[openstreetmap/openstreetmap-website] Bump puma from 3.12.1 to 3.12.2 (#2454)

dependabot[bot] notifications at github.com
Fri Dec 6 02:11:35 UTC 2019


Bumps [puma](https://github.com/puma/puma) from 3.12.1 to 3.12.2.
<details>
<summary>Changelog</summary>

*Sourced from [puma's changelog](https://github.com/puma/puma/blob/master/History.md).*

> ## 4.3.1 and 3.12.2 / 2019-12-05
> 
> * Security
>   * Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. CVE-2019-16770.
> 
> ## 4.3.0 / 2019-11-07
> 
> * Features
>   * Strip whitespace at end of HTTP headers ([#2010](https://github-redirect.dependabot.com/puma/puma/issues/2010))
>   * Optimize HTTP parser for JRuby ([#2012](https://github-redirect.dependabot.com/puma/puma/issues/2012))
>   * Add SSL support for the control app and cli ([#2046](https://github-redirect.dependabot.com/puma/puma/issues/2046), [#2052](https://github-redirect.dependabot.com/puma/puma/issues/2052))
> 
> * Bugfixes
>   * Fix Errno::EINVAL when SSL is enabled and browser rejects cert ([#1564](https://github-redirect.dependabot.com/puma/puma/issues/1564))
>   * Fix pumactl defaulting puma to development if an environment was not specified ([#2035](https://github-redirect.dependabot.com/puma/puma/issues/2035))
>   * Fix closing file stream when reading pid from pidfile ([#2048](https://github-redirect.dependabot.com/puma/puma/issues/2048))
>   * Fix a typo in configuration option `--extra_runtime_dependencies` ([#2050](https://github-redirect.dependabot.com/puma/puma/issues/2050))
> 
> ## 4.2.1 / 2019-10-07
> 
> * 3 bugfixes
>   * Fix socket activation of systemd (pre-existing) unix binder files ([#1842](https://github-redirect.dependabot.com/puma/puma/issues/1842), [#1988](https://github-redirect.dependabot.com/puma/puma/issues/1988))
>   * Deal with multiple calls to bind correctly ([#1986](https://github-redirect.dependabot.com/puma/puma/issues/1986), [#1994](https://github-redirect.dependabot.com/puma/puma/issues/1994), [#2006](https://github-redirect.dependabot.com/puma/puma/issues/2006))
>   * Accepts symbols for `verify_mode` ([#1222](https://github-redirect.dependabot.com/puma/puma/issues/1222))
> 
> ## 4.2.0 / 2019-09-23
> 
> * 6 features
>   * Pumactl has a new -e environment option and reads `config/puma/<environment>.rb` config files ([#1885](https://github-redirect.dependabot.com/puma/puma/issues/1885))
>   * Semicolons are now allowed in URL paths (MRI only), useful for Angular or Redmine ([#1934](https://github-redirect.dependabot.com/puma/puma/issues/1934))
>   * Allow extra dependencies to be defined when using prune_bundler ([#1105](https://github-redirect.dependabot.com/puma/puma/issues/1105))
>   * Puma now reports the correct port when binding to port 0, also reports other listeners when binding to localhost ([#1786](https://github-redirect.dependabot.com/puma/puma/issues/1786))
>   * Sending SIGINFO to any Puma worker now prints currently active threads and their backtraces ([#1320](https://github-redirect.dependabot.com/puma/puma/issues/1320))
>   * Puma threads all now have their name set on Ruby 2.3+ ([#1968](https://github-redirect.dependabot.com/puma/puma/issues/1968))
> * 4 bugfixes
>   * Fix some misbehavior with phased restart and externally SIGTERMed workers ([#1908](https://github-redirect.dependabot.com/puma/puma/issues/1908), [#1952](https://github-redirect.dependabot.com/puma/puma/issues/1952))
>   * Fix socket closing on error ([#1941](https://github-redirect.dependabot.com/puma/puma/issues/1941))
>   * Removed unnecessary SIGINT trap for JRuby that caused some race conditions ([#1961](https://github-redirect.dependabot.com/puma/puma/issues/1961))
>   * Fix socket files being left around after process stopped ([#1970](https://github-redirect.dependabot.com/puma/puma/issues/1970))
> * Absolutely thousands of lines of test improvements and fixes thanks to [@&#8203;MSP-Greg](https://github.com/MSP-Greg)
> 
> ## 4.1.1 / 2019-09-05
> 
> * 3 bugfixes
>   * Revert our attempt to not dup STDOUT/STDERR ([#1946](https://github-redirect.dependabot.com/puma/puma/issues/1946))
>   * Fix socket close on error ([#1941](https://github-redirect.dependabot.com/puma/puma/issues/1941))
>   * Fix workers not shutting down correctly ([#1908](https://github-redirect.dependabot.com/puma/puma/issues/1908))
> 
> ## 4.1.0 / 2019-08-08
> 
></tr></table> ... (truncated)
</details>
<details>
<summary>Commits</summary>

- [`bb29fc7`](https://github.com/puma/puma/commit/bb29fc7fe8f822d0f72706a1ae86e49af3476777) 3.12.2
- [`058df12`](https://github.com/puma/puma/commit/058df12b78e7d1ec661c3b8777f26a736c26675b) 4.3.1 and 4.2.1 release notes
- [`06053e6`](https://github.com/puma/puma/commit/06053e60908074bb38293d4449ea261cb009b53e) Merge pull request from GHSA-7xx3-m584-x994
- [`461c9e9`](https://github.com/puma/puma/commit/461c9e99783e5f69e632acedae83be55017d5fe4) Docs files
- [`7e2c88d`](https://github.com/puma/puma/commit/7e2c88d4131a1a70f551287e49b8f527d29d0469) v3.12.1
- [`36964ec`](https://github.com/puma/puma/commit/36964ec42982d7b3205760bc2bf9ccf3fec8af69) Merge pull request [#1700](https://github-redirect.dependabot.com/puma/puma/issues/1700) from schneems/schneems/fix-puma-rack-handler-config
- See full diff in [compare view](https://github.com/puma/puma/compare/v3.12.1...v3.12.2)
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=puma&package-manager=bundler&previous-version=3.12.1&new-version=3.12.2)](https://help.github.com/articles/configuring-automated-security-fixes)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openstreetmap/openstreetmap-website/network/alerts).

</details>
You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/2454

-- Commit Summary --

  * Bump puma from 3.12.1 to 3.12.2

-- File Changes --

    M Gemfile (2)
    M Gemfile.lock (4)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/2454.patch
https://github.com/openstreetmap/openstreetmap-website/pull/2454.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2454
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20191205/6380b0ff/attachment.html>


More information about the rails-dev mailing list