search

syncforynab / fintech-to-ynab

Automatically push Monzo and Starling transactions into YNAB in real time.
MIT License
246 stars 136 forks source link

Bump puma from 5.3.2 to 5.6.5 #389

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps puma from 5.3.2 to 5.6.5.

Release notes

Sourced from puma's releases.

5.6.5 / 2022-08-23

  • Bugfixes
    • NullIO#closed should return false (#2883)
    • Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)
    • [jruby] Fix TLS verification hang (#2890, #2729)
    • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used (#2885, #2839)
    • MiniSSL - detect SSL_CTX_set_dh_auto (#2864, #2863)
    • Fix rack.after_reply exceptions breaking connections (#2861, #2856)
    • Escape SSL cert and filenames (#2855)
    • Fail hard if SSL certs or keys are invalid (#2848)
    • Fail hard if SSL certs or keys cannot be read by user (#2847)
    • Fix build with Opaque DH in LibreSSL 3.5. (#2838)
    • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) (#2817)
    • Fix Puma::StateFile#load incompatibility (#2810)

5.6.4

  • Security
    • Close several HTTP Request Smuggling exploits (CVE-2022-24790)

The 5.6.3 release was a mistake (released the wrong branch), 5.6.4 is correct.

5.6.2 / 2022-02-11

  • Bugfix/Security
    • Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to #2809)

5.6.1

Bugfixes

  • Reverted a commit which appeared to be causing occasional blank header values (see issue #2808) (#2809)

Full Changelog: https://github.com/puma/puma/compare/v5.6.0...v5.6.1

5.6.0 - Birdie's Version

Maintainer @​nateberkopec had a daughter, nicknamed Birdie:

slack-imgs

5.6.0 / 2022-01-25

  • Features

    • Support localhost integration in ssl_bind (#2764, #2708)
    • Allow backlog parameter to be set with ssl_bind DSL (#2780)
    • Remove yaml (psych) requirement in StateFile (#2784)
    • Allow culling of oldest workers, previously was only youngest (#2773, #2794)
    • Add worker_check_interval configuration option (#2759)
    • Always send lowlevel_error response to client (#2731, #2341)
    • Support for cert_pem and key_pem with ssl_bind DSL (#2728)

  • Bugfixes

... (truncated)

Changelog

Sourced from puma's changelog.

5.6.5 / 2022-07-dd

  • Bugfixes
    • NullIO#closed should return false (#2883)
    • Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)
    • [jruby] Fix TLS verification hang (#2890, #2729)
    • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used (#2885, #2839)
    • MiniSSL - detect SSL_CTX_set_dh_auto (#2864, #2863)
    • Fix rack.after_reply exceptions breaking connections (#2861, #2856)
    • Escape SSL cert and filenames (#2855)
    • Fail hard if SSL certs or keys are invalid (#2848)
    • Fail hard if SSL certs or keys cannot be read by user (#2847)
    • Fix build with Opaque DH in LibreSSL 3.5. (#2838)
    • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) (#2817)
    • Fix Puma::StateFile#load incompatibility (#2810)

5.6.4 / 2022-03-30

  • Security
    • Close several HTTP Request Smuggling exploits (CVE-2022-24790)

5.6.2 / 2022-02-11

  • Bugfix/Security
    • Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to #2809)

5.6.1 / 2022-01-26

  • Bugfixes
    • Reverted a commit which appeared to be causing occasional blank header values (#2809)

5.6.0 / 2022-01-25

  • Features

    • Support localhost integration in ssl_bind (#2764, #2708)
    • Allow backlog parameter to be set with ssl_bind DSL (#2780)
    • Remove yaml (psych) requirement in StateFile (#2784)
    • Allow culling of oldest workers, previously was only youngest (#2773, #2794)
    • Add worker_check_interval configuration option (#2759)
    • Always send lowlevel_error response to client (#2731, #2341)
    • Support for cert_pem and key_pem with ssl_bind DSL (#2728)

  • Bugfixes

    • Keep thread names under 15 characters, prevents breakage on some OSes (#2733)
    • Fix two 'old-style-definition' compile warning (#2807, #2806)
    • Log environment correctly using option value (#2799)
    • Fix warning from Ruby master (will be 3.2.0) (#2785)
    • extconf.rb - fix openssl with old Windows builds (#2757)
    • server.rb - rescue handling (Errno::EBADF) for @notify.close (#2745)

... (truncated)

Commits
  • 3bace01 5.6.5
  • 3ce6668 5.6.5 release note
  • 0147ac6 Upstream master build changes (#2913)
  • 0970c91 test_integration_ssl.rb - fix LogWriter reference
  • 790424c Add log_writer instance variable to server.rb
  • 6454710 Puma::ControlCLI - allow refork command to be sent as a request (#2868)
  • 470df09 [fix] TLS verification hang on JRuby (#2890)
  • a1489dd extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used ...
  • 6d22d50 MiniSSL - detect SSL_CTX_set_dh_auto (#2864)
  • e692887 Fix rack.after_reply exceptions breaking connections (#2861)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov-commenter commented 2 years ago

Codecov Report

Base: 94.62% // Head: 94.62% // No change to project coverage :thumbsup:

Coverage data is based on head (ebfcad1) compared to base (cfe6deb). Patch has no changes to coverable lines.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #389 +/- ## ======================================= Coverage 94.62% 94.62% ======================================= Files 12 12 Lines 93 93 ======================================= Hits 88 88 Misses 5 5 ``` Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=syncforynab). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=syncforynab)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.