Bump the production-dependencies group with 12 updates

[dependabot]

Bumps the production-dependencies group with 12 updates:

Package	From	To
devise	4.9.2	4.9.4
rails	d75fdd1	56b6b23
pg	1.4.5	1.5.9
puma	6.4.0	6.4.3
importmap-rails	1.2.1	2.0.3
turbo-rails	1.4.0	2.0.11
stimulus-rails	1.2.2	1.3.4
jbuilder	2.11.5	2.13.0
slim	5.1.1	5.2.1
redis	5.0.7	5.3.0
bootsnap	1.15.0	1.18.4
tailwindcss-rails	2.0.30	3.0.0

Updates devise from 4.9.2 to 4.9.4

Release notes

Sourced from devise's releases.

v4.9.4

https://github.com/heartcombo/devise/blob/v4.9.4/CHANGELOG.md#494---2024-04-10

v4.9.3

https://github.com/heartcombo/devise/blob/v4.9.3/CHANGELOG.md#493---2023-10-11

Commits

• d5a48b4 Release v4.9.4
• bab47e1 Adds Ruby 3.3 to CI on 4-stable
• cee7457 Bump year [ci skip]
• 95ed7d3 Merge pull request #5641 from henryaj/patch-1
• edffc79 Respect locale set by controller in the failure app (#5567)
• 1d66580 Release v4.9.3
• dcbfb32 Merge pull request #5640 from nmaggioni/nm_config_template_typo
• c146b25 Better clarify need to override internal_methods
• 9a08620 Update changelog with Rails 7.1 mention [ci skip]
• 407f223 Fix test warning about deprecated cache format in Rails 7.1
• Additional commits viewable in compare view

Updates rails from d75fdd1 to 56b6b23

Commits

• 56b6b23 Merge pull request #53555 from Earlopain/update-configuring-guide-defaults
• 5a112f8 Merge pull request #53621 from p8/railties/only-include-permission-policy-mid...
• c57da03 Merge pull request #53065 from larouxn/add_active_support_notifications_event...
• ed85ce1 Merge pull request #53587 from calebhearth/more-explicit-upgrade-notes-about-...
• 8aee12e Merge pull request #53582 from eregon/patch-1
• 645f586 Merge pull request #53547 from Earlopain/git-blame-ignore-revs
• e5ad9e7 Merge pull request #53512 from brendon/hidden-field-autocomplete
• 09daec6 Allow hidden_field(_tag) to accept a custom autocomplete value
• 80842e2 Merge pull request #53518 from ksylvest/ksylvest/docker-ignore-kamal
• 1df5b90 Merge pull request #53561 from rainerborene/silence_logger_improvement
• Additional commits viewable in compare view

Updates pg from 1.4.5 to 1.5.9

Changelog

Sourced from pg's changelog.

v1.5.9 [2024-10-24] Lars Kanis [email protected]

• Enable thread safety in static OpenSSL build for Windows. #595
• Remove raising conect_timeout from 1 to 2 seconds. #590
• Fix binary copy_data in Ractor context. #594
• Exclude CI files and hidden files from built gem. #591 This is to simplify security inspection.
• Update error classes to PostgreSQL-17.
• Update Windows fat binary gem to OpenSSL-3.4.0 and PostgreSQL-17.0.

v1.5.8 [2024-09-06] Lars Kanis [email protected]

• Fix host list duplication every time conn.reset is used. #586
• Add default decoder for anonymous record types to BasicTypeRegistry #579
• Update Windows fat binary gem to OpenSSL-3.3.2 and PostgreSQL-16.4.

v1.5.7 [2024-07-28] Lars Kanis [email protected]

