Bump puma from 5.3.0 to 5.6.5

[dependabot[bot]]

Bumps puma from 5.3.0 to 5.6.5.

Release notes

Sourced from puma's releases.

5.6.5 / 2022-08-23

• Bugfixes
  • NullIO#closed should return false (#2883)
  • Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)
  • [jruby] Fix TLS verification hang (#2890, #2729)
  • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used (#2885, #2839)
  • MiniSSL - detect SSL_CTX_set_dh_auto (#2864, #2863)
  • Fix rack.after_reply exceptions breaking connections (#2861, #2856)
  • Escape SSL cert and filenames (#2855)
  • Fail hard if SSL certs or keys are invalid (#2848)
  • Fail hard if SSL certs or keys cannot be read by user (#2847)
  • Fix build with Opaque DH in LibreSSL 3.5. (#2838)
  • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) (#2817)
  • Fix Puma::StateFile#load incompatibility (#2810)

5.6.4

• Security
  • Close several HTTP Request Smuggling exploits (CVE-2022-24790)

The 5.6.3 release was a mistake (released the wrong branch), 5.6.4 is correct.

5.6.2 / 2022-02-11

• Bugfix/Security
  • Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to #2809)

5.6.1

Bugfixes

• Reverted a commit which appeared to be causing occasional blank header values (see issue #2808) (#2809)

Full Changelog: https://github.com/puma/puma/compare/v5.6.0...v5.6.1

5.6.0 - Birdie's Version

Maintainer @​nateberkopec had a daughter, nicknamed Birdie:

5.6.0 / 2022-01-25

• Features

  • Support localhost integration in ssl_bind (#2764, #2708)
  • Allow backlog parameter to be set with ssl_bind DSL (#2780)
  • Remove yaml (psych) requirement in StateFile (#2784)
  • Allow culling of oldest workers, previously was only youngest (#2773, #2794)
  • Add worker_check_interval configuration option (#2759)
  • Always send lowlevel_error response to client (#2731, #2341)
  • Support for cert_pem and key_pem with ssl_bind DSL (#2728)

• Bugfixes

... (truncated)

Changelog

Sourced from puma's changelog.

5.6.5 / 2022-08-23

• Feature

  • Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)

• Bugfixes

  • NullIO#closed should return false (#2883)
  • [jruby] Fix TLS verification hang (#2890, #2729)
  • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used (#2885, #2839)
  • MiniSSL - detect SSL_CTX_set_dh_auto (#2864, #2863)
  • Fix rack.after_reply exceptions breaking connections (#2861, #2856)
  • Escape SSL cert and filenames (#2855)
  • Fail hard if SSL certs or keys are invalid (#2848)
  • Fail hard if SSL certs or keys cannot be read by user (#2847)
  • Fix build with Opaque DH in LibreSSL 3.5. (#2838)
  • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) (#2817)
  • Fix Puma::StateFile#load incompatibility (#2810)

5.6.4 / 2022-03-30

• Security
  • Close several HTTP Request Smuggling exploits (CVE-2022-24790)

5.6.2 / 2022-02-11

• Bugfix/Security
  • Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to #2809)

5.6.1 / 2022-01-26

• Bugfixes
  • Reverted a commit which appeared to be causing occasional blank header values (#2809)

5.6.0 / 2022-01-25

• Features

  • Support localhost integration in ssl_bind (#2764, #2708)
  • Allow backlog parameter to be set with ssl_bind DSL (#2780)
  • Remove yaml (psych) requirement in StateFile (#2784)
  • Allow culling of oldest workers, previously was only youngest (#2773, #2794)
  • Add worker_check_interval configuration option (#2759)
  • Always send lowlevel_error response to client (#2731, #2341)
  • Support for cert_pem and key_pem with ssl_bind DSL (#2728)

• Bugfixes

  • Keep thread names under 15 characters, prevents breakage on some OSes (#2733)
  • Fix two 'old-style-definition' compile warning (#2807, #2806)
  • Log environment correctly using option value (#2799)
  • Fix warning from Ruby master (will be 3.2.0) (#2785)
  • extconf.rb - fix openssl with old Windows builds (#2757)

... (truncated)

Commits

• 3bace01 5.6.5
• 3ce6668 5.6.5 release note
• 0147ac6 Upstream master build changes (#2913)
• 0970c91 test_integration_ssl.rb - fix LogWriter reference
• 790424c Add log_writer instance variable to server.rb
• 6454710 Puma::ControlCLI - allow refork command to be sent as a request (#2868)
• 470df09 [fix] TLS verification hang on JRuby (#2890)
• a1489dd extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used ...
• 6d22d50 MiniSSL - detect SSL_CTX_set_dh_auto (#2864)
• e692887 Fix rack.after_reply exceptions breaking connections (#2861)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #2250.