Bump puma from 4.3.6 to 6.0.0 #543

dependabot · 2022-10-16T23:08:34Z

Bumps puma from 4.3.6 to 6.0.0.

Release notes

5.6.5 / 2022-08-23

Bugfixes

NullIO#closed should return false (#2883)

Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)

[jruby] Fix TLS verification hang (#2890, #2729)

extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used (#2885, #2839)

MiniSSL - detect SSL_CTX_set_dh_auto (#2864, #2863)

Fix rack.after_reply exceptions breaking connections (#2861, #2856)

Escape SSL cert and filenames (#2855)

Fail hard if SSL certs or keys are invalid (#2848)

Fail hard if SSL certs or keys cannot be read by user (#2847)

Fix build with Opaque DH in LibreSSL 3.5. (#2838)

Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) (#2817)

Fix Puma::StateFile#load incompatibility (#2810)

5.6.4

Security

Close several HTTP Request Smuggling exploits (CVE-2022-24790)

The 5.6.3 release was a mistake (released the wrong branch), 5.6.4 is correct.

5.6.2 / 2022-02-11

Bugfix/Security

Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to #2809)

5.6.1

Bugfixes

Reverted a commit which appeared to be causing occasional blank header values (see issue #2808) (#2809)

Full Changelog: puma/puma@v5.6.0...v5.6.1

5.6.0 - Birdie's Version

Maintainer @nateberkopec had a daughter, nicknamed Birdie:

5.6.0 / 2022-01-25

Features

Support localhost integration in ssl_bind (#2764, #2708)

Allow backlog parameter to be set with ssl_bind DSL (#2780)

Remove yaml (psych) requirement in StateFile (#2784)

Allow culling of oldest workers, previously was only youngest (#2773, #2794)

Add worker_check_interval configuration option (#2759)

Always send lowlevel_error response to client (#2731, #2341)

Support for cert_pem and key_pem with ssl_bind DSL (#2728)

Bugfixes

... (truncated)

Changelog

Sourced from puma's changelog.

6.0.0 / 2022-10-14

Breaking Changes

Dropping Ruby 2.2 and 2.3 support (now 2.4+) (#2919)

Remote_addr functionality has changed (#2652, #2653)

No longer supporting Java 1.7 or below (JRuby 9.1 was the last release to support this) (#2849)

Remove nakayoshi GC (#2933, #2925)

wait_for_less_busy_worker is now default on (#2940)

Prefix all environment variables with PUMA_ (#2924, #2853)

Removed some constants (#2957, #2958, #2959, #2960)

The following classes are now part of Puma's private API: Client, Cluster::Worker, Cluster::Worker, HandleRequest. (#2988)

Configuration constants like DefaultRackup removed (#2928)

Extracted LogWriter from Events (#2798)

Features

Increase throughput on large (100kb+) response bodies by 3-10x (#2896, #2892)

Increase throughput on file responses (#2923)

Add support for streaming bodies in Rack. (#2740)

Allow OpenSSL session reuse via a 'reuse' ssl_bind method or bind string query parameter (#2845)

Allow run_hooks to pass a hash to blocks for use later (#2917, #2915)

Allow using preload_app! with fork_worker (#2907)

Support request_body_wait metric with higher precision (#2953)

Allow header values to be arrays (Rack 3) (#2936, #2931)

Export Puma/Ruby versions in /stats (#2875)

Allow configuring request uri max length & request path max length (#2840)

Add a couple of public accessors (#2774)

Log entire backtrace when worker start fails (#2891)

[jruby] Enable TLSv1.3 support (#2886)

[jruby] support setting TLS protocols + rename ssl_cipher_list (#2899)

[jruby] Support a truststore option (#2849, #2904, #2884)

Bugfixes

Load the configuration before passing it to the binder (#2897)

Do not raise error raised on HTTP methods we don't recognize or support, like CONNECT (#2932, #1441)

Fixed a memory leak when creating a new SSL listener (#2956)

Refactor

log_writer.rb - add internal_write method (#2888)

Extract prune_bundler code into it's own class. (#2797)

Refactor Launcher#run to increase readability (no logic change) (#2795)

Ruby 3.2 will have native IO#wait_* methods, don't require io/wait (#2903)

Various internal API refactorings (#2942, #2921, #2922, #2955)

5.6.5 / 2022-08-23

Feature

Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)

Bugfixes

... (truncated)

Commits

32d9997 6.0.0 (#2918)
8159aa4 Use :nodoc: to limit public API (#2988)
2719585 Rework low level error tests (#2980)
ebeb8b4 require securerandom for all tests (#2982)
dd2fb5a CONTRIBUTING: spell out how to change ulimit (#2983)
5d5bcb1 [CI] test files - use unlink in ensure when appropriate (#2984)
838c136 [CI] misc updates to test files (#2979)
9770678 [CI] PR #2976 - Fix RuboCop mistake - test/test_integration_cluster.rb (#2978)
fa65cf7 103 RuboCop fixes (#2976)
673a9e7 [CI] fixup test_plugin.rb, change IO.select to IO#wait_* (#2975)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [puma](https://github.com/puma/puma) from 4.3.6 to 6.0.0. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](puma/puma@v4.3.6...v6.0.0) --- updated-dependencies: - dependency-name: puma dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2022-10-16T23:08:35Z

The following labels could not be found: dependencies, ruby, automerge.

dependabot bot mentioned this pull request Oct 16, 2022

Bump puma from 4.3.6 to 4.3.12 #392

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump puma from 4.3.6 to 6.0.0 #543

Bump puma from 4.3.6 to 6.0.0 #543

dependabot bot commented on behalf of github Oct 16, 2022

dependabot bot commented on behalf of github Oct 16, 2022

Bump puma from 4.3.6 to 6.0.0 #543

Are you sure you want to change the base?

Bump puma from 4.3.6 to 6.0.0 #543

Conversation

dependabot bot commented on behalf of github Oct 16, 2022

5.6.5 / 2022-08-23

5.6.4

5.6.2 / 2022-02-11

5.6.1

5.6.0 - Birdie's Version

5.6.0 / 2022-01-25

6.0.0 / 2022-10-14

5.6.5 / 2022-08-23

dependabot bot commented on behalf of github Oct 16, 2022