Release notes
*Sourced from [puma's releases](https://github.com/puma/puma/releases).*
> ## v4.3.0 - Mysterious Traveller
> ![0000492109](https://user-images.githubusercontent.com/845662/68427889-ff59cd00-0178-11ea-8329-8493b3de6906.jpg)
>
> [Mysterious Traveller](https://www.youtube.com/watch?v=bZ44_P6iM18)
>
> * Features
> * Strip whitespace at end of HTTP headers ([#2010](https://github-redirect.dependabot.com/puma/puma/issues/2010))
> * Optimize HTTP parser for JRuby ([#2012](https://github-redirect.dependabot.com/puma/puma/issues/2012))
> * Add SSL support for the control app and cli ([#2046](https://github-redirect.dependabot.com/puma/puma/issues/2046), [#2052](https://github-redirect.dependabot.com/puma/puma/issues/2052))
>
> * Bugfixes
> * Fix Errno::EINVAL when SSL is enabled and browser rejects cert ([#1564](https://github-redirect.dependabot.com/puma/puma/issues/1564))
> * Fix pumactl defaulting puma to development if an environment was not specified ([#2035](https://github-redirect.dependabot.com/puma/puma/issues/2035))
> * Fix closing file stream when reading pid from pidfile ([#2048](https://github-redirect.dependabot.com/puma/puma/issues/2048))
> * Fix a typo in configuration option `--extra_runtime_dependencies` ([#2050](https://github-redirect.dependabot.com/puma/puma/issues/2050))
>
> ## 4.2.1
> * 3 bugfixes
> * Fix socket activation of systemd (pre-existing) unix binder files ([#1842](https://github-redirect.dependabot.com/puma/puma/issues/1842), [#1988](https://github-redirect.dependabot.com/puma/puma/issues/1988))
> * Deal with multiple calls to bind correctly ([#1986](https://github-redirect.dependabot.com/puma/puma/issues/1986), [#1994](https://github-redirect.dependabot.com/puma/puma/issues/1994), [#2006](https://github-redirect.dependabot.com/puma/puma/issues/2006))
> * Accepts symbols for `verify_mode` ([#1222](https://github-redirect.dependabot.com/puma/puma/issues/1222))
>
> ## 4.2.0 - Distant Airhorns
> * 6 features
> * Pumactl has a new -e environment option and reads config/puma/.rb config files ([#1885](https://github-redirect.dependabot.com/puma/puma/issues/1885))
> * Semicolons are now allowed in URL paths (MRI only), useful for Angular or Redmine ([#1934](https://github-redirect.dependabot.com/puma/puma/issues/1934))
> * Allow extra dependencies to be defined when using prune_bundler ([#1105](https://github-redirect.dependabot.com/puma/puma/issues/1105))
> * Puma now reports the correct port when binding to port 0, also reports other listeners when binding to localhost ([#1786](https://github-redirect.dependabot.com/puma/puma/issues/1786))
> * Sending SIGINFO to any Puma worker now prints currently active threads and their backtraces ([#1320](https://github-redirect.dependabot.com/puma/puma/issues/1320))
> * Puma threads all now have their name set on Ruby 2.3+ ([#1968](https://github-redirect.dependabot.com/puma/puma/issues/1968))
> * 4 bugfixes
> * Fix some misbehavior with phased restart and externally SIGTERMed workers ([#1908](https://github-redirect.dependabot.com/puma/puma/issues/1908), [#1952](https://github-redirect.dependabot.com/puma/puma/issues/1952))
> * Fix socket closing on error ([#1941](https://github-redirect.dependabot.com/puma/puma/issues/1941))
> * Removed unnecessary SIGINT trap for JRuby that caused some race conditions ([#1961](https://github-redirect.dependabot.com/puma/puma/issues/1961))
> * Fix socket files being left around after process stopped ([#1970](https://github-redirect.dependabot.com/puma/puma/issues/1970))
> * Absolutely thousands of lines of test improvements and fixes thanks to [@MSP-Greg](https://github.com/MSP-Greg)
>
> ![air-horn-sound-s-econd-air-horn-sound-me-this-23916124](https://user-images.githubusercontent.com/845662/65414357-d3b29b80-ddf3-11e9-8e77-2a66ff5672be.png)
>
> ## 4.1.1
> 3 bugfixes
>
> * Revert our attempt to not dup STDOUT/STDERR ([#1946](https://github-redirect.dependabot.com/puma/puma/issues/1946))
> * Fix socket close on error ([#1941](https://github-redirect.dependabot.com/puma/puma/issues/1941))
> * Fix workers not shutting down correctly ([#1908](https://github-redirect.dependabot.com/puma/puma/issues/1908))
>
> ## 4.1.0 - Fourth and One
> * 4 features
> * Add REQUEST_PATH on parse error message ([#1831](https://github-redirect.dependabot.com/puma/puma/issues/1831))
> * You can now easily add custom log formatters with the `log_formatter` config option ([#1816](https://github-redirect.dependabot.com/puma/puma/issues/1816))
> ... (truncated)
Changelog
*Sourced from [puma's changelog](https://github.com/puma/puma/blob/master/History.md).*
> ## 4.3.1 and 3.12.2 / 2019-12-05
>
> * Security
> * Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. CVE-2019-16770.
