build(deps): bump puma from 5.5.0 to 5.6.0

[dependabot[bot]]

Bumps puma from 5.5.0 to 5.6.0.

Release notes

Sourced from puma's releases.

5.6.0 - Birdie's Version

Maintainer @​nateberkopec had a daughter, nicknamed Birdie:

5.6.0 / 2022-01-25

• Features

  • Support localhost integration in ssl_bind (#2764, #2708)
  • Allow backlog parameter to be set with ssl_bind DSL (#2780)
  • Remove yaml (psych) requirement in StateFile (#2784)
  • Allow culling of oldest workers, previously was only youngest (#2773, #2794)
  • Add worker_check_interval configuration option (#2759)
  • Always send lowlevel_error response to client (#2731, #2341)
  • Support for cert_pem and key_pem with ssl_bind DSL (#2728)

• Bugfixes

  • Keep thread names under 15 characters, prevents breakage on some OSes (#2733)
  • Fix two 'old-style-definition' compile warning (#2807, #2806)
  • Log environment correctly using option value (#2799)
  • Fix warning from Ruby master (will be 3.2.0) (#2785)
  • extconf.rb - fix openssl with old Windows builds (#2757)
  • server.rb - rescue handling (Errno::EBADF) for @notify.close (#2745)

• Refactor

  • server.rb - refactor code using @​options[:remote_address] (#2742)
  • [jruby] a couple refactorings - avoid copy-ing bytes (#2730)

5.5.2

Re-allows UTF-8 in HTTP header values

5.5.1

https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Changelog

Sourced from puma's changelog.

5.6.0 / 2022-01-25

• Features

  • Support localhost integration in ssl_bind (#2764, #2708)
  • Allow backlog parameter to be set with ssl_bind DSL (#2780)
  • Remove yaml (psych) requirement in StateFile (#2784)
  • Allow culling of oldest workers, previously was only youngest (#2773, #2794)
  • Add worker_check_interval configuration option (#2759)
  • Always send lowlevel_error response to client (#2731, #2341)
  • Support for cert_pem and key_pem with ssl_bind DSL (#2728)

• Bugfixes

  • Keep thread names under 15 characters, prevents breakage on some OSes (#2733)
  • Fix two 'old-style-definition' compile warning (#2807, #2806)
  • Log environment correctly using option value (#2799)
  • Fix warning from Ruby master (will be 3.2.0) (#2785)
  • extconf.rb - fix openssl with old Windows builds (#2757)
  • server.rb - rescue handling (Errno::EBADF) for @notify.close (#2745)

• Refactor

  • server.rb - refactor code using @​options[:remote_address] (#2742)
  • [jruby] a couple refactorings - avoid copy-ing bytes (#2730)

5.5.2 / 2021-10-12

• Bugfixes
  • Allow UTF-8 in HTTP header values

5.5.1 / 2021-10-12

• Feature (added as mistake - we don't normally do this on bugfix releases, sorry!)

  • Allow setting APP_ENV in preference to RACK_ENV or RAILS_ENV (#2702)

• Security

  • Do not allow LF as a line ending in a header (CVE-2021-41136)

Commits

• 61ebbbe 5.6.0
• d20915d Fix two 'old-style-definition' compile warning (#2807)
• 930e5b4 Fix typo in CONTRIBUTING (#2805)
• c38d61c CONTRIBUTING: file limits
• aa732fd Updates for OpenSSL 3 (#2800)
• ca2128f Log environment using option value (#2799)
• 3f3c2f6 Adds a --silent option to the CLI (#2803)
• 03be0aa Support localhost integration in ssl_bind (#2764)
• 4bfdbb7 Use Ruby 3.1 in our Dockerfile (#2802)
• aec9fb3 [CI] Update actions, fix intermittent test error (#2801)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #894.