Bump dalli from 3.2.8 to 5.0.0

[dependabot]

Bumps dalli from 3.2.8 to 5.0.0.

Changelog

Sourced from dalli's changelog.

5.0.0

Breaking Changes:

• Removed binary protocol - The meta protocol is now the only supported protocol

  • The :protocol option is no longer used
  • Requires memcached 1.6+ (for meta protocol support)
  • Users on older memcached versions must upgrade or stay on Dalli 4.x

• Removed SASL authentication - The meta protocol does not support authentication

  • Use network-level security (firewall rules, VPN) or memcached's TLS support instead
  • Users requiring SASL authentication must stay on Dalli 4.x with binary protocol

• Ruby 3.3+ required - Dropped support for Ruby 3.1 and 3.2

  • Ruby 3.2 reached end-of-life in March 2026
  • JRuby remains supported

Performance:

• ~7% read performance improvement (CRuby only)
  • Use native IO#read instead of custom readfull implementation
  • Enabled by Ruby 3.3's IO#timeout= support
  • JRuby continues to use readfull for compatibility

OpenTelemetry:

• Migrate to stable OTel semantic conventions (#1070)
  • db.system renamed to db.system.name
  • db.operation renamed to db.operation.name
  • server.address now contains hostname only; server.port is a separate integer attribute
  • get_with_metadata and fetch_with_lock now include server.address/server.port
• Add db.query.text span attribute with configurable modes
  • :otel_db_statement option: :include, :obfuscate, or nil (default: omitted)
• Add peer.service span attribute
  • :otel_peer_service option for logical service naming

Internal:

• Simplified protocol directory structure: moved lib/dalli/protocol/meta/* to lib/dalli/protocol/
• Removed deprecated binary protocol files and SASL authentication code
• Removed require 'set' (autoloaded in Ruby 3.3+)

4.3.1

Bug Fixes:

• Fix socket compatibility with gems that monkey-patch TCPSocket (#996, #1012)
  • Gems like socksify and resolv-replace modify TCPSocket#initialize, breaking Ruby 3.0+'s connect_timeout: keyword argument

... (truncated)

Commits

• 2fbf03c Merge pull request #1064 from petergoldstein/feature/v5.0.0
• fe2fa64 Align OTel instrumentation with stable semantic conventions (#1070)
• 395dcb7 Fix Ruby version note in upgrade guide
• b1f0920 Release Dalli 5.0.0 - Remove binary protocol and SASL authentication
• ab534ff Merge pull request #1066 from petergoldstein/fix/socket-compatibility-996-1012
• 1ce4cae Update CHANGELOG for PR #1069
• 46a34a4 Fix double recording of exceptions on OTel spans (#1069)
• b0a9506 fix: stop double recording exceptions on spans
• 052ac00 Skip SSL error stub test on JRuby
• a968aa6 Skip MRI-specific socket test on TruffleRuby and JRuby
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)