• Remove deprecated use of fptr->fd.#562 Direct access is disallowed since ruby-3.4.
• Make pgconn_connect_poll close the socket prior to calling PQconnectPoll. #564 This could result in an exception while connecting when used multi threaded.
• Fix several typos and improve spelling in documentation and code. #566
• Add missing PG::RollbackTransaction as an option to exit conn.transaction. #560 Usage like in rails: https://api.rubyonrails.org/classes/ActiveRecord/Rollback.html
• Don't print a warning when bigdecimal is required on ruby-3.4+ #574
• Update Windows fat binary gem to OpenSSL-3.3.1 and PostgreSQL-16.3.

v1.5.6 [2024-03-01] Lars Kanis [email protected]

• Renew address resolution (DNS) in conn.reset. #558 This is important, if DNS is used for load balancing, etc.
• Make bigdecimal an optional dependency. #556 It's a gem in ruby-3.4+, so that users shouldn't be forced to use it.

v1.5.5 [2024-02-15] Lars Kanis [email protected]

• Explicitly retype timespec fields to int64_t to fix compatibility with 32bit arches. #547
• Fix possible buffer overflows in PG::BinaryDecoder::CopyRow on 32 bit systems. #548
• Add binary Windows gems for Ruby 3.3.
• Update Windows fat binary gem to OpenSSL-3.2.1 and PostgreSQL-16.2.

v1.5.4 [2023-09-01] Lars Kanis [email protected]

• Fix compiling the pg extension with MSVC 2022. #535

... (truncated)

Commits

• afe2f20 Bump VERSION to 1.5.9
• 9f8a6c6 Add History entry for pg-1.5.9
• 342bdbb Merge pull request #599 from larskanis/update-postgres
• ca8e69c Remove skip on Windows since the issue is fixed
• 70c02ea Work around missing dependency to errorcodes.h in PostgreSQL-17.0
• 4a52437 CI: Update jobs to postgresql-1.7.0
• d8c3753 Update to postgresql-17.0 and openssl-3.4.0 for Windows binary gems
• 86367c6 Update error codes by rake update_error_codes
• 94f1d7f Merge pull request #598 from larskanis/osl-threads
• 716221a Enable thread safety in static OpenSSL build
• Additional commits viewable in compare view

Updates puma from 6.4.0 to 6.4.3

Release notes

Sourced from puma's releases.

6.4.3

• Security
  • Discards any headers using underscores if the non-underscore version also exists. Without this, an attacker could overwrite values set by intermediate proxies (e.g. X-Forwarded-For). (CVE-2024-45614/GHSA-9hf4-67fc-4vf4)

6.4.2

• Security
  • Limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. (GHSA-c2f4-cvqm-65w2)

6.4.1

• Bugfixes

  • DSL#warn_if_in_single_mode - fixup when workers set via CLI (#3256)
  • Fix idle-timeout not working in cluster mode (#3235, #3228, #3282, #3283)
  • Fix worker 0 timing out during phased restart (#3225, #2786)
  • context_builder.rb - require openssl if verify_mode != 'none' (#3179)
  • Make puma cluster process suitable as PID 1 (#3255)
  • Improve Puma::NullIO consistency with real IO (#3276)
  • extconf.rb - fixup to detect openssl info in Ruby build (#3271, #3266)
  • MiniSSL.java - set serialVersionUID, fix RaiseException deprecation (#3270)
  • dsl.rb - fix warn_if_in_single_mode when WEB_CONCURRENCY is set (#3265, #3264)

• Maintenance

  • LOTS of test refactoring to make tests more stable and easier to write - thanks to @​MSP-Greg!
  • Fix bug in tests re: TestPuma::HOST4 (#3254)
  • Dockerfile for minimal repros: use Ruby 3.2, expect bundler installed (#3245)
  • fix define_method calls, use Symbol parameter instead of String (#3293)

• Docs

  • README.md - add the puma-acme plugin (#3301)
  • Remove --keep-file-descriptors flag from systemd docs (#3248)
  • Note symlink mechanism in restart documentation for hot restart (#3298)

Changelog

Sourced from puma's changelog.

