[openstreetmap/openstreetmap-website] Bump puma from 4.3.6 to 5.0.0 (#2843)

dependabot[bot] notifications at github.com
Fri Sep 18 05:01:42 UTC 2020 

Bumps [puma](https://github.com/puma/puma) from 4.3.6 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/puma/puma/releases">puma's releases</a>.</em></p>
<blockquote>
<h2>5.0 - Spoony Bard</h2>
<h2>5.0.0</h2>
<p><img src="https://user-images.githubusercontent.com/845662/93504076-3428cb80-f8d6-11ea-8026-619316b89165.jpg" alt="Spoony_Bard" /></p>
<ul>
<li>
<p>Features</p>
<ul>
<li>Allow compiling without OpenSSL and dynamically load files needed for SSL, add 'no ssl' CI (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2305">#2305</a>)</li>
<li>EXPERIMENTAL: Add <code>fork_worker</code> option and <code>refork</code> command for reduced memory usage by forking from a worker process instead of the master process. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2099">#2099</a>)</li>
<li>EXPERIMENTAL: Added <code>wait_for_less_busy_worker</code> config. This may reduce latency on MRI through inserting a small delay before re-listening on the socket if worker is busy (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2079">#2079</a>).</li>
<li>EXPERIMENTAL: Added <code>nakayoshi_fork</code> option. Reduce memory usage in preloaded cluster-mode apps by GCing before fork and compacting, where available. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2093">#2093</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2256">#2256</a>)</li>
<li>Added pumactl <code>thread-backtraces</code> command to print thread backtraces (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2054">#2054</a>)</li>
<li>Added incrementing <code>requests_count</code> to <code>Puma.stats</code>. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2106">#2106</a>)</li>
<li>Increased maximum URI path length from 2048 to 8192 bytes (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2167">#2167</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2344">#2344</a>)</li>
<li><code>lowlevel_error_handler</code> is now called during a forced threadpool shutdown, and if a callable with 3 arguments is set, we now also pass the status code (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2203">#2203</a>)</li>
<li>Faster phased restart and worker timeout (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2220">#2220</a>)</li>
<li>Added <code>state_permission</code> to config DSL to set state file permissions (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2238">#2238</a>)</li>
<li>Added <code>Puma.stats_hash</code>, which returns a stats in Hash instead of a JSON string (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2086">#2086</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2253">#2253</a>)</li>
<li><code>rack.multithread</code> and <code>rack.multiprocess</code> now dynamically resolved by <code>max_thread</code> and <code>workers</code> respectively (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2288">#2288</a>)</li>
</ul>
</li>
<li>
<p>Deprecations, Removals and Breaking API Changes</p>
<ul>
<li><code>--control</code> has been removed. Use <code>--control-url</code> (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1487">#1487</a>)</li>
<li><code>worker_directory</code> has been removed. Use <code>directory</code>.</li>
<li>min_threads now set by environment variables PUMA_MIN_THREADS and MIN_THREADS. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2143">#2143</a>)</li>
<li>max_threads now set by environment variables PUMA_MAX_THREADS and MAX_THREADS. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2143">#2143</a>)</li>
<li>max_threads default to 5 in MRI or 16 for all other interpreters. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2143">#2143</a>)</li>
<li>preload by default if workers &gt; 1 (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2143">#2143</a>)</li>
<li>Puma::Plugin.workers_supported? has been removed. Use Puma.forkable? instead. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2143">#2143</a>)</li>
<li><code>tcp_mode</code> has been removed without replacement. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2169">#2169</a>)</li>
<li>Daemonization has been removed without replacement. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2170">#2170</a>)</li>
<li>Changed #connected_port to #connected_ports (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2076">#2076</a>)</li>
<li>Configuration: <code>environment</code> is read from <code>RAILS_ENV</code>, if <code>RACK_ENV</code> can't be found (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2022">#2022</a>)</li>
<li>Log binding on http:// for TCP bindings to make it clickable</li>
</ul>
</li>
<li>
<p>Bugfixes</p>
<ul>
<li>Fix JSON loading issues on phased-restarts (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2269">#2269</a>)</li>
<li>Improve shutdown reliability (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2312">#2312</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2338">#2338</a>)</li>
<li>Close client http connections made to an ssl server with TLSv1.3 (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2116">#2116</a>)</li>
<li>Do not set user_config to quiet by default to allow for file config (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2074">#2074</a>)</li>
<li>Always close SSL connection in Puma::ControlCLI (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2211">#2211</a>)</li>
<li>Windows update extconf.rb for use with ssp and varied Ruby/MSYS2 combinations (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2069">#2069</a>)</li>
<li>Ensure control server Unix socket is closed on shutdown (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2112">#2112</a>)</li>
<li>Preserve <code>BUNDLE_GEMFILE</code> env var when using <code>prune_bundler</code> (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1893">#1893</a>)</li>
<li>Send 408 request timeout even when queue requests is disabled (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2119">#2119</a>)</li>
<li>Rescue IO::WaitReadable instead of EAGAIN for blocking read (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2121">#2121</a>)</li>
<li>Ensure <code>BUNDLE_GEMFILE</code> is unspecified in workers if unspecified in master when using <code>prune_bundler</code> (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2154">#2154</a>)</li>
<li>Rescue and log exceptions in hooks defined by users (on_worker_boot, after_worker_fork etc) (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1551">#1551</a>)</li>
<li>Read directly from the socket in #read_and_drop to avoid raising further SSL errors (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2198">#2198</a>)</li>
<li>Set <code>Connection: closed</code> header when queue requests is disabled (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2216">#2216</a>)</li>
<li>Pass queued requests to thread pool on server shutdown (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2122">#2122</a>)</li>
