Bump bootsnap from 1.7.7 to 1.10.3 #472

dependabot · 2022-02-02T16:01:36Z

Bumps bootsnap from 1.7.7 to 1.10.3.

Changelog

1.10.3

Fix Regexp and Date type support in YAML compile cache. (#400)

Improve the YAML compile cache to support UTF-8 symbols. (#398, #399) The default MessagePack symbol serializer assumes all symbols are ASCII, because of this, non-ASCII compatible symbol would be restored with ASCII_8BIT encoding (AKA BINARY). Bootsnap now properly cache them in UTF-8.

Note that the above only apply for actual YAML symbols (e..g --- :foo). The issue is still present for string keys parsed with YAML.load_file(..., symbolize_names: true), that is a bug in msgpack that will hopefully be solved soon, see: msgpack/msgpack-ruby#246

Entirely disable the YAML compile cache if Encoding.default_internal is set to an encoding not supported by msgpack. (#398) Psych coerce strings to Encoding.default_internal, but MessagePack doesn't. So in this scenario we can't provide YAML caching at all without returning the strings in the wrong encoding. This never came up in practice but might as well be safe.

1.10.2

Reduce the Kernel.require extra stack frames some more. Now bootsnap should only add one extra frame per require call.

Better check freeze option support in JSON compile cache. Previously JSON.load_file(..., freeze: true) would be cached even when the msgpack version is missing support for it.

1.10.1

Fix Kernel#autoload's fallback path always being executed.

Consider unlink failing with ENOENT as a success.

1.10.0

Delay requiring FileUtils. (#285) FileUtils can be installed as a gem, so it's best to wait for bundler to have setup the load path before requiring it.

Improve support of Psych 4. (#392) Since 1.8.0, YAML.load_file was no longer cached when Psych 4 was used. This is because load_file loads in safe mode by default, so the Bootsnap cache could defeat that safety. Now when precompiling YAML files, Bootsnap first try to parse them in safe mode, and if it can't fallback to unsafe mode, and the cache contains a flag that records whether it was generated in safe mode or not. YAML.unsafe_load_file will use safe caches just fine, but YAML.load_file will fallback to uncached YAML parsing if the cache was generated using unsafe parsing.

Minimize the Kernel.require extra stack frames. (#393) This should reduce the noise generated by bootsnap on LoadError.

1.9.4

Ignore absolute paths in the loaded feature index. (#385)

... (truncated)

Commits

fbdce33 Release 1.10.3
1e71cc5 Merge pull request #400 from Shopify/improve-yaml-cache-some-more
31dce79 Fix Regexp and Date handling in YAML compile cache
a75ab21 Merge pull request #399 from Shopify/simpler-symbol-encoding
85f1242 Simplified handling of UTF-8 symbols in YAML
487d46c Appease rubocop
2e61f8d Merge pull request #398 from Shopify/symbol-encoding
647969f Code style and CI improvements
76a05db YAML compile cache: encoding aware symbols
e3ef615 Merge pull request #397 from mishina2228/chagelog
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.7.7 to 1.10.3. - [Release notes](https://github.com/Shopify/bootsnap/releases) - [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md) - [Commits](Shopify/bootsnap@v1.7.7...v1.10.3) --- updated-dependencies: - dependency-name: bootsnap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2022-03-08T16:01:33Z

Superseded by #485.

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Feb 2, 2022

dependabot bot mentioned this pull request Feb 2, 2022

Bump bootsnap from 1.7.7 to 1.10.2 #468

Closed

dependabot bot closed this Mar 8, 2022

dependabot bot deleted the dependabot/bundler/bootsnap-1.10.3 branch March 8, 2022 16:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump bootsnap from 1.7.7 to 1.10.3 #472

Bump bootsnap from 1.7.7 to 1.10.3 #472

dependabot bot commented on behalf of github Feb 2, 2022

dependabot bot commented on behalf of github Mar 8, 2022

Bump bootsnap from 1.7.7 to 1.10.3 #472

Bump bootsnap from 1.7.7 to 1.10.3 #472

Conversation

dependabot bot commented on behalf of github Feb 2, 2022

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

dependabot bot commented on behalf of github Mar 8, 2022