yoo94 / yoo94.github.io

MIT License
2 stars 0 forks source link

Bump puma from 6.0.2 to 6.4.2 #2

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps puma from 6.0.2 to 6.4.2.

Release notes

Sourced from puma's releases.

6.4.1

  • Bugfixes

    • DSL#warn_if_in_single_mode - fixup when workers set via CLI (#3256)
    • Fix idle-timeout not working in cluster mode (#3235, #3228, #3282, #3283)
    • Fix worker 0 timing out during phased restart (#3225, #2786)
    • context_builder.rb - require openssl if verify_mode != 'none' (#3179)
    • Make puma cluster process suitable as PID 1 (#3255)
    • Improve Puma::NullIO consistency with real IO (#3276)
    • extconf.rb - fixup to detect openssl info in Ruby build (#3271, #3266)
    • MiniSSL.java - set serialVersionUID, fix RaiseException deprecation (#3270)
    • dsl.rb - fix warn_if_in_single_mode when WEB_CONCURRENCY is set (#3265, #3264)
  • Maintenance

    • LOTS of test refactoring to make tests more stable and easier to write - thanks to @​MSP-Greg!
    • Fix bug in tests re: TestPuma::HOST4 (#3254)
    • Dockerfile for minimal repros: use Ruby 3.2, expect bundler installed (#3245)
    • fix define_method calls, use Symbol parameter instead of String (#3293)
  • Docs

    • README.md - add the puma-acme plugin (#3301)
    • Remove --keep-file-descriptors flag from systemd docs (#3248)
    • Note symlink mechanism in restart documentation for hot restart (#3298)

6.4.0 - The Eagle of Durango

image

America is #1 in professional cycling, baby!

  • Features

    • on_thread_exit hook (#2920)
    • on_thread_start_hook (#3195)
    • Shutdown on idle (#3209, #2580)
    • New error message when control server port taken (#3204)
  • Refactor

    • Remove Forwardable dependency (#3191, #3190)
    • Update URLMap Regexp usage for Ruby v3.3 (#3165)
  • Bugfixes

    • Bring the cert_pem: parameter into parity with the cert: parameter to ssl_bind. (#3174)
    • Fix using control server with IPv6 host (#3181)
    • control_cli.rb - add require_relative 'log_writer' (#3187)
    • Fix cases where fallback Rack response wasn't sent to the client (#3094)

6.3.1

  • Security
    • Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields (GHSA-68xg-gqqm-vgj8)

6.3.0 - Mugi No Toki Itaru

... (truncated)

Changelog

Sourced from puma's changelog.

6.4.2 / 2024-01-08

  • Security
    • Limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. (GHSA-c2f4-cvqm-65w2)

6.4.1 / 2024-01-03

  • Bugfixes

    • DSL#warn_if_in_single_mode - fixup when workers set via CLI (#3256)
    • Fix idle-timeout not working in cluster mode (#3235, #3228, #3282, #3283)
    • Fix worker 0 timing out during phased restart (#3225, #2786)
    • context_builder.rb - require openssl if verify_mode != 'none' (#3179)
    • Make puma cluster process suitable as PID 1 (#3255)
    • Improve Puma::NullIO consistency with real IO (#3276)
    • extconf.rb - fixup to detect openssl info in Ruby build (#3271, #3266)
    • MiniSSL.java - set serialVersionUID, fix RaiseException deprecation (#3270)
    • dsl.rb - fix warn_if_in_single_mode when WEB_CONCURRENCY is set (#3265, #3264)
  • Maintenance

    • LOTS of test refactoring to make tests more stable and easier to write - thanks to @​MSP-Greg!
    • Fix bug in tests re: TestPuma::HOST4 (#3254)
    • Dockerfile for minimal repros: use Ruby 3.2, expect bundler installed (#3245)
    • fix define_method calls, use Symbol parameter instead of String (#3293)
  • Docs

    • README.md - add the puma-acme plugin (#3301)
    • Remove --keep-file-descriptors flag from systemd docs (#3248)
    • Note symlink mechanism in restart documentation for hot restart (#3298)

6.4.0 / 2023-09-21

  • Features

    • on_thread_exit hook (#2920)
    • on_thread_start_hook (#3195)
    • Shutdown on idle (#3209, #2580)
    • New error message when control server port taken (#3204)
  • Refactor

    • Remove Forwardable dependency (#3191, #3190)
    • Update URLMap Regexp usage for Ruby v3.3 (#3165)
  • Bugfixes

    • Bring the cert_pem: parameter into parity with the cert: parameter to ssl_bind. (#3174)
    • Fix using control server with IPv6 host (#3181)
    • control_cli.rb - add require_relative 'log_writer' (#3187)
    • Fix cases where fallback Rack response wasn't sent to the client (#3094)

6.3.1 / 2023-08-18

  • Security

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 4 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.