>
> ## 4.3.0 / 2019-11-07
>
> * Features
> * Strip whitespace at end of HTTP headers ([#2010](https://github-redirect.dependabot.com/puma/puma/issues/2010))
> * Optimize HTTP parser for JRuby ([#2012](https://github-redirect.dependabot.com/puma/puma/issues/2012))
> * Add SSL support for the control app and cli ([#2046](https://github-redirect.dependabot.com/puma/puma/issues/2046), [#2052](https://github-redirect.dependabot.com/puma/puma/issues/2052))
>
> * Bugfixes
> * Fix Errno::EINVAL when SSL is enabled and browser rejects cert ([#1564](https://github-redirect.dependabot.com/puma/puma/issues/1564))
> * Fix pumactl defaulting puma to development if an environment was not specified ([#2035](https://github-redirect.dependabot.com/puma/puma/issues/2035))
> * Fix closing file stream when reading pid from pidfile ([#2048](https://github-redirect.dependabot.com/puma/puma/issues/2048))
> * Fix a typo in configuration option `--extra_runtime_dependencies` ([#2050](https://github-redirect.dependabot.com/puma/puma/issues/2050))
>
> ## 4.2.1 / 2019-10-07
>
> * 3 bugfixes
> * Fix socket activation of systemd (pre-existing) unix binder files ([#1842](https://github-redirect.dependabot.com/puma/puma/issues/1842), [#1988](https://github-redirect.dependabot.com/puma/puma/issues/1988))
> * Deal with multiple calls to bind correctly ([#1986](https://github-redirect.dependabot.com/puma/puma/issues/1986), [#1994](https://github-redirect.dependabot.com/puma/puma/issues/1994), [#2006](https://github-redirect.dependabot.com/puma/puma/issues/2006))
> * Accepts symbols for `verify_mode` ([#1222](https://github-redirect.dependabot.com/puma/puma/issues/1222))
>
> ## 4.2.0 / 2019-09-23
>
> * 6 features
> * Pumactl has a new -e environment option and reads `config/puma/.rb` config files ([#1885](https://github-redirect.dependabot.com/puma/puma/issues/1885))
> * Semicolons are now allowed in URL paths (MRI only), useful for Angular or Redmine ([#1934](https://github-redirect.dependabot.com/puma/puma/issues/1934))
> * Allow extra dependencies to be defined when using prune_bundler ([#1105](https://github-redirect.dependabot.com/puma/puma/issues/1105))
> * Puma now reports the correct port when binding to port 0, also reports other listeners when binding to localhost ([#1786](https://github-redirect.dependabot.com/puma/puma/issues/1786))
> * Sending SIGINFO to any Puma worker now prints currently active threads and their backtraces ([#1320](https://github-redirect.dependabot.com/puma/puma/issues/1320))
> * Puma threads all now have their name set on Ruby 2.3+ ([#1968](https://github-redirect.dependabot.com/puma/puma/issues/1968))
> * 4 bugfixes
> * Fix some misbehavior with phased restart and externally SIGTERMed workers ([#1908](https://github-redirect.dependabot.com/puma/puma/issues/1908), [#1952](https://github-redirect.dependabot.com/puma/puma/issues/1952))
> * Fix socket closing on error ([#1941](https://github-redirect.dependabot.com/puma/puma/issues/1941))
> * Removed unnecessary SIGINT trap for JRuby that caused some race conditions ([#1961](https://github-redirect.dependabot.com/puma/puma/issues/1961))
> * Fix socket files being left around after process stopped ([#1970](https://github-redirect.dependabot.com/puma/puma/issues/1970))
> * Absolutely thousands of lines of test improvements and fixes thanks to [@MSP-Greg](https://github.com/MSP-Greg)
>
> ## 4.1.1 / 2019-09-05
>
> * 3 bugfixes
> * Revert our attempt to not dup STDOUT/STDERR ([#1946](https://github-redirect.dependabot.com/puma/puma/issues/1946))
> * Fix socket close on error ([#1941](https://github-redirect.dependabot.com/puma/puma/issues/1941))
> * Fix workers not shutting down correctly ([#1908](https://github-redirect.dependabot.com/puma/puma/issues/1908))
>
> ## 4.1.0 / 2019-08-08
>
> ... (truncated)
Commits
- [`2986bc4`](https://github.com/puma/puma/commit/2986bc4ab5e03072d4c09739649c5c9221b13c8d) 4.3.1
- [`285c3f9`](https://github.com/puma/puma/commit/285c3f963652e8ba6a2835c0f443710abd9c5c32) 4.3.1 and 4.2.1 release notes
- [`98a1f03`](https://github.com/puma/puma/commit/98a1f03e5ebe40cf56b65b0bf60adf97057e0eaf) Merge pull request from GHSA-7xx3-m584-x994
- [`d20242b`](https://github.com/puma/puma/commit/d20242b2ec76cc7e8078986f29f1e083f62ef157) 4.3.0
- [`4852902`](https://github.com/puma/puma/commit/4852902b8992d3d88fea6d485163af86ff847c3d) Merge pull request [#2068](https://github-redirect.dependabot.com/puma/puma/issues/2068) from ahorek/travis_fixes
- [`2d89d7c`](https://github.com/puma/puma/commit/2d89d7ccee9e957058ff313dc78d2607622423c0) travis fixes
- [`3203159`](https://github.com/puma/puma/commit/3203159ac6917cfe7ed2378077e186bc844e34d9) dont set frozen-string-literal for ruby 2.2 [changelog skip] ([#2066](https://github-redirect.dependabot.com/puma/puma/issues/2066))
- [`8e751a8`](https://github.com/puma/puma/commit/8e751a8ce09b7922aa680ed4e30ac73366458243) Add TruffleRuby to (Travis) CI
- [`536c3ed`](https://github.com/puma/puma/commit/536c3ed4a1916aa5c691cd3018a063c9a01cad06) Rubocop failures
- [`554c02c`](https://github.com/puma/puma/commit/554c02cfafcdbdd4d4f9a8c5c8837db6febc7989) Also make request_body_wait_chunked less strict
- Additional commits viewable in [compare view](https://github.com/puma/puma/compare/v2.16.0...v4.3.1)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rosa-abf/rosa-build/network/alerts).
Bumps puma from 2.16.0 to 4.3.1.
Release notes
*Sourced from [puma's releases](https://github.com/puma/puma/releases).* > ## v4.3.0 - Mysterious Traveller > ![0000492109](https://user-images.githubusercontent.com/845662/68427889-ff59cd00-0178-11ea-8329-8493b3de6906.jpg) > > [Mysterious Traveller](https://www.youtube.com/watch?v=bZ44_P6iM18) > > * Features > * Strip whitespace at end of HTTP headers ([#2010](https://github-redirect.dependabot.com/puma/puma/issues/2010)) > * Optimize HTTP parser for JRuby ([#2012](https://github-redirect.dependabot.com/puma/puma/issues/2012)) > * Add SSL support for the control app and cli ([#2046](https://github-redirect.dependabot.com/puma/puma/issues/2046), [#2052](https://github-redirect.dependabot.com/puma/puma/issues/2052)) > > * Bugfixes > * Fix Errno::EINVAL when SSL is enabled and browser rejects cert ([#1564](https://github-redirect.dependabot.com/puma/puma/issues/1564)) > * Fix pumactl defaulting puma to development if an environment was not specified ([#2035](https://github-redirect.dependabot.com/puma/puma/issues/2035)) > * Fix closing file stream when reading pid from pidfile ([#2048](https://github-redirect.dependabot.com/puma/puma/issues/2048)) > * Fix a typo in configuration option `--extra_runtime_dependencies` ([#2050](https://github-redirect.dependabot.com/puma/puma/issues/2050)) > > ## 4.2.1 > * 3 bugfixes > * Fix socket activation of systemd (pre-existing) unix binder files ([#1842](https://github-redirect.dependabot.com/puma/puma/issues/1842), [#1988](https://github-redirect.dependabot.com/puma/puma/issues/1988)) > * Deal with multiple calls to bind correctly ([#1986](https://github-redirect.dependabot.com/puma/puma/issues/1986), [#1994](https://github-redirect.dependabot.com/puma/puma/issues/1994), [#2006](https://github-redirect.dependabot.com/puma/puma/issues/2006)) > * Accepts symbols for `verify_mode` ([#1222](https://github-redirect.dependabot.com/puma/puma/issues/1222)) > > ## 4.2.0 - Distant Airhorns > * 6 features > * Pumactl has a new -e environment option and reads config/puma/Changelog
*Sourced from [puma's changelog](https://github.com/puma/puma/blob/master/History.md).* > ## 4.3.1 and 3.12.2 / 2019-12-05 > > * Security > * Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. CVE-2019-16770. > > ## 4.3.0 / 2019-11-07 > > * Features > * Strip whitespace at end of HTTP headers ([#2010](https://github-redirect.dependabot.com/puma/puma/issues/2010)) > * Optimize HTTP parser for JRuby ([#2012](https://github-redirect.dependabot.com/puma/puma/issues/2012)) > * Add SSL support for the control app and cli ([#2046](https://github-redirect.dependabot.com/puma/puma/issues/2046), [#2052](https://github-redirect.dependabot.com/puma/puma/issues/2052)) > > * Bugfixes > * Fix Errno::EINVAL when SSL is enabled and browser rejects cert ([#1564](https://github-redirect.dependabot.com/puma/puma/issues/1564)) > * Fix pumactl defaulting puma to development if an environment was not specified ([#2035](https://github-redirect.dependabot.com/puma/puma/issues/2035)) > * Fix closing file stream when reading pid from pidfile ([#2048](https://github-redirect.dependabot.com/puma/puma/issues/2048)) > * Fix a typo in configuration option `--extra_runtime_dependencies` ([#2050](https://github-redirect.dependabot.com/puma/puma/issues/2050)) > > ## 4.2.1 / 2019-10-07 > > * 3 bugfixes > * Fix socket activation of systemd (pre-existing) unix binder files ([#1842](https://github-redirect.dependabot.com/puma/puma/issues/1842), [#1988](https://github-redirect.dependabot.com/puma/puma/issues/1988)) > * Deal with multiple calls to bind correctly ([#1986](https://github-redirect.dependabot.com/puma/puma/issues/1986), [#1994](https://github-redirect.dependabot.com/puma/puma/issues/1994), [#2006](https://github-redirect.dependabot.com/puma/puma/issues/2006)) > * Accepts symbols for `verify_mode` ([#1222](https://github-redirect.dependabot.com/puma/puma/issues/1222)) > > ## 4.2.0 / 2019-09-23 > > * 6 features > * Pumactl has a new -e environment option and reads `config/puma/Commits
- [`2986bc4`](https://github.com/puma/puma/commit/2986bc4ab5e03072d4c09739649c5c9221b13c8d) 4.3.1 - [`285c3f9`](https://github.com/puma/puma/commit/285c3f963652e8ba6a2835c0f443710abd9c5c32) 4.3.1 and 4.2.1 release notes - [`98a1f03`](https://github.com/puma/puma/commit/98a1f03e5ebe40cf56b65b0bf60adf97057e0eaf) Merge pull request from GHSA-7xx3-m584-x994 - [`d20242b`](https://github.com/puma/puma/commit/d20242b2ec76cc7e8078986f29f1e083f62ef157) 4.3.0 - [`4852902`](https://github.com/puma/puma/commit/4852902b8992d3d88fea6d485163af86ff847c3d) Merge pull request [#2068](https://github-redirect.dependabot.com/puma/puma/issues/2068) from ahorek/travis_fixes - [`2d89d7c`](https://github.com/puma/puma/commit/2d89d7ccee9e957058ff313dc78d2607622423c0) travis fixes - [`3203159`](https://github.com/puma/puma/commit/3203159ac6917cfe7ed2378077e186bc844e34d9) dont set frozen-string-literal for ruby 2.2 [changelog skip] ([#2066](https://github-redirect.dependabot.com/puma/puma/issues/2066)) - [`8e751a8`](https://github.com/puma/puma/commit/8e751a8ce09b7922aa680ed4e30ac73366458243) Add TruffleRuby to (Travis) CI - [`536c3ed`](https://github.com/puma/puma/commit/536c3ed4a1916aa5c691cd3018a063c9a01cad06) Rubocop failures - [`554c02c`](https://github.com/puma/puma/commit/554c02cfafcdbdd4d4f9a8c5c8837db6febc7989) Also make request_body_wait_chunked less strict - Additional commits viewable in [compare view](https://github.com/puma/puma/compare/v2.16.0...v4.3.1)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rosa-abf/rosa-build/network/alerts).