search

themarshallproject / klaxon

Klaxon enables reporters and editors to monitor scores of sites on the web for newsworthy changes.
https://newsklaxon.org
MIT License
646 stars 199 forks source link

Bump bootsnap from 1.7.7 to 1.11.1 #527

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps bootsnap from 1.7.7 to 1.11.1.

Changelog

Sourced from bootsnap's changelog.

1.11.1

  • Fix the can't modify frozen Hash error on load path cache mutation. See #411.

1.11.0

  • Drop dependency on fileutils.

  • Better respect Kernel#require duck typing. While it almost never comes up in practice, Kernel#require follow a fairly intricate duck-typing protocol on its argument implemented as rb_get_path(VALUE) in MRI. So when applicable we bind rb_get_path and use it for improved compatibility. See #396 and #406.

  • Get rid of the Kernel.require_relative decorator by resolving $LOAD_PATH members to their real path. This way we handle symlinks in $LOAD_PATH much more efficiently. See #402 for the detailed explanation.

  • Drop support for Ruby 2.3 (to allow getting rid of the Kernel.require_relative decorator).

1.10.3

  • Fix Regexp and Date type support in YAML compile cache. (#400)

  • Improve the YAML compile cache to support UTF-8 symbols. (#398, #399) The default MessagePack symbol serializer assumes all symbols are ASCII, because of this, non-ASCII compatible symbol would be restored with ASCII_8BIT encoding (AKA BINARY). Bootsnap now properly cache them in UTF-8.

    Note that the above only apply for actual YAML symbols (e..g --- :foo). The issue is still present for string keys parsed with YAML.load_file(..., symbolize_names: true), that is a bug in msgpack that will hopefully be solved soon, see: msgpack/msgpack-ruby#246

  • Entirely disable the YAML compile cache if Encoding.default_internal is set to an encoding not supported by msgpack. (#398) Psych coerce strings to Encoding.default_internal, but MessagePack doesn't. So in this scenario we can't provide YAML caching at all without returning the strings in the wrong encoding. This never came up in practice but might as well be safe.

1.10.2

  • Reduce the Kernel.require extra stack frames some more. Now bootsnap should only add one extra frame per require call.

  • Better check freeze option support in JSON compile cache. Previously JSON.load_file(..., freeze: true) would be cached even when the msgpack version is missing support for it.

1.10.1

  • Fix Kernel#autoload's fallback path always being executed.

  • Consider unlink failing with ENOENT as a success.

1.10.0

... (truncated)

Commits
  • 5bb937a Release 1.11.1
  • 94e56f9 Fix can't modify frozen Hash error.
  • c365322 Release 1.11.0
  • ad68ea5 Merge pull request #407 from Shopify/no-file-utils
  • 843c101 Drop dependency on FileUtils
  • 4f60408 Fix LoadPathCache deduplication
  • cb1adae Merge pull request #406 from Shopify/rb-get-path
  • 671d1d4 Bind rb_get_path to better respect Kernel#require duck-type
  • 18b701a Merge pull request #405 from teoljungberg/fix-typo
  • 8f9c7f1 Fix typo
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)