<p>Bumps <a href="https://github.com/puma/puma">puma</a> from 3.12.1 to 3.12.2.</p>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/puma/puma/blob/master/History.md">puma's changelog</a>.</em></p>
<blockquote>
<h2>4.3.1 and 3.12.2 / 2019-12-05</h2>
<ul>
<li>Security
<ul>
<li>Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. <a title="CVE-2019-16770" data-hovercard-type="advisory" data-hovercard-url="/advisories/GHSA-7xx3-m584-x994/hovercard" href="https://github.com/advisories/GHSA-7xx3-m584-x994">CVE-2019-16770</a>.</li>
</ul>
</li>
</ul>
<h2>4.3.0 / 2019-11-07</h2>
<ul>
<li>
<p>Features</p>
<ul>
<li>Strip whitespace at end of HTTP headers (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2010" rel="nofollow">#2010</a>)</li>
<li>Optimize HTTP parser for JRuby (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2012" rel="nofollow">#2012</a>)</li>
<li>Add SSL support for the control app and cli (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2046" rel="nofollow">#2046</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2052" rel="nofollow">#2052</a>)</li>
</ul>
</li>
<li>
<p>Bugfixes</p>
<ul>
<li>Fix Errno::EINVAL when SSL is enabled and browser rejects cert (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1564" rel="nofollow">#1564</a>)</li>
<li>Fix pumactl defaulting puma to development if an environment was not specified (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2035" rel="nofollow">#2035</a>)</li>
<li>Fix closing file stream when reading pid from pidfile (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2048" rel="nofollow">#2048</a>)</li>
<li>Fix a typo in configuration option <code>--extra_runtime_dependencies</code> (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2050" rel="nofollow">#2050</a>)</li>
</ul>
</li>
</ul>
<h2>4.2.1 / 2019-10-07</h2>
<ul>
<li>3 bugfixes
<ul>
<li>Fix socket activation of systemd (pre-existing) unix binder files (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1842" rel="nofollow">#1842</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/1988" rel="nofollow">#1988</a>)</li>
<li>Deal with multiple calls to bind correctly (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1986" rel="nofollow">#1986</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/1994" rel="nofollow">#1994</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2006" rel="nofollow">#2006</a>)</li>
<li>Accepts symbols for <code>verify_mode</code> (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1222" rel="nofollow">#1222</a>)</li>
</ul>
</li>
</ul>
<h2>4.2.0 / 2019-09-23</h2>
<ul>
<li>6 features
<ul>
<li>Pumactl has a new -e environment option and reads <code>config/puma/<environment>.rb</code> config files (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1885" rel="nofollow">#1885</a>)</li>
<li>Semicolons are now allowed in URL paths (MRI only), useful for Angular or Redmine (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1934" rel="nofollow">#1934</a>)</li>
<li>Allow extra dependencies to be defined when using prune_bundler (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1105" rel="nofollow">#1105</a>)</li>
<li>Puma now reports the correct port when binding to port 0, also reports other listeners when binding to localhost (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1786" rel="nofollow">#1786</a>)</li>
<li>Sending SIGINFO to any Puma worker now prints currently active threads and their backtraces (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1320" rel="nofollow">#1320</a>)</li>
<li>Puma threads all now have their name set on Ruby 2.3+ (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1968" rel="nofollow">#1968</a>)</li>
</ul>
</li>
<li>4 bugfixes
<ul>
<li>Fix some misbehavior with phased restart and externally SIGTERMed workers (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1908" rel="nofollow">#1908</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/1952" rel="nofollow">#1952</a>)</li>
<li>Fix socket closing on error (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1941" rel="nofollow">#1941</a>)</li>
<li>Removed unnecessary SIGINT trap for JRuby that caused some race conditions (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1961" rel="nofollow">#1961</a>)</li>
<li>Fix socket files being left around after process stopped (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1970" rel="nofollow">#1970</a>)</li>
</ul>
</li>
<li>Absolutely thousands of lines of test improvements and fixes thanks to <a href="https://github.com/MSP-Greg">@MSP-Greg</a></li>
</ul>
<h2>4.1.1 / 2019-09-05</h2>
<ul>
<li>3 bugfixes
<ul>
<li>Revert our attempt to not dup STDOUT/STDERR (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1946" rel="nofollow">#1946</a>)</li>
<li>Fix socket close on error (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1941" rel="nofollow">#1941</a>)</li>
<li>Fix workers not shutting down correctly (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1908" rel="nofollow">#1908</a>)</li>
</ul>
</li>
</ul>
<h2>4.1.0 / 2019-08-08</h2>
... (truncated)
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/puma/puma/commit/bb29fc7fe8f822d0f72706a1ae86e49af3476777"><code>bb29fc7</code></a> 3.12.2</li>
<li><a href="https://github.com/puma/puma/commit/058df12b78e7d1ec661c3b8777f26a736c26675b"><code>058df12</code></a> 4.3.1 and 4.2.1 release notes</li>
