Skip to content

chore(deps): bump the ruby group with 3 updates#1160

Merged
mergify[bot] merged 1 commit into
mainfrom
dependabot/bundler/ruby-beb7e4755f
May 18, 2026
Merged

chore(deps): bump the ruby group with 3 updates#1160
mergify[bot] merged 1 commit into
mainfrom
dependabot/bundler/ruby-beb7e4755f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 18, 2026

Bumps the ruby group with 3 updates: dry-configurable, faraday and io-event.

Updates dry-configurable from 1.3.0 to 1.4.0

Release notes

Sourced from dry-configurable's releases.

v1.4.0

Added

  • Added Config#to_data, returning a frozen Data representation of the config's resolved values for performance-sensitive read paths. (@​cllns in #167)

Changed

Compare v1.3.0 ... v1.4.0

Changelog

Sourced from dry-configurable's changelog.

1.4.0 - 2026-05-13

Added

  • Added Config#to_data, returning a frozen Data representation of the config's resolved values for performance-sensitive read paths. (@​cllns in #167)

Changed

Commits

Updates faraday from 2.14.1 to 2.14.2

Release notes

Sourced from faraday's releases.

v2.14.2

Security Note

This release contains a security fix, we recommend all users to upgrade as soon as possible. A Security Advisory with more details will be posted shortly.

What's Changed

New Contributors

Full Changelog: lostisland/faraday@v2.14.1...v2.14.2

Commits

Updates io-event from 1.15.1 to 1.16.0

Release notes

Sourced from io-event's releases.

v1.16.0

  • Use eventfd for URing cross-thread wakeup, and enable IORING_SETUP_SINGLE_ISSUER, IORING_SETUP_DEFER_TASKRUN, and IORING_SETUP_TASKRUN_FLAG. The waking thread now signals via eventfd rather than submitting a NOP SQE, which unlocks the single-issuer optimisation, defers task work to the application thread, and lets select() skip the io_uring_get_events() syscall when no task work is pending.
  • Add support for the io_close fiber-scheduler hook (Ruby 4.0+). The URing selector performs the close asynchronously via the ring; the Debug::Selector and TestScheduler wrappers forward to the underlying selector when supported.
  • Improve WorkerPool GC compaction support and add proper write barriers, fixing potential use-after-free under compacting GC.
  • Keep blocked scheduler fibers alive during GC by registering them as roots in TestScheduler#block, preventing premature collection and the resulting use-after-free crash on resume.
  • Use Ruby's xmalloc / xcalloc / xrealloc2 / xfree for all internal selector allocations (the per-fiber ready-queue entries in IO_Event_Selector_ready_push, and both the backing array and per-element allocations in IO_Event_Array). Previously a raw malloc paired with a debug-build-only assert(...) would silently dereference NULL and crash in release builds under memory pressure; the Ruby allocators trigger a GC sweep on pressure and raise NoMemoryError / RangeError on real failure, so the -1 return-code paths through IO_Event_Array_initialize / _resize / _lookup and their callers in epoll.c / kqueue.c / uring.c are removed in favour of straight exception propagation.
  • Correctly handle short io_uring_submit() results in the URing selector. io_uring_submit() returns the number of SQEs actually accepted by the kernel and can be short (SQE prep errors, ENOMEM, transient EAGAIN); the old accounting reset pending = 0 on any success and silently lost track of unsubmitted SQEs.
  • Enable IORING_SETUP_SUBMIT_ALL (kernel 5.18+) on the URing selector so the kernel keeps processing the rest of an SQE batch past individual errors, reducing the frequency of short submits in practice.
Changelog

Sourced from io-event's changelog.

