Skip to content

Bump dalli from 3.2.8 to 5.0.5#6557

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/bundler/dalli-5.0.5
Open

Bump dalli from 3.2.8 to 5.0.5#6557
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/bundler/dalli-5.0.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 26, 2026

Copy link
Copy Markdown
Contributor

Bumps dalli from 3.2.8 to 5.0.5.

Changelog

Sourced from dalli's changelog.

5.0.5

Performance:

  • Batch multi-key commands into a single write to reduce packet overhead (#1107)

    • With TCP_NODELAY set on sockets, each write call emits a separate packet; the meta protocol was calling write up to 3 times per key in multi-key operations (get_multi, set_multi, delete_multi), significantly increasing network traffic compared to the old binary protocol
    • Multi-key request paths now buffer all per-key commands into a single binary string and flush once; single-key paths combine the write and flush into one flushed_write call
    • Thanks to Jean Boussier for this contribution
  • Avoid repeated RUBY_ENGINE checks on every socket read (#1103)

    • Moved the JRuby branch from a runtime if inside ConnectionManager#read to a class-level conditional method definition, so the check happens once at load time rather than on every read call
    • Thanks to Jean Boussier for this contribution
  • Eliminate per-call array allocations in ResponseProcessor (#1104)

    • Token sets passed to error_on_unexpected! (e.g. [VA, EN, HD]) were allocated as new arrays on every invocation; replaced with frozen constants defined once at class load time
    • Thanks to Jean Boussier for this contribution
  • Avoid string copies when building request commands in RequestFormatter (#1106)

    • Changed cmd + TERMINATOR to cmd << TERMINATOR; since cmd is always a mutable string, the in-place append avoids copying the entire command string just to append two bytes
    • Thanks to Jean Boussier for this contribution

5.0.4

Bug fixes:

  • Fix string_fastpath flag collision with compression (#1099)

    • ValueSerializer::FLAG_UTF8 and ValueCompressor::FLAG_COMPRESSED were both 0x2, causing Dalli::UnmarshalError on any UTF-8 string written with string_fastpath: true when compression is enabled, and silent encoding corruption for binary strings
    • Introduces Dalli::Flags to centralise bit flag constants; UTF8 is reassigned to 0x4
    • Adds regression test covering short/long UTF-8, binary, and cross-client read scenarios
    • Thanks to Jean Boussier and Mikael Henriksson for the fix and regression test
  • Fix client-level string_fastpath: true being silently ignored (#1101)

    • Dalli::Client.new(servers, string_fastpath: true) had no effect; the fast path was only taken when string_fastpath: true was passed as a per-request option on each set call
    • Per-request option continues to take precedence over the client-level setting in both directions

5.0.3

Performance:

  • Eliminate double array allocation in Client#perform (#1093)
    • Changed method signature from perform(*all_args) with destructuring to perform(op, key, *args), letting Ruby decompose arguments directly without intermediate array allocations
    • Reduces benchmark time by ~39% across all Dalli operations (get, set, delete, etc.)
    • Thanks to Sam Obeid for this contribution

Features:

  • Support connect_timeout: keyword argument with resolv-replace >= 0.2.0, which now correctly forwards keyword arguments through its TCPSocket patch (#1096)

... (truncated)

Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 26, 2026
@dependabot dependabot Bot force-pushed the dependabot/bundler/dalli-5.0.5 branch from 3d3a3a7 to 4f53b59 Compare May 26, 2026 22:11
@dependabot dependabot Bot force-pushed the dependabot/bundler/dalli-5.0.5 branch 3 times, most recently from 68a1522 to 4c55d76 Compare June 8, 2026 22:56
@dependabot dependabot Bot force-pushed the dependabot/bundler/dalli-5.0.5 branch from 4c55d76 to 0371ff6 Compare June 11, 2026 05:05
@p-linnane

Copy link
Copy Markdown
Member

@dependabot recreate

Bumps [dalli](https://github.com/petergoldstein/dalli) from 3.2.8 to 5.0.5.
- [Changelog](https://github.com/petergoldstein/dalli/blob/main/CHANGELOG.md)
- [Commits](petergoldstein/dalli@v3.2.8...v5.0.5)

---
updated-dependencies:
- dependency-name: dalli
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/dalli-5.0.5 branch from 0371ff6 to 26a0d0d Compare July 11, 2026 19:24

@p-linnane p-linnane left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@colby-swandale This is blocked on upgrading Memcached. Dalli 5 requires Memcached 1.6+, but we currently pin 1.4.39. Local testing passes against 1.6.45 and fails against 1.4.39.

Can you confirm the staging and production versions? Are there any known compatibility or operational concerns with upgrading to 1.6, or has the existing version simply not been revisited?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant