Bump puma from 5.4.0 to 6.0.0 #215

dependabot · 2022-10-14T03:05:49Z

Bumps puma from 5.4.0 to 6.0.0.

Release notes

5.6.5 / 2022-08-23

Bugfixes

NullIO#closed should return false (#2883)

Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)

[jruby] Fix TLS verification hang (#2890, #2729)

extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used (#2885, #2839)

MiniSSL - detect SSL_CTX_set_dh_auto (#2864, #2863)

Fix rack.after_reply exceptions breaking connections (#2861, #2856)

Escape SSL cert and filenames (#2855)

Fail hard if SSL certs or keys are invalid (#2848)

Fail hard if SSL certs or keys cannot be read by user (#2847)

Fix build with Opaque DH in LibreSSL 3.5. (#2838)

Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) (#2817)

Fix Puma::StateFile#load incompatibility (#2810)

5.6.4

Security

Close several HTTP Request Smuggling exploits (CVE-2022-24790)

The 5.6.3 release was a mistake (released the wrong branch), 5.6.4 is correct.

5.6.2 / 2022-02-11

Bugfix/Security

Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to #2809)

5.6.1

Bugfixes

Reverted a commit which appeared to be causing occasional blank header values (see issue #2808) (#2809)

Full Changelog: puma/puma@v5.6.0...v5.6.1

5.6.0 - Birdie's Version

Maintainer @nateberkopec had a daughter, nicknamed Birdie:

5.6.0 / 2022-01-25

Features

Support localhost integration in ssl_bind (#2764, #2708)

Allow backlog parameter to be set with ssl_bind DSL (#2780)

Remove yaml (psych) requirement in StateFile (#2784)

Allow culling of oldest workers, previously was only youngest (#2773, #2794)

Add worker_check_interval configuration option (#2759)

Always send lowlevel_error response to client (#2731, #2341)

Support for cert_pem and key_pem with ssl_bind DSL (#2728)

Bugfixes

... (truncated)

Changelog

Sourced from puma's changelog.

6.0.0 / 2022-10-XX

Breaking Changes

Dropping Ruby 2.2 and 2.3 support (now 2.4+) (#2919)

Remote_addr functionality has changed (#2652, #2653)

No longer supporting Java 1.7 or below (JRuby 9.1 was the last release to support this) (#2849)

Remove nakayoshi GC (#2933, #2925)

wait_for_less_busy_worker is now default on (#2940)

Prefix all environment variables with PUMA_ (#2924, #2853)

Removed some constants (#2957, #2958, #2959, #2960)

The following classes are now part of Puma's private API: Client, Cluster::Worker, Cluster::Worker, HandleRequest. (#2988)

Features

Increase throughput on large (100kb+) response bodies by 3-10x (#2896, #2892)

Increase throughput on file responses (#2923)

Add support for streaming bodies in Rack. (#2740)

Allow OpenSSL session reuse via a 'reuse' ssl_bind method or bind string query parameter (#2845)

Allow run_hooks to pass a hash to blocks for use later (#2917, #2915)

Allow using preload_app! with fork_worker (#2907)

Support request_body_wait metric with higher precision (#2953)

Allow header values to be arrays (Rack 3) (#2936, #2931)

Export Puma/Ruby versions in /stats (#2875)

Allow configuring request uri max length & request path max length (#2840)

Add a couple of public accessors (#2774)

Log entire backtrace when worker start fails (#2891)

[jruby] Enable TLSv1.3 support (#2886)

[jruby] support setting TLS protocols + rename ssl_cipher_list (#2899)

[jruby] Support a truststore option (#2849, #2904, #2884)

Bugfixes

Load the configuration before passing it to the binder (#2897)

Do not raise error raised on HTTP methods we don't recognize or support, like CONNECT (#2932, #1441)

Fixed a memory leak when creating a new SSL listener (#2956)

Refactor

log_writer.rb - add internal_write method (#2888)

[WIP] Refactor: Split out LogWriter from Events (no logic change) (#2798)

Extract prune_bundler code into it's own class. (#2797)

Refactor Launcher#run to increase readability (no logic change) (#2795)

Ruby 3.2 will have native IO#wait_* methods, don't require io/wait (#2903)

Various internal API refactorings (#2942, #2921, #2922, #2955)

5.6.5 / 2022-08-23

Feature

Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)

Bugfixes

NullIO#closed should return false (#2883)

[jruby] Fix TLS verification hang (#2890, #2729)

... (truncated)

Commits

32d9997 6.0.0 (#2918)
8159aa4 Use :nodoc: to limit public API (#2988)
2719585 Rework low level error tests (#2980)
ebeb8b4 require securerandom for all tests (#2982)
dd2fb5a CONTRIBUTING: spell out how to change ulimit (#2983)
5d5bcb1 [CI] test files - use unlink in ensure when appropriate (#2984)
838c136 [CI] misc updates to test files (#2979)
9770678 [CI] PR #2976 - Fix RuboCop mistake - test/test_integration_cluster.rb (#2978)
fa65cf7 103 RuboCop fixes (#2976)
673a9e7 [CI] fixup test_plugin.rb, change IO.select to IO#wait_* (#2975)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [puma](https://github.com/puma/puma) from 5.4.0 to 6.0.0. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](puma/puma@v5.4.0...v6.0.0) --- updated-dependencies: - dependency-name: puma dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2022-12-21T03:03:04Z

Superseded by #225.

dependabot bot added the dependencies Pull requests that update a dependency file label Oct 14, 2022

dependabot bot mentioned this pull request Oct 14, 2022

Bump puma from 5.4.0 to 5.6.5 #210

Closed

dependabot bot closed this Dec 21, 2022

dependabot bot deleted the dependabot/bundler/puma-6.0.0 branch December 21, 2022 03:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump puma from 5.4.0 to 6.0.0 #215

Bump puma from 5.4.0 to 6.0.0 #215

Uh oh!

dependabot bot commented on behalf of github Oct 14, 2022

Uh oh!

dependabot bot commented on behalf of github Dec 21, 2022

Uh oh!

Uh oh!

Bump puma from 5.4.0 to 6.0.0 #215

Bump puma from 5.4.0 to 6.0.0 #215

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 14, 2022

5.6.5 / 2022-08-23

5.6.4

5.6.2 / 2022-02-11

5.6.1

5.6.0 - Birdie's Version

5.6.0 / 2022-01-25

6.0.0 / 2022-10-XX

5.6.5 / 2022-08-23

Uh oh!

dependabot bot commented on behalf of github Dec 21, 2022

Uh oh!

Uh oh!