search

caciviclab / disclosure-backend-static

Campaign finance data powering Open Disclosure California
https://caciviclab.org/odca-jekyll/
15 stars 13 forks source link

Bump puma from 4.3.12 to 5.6.7 #321

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps puma from 4.3.12 to 5.6.7.

Release notes

Sourced from puma's releases.

5.6.7

Security Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields (GHSA-68xg-gqqm-vgj8)

5.6.5 / 2022-08-23

  • Bugfixes
    • NullIO#closed should return false (#2883)
    • Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)
    • [jruby] Fix TLS verification hang (#2890, #2729)
    • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used (#2885, #2839)
    • MiniSSL - detect SSL_CTX_set_dh_auto (#2864, #2863)
    • Fix rack.after_reply exceptions breaking connections (#2861, #2856)
    • Escape SSL cert and filenames (#2855)
    • Fail hard if SSL certs or keys are invalid (#2848)
    • Fail hard if SSL certs or keys cannot be read by user (#2847)
    • Fix build with Opaque DH in LibreSSL 3.5. (#2838)
    • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) (#2817)
    • Fix Puma::StateFile#load incompatibility (#2810)

5.6.4

  • Security
    • Close several HTTP Request Smuggling exploits (CVE-2022-24790)

The 5.6.3 release was a mistake (released the wrong branch), 5.6.4 is correct.

5.6.2 / 2022-02-11

  • Bugfix/Security
    • Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to #2809)

5.6.1

Bugfixes

  • Reverted a commit which appeared to be causing occasional blank header values (see issue #2808) (#2809)

Full Changelog: https://github.com/puma/puma/compare/v5.6.0...v5.6.1

5.6.0 - Birdie's Version

Maintainer @​nateberkopec had a daughter, nicknamed Birdie:

slack-imgs

5.6.0 / 2022-01-25

  • Features
    • Support localhost integration in ssl_bind (#2764, #2708)
    • Allow backlog parameter to be set with ssl_bind DSL (#2780)
    • Remove yaml (psych) requirement in StateFile (#2784)
    • Allow culling of oldest workers, previously was only youngest (#2773, #2794)
    • Add worker_check_interval configuration option (#2759)

... (truncated)

Changelog

Sourced from puma's changelog.

5.6.7 / 2023-08-18

  • Security
    • Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields (GHSA-68xg-gqqm-vgj8)

5.6.6 / 2023-06-21

  • Bugfix
    • Prevent loading with rack 3 (#3166)

5.6.5 / 2022-08-23

  • Feature

    • Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)

  • Bugfixes

    • NullIO#closed should return false (#2883)
    • [jruby] Fix TLS verification hang (#2890, #2729)
    • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used (#2885, #2839)
    • MiniSSL - detect SSL_CTX_set_dh_auto (#2864, #2863)
    • Fix rack.after_reply exceptions breaking connections (#2861, #2856)
    • Escape SSL cert and filenames (#2855)
    • Fail hard if SSL certs or keys are invalid (#2848)
    • Fail hard if SSL certs or keys cannot be read by user (#2847)
    • Fix build with Opaque DH in LibreSSL 3.5. (#2838)
    • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) (#2817)
    • Fix Puma::StateFile#load incompatibility (#2810)

5.6.4 / 2022-03-30

  • Security
    • Close several HTTP Request Smuggling exploits (CVE-2022-24790)

5.6.2 / 2022-02-11

  • Bugfix/Security
    • Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to #2809)

5.6.1 / 2022-01-26

  • Bugfixes
    • Reverted a commit which appeared to be causing occasional blank header values (#2809)

5.6.0 / 2022-01-25

  • Features
    • Support localhost integration in ssl_bind (#2764, #2708)
    • Allow backlog parameter to be set with ssl_bind DSL (#2780)
    • Remove yaml (psych) requirement in StateFile (#2784)
    • Allow culling of oldest workers, previously was only youngest (#2773, #2794)

