Update dependency dalli to v5

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
dalli (changelog)	3.2.8 → 5.0.0

---

Release Notes

petergoldstein/dalli (dalli)

v5.0.0

Compare Source

==========

Breaking Changes:

• Removed binary protocol - The meta protocol is now the only supported protocol

  • The :protocol option is no longer used
  • Requires memcached 1.6+ (for meta protocol support)
  • Users on older memcached versions must upgrade or stay on Dalli 4.x

• Removed SASL authentication - The meta protocol does not support authentication

  • Use network-level security (firewall rules, VPN) or memcached's TLS support instead
  • Users requiring SASL authentication must stay on Dalli 4.x with binary protocol

• Ruby 3.3+ required - Dropped support for Ruby 3.1 and 3.2

  • Ruby 3.2 reached end-of-life in March 2026
  • JRuby remains supported

Performance:

• ~7% read performance improvement (CRuby only)
  • Use native IO#read instead of custom readfull implementation
  • Enabled by Ruby 3.3's IO#timeout= support
  • JRuby continues to use readfull for compatibility

OpenTelemetry:

• Migrate to stable OTel semantic conventions (#​1070)
  • db.system renamed to db.system.name
  • db.operation renamed to db.operation.name
  • server.address now contains hostname only; server.port is a separate integer attribute
  • get_with_metadata and fetch_with_lock now include server.address/server.port
• Add db.query.text span attribute with configurable modes
  • :otel_db_statement option: :include, :obfuscate, or nil (default: omitted)
• Add peer.service span attribute
  • :otel_peer_service option for logical service naming

Internal:

• Simplified protocol directory structure: moved lib/dalli/protocol/meta/* to lib/dalli/protocol/
• Removed deprecated binary protocol files and SASL authentication code
• Removed require 'set' (autoloaded in Ruby 3.3+)

v4.3.2

Compare Source

v4.3.1

Compare Source

==========

Bug Fixes:

• Fix socket compatibility with gems that monkey-patch TCPSocket (#​996, #​1012)

  • Gems like socksify and resolv-replace modify TCPSocket#initialize, breaking Ruby 3.0+'s connect_timeout: keyword argument
  • Detection now uses parameter signature checking instead of gem-specific method detection
  • Falls back to Timeout.timeout when monkey-patching is detected
  • Detection result is cached for performance

• Fix network retry bug with socket_max_failures: 0 (#​1065)

  • Previously, setting socket_max_failures: 0 could still cause retries due to error handling
  • Introduced RetryableNetworkError subclass to distinguish retryable vs non-retryable errors
  • down! now raises non-retryable NetworkError, reconnect! raises RetryableNetworkError
  • Thanks to Graham Cooper (Shopify) for this fix

• Fix "character class has duplicated range" Ruby warning (#​1067)

  • Fixed regex in KeyManager::VALID_NAMESPACE_SEPARATORS that caused warnings on newer Ruby versions
  • Thanks to Hartley McGuire for this fix

Improvements:

• Add StrictWarnings test helper to catch Ruby warnings early (#​1067)

• Use bulk attribute setter for OpenTelemetry spans (#​1068)

  • Reduces lock acquisitions when setting span attributes
  • Thanks to Robert Laurin (Shopify) for this optimization

• Fix double recording of exceptions on OpenTelemetry spans (#​1069)

  • OpenTelemetry's in_span method already records exceptions and sets error status automatically
  • Removed redundant explicit exception recording that caused exceptions to appear twice in traces
  • Thanks to Robert Laurin (Shopify) for this fix

v4.3.0

Compare Source

==========

New Features:

• Add namespace_separator option to customize the separator between namespace and key (#​1019)
  • Default is : for backward compatibility
  • Must be a single non-alphanumeric character (e.g., :, /, |, .)
  • Example: Dalli::Client.new(servers, namespace: 'myapp', namespace_separator: '/')

Bug Fixes:

• Fix architecture-dependent struct timeval packing for socket timeouts (#​1034)

  • Detects correct pack format for time_t and suseconds_t on each platform
  • Fixes timeout issues on architectures with 64-bit time_t

• Fix get_multi hanging with large key counts (#​776, #​941)

  • Add interleaved read/write for pipelined gets to prevent socket buffer deadlock
  • For batches over 10,000 keys per server, requests are now sent in chunks

