blabla1337 / skf-labs

Repo for all the OWASP-SKF Docker lab examples
Apache License 2.0
439 stars 201 forks source link

Bump puma from 3.12.1 to 3.12.4 in /parameter-binding #77

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Bumps puma from 3.12.1 to 3.12.4.

Changelog *Sourced from [puma's changelog](https://github.com/puma/puma/blob/master/History.md).* > ## 4.3.3 and 3.12.4 / 2020-02-28 > > * Bugfixes > * Fix: Fixes a problem where we weren't splitting headers correctly on newlines ([#2132](https://github-redirect.dependabot.com/puma/puma/issues/2132)) > * Security > * Fix: Prevent HTTP Response splitting via CR in early hints. CVE-2020-5249. > > ## 4.3.2 and 3.12.3 / 2020-02-27 (YANKED) > > * Security > * Fix: Prevent HTTP Response splitting via CR/LF in header values. CVE-2020-5247. > > ## 4.3.1 and 3.12.2 / 2019-12-05 > > * Security > * Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. CVE-2019-16770. > > ## 4.3.0 / 2019-11-07 > > * Features > * Strip whitespace at end of HTTP headers ([#2010](https://github-redirect.dependabot.com/puma/puma/issues/2010)) > * Optimize HTTP parser for JRuby ([#2012](https://github-redirect.dependabot.com/puma/puma/issues/2012)) > * Add SSL support for the control app and cli ([#2046](https://github-redirect.dependabot.com/puma/puma/issues/2046), [#2052](https://github-redirect.dependabot.com/puma/puma/issues/2052)) > > * Bugfixes > * Fix Errno::EINVAL when SSL is enabled and browser rejects cert ([#1564](https://github-redirect.dependabot.com/puma/puma/issues/1564)) > * Fix pumactl defaulting puma to development if an environment was not specified ([#2035](https://github-redirect.dependabot.com/puma/puma/issues/2035)) > * Fix closing file stream when reading pid from pidfile ([#2048](https://github-redirect.dependabot.com/puma/puma/issues/2048)) > * Fix a typo in configuration option `--extra_runtime_dependencies` ([#2050](https://github-redirect.dependabot.com/puma/puma/issues/2050)) > > ## 4.2.1 / 2019-10-07 > > * 3 bugfixes > * Fix socket activation of systemd (pre-existing) unix binder files ([#1842](https://github-redirect.dependabot.com/puma/puma/issues/1842), [#1988](https://github-redirect.dependabot.com/puma/puma/issues/1988)) > * Deal with multiple calls to bind correctly ([#1986](https://github-redirect.dependabot.com/puma/puma/issues/1986), [#1994](https://github-redirect.dependabot.com/puma/puma/issues/1994), [#2006](https://github-redirect.dependabot.com/puma/puma/issues/2006)) > * Accepts symbols for `verify_mode` ([#1222](https://github-redirect.dependabot.com/puma/puma/issues/1222)) > > ## 4.2.0 / 2019-09-23 > > * 6 features > * Pumactl has a new -e environment option and reads `config/puma/.rb` config files ([#1885](https://github-redirect.dependabot.com/puma/puma/issues/1885)) > * Semicolons are now allowed in URL paths (MRI only), useful for Angular or Redmine ([#1934](https://github-redirect.dependabot.com/puma/puma/issues/1934)) > * Allow extra dependencies to be defined when using prune_bundler ([#1105](https://github-redirect.dependabot.com/puma/puma/issues/1105)) > * Puma now reports the correct port when binding to port 0, also reports other listeners when binding to localhost ([#1786](https://github-redirect.dependabot.com/puma/puma/issues/1786)) > * Sending SIGINFO to any Puma worker now prints currently active threads and their backtraces ([#1320](https://github-redirect.dependabot.com/puma/puma/issues/1320)) > * Puma threads all now have their name set on Ruby 2.3+ ([#1968](https://github-redirect.dependabot.com/puma/puma/issues/1968)) > * 4 bugfixes > * Fix some misbehavior with phased restart and externally SIGTERMed workers ([#1908](https://github-redirect.dependabot.com/puma/puma/issues/1908), [#1952](https://github-redirect.dependabot.com/puma/puma/issues/1952)) > * Fix socket closing on error ([#1941](https://github-redirect.dependabot.com/puma/puma/issues/1941)) > * Removed unnecessary SIGINT trap for JRuby that caused some race conditions ([#1961](https://github-redirect.dependabot.com/puma/puma/issues/1961)) > ... (truncated)
Commits - [`f809e6b`](https://github.com/puma/puma/commit/f809e6b7aa3083afb8da5eb54bdd45fc391d1ba1) Add missing server_run - [`87fc7d7`](https://github.com/puma/puma/commit/87fc7d7ab8afb24f8d2079729f237080620211d4) 3.12.4 - [`e79a5b2`](https://github.com/puma/puma/commit/e79a5b28f618fa04b7060c87f0da34d299462416) HTTP Injection - fix bug + 1 more vector ([#2136](https://github-redirect.dependabot.com/puma/puma/issues/2136)) - [`2ff978f`](https://github.com/puma/puma/commit/2ff978fa9f27fd3fcd11ddf774d684fda250c46e) 3.12.3 - [`3a2b918`](https://github.com/puma/puma/commit/3a2b9186b7ca31c9cfda8c88b824618e9c3d842c) Test backport - [`37928cb`](https://github.com/puma/puma/commit/37928cbe5a80a3541d390c60cf131f9c344e77f6) 4.3.2 and 3.12.3 release notes - [`1b17e85`](https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03) Merge pull request from GHSA-84j7-475p-hp8v - [`bb29fc7`](https://github.com/puma/puma/commit/bb29fc7fe8f822d0f72706a1ae86e49af3476777) 3.12.2 - [`058df12`](https://github.com/puma/puma/commit/058df12b78e7d1ec661c3b8777f26a736c26675b) 4.3.1 and 4.2.1 release notes - [`06053e6`](https://github.com/puma/puma/commit/06053e60908074bb38293d4449ea261cb009b53e) Merge pull request from GHSA-7xx3-m584-x994 - Additional commits viewable in [compare view](https://github.com/puma/puma/compare/v3.12.1...v3.12.4)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/blabla1337/skf-labs/network/alerts).
dependabot[bot] commented 4 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.