v1.16.0

  • Use eventfd for URing cross-thread wakeup, and enable IORING_SETUP_SINGLE_ISSUER, IORING_SETUP_DEFER_TASKRUN, and IORING_SETUP_TASKRUN_FLAG. The waking thread now signals via eventfd rather than submitting a NOP SQE, which unlocks the single-issuer optimisation, defers task work to the application thread, and lets select() skip the io_uring_get_events() syscall when no task work is pending.
  • Add support for the io_close fiber-scheduler hook (Ruby 4.0+). The URing selector performs the close asynchronously via the ring; the Debug::Selector and TestScheduler wrappers forward to the underlying selector when supported.
  • Improve WorkerPool GC compaction support and add proper write barriers, fixing potential use-after-free under compacting GC.
  • Keep blocked scheduler fibers alive during GC by registering them as roots in TestScheduler#block, preventing premature collection and the resulting use-after-free crash on resume.
  • Use Ruby's xmalloc / xcalloc / xrealloc2 / xfree for all internal selector allocations (the per-fiber ready-queue entries in IO_Event_Selector_ready_push, and both the backing array and per-element allocations in IO_Event_Array). Previously a raw malloc paired with a debug-build-only assert(...) would silently dereference NULL and crash in release builds under memory pressure; the Ruby allocators trigger a GC sweep on pressure and raise NoMemoryError / RangeError on real failure, so the -1 return-code paths through IO_Event_Array_initialize / _resize / _lookup and their callers in epoll.c / kqueue.c / uring.c are removed in favour of straight exception propagation.
  • Correctly handle short io_uring_submit() results in the URing selector. io_uring_submit() returns the number of SQEs actually accepted by the kernel and can be short (SQE prep errors, ENOMEM, transient EAGAIN); the old accounting reset pending = 0 on any success and silently lost track of unsubmitted SQEs.
  • Enable IORING_SETUP_SUBMIT_ALL (kernel 5.18+) on the URing selector so the kernel keeps processing the rest of an SQE batch past individual errors, reducing the frequency of short submits in practice.
Commits
  • d59a55a Bump minor version.
  • 309643d Modernize code.
  • 3b6c2a8 Use Ruby's x* allocators uniformly for internal selector allocations.
  • a0c57a1 Try setting up io_uring with IORING_SETUP_SUBMIT_ALL
  • 955ceca Handle short io_uring submissions
  • e1303a4 Backfill release notes for v1.15.1 and add Unreleased section.
  • 6c39050 Skip the io_uring_get_events syscall when no task work is pending.
  • 1b5f0d4 Use eventfd for wakeup and enable io_uring performance flags.
  • 7eb061e Add proper support for io_close hook. (#171)
  • 8d6d5cf Improve GC compaction support and write barriers in WorkerPool. (#172)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the ruby group with 3 updates
1892ee1 
Bumps the ruby group with 3 updates: [dry-configurable](https://github.com/dry-rb/dry-configurable), [faraday](https://github.com/lostisland/faraday) and [io-event](https://github.com/socketry/io-event).


Updates `dry-configurable` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/dry-rb/dry-configurable/releases)
- [Changelog](https://github.com/dry-rb/dry-configurable/blob/main/CHANGELOG.md)
- [Commits](dry-rb/dry-configurable@v1.3.0...v1.4.0)

Updates `faraday` from 2.14.1 to 2.14.2
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](lostisland/faraday@v2.14.1...v2.14.2)

Updates `io-event` from 1.15.1 to 1.16.0
- [Release notes](https://github.com/socketry/io-event/releases)
- [Changelog](https://github.com/socketry/io-event/blob/main/releases.md)
- [Commits](socketry/io-event@v1.15.1...v1.16.0)

---
updated-dependencies:
- dependency-name: dry-configurable
  dependency-version: 1.4.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: ruby
- dependency-name: faraday
  dependency-version: 2.14.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: ruby
- dependency-name: io-event
  dependency-version: 1.16.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: ruby
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 18, 2026
@mergify mergify Bot added the queued label May 18, 2026
@mergify
Copy link
Copy Markdown
Contributor

mergify Bot commented May 18, 2026
edited
Loading

Merge Queue Status

This pull request spent 3 minutes 30 seconds in the queue, including 1 minute 49 seconds running CI.

Required conditions to merge
  • author=dependabot[bot]
  • base=main
  • status-success=build
  • any of [🛡 GitHub repository ruleset rule main]:
    • check-success = build
    • check-neutral = build
    • check-skipped = build
  • any of [🛡 GitHub repository ruleset rule main]:
    • check-success = lint
    • check-neutral = lint
    • check-skipped = lint

mergify Bot added a commit that referenced this pull request May 18, 2026
@mergify
Merge of #1160
b0570f6
@mergify mergify Bot mentioned this pull request May 18, 2026
Closed
20 tasks
@mergify mergify Bot merged commit 3c2cb77 into main May 18, 2026
6 checks passed
@mergify mergify Bot deleted the dependabot/bundler/ruby-beb7e4755f branch May 18, 2026 11:42
@mergify mergify Bot removed the queued label May 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants