CenturyLinkLabs / panamax-ui

The Web GUI for Panamax
http://panamax.io
Apache License 2.0
1.44k stars 151 forks source link

Bump puma from 2.8.2 to 4.3.11 #596

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps puma from 2.8.2 to 4.3.11.

Release notes

Sourced from puma's releases.

4.3.10

Re-allows UTF-8 in HTTP header values

4.3.9

https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

v4.3.8

  • Security
    • Close keepalive connections after the maximum number of fast inlined requests (#2625)

v4.3.6

https://github.com/puma/puma/compare/v4.3.5...4.3.6

A quick fix for a build error on Mac OS and a JSON require fix for those using phased restart.

  • Explicitly include ctype.h to fix compilation warning and build error on macOS with Xcode 12 (#2304)
  • Don't require json at boot (#2269)

v4.3.0 - Mysterious Traveller

0000492109

Mysterious Traveller

  • Features

    • Strip whitespace at end of HTTP headers (#2010)
    • Optimize HTTP parser for JRuby (#2012)
    • Add SSL support for the control app and cli (#2046, #2052)
  • Bugfixes

    • Fix Errno::EINVAL when SSL is enabled and browser rejects cert (#1564)
    • Fix pumactl defaulting puma to development if an environment was not specified (#2035)
    • Fix closing file stream when reading pid from pidfile (#2048)
    • Fix a typo in configuration option --extra_runtime_dependencies (#2050)

4.2.1

  • 3 bugfixes
    • Fix socket activation of systemd (pre-existing) unix binder files (#1842, #1988)
    • Deal with multiple calls to bind correctly (#1986, #1994, #2006)
    • Accepts symbols for verify_mode (#1222)

4.2.0 - Distant Airhorns

  • 6 features
    • Pumactl has a new -e environment option and reads config/puma/.rb config files (#1885)
    • Semicolons are now allowed in URL paths (MRI only), useful for Angular or Redmine (#1934)
    • Allow extra dependencies to be defined when using prune_bundler (#1105)
    • Puma now reports the correct port when binding to port 0, also reports other listeners when binding to localhost (#1786)
    • Sending SIGINFO to any Puma worker now prints currently active threads and their backtraces (#1320)
    • Puma threads all now have their name set on Ruby 2.3+ (#1968)
  • 4 bugfixes
    • Fix some misbehavior with phased restart and externally SIGTERMed workers (#1908, #1952)

... (truncated)

Changelog

Sourced from puma's changelog.

5.6.2 / 2022-02-11

  • Bugfix/Security
    • Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to #2809)

5.6.1 / 2022-01-26

  • Bugfixes
    • Reverted a commit which appeared to be causing occasional blank header values (#2809)

5.6.0 / 2022-01-25

  • Features

    • Support localhost integration in ssl_bind (#2764, #2708)
    • Allow backlog parameter to be set with ssl_bind DSL (#2780)
    • Remove yaml (psych) requirement in StateFile (#2784)
    • Allow culling of oldest workers, previously was only youngest (#2773, #2794)
    • Add worker_check_interval configuration option (#2759)
    • Always send lowlevel_error response to client (#2731, #2341)
    • Support for cert_pem and key_pem with ssl_bind DSL (#2728)
  • Bugfixes

    • Keep thread names under 15 characters, prevents breakage on some OSes (#2733)
    • Fix two 'old-style-definition' compile warning (#2807, #2806)
    • Log environment correctly using option value (#2799)
    • Fix warning from Ruby master (will be 3.2.0) (#2785)
    • extconf.rb - fix openssl with old Windows builds (#2757)
    • server.rb - rescue handling (Errno::EBADF) for @notify.close (#2745)
  • Refactor

    • server.rb - refactor code using @​options[:remote_address] (#2742)
    • [jruby] a couple refactorings - avoid copy-ing bytes (#2730)

5.5.2 / 2021-10-12

  • Bugfixes
    • Allow UTF-8 in HTTP header values

5.5.1 / 2021-10-12

  • Feature (added as mistake - we don't normally do this on bugfix releases, sorry!)

    • Allow setting APP_ENV in preference to RACK_ENV or RAILS_ENV (#2702)
  • Security

    • Do not allow LF as a line ending in a header (CVE-2021-41136)

5.5.0 / 2021-09-19

  • Features
    • Automatic SSL certificate provisioning for localhost, via localhost gem (#2610, #2257)

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/CenturyLinkLabs/panamax-ui/network/alerts).
dependabot[bot] commented 2 years ago

Superseded by #600.