<li><a href="https://github.com/puma/puma/commit/06053e60908074bb38293d4449ea261cb009b53e"><code>06053e6</code></a> Merge pull request from <a title="GHSA-7xx3-m584-x994" href="https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994">GHSA-7xx3-m584-x994</a></li>
<li><a href="https://github.com/puma/puma/commit/461c9e99783e5f69e632acedae83be55017d5fe4"><code>461c9e9</code></a> Docs files</li>
<li><a href="https://github.com/puma/puma/commit/7e2c88d4131a1a70f551287e49b8f527d29d0469"><code>7e2c88d</code></a> v3.12.1</li>
<li><a href="https://github.com/puma/puma/commit/36964ec42982d7b3205760bc2bf9ccf3fec8af69"><code>36964ec</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/puma/puma/issues/1700" rel="nofollow">#1700</a> from schneems/schneems/fix-puma-rack-handler-config</li>
<li>See full diff in <a href="https://github.com/puma/puma/compare/v3.12.1...v3.12.2">compare view</a></li>
</ul>
</details>
<br>
<p><a href="https://help.github.com/articles/configuring-automated-security-fixes"><img src="https://camo.githubusercontent.com/bb681de3b112991baa442f2847b37195f685fc79/68747470733a2f2f646570656e6461626f742d6261646765732e6769746875626170702e636f6d2f6261646765732f636f6d7061746962696c6974795f73636f72653f646570656e64656e63792d6e616d653d70756d61267061636b6167652d6d616e616765723d62756e646c65722670726576696f75732d76657273696f6e3d332e31322e31266e65772d76657273696f6e3d332e31322e32" alt="Dependabot compatibility score" data-canonical-src="https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=puma&package-manager=bundler&previous-version=3.12.1&new-version=3.12.2" style="max-width:100%;"></a></p>
<p>Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting <code>@dependabot rebase</code>.</p>
<hr>
<details>
<summary>Dependabot commands and options</summary>
<br>
<p>You can trigger Dependabot actions by commenting on this PR:</p>
<ul>
<li><code>@dependabot rebase</code> will rebase this PR</li>
<li><code>@dependabot recreate</code> will recreate this PR, overwriting any edits that have been made to it</li>
<li><code>@dependabot merge</code> will merge this PR after your CI passes on it</li>
<li><code>@dependabot squash and merge</code> will squash and merge this PR after your CI passes on it</li>
<li><code>@dependabot cancel merge</code> will cancel a previously requested merge and block automerging</li>
<li><code>@dependabot reopen</code> will reopen this PR if it is closed</li>
<li><code>@dependabot ignore this [patch|minor|major] version</code> will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)</li>
<li><code>@dependabot ignore this dependency</code> will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)</li>
<li><code>@dependabot use these labels</code> will set the current labels as the default for future PRs for this repo and language</li>
<li><code>@dependabot use these reviewers</code> will set the current reviewers as the default for future PRs for this repo and language</li>
<li><code>@dependabot use these assignees</code> will set the current assignees as the default for future PRs for this repo and language</li>
<li><code>@dependabot use this milestone</code> will set the current milestone as the default for future PRs for this repo and language</li>
</ul>
<p>You can disable automated security fix PRs for this repo from the <a href="https://github.com/openstreetmap/openstreetmap-website/network/alerts">Security Alerts page</a>.</p>
</details>
<hr>
<h4>You can view, comment on, or merge this pull request online at:</h4>
<p> <a href='https://github.com/openstreetmap/openstreetmap-website/pull/2454'>https://github.com/openstreetmap/openstreetmap-website/pull/2454</a></p>
<h4>Commit Summary</h4>
<ul>
<li>Bump puma from 3.12.1 to 3.12.2</li>
</ul>
<h4>File Changes</h4>
<ul>
<li>
<strong>M</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/2454/files#diff-0">Gemfile</a>
(2)
</li>
<li>
<strong>M</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/2454/files#diff-1">Gemfile.lock</a>
(4)
</li>
</ul>
<h4>Patch Links:</h4>
<ul>
<li><a href='https://github.com/openstreetmap/openstreetmap-website/pull/2454.patch'>https://github.com/openstreetmap/openstreetmap-website/pull/2454.patch</a></li>
<li><a href='https://github.com/openstreetmap/openstreetmap-website/pull/2454.diff'>https://github.com/openstreetmap/openstreetmap-website/pull/2454.diff</a></li>
</ul>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2454?email_source=notifications&email_token=AAK2OLPUEPAXWN6SGPMA3FLQXGYFPA5CNFSM4JWIBA7KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4H6PVLWA">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLOHN74QDGUN4P5LDG3QXGYFPANCNFSM4JWIBA7A">unsubscribe</a>.<img src="https://github.com/notifications/beacon/AAK2OLNBHLJ2YSNH327F7ALQXGYFPA5CNFSM4JWIBA7KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4H6PVLWA.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/2454?email_source=notifications\u0026email_token=AAK2OLPUEPAXWN6SGPMA3FLQXGYFPA5CNFSM4JWIBA7KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4H6PVLWA",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/2454?email_source=notifications\u0026email_token=AAK2OLPUEPAXWN6SGPMA3FLQXGYFPA5CNFSM4JWIBA7KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4H6PVLWA",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>