6.4.3 / 2024-09-19

• Security
  • Discards any headers using underscores if the non-underscore version also exists. Without this, an attacker could overwrite values set by intermediate proxies (e.g. X-Forwarded-For). (CVE-2024-45614/GHSA-9hf4-67fc-4vf4)

6.4.2 / 2024-01-08

• Security
  • Limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. (GHSA-c2f4-cvqm-65w2)

6.4.1 / 2024-01-03

• Bugfixes

  • DSL#warn_if_in_single_mode - fixup when workers set via CLI (#3256)
  • Fix idle-timeout not working in cluster mode (#3235, #3228, #3282, #3283)
  • Fix worker 0 timing out during phased restart (#3225, #2786)
  • context_builder.rb - require openssl if verify_mode != 'none' (#3179)
  • Make puma cluster process suitable as PID 1 (#3255)
  • Improve Puma::NullIO consistency with real IO (#3276)
  • extconf.rb - fixup to detect openssl info in Ruby build (#3271, #3266)
  • MiniSSL.java - set serialVersionUID, fix RaiseException deprecation (#3270)
  • dsl.rb - fix warn_if_in_single_mode when WEB_CONCURRENCY is set (#3265, #3264)

• Maintenance

  • LOTS of test refactoring to make tests more stable and easier to write - thanks to @​MSP-Greg!
  • Fix bug in tests re: TestPuma::HOST4 (#3254)
  • Dockerfile for minimal repros: use Ruby 3.2, expect bundler installed (#3245)
  • fix define_method calls, use Symbol parameter instead of String (#3293)

• Docs

  • README.md - add the puma-acme plugin (#3301)
  • Remove --keep-file-descriptors flag from systemd docs (#3248)
  • Note symlink mechanism in restart documentation for hot restart (#3298)

Commits

• e867e53 6.4.3
• 63a27b5 5.6.9 release note [ci skip]
• cac3fd1 Merge commit from fork
• 5fc43d7 5.6.8 and 6.4.2
• dfbba22 6.4.2
• 60d5ee3 Merge pull request from GHSA-c2f4-cvqm-65w2
• a287025 6.4.1 version tick!
• 32a629d 6.4.1
• 7e17826 [Fix #3282] idle-timeout not waiting on all workers in cluster mode (#3283)
• 437142e README.md - add the puma-acme plugin (#3301)
• Additional commits viewable in compare view

Updates importmap-rails from 1.2.1 to 2.0.3

Release notes

Sourced from importmap-rails's releases.

v2.0.3

What's Changed

• Fix compatibility with older Ruby versions @​jhawthorn

Full Changelog: rails/importmap-rails@v2.0.2...v2.0.3

v2.0.2

What's Changed

• Add package information in vendored package file by @​faqndo97 in rails/importmap-rails#227
• Update default provider to use jspm.io instead of jspm by @​josefarias in rails/importmap-rails#234
• Updated module_name regexp to not match incorrect indexes by @​Caleb-T-Owens in rails/importmap-rails#238
• Invoke app:template via Rake::Task[].invoke to avoid reloading rakefile by @​Caleb-T-Owens in rails/importmap-rails#239
• Handle String response for "find latest version" by @​vietqhoang in rails/importmap-rails#246
• Allows preload to be determined by provided entry_point by @​aseroff in rails/importmap-rails#253
• Fix ./bin/importmap update by @​arni1981 in rails/importmap-rails#262

New Contributors

• @​josefarias made their first contribution in rails/importmap-rails#234
• @​wakairo made their first contribution in rails/importmap-rails#249
• @​Caleb-T-Owens made their first contribution in rails/importmap-rails#238
• @​schmijos made their first contribution in rails/importmap-rails#260
• @​aseroff made their first contribution in rails/importmap-rails#253
• @​arni1981 made their first contribution in rails/importmap-rails#262
• @​corneverbruggen made their first contribution in rails/importmap-rails#266

Full Changelog: rails/importmap-rails@v2.0.1...v2.0.2

v2.0.1

What's Changed

• Ensure update only runs when there are outdated packages by @​dhh

Full Changelog: rails/importmap-rails@v2.0.0...v2.0.1

v2.0.0

What's Changed

This major release includes two potentially backwards-incompatible changes:

• The compatibility shim is no longer included, since all major browsers now natively support import maps. But if you need to support old browsers, like Safari 15, Firefox 75, Chrome 88, you should continue using the 1.x series of this gem.
• Preloading is now the default. So if you have pins that you intend to lazy load, you need to specifically call preload: false as part of the pin.