• Breaking: Enforce string-only values in raw mode (#​1022)

  • set(key, nil, raw: true) now raises MarshalError instead of storing ""
  • set(key, 123, raw: true) now raises MarshalError instead of storing "123"
  • This matches the behavior of client-level raw: true mode
  • To store counters, use string values: set('counter', '0', raw: true)

CI:

• Add TruffleRuby to CI test matrix (#​988)

v4.2.1

Compare Source

v4.2.0

Compare Source

==========

Performance:

• Buffered I/O: Use socket.sync = false with explicit flush to reduce syscalls for pipelined operations
• get_multi optimizations: Use Set for O(1) server tracking lookups
• Raw mode optimization: Skip bitflags request in meta protocol when in raw mode (saves 2 bytes per request)

New Features:

• OpenTelemetry tracing support: Automatically instruments operations when OpenTelemetry SDK is present
  • Zero overhead when OpenTelemetry is not loaded
  • Traces get, set, delete, get_multi, set_multi, delete_multi, get_with_metadata, and fetch_with_lock
  • Spans include db.system: memcached and db.operation attributes
  • Single-key operations include server.address attribute
  • Multi-key operations include db.memcached.key_count attribute
  • get_multi spans include db.memcached.hit_count and db.memcached.miss_count for cache efficiency metrics
  • Exceptions are automatically recorded on spans with error status

v4.1.0

Compare Source

==========

New Features:

• Add set_multi for efficient bulk set operations using pipelined requests
• Add delete_multi for efficient bulk delete operations using pipelined requests
• Add fetch_with_lock for thundering herd protection using meta protocol's vivify/recache flags (requires memcached 1.6+)
• Add thundering herd protection support to meta protocol (requires memcached 1.6+):
  • N (vivify) flag for creating stubs on cache miss
  • R (recache) flag for winning recache race when TTL is below threshold
  • Response flags W (won recache), X (stale), Z (lost race)
  • delete_stale method for marking items as stale instead of deleting
• Add get_with_metadata for advanced cache operations with metadata retrieval (requires memcached 1.6+):
  • Returns hash with :value, :cas, :won_recache, :stale, :lost_recache
  • Optional :return_hit_status returns :hit_before (true/false for previous access)
  • Optional :return_last_access returns :last_access (seconds since last access)
  • Optional :skip_lru_bump prevents LRU update on access
  • Optional :vivify_ttl and :recache_ttl for thundering herd protection

Deprecations:

• Binary protocol is deprecated and will be removed in Dalli 5.0. Use protocol: :meta instead (requires memcached 1.6+)
• SASL authentication is deprecated and will be removed in Dalli 5.0. Consider using network-level security or memcached's TLS support

v4.0.1

Compare Source

==========

• Add :raw client option to skip serialization entirely, returning raw byte strings
• Handle OpenSSL::SSL::SSLError in connection manager

v4.0.0

Compare Source

==========

BREAKING CHANGES:

• Require Ruby 3.1+ (dropped support for Ruby 2.6, 2.7, and 3.0)
• Removed Dalli::Server deprecated alias - use Dalli::Protocol::Binary instead
• Removed :compression option - use :compress instead
• Removed close_on_fork method - use reconnect_on_fork instead

Other changes:

• Add security warning when using default Marshal serializer (silence with silence_marshal_warning: true)
• Add defense-in-depth input validation for stats command arguments
• Add string_fastpath option to skip serialization for simple strings (byroot)
• Meta protocol set performance improvement (danmayer)
• Fix connection_pool 3.0 compatibility for Rack session store
• Fix session recovery after deletion (stengineering0)
• Fix cannot read response data included terminator \r\n when use meta protocol (matsubara0507)
• Support SERVER_ERROR response from Memcached as per the memcached spec (grcooper)
• Update Socket timeout handling to use Socket#timeout= when available (nickamorim)
• Serializer: reraise all .load errors as UnmarshalError (olleolleolle)
• Reconnect gracefully when a fork is detected instead of crashing (PatrickTulskie)
• Update CI to test against memcached 1.6.40

---

Configuration

📅 Schedule: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coveralls]

coverage: 99.072%. remained the same
when pulling fff4724 on renovate/dalli-5.x-lockfile
into f71b810 on main.