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/caciviclab/disclosure-backend-static/network/alerts).
mikeubell commented 1 year ago
Build diff from Commit 41695a1fb6dcab0ad28105cb774f9788d32cedac: ```diff ```
mikeubell commented 1 year ago
Build diff from Commit 51df0962d5203358249e82410fb583dd50ef6f67: ```diff ```
mikeubell commented 1 year ago
Build diff from Commit f5285037c46d65647a78abda3a1c44a27465f02e: ```diff diff --git a/build/_data/committees/1410941.json b/build/_data/committees/1410941.json index af94d4b..1d4e91b 100644 --- a/build/_data/committees/1410941.json +++ b/build/_data/committees/1410941.json @@ -813,7 +813,7 @@ "Tran_Date": "2018-10-19", "Tran_NamF": "Garrett", "Tran_NamL": "Riegg", - "Tran_Zip4": "94606" + "Tran_Zip4": "94602" }, { "Filer_ID": "1410941", @@ -824,7 +824,7 @@ "Tran_Date": "2018-10-19", "Tran_NamF": "Garrett", "Tran_NamL": "Riegg", - "Tran_Zip4": "94602" + "Tran_Zip4": "94606" }, { "Filer_ID": "1410941", diff --git a/build/_data/elections/oakland/2018-06-05.json b/build/_data/elections/oakland/2018-06-05.json index 2868b2a..03231bf 100644 --- a/build/_data/elections/oakland/2018-06-05.json +++ b/build/_data/elections/oakland/2018-06-05.json @@ -69,7 +69,7 @@ "total_contributions": 15000.0 }, { - "name": "Oakland Athletics Baseball Company", + "name": "Service Employees International Union Local 1021 Issues PAC", "type": "Measure", "election_name": "oakland-june-2018", "total_contributions": 10000.0 diff --git a/build/_data/elections/oakland/2022-11-08.json b/build/_data/elections/oakland/2022-11-08.json index 3992b07..680f657 100644 --- a/build/_data/elections/oakland/2022-11-08.json +++ b/build/_data/elections/oakland/2022-11-08.json @@ -2,13 +2,13 @@ "total_contributions": 6463134.51, "total_contributions_by_source": { "Out of State": 520797.35, - "Within Oakland": 2624046.9299999997, + "Within Oakland": 2624046.9300000006, "Within California": 2992731.97 }, "contributions_by_type": { "PTY": 15900.0, "Committee": 993901.14, - "Individual": 2489080.869999997, + "Individual": 2489080.870000002, "Unitemized": 134011.25, "Self Funding": 2711.0, "Other (includes Businesses)": 2635983.24 @@ -107,7 +107,7 @@ "total_contributions": 6300.0 }, { - "name": "John Protopappas", + "name": "Russ Taplin", "type": "Office", "election_name": "oakland-2022", "total_contributions": 5400.0 diff --git a/build/_data/elections/oakland/2024-11-05.json b/build/_data/elections/oakland/2024-11-05.json index 8d4bff3..96423b7 100644 --- a/build/_data/elections/oakland/2024-11-05.json +++ b/build/_data/elections/oakland/2024-11-05.json @@ -76,19 +76,19 @@ ], "top_contributors_for_offices": [ { - "name": "Todd Scanlin", + "name": "Weylin White", "type": "Office", "election_name": "oakland-2024", "total_contributions": 900.0 }, { - "name": "Dow Terry", + "name": "Todd Scanlin", "type": "Office", "election_name": "oakland-2024", "total_contributions": 900.0 }, { - "name": "Brooke Levin", + "name": "Jacob Zonn", "type": "Office", "election_name": "oakland-2024", "total_contributions": 900.0 diff --git a/build/_data/totals.json b/build/_data/totals.json index 90eeece..5d76270 100644 --- a/build/_data/totals.json +++ b/build/_data/totals.json @@ -782,13 +782,13 @@ "total_contributions": 6463134.51, "total_contributions_by_source": { "Out of State": 520797.35, - "Within Oakland": 2624046.9299999997, + "Within Oakland": 2624046.9300000006, "Within California": 2992731.97 }, "contributions_by_type": { "PTY": 15900.0, "Committee": 993901.14, - "Individual": 2489080.869999997, + "Individual": 2489080.870000002, "Unitemized": 134011.25, "Self Funding": 2711.0, "Other (includes Businesses)": 2635983.24 @@ -887,7 +887,7 @@ "total_contributions": 6300.0 }, { - "name": "John Protopappas", + "name": "Russ Taplin", "type": "Office", "election_name": "oakland-2022", "total_contributions": 5400.0 @@ -1045,7 +1045,7 @@ "total_contributions": 15000.0 }, { - "name": "Oakland Athletics Baseball Company", + "name": "Service Employees International Union Local 1021 Issues PAC", "type": "Measure", "election_name": "oakland-june-2018", "total_contributions": 10000.0 @@ -1451,19 +1451,19 @@ ], "top_contributors_for_offices": [ { - "name": "Todd Scanlin", + "name": "Weylin White", "type": "Office", "election_name": "oakland-2024", "total_contributions": 900.0 }, { - "name": "Dow Terry", + "name": "Todd Scanlin", "type": "Office", "election_name": "oakland-2024", "total_contributions": 900.0 }, { - "name": "Brooke Levin", + "name": "Jacob Zonn", "type": "Office", "election_name": "oakland-2024", "total_contributions": 900.0 ```
mikeubell commented 1 year ago
Build diff from Commit a47c6ed8f85980336c3237ba686381f7f509e3b4: ```diff ```