All changes:

• Drop the bundled shim by @​dhh in rails/importmap-rails#216
• Pinning should just always download by @​dhh in rails/importmap-rails#217
• Preload all by default by @​dhh in rails/importmap-rails#218
• Update Impoortmaps::Command#puts_table to be markdown compatible by @​faqndo97 in rails/importmap-rails#222

... (truncated)

Commits

• 2927df5 Version 2.0.3
• 32d9911 Re-enable support for Ruby 2.7
• 022433e Merge pull request #267 from byroot/fix-ci-matrix
• ea5f282 Update CI matrix
• d79dfbf Bump required ruby version to 3.1
• fb55367 Bump version for 2.0.2
• b360120 Use entry_point as cache_key when generating preload tags (#266)
• cc7142e Fix ./bin/importmap update (#262)
• 8a7d61c Bump dependencies within existing range
• e54fd54 Allows preload to be determined by provided entry_point (#253)
• Additional commits viewable in compare view

Updates turbo-rails from 1.4.0 to 2.0.11

Release notes

Sourced from turbo-rails's releases.

v2.0.11

What's Changed

• Address warning: *' interpreted as argument prefix` by @​yahonda in hotwired/turbo-rails#689
• Migrate Turbo Native helpers to Hotwire Native by @​joemasilotti in hotwired/turbo-rails#691
• Update readme - incorrect URL for source file SystemTestHelper by @​mlpinit in hotwired/turbo-rails#692

New Contributors

• @​yahonda made their first contribution in hotwired/turbo-rails#689
• @​mlpinit made their first contribution in hotwired/turbo-rails#692

Full Changelog: hotwired/turbo-rails@v2.0.10...v2.0.11

v2.0.10

What's Changed

• Fix regression where turbo-stream[action="remove"] would try to render a view partial by @​seanpdoyle in hotwired/turbo-rails#680
• Restore support for broadcast_refreshes with Sidekiq's default strict_args by @​AnalyzePlatypus in hotwired/turbo-rails#683

New Contributors

• @​AnalyzePlatypus made their first contribution in hotwired/turbo-rails#683

Full Changelog: hotwired/turbo-rails@v2.0.9...v2.0.10

v2.0.9

What's Changed

• [Fix Regression] Fix Broadcastable inclusion in new Rails apps by @​aaronjensen in hotwired/turbo-rails#678

Full Changelog: hotwired/turbo-rails@v2.0.8...v2.0.9

v2.0.8

What's Changed

• Create executable bug report Rails application by @​seanpdoyle in hotwired/turbo-rails#593
• remove unused morph tag builder by @​omarluq in hotwired/turbo-rails#655
• Fix deprecation in routing by @​atomaka in hotwired/turbo-rails#657
• Raise ArgumentError when turbo_stream_from helper gets passed blank streamables by @​mwallba in hotwired/turbo-rails#661
• Drop Redis for dev requirement by @​dhh in hotwired/turbo-rails#675
• Do not load ActiveJobs if ActiveJob is not loaded by @​aaronjensen in hotwired/turbo-rails#602
• Add turbo_stream.refresh builder method by @​seanpdoyle in hotwired/turbo-rails#595
• Add attributes hash as optional arg to replace/update model tag builders by @​omarluq in hotwired/turbo-rails#658
• Revert "Add attributes hash as optional arg to replace/update model tag builders" by @​jorgemanrubia in hotwired/turbo-rails#676
• Add optional method to TagBuilder for morph by @​AlexKovynev in hotwired/turbo-rails#665
• Only pass :request_id option to Refresh Stream by @​seanpdoyle in hotwired/turbo-rails#603
• Support targets: in Broadcastable methods - Update by @​JuannFerrari in hotwired/turbo-rails#511
• Stream Tag Builder: Support :renderable arguments by @​seanpdoyle in hotwired/turbo-rails#569
• Introduce Turbo::SystemTestHelper by @​seanpdoyle in hotwired/turbo-rails#577
• Alter Action Cable Element to be morph-compatible by @​seanpdoyle in hotwired/turbo-rails#650

