7799 ci: run turbo-rails only on latest stable Ruby and Rails (#3909)
  • 6685d6b ci: replace skip-duplicate jobs with concurrency and trigger filters (#3907)
  • 2848c82 ci: run push workflows only on main and release branches (#3906)
  • 97a37bb Add release pre-merge checks and align Release.md [ci skip] (#3904)
  • Additional commits viewable in compare view

Updates rake from 13.3.1 to 13.4.2

Commits
  • 503b8ec v13.4.2
  • 46038e7 Merge pull request #723 from ruby/fix/testopts-preserve-existing-value
  • 604a3d9 Isolate TESTOPTS env in TestRakeTestTask setup/teardown
  • 5886caa Preserve ENV["TESTOPTS"] when verbose is enabled
  • 92193ac v13.4.1
  • b74be0b Merge pull request #721 from ruby/fix/add-options-to-gemspec
  • 829f66d Add lib/rake/options.rb to gemspec
  • 2d55bc4 v13.4.0
  • 1415070 Exclude dependabot updates from release note
  • b3dc948 Merge pull request #713 from pvdb/simplify_standard_system_dir
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
DEPS: Bump the gems group across 1 directory with 4 updates
887988a 
Bumps the gems group with 4 updates in the / directory: [commonmarker](https://github.com/gjtorikian/commonmarker), [lefthook](https://github.com/evilmartians/lefthook), [puma](https://github.com/puma/puma) and [rake](https://github.com/ruby/rake).


Updates `commonmarker` from 2.7.0 to 2.8.1
- [Release notes](https://github.com/gjtorikian/commonmarker/releases)
- [Changelog](https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md)
- [Commits](gjtorikian/commonmarker@v2.7.0...v2.8.1)

Updates `lefthook` from 2.1.5 to 2.1.6
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](evilmartians/lefthook@v2.1.5...v2.1.6)

Updates `puma` from 7.2.0 to 8.0.0
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](puma/puma@v7.2.0...v8.0.0)

Updates `rake` from 13.3.1 to 13.4.2
- [Release notes](https://github.com/ruby/rake/releases)
- [Changelog](https://github.com/ruby/rake/blob/master/History.rdoc)
- [Commits](ruby/rake@v13.3.1...v13.4.2)

---
updated-dependencies:
- dependency-name: commonmarker
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gems
- dependency-name: lefthook
  dependency-version: 2.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gems
- dependency-name: puma
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gems
- dependency-name: rake
  dependency-version: 13.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gems
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Apr 22, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 22, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 22, 2026
@dependabot dependabot Bot deleted the dependabot/bundler/gems-4206c9d44d branch April 22, 2026 22:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gschlager