Conversation
dependabot
bot
added
dependencies
dependabot
bot
force-pushed
the
dependabot/bundler/trilogy-2.10.0
branch
from
9c086c3 to
32e519f
Compare
dependabot
bot
force-pushed
the
dependabot/bundler/trilogy-2.10.0
branch
2 times, most recently
from
2fcb941 to
10618c9
Compare
Upgrade Analysis: trilogy v2.9.0 → v2.10.052 commits analyzed | 45 no impact | 5 analyzed, not affected | 2 require attention Commits Requiring Attention
|
| Commit | Summary | Why no impact |
|---|---|---|
6b4e124 |
Declare bigdecimal dependency for Ruby 3.4+ | Fizzy doesn't pin bigdecimal |
aad7cdf |
Buffer pool for reduced memory | Transparent optimization |
963af93 |
Fix free()/xfree() mismatch in C ext | Internal fix, no API change |
3a79842 |
Fix GC crash in buffer pool | Internal safety fix |
73d7edb |
Remove Trilogy.buffer_pool_size API |
Fizzy doesn't use this API |
Highlights
This is a safe, beneficial upgrade:
- 🏎️ 3-5x faster
Trilogy#escape - 💾 Buffer pool reduces memory for idle connections
- 🐛 EOF parsing fix prevents errors on large LONGTEXT/LONGBLOB reads
- 💎 Ruby 3.4+ compatibility via explicit bigdecimal dependency
- ✅ No breaking changes for fizzy
Full analysis: upgrade-analysis/fizzy-20260223-trilogy_v2.9.0..v2.10.0.md
Bumps [trilogy](https://github.com/trilogy-libraries/trilogy) from 2.9.0 to 2.10.0. - [Release notes](https://github.com/trilogy-libraries/trilogy/releases) - [Changelog](https://github.com/trilogy-libraries/trilogy/blob/main/CHANGELOG.md) - [Commits](trilogy-libraries/trilogy@v2.9.0...v2.10.0) --- updated-dependencies: - dependency-name: trilogy dependency-version: 2.10.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
flavorjones
force-pushed
the
dependabot/bundler/trilogy-2.10.0
branch
from
10618c9 to
5a8fd32
Compare
Upgrade Analysis: trilogy v2.9.0 → v2.10.052 commits analyzed | Recon + app impact analysis via Summary
Commits Requiring Attention
|
| Commit | Summary | Impact Level |
|---|---|---|
6b4e124 |
Declare bigdecimal dependency for Ruby 3.4+ | unlikely impact |
aad7cdf |
Implement buffer pool for reduced memory usage | unlikely impact |
963af93 |
Use system free() for trilogy buffers (allocator mismatch fix) | unlikely impact |
3a79842 |
Fix GC crash when buffer pool freed before connections | unlikely impact |
73d7edb |
Remove Trilogy.buffer_pool_size API, hardcode to 8 |
likely impact |
Verdict
Safe to merge. No breaking changes for fizzy. Key benefits:
- 3-5x faster
Trilogy#escape(transparent performance win) - Buffer pool reduces memory for idle connections
- EOF parsing fix prevents errors on large LONGTEXT/LONGBLOB reads
- Ruby 3.4+ compatibility via explicit bigdecimal dependency
- No removed APIs that fizzy uses
1 participant
Bumps trilogy from 2.9.0 to 2.10.0.
Release notes
Sourced from trilogy's releases.
Changelog
Sourced from trilogy's changelog.
Commits
e48d000Release v2.10.0 (#256)23d1fd7Merge pull request #255 from trilogy-libraries/ruby-4002880d6Test with Ruby 4.07d40e20Merge pull request #249 from basecamp/ruby-470cf5b5Merge pull request #250 from trilogy-libraries/dependabot/github_actions/acti...52213baBump actions/checkout from 5 to 6a4e7ff1Ruby 4 support9fef677Merge pull request #243 from jhawthorn/buffer_pool_fixesea5fcdeMerge pull request #179 from trilogy-libraries/lenencint-eof-confusion737273cDon't bother checking in buffer pool on freeYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)