New Contributors

• @​atomaka made their first contribution in hotwired/turbo-rails#657

... (truncated)

Commits

• 52727cb Update to turbo 8.0.12
• 8c681dd Bump turbo version
• b775fe4 Update readme - incorrect URL for source file (#692)
• 567520f Migrate Turbo Native helpers to Hotwire Native (#691)
• 4bbe142 Merge pull request #689 from yahonda/address_splat_warning
• fad15fa Address warning: *' interpreted as argument prefix`
• 1aa7ba9 Bump version for 2.0.10
• f445df3 Remove needless variable
• 595634e Extract explaining method
• 3ad21e9 Fix #522, #535. See PR 624. (#683)
• Additional commits viewable in compare view

Updates stimulus-rails from 1.2.2 to 1.3.4

Release notes

Sourced from stimulus-rails's releases.

v1.3.4

What's Changed

• Stop suggesting lazy loading by @​dhh in hotwired/stimulus-rails#140
• Changed install template system call to account for spaces in path by @​marekhilton in hotwired/stimulus-rails#137

New Contributors

• @​berti92 made their first contribution in hotwired/stimulus-rails#115
• @​marekhilton made their first contribution in hotwired/stimulus-rails#137

Full Changelog: hotwired/stimulus-rails@v1.3.3...v1.3.4

v1.3.3

What's Changed

• Fix syntax error in stimulus_with_node.rb by @​euxx in hotwired/stimulus-rails#134

Full Changelog: hotwired/stimulus-rails@v1.3.2...v1.3.3

v1.3.2

What's Changed

• Support for dasherized controller filenames by @​adrienpoly in hotwired/stimulus-rails#126
• Describe the two options under stimulus:manifest so they can be found in a rails -T listing (closes #128) by @​walterdavis in hotwired/stimulus-rails#129
• Fix duplicate controllers in manifest on update by @​nachiket87 in hotwired/stimulus-rails#132
• Rely on import map-rails using preload by default by @​dhh
• Improve Bun support by @​rubys in hotwired/stimulus-rails#127

Full Changelog: hotwired/stimulus-rails@v1.3.0...v1.3.2

v1.3.0

What's Changed

• Use bun for installation if applicable by @​terracatta in hotwired/stimulus-rails#125

New Contributors

• @​terracatta made their first contribution in hotwired/stimulus-rails#125

Full Changelog: hotwired/stimulus-rails@v1.2.2...v1.3.0

Commits

• 8e34f2e Bump version for 1.3.4
• 9e5f386 Changed install template system call to account for spaces in path (#137)
• 48e28f8 Stop suggesting lazy loading (#140)
• 6b54a97 Fixed example in the readme (#115)
• ae4b675 Bump version for 1.3.3
• 4604968 Fix syntax error in stimulus_with_node.rb (#134)
• 70926fe Bump version for 1.3.2
• 6530b09 Fix stray "
• bf50ed5 support for dasherized controller filenames (#126)
• 0efe089 If you create a new rails project with "--main --javascript bun" (#127)
• Additional commits viewable in compare view

Updates jbuilder from 2.11.5 to 2.13.0

Release notes

Sourced from jbuilder's releases.

v2.13.0

What's Changed

• Redirect to @record or path in controller generator by @​jeromedalbert in rails/jbuilder#569
• Return early from collection partial rendering if blank by @​tylerjc in rails/jbuilder#560
• Add missing ':see_other' status code in generated destroy controller method by @​ldeld in rails/jbuilder#538
• Remove OpenStruct references from Jbuilder by @​mtsmfm in rails/jbuilder#567
• Use new params.expect syntax instead of params.require by @​jeromedalbert in rails/jbuilder#573

New Contributors

• @​jeromedalbert made their first contribution in rails/jbuilder#570
• @​tylerjc made their first contribution in rails/jbuilder#560
• @​ldeld made their first contribution in rails/jbuilder#538
• @​mtsmfm made their first contribution in rails/jbuilder#567

Full Changelog: rails/jbuilder@v2.12.0...v2.13.0

v2.12.0

What's Changed

• Use OpenStruct only if available by @​yahonda in rails/jbuilder#562
• Replace deprecated ProxyObject with BasicObject by @​Earlopain in rails/jbuilder#563
• Avoid loading ActionController::API constant by @​nvasilevski in rails/jbuilder#529
• Fixed a bug where #501 broke compatibility with Enumerable by @​yuki24 in rails/jbuilder#531
• Fix namespace issue when generating jbuilder views by @​hahmed in rails/jbuilder#536
• Remove reliance on ERBTracker from rails by @​HParker in rails/jbuilder#504
• Fix require path of dependency_tracker in railtie.rb by @​jalyna in rails/jbuilder#552

New Contributors

• @​nvasilevski made their first contribution in rails/jbuilder#529
• @​okuramasafumi made their first contribution in rails/jbuilder#526
• @​berkos made their first contribution in rails/jbuilder#528
• @​hahmed made their first contribution in rails/jbuilder#536
• @​casperisfine made their first contribution in rails/jbuilder#550
• @​jalyna made their first contribution in rails/jbuilder#552
• @​yahonda made their first contribution in rails/jbuilder#562
• @​Earlopain made their first contribution in rails/jbuilder#563
• @​stefannibrasil made their first contribution in rails/jbuilder#539

Full Changelog: rails/jbuilder@v2.11.5...v2.12.0

Commits

• 9aa3dd9 Use new version const
• acf7a46 No lock committed
• d469896 Bump version for 2.13.0
• 9bcd653 Add test binstub
• 99c42bd Add release binstub
• e18fe2a Give Jbuilder a programmatically accessible version
• 1a18149 Use new params.expect syntax (#573)
• 5288e8a Remove OpenStruct references from Jbuilder (#567)
• acf44b8 Add missing ':see_other' status code in generated destroy controller method (...
• 0adeb96 Suggestion: Return early from collection partial rendering if blank. (#560)
• Additional commits viewable in compare view

Updates slim from 5.1.1 to 5.2.1

Release notes

Sourced from slim's releases.

v5.2.1

• Support Ruby 3.3
• Update Gem metadata

v5.2.0

• Fix logic less bug - #783
• Support Rails 7.1 - #936
• Fix splat arguments on Rails 7.1 - #942

Changelog

Sourced from slim's changelog.

5.2.1 (2024-01-20)

• Support Ruby 3.3
• Update Gem metadata

5.2.0 (2023-11-11)

• Fix logic less bug - #783
• Support Rails 7.1 - #936
• Fix splat arguments on Rails 7.1 - #942

Commits

• 31e07e4 Version 5.2.1
• 201006f CI: Test Rails 7 on Ruby 3.3
• 778d3da Fix and update CI
• 219ed83 CI: Test on Ruby 3.3
• 4bc7e51 slim.gemspec: Add metadata
• 98d7561 CI: Use bundle update
• 48bee03 CI: Add Sinatra 3.2.0
• 63b0413 CI: Split Rails test matrix
• 5beab82 CI: Add names to Sinatra runs
• 218c86b Enable CI for branches
• Additional commits viewable in compare view

Updates redis from 5.0.7 to 5.3.0

Changelog

Sourced from redis's changelog.

5.3.0

• Fix the return type of hgetall when used inside a multi transaction which is itself inside a pipeline.

5.2.0

• Now require Ruby 2.6 because redis-client does.
• Eagerly close subscribed connection when using subscribe_with_timeout. See #1259.
• Add exception flag in pipelined allowing failed commands to be returned in the result array when set to false.

5.1.0

• multi now accept a watch keyword argument like redis-client. See #1236.
• bitcount and bitpos now accept a scale: argument on Redis 7+. See #1242
• Added expiretime and pexpiretime. See #1248.

5.0.8

• Fix Redis#without_reconnect for sentinel clients. Fix #1212.
• Add sentinel_username, sentinel_password for sentinel clients. Bump redis-client to >=0.17.0. See #1213

Commits

• a1d6f68 Release 5.3.0
• 18642ef Merge pull request #1287 from junyuanz1/junyuanz/fix-uninitialized-constant-e...
• 579263c Fix uninitialized constant Redis::Error error
• 433ec69 Merge pull request #1281 from jjb/patch-1
• 6a8d165 Merge pull request #1283 from supercaracal/fix-cluster-client-delay-loading-f...
• 8611b68 Fix a memoization bug for cluster client
• 3a14135 note default timeout in readme
• 13f3246 Merge pull request #1278 from supercaracal/fix-a-test-case-for-cluster
• 52cae8a Fix several test cases for the cluster client
• 15c8c92 Merge pull request #1275 from supercaracal/fix-cluster-test
• Additional commits viewable in compare view

Updates bootsnap from 1.15.0 to 1.18.4

Changelog

Sourced from bootsnap's changelog.

1.18.4

• Allow using bootsnap without bundler. See #488.
• Fix startup failure if the cache directory points to a broken symlink.

1.18.3

• Fix the cache corruption issue in the revalidation feature. See #474. The cache revalidation feature remains opt-in for now, until it is more battle tested.

1.18.2

• Disable stale cache entries revalidation by default as it seems to cause cache corruption issues. See #471 and #474. Will be re-enabled in a future version once the root cause is identified.
• Fix a potential compilation issue on some systems. See #470.

1.18.1

• Handle EPERM errors when opening files with O_NOATIME.

1.18.0

• Bootsnap.instrumentation now receive :hit events.
• Add Bootsnap.log_stats! to print hit rate statistics on process exit. Can also be enabled with BOOTSNAP_STATS=1.
• Revalidate stale cache entries by digesting the source content. This should significantly improve performance in environments where mtime isn't preserved (e.g. CI systems doing a git clone, etc). See #468.
• Open source files and cache entries with O_NOATIME when available to reduce disk accesses. See #469.
• bootsnap precompile --gemfile now look for .rb files in the whole gem and not just the lib/ directory. See #466.

1.17.1

• Fix a compatibility issue with the prism library that ships with Ruby 3.3. See #463.
• Improved the Kernel#require decorator to not cause a method redefinition warning. See #461.

1.17.0

• Ensure $LOAD_PATH.dup is Ractor shareable to fix a conflict with did_you_mean.
• Allow to ignore directories using absolute paths.
• Support YAML and JSON CompileCache on TruffleRuby.
• Support LoadPathCache on TruffleRuby.

1.16.0

• Use RbConfig::CONFIG["rubylibdir"] instead of RbConfig::CONFIG["libdir"] to check for stdlib files. See #431.
• Fix the cached version of YAML.load_file being slightly more permissive than the default Psych one. See #434. Date and Time values are now properly rejected, as well as aliases. If this causes a regression in your application, it is recommended to load trusted YAML files with YAML.unsafe_load_file.

Commits

• cae219a Release 1.18.4
• 407bdef Merge pull request #489 from Shopify/fix-load-error
• 7afa951 Fix bootsnap setup in environments without bundler

[dependabot]

Superseded by #119.