<li>Fixed a few minor concurrency bugs in ThreadPool that may have affected non-GVL Rubies (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2220">#2220</a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/puma/puma/blob/master/History.md">puma's changelog</a>.</em></p>
<blockquote>
<h2>5.0.0</h2>
<ul>
<li>
<p>Features</p>
<ul>
<li>Allow compiling without OpenSSL and dynamically load files needed for SSL, add 'no ssl' CI (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2305">#2305</a>)</li>
<li>EXPERIMENTAL: Add <code>fork_worker</code> option and <code>refork</code> command for reduced memory usage by forking from a worker process instead of the master process. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2099">#2099</a>)</li>
<li>EXPERIMENTAL: Added <code>wait_for_less_busy_worker</code> config. This may reduce latency on MRI through inserting a small delay before re-listening on the socket if worker is busy (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2079">#2079</a>).</li>
<li>EXPERIMENTAL: Added <code>nakayoshi_fork</code> option. Reduce memory usage in preloaded cluster-mode apps by GCing before fork and compacting, where available. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2093">#2093</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2256">#2256</a>)</li>
<li>Added pumactl <code>thread-backtraces</code> command to print thread backtraces (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2054">#2054</a>)</li>
<li>Added incrementing <code>requests_count</code> to <code>Puma.stats</code>. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2106">#2106</a>)</li>
<li>Increased maximum URI path length from 2048 to 8192 bytes (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2167">#2167</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2344">#2344</a>)</li>
<li><code>lowlevel_error_handler</code> is now called during a forced threadpool shutdown, and if a callable with 3 arguments is set, we now also pass the status code (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2203">#2203</a>)</li>
<li>Faster phased restart and worker timeout (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2220">#2220</a>)</li>
<li>Added <code>state_permission</code> to config DSL to set state file permissions (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2238">#2238</a>)</li>
<li>Added <code>Puma.stats_hash</code>, which returns a stats in Hash instead of a JSON string (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2086">#2086</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2253">#2253</a>)</li>
<li><code>rack.multithread</code> and <code>rack.multiprocess</code> now dynamically resolved by <code>max_thread</code> and <code>workers</code> respectively (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2288">#2288</a>)</li>
</ul>
</li>
<li>
<p>Deprecations, Removals and Breaking API Changes</p>
<ul>
<li><code>--control</code> has been removed. Use <code>--control-url</code> (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1487">#1487</a>)</li>
<li><code>worker_directory</code> has been removed. Use <code>directory</code>.</li>
<li>min_threads now set by environment variables PUMA_MIN_THREADS and MIN_THREADS. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2143">#2143</a>)</li>
<li>max_threads now set by environment variables PUMA_MAX_THREADS and MAX_THREADS. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2143">#2143</a>)</li>
<li>max_threads default to 5 in MRI or 16 for all other interpreters. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2143">#2143</a>)</li>
<li>preload by default if workers &gt; 1 (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2143">#2143</a>)</li>
<li>Puma::Plugin.workers_supported? has been removed. Use Puma.forkable? instead. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2143">#2143</a>)</li>
<li><code>tcp_mode</code> has been removed without replacement. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2169">#2169</a>)</li>
<li>Daemonization has been removed without replacement. (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2170">#2170</a>)</li>
<li>Changed #connected_port to #connected_ports (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2076">#2076</a>)</li>
<li>Configuration: <code>environment</code> is read from <code>RAILS_ENV</code>, if <code>RACK_ENV</code> can't be found (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2022">#2022</a>)</li>
<li>Log binding on http:// for TCP bindings to make it clickable</li>
</ul>
</li>
<li>
<p>Bugfixes</p>
<ul>
<li>Fix JSON loading issues on phased-restarts (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2269">#2269</a>)</li>
<li>Improve shutdown reliability (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2312">#2312</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2338">#2338</a>)</li>
<li>Close client http connections made to an ssl server with TLSv1.3 (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2116">#2116</a>)</li>
<li>Do not set user_config to quiet by default to allow for file config (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2074">#2074</a>)</li>
<li>Always close SSL connection in Puma::ControlCLI (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2211">#2211</a>)</li>
<li>Windows update extconf.rb for use with ssp and varied Ruby/MSYS2 combinations (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2069">#2069</a>)</li>
<li>Ensure control server Unix socket is closed on shutdown (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2112">#2112</a>)</li>
<li>Preserve <code>BUNDLE_GEMFILE</code> env var when using <code>prune_bundler</code> (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1893">#1893</a>)</li>
<li>Send 408 request timeout even when queue requests is disabled (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2119">#2119</a>)</li>
<li>Rescue IO::WaitReadable instead of EAGAIN for blocking read (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2121">#2121</a>)</li>
<li>Ensure <code>BUNDLE_GEMFILE</code> is unspecified in workers if unspecified in master when using <code>prune_bundler</code> (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2154">#2154</a>)</li>
<li>Rescue and log exceptions in hooks defined by users (on_worker_boot, after_worker_fork etc) (<a href="https://github-redirect.dependabot.com/puma/puma/issues/1551">#1551</a>)</li>
<li>Read directly from the socket in #read_and_drop to avoid raising further SSL errors (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2198">#2198</a>)</li>
<li>Set <code>Connection: closed</code> header when queue requests is disabled (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2216">#2216</a>)</li>
<li>Pass queued requests to thread pool on server shutdown (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2122">#2122</a>)</li>
<li>Fixed a few minor concurrency bugs in ThreadPool that may have affected non-GVL Rubies (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2220">#2220</a>)</li>
<li>Fix <code>out_of_band</code> hook never executed if the number of worker threads is &gt; 1 (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2177">#2177</a>)</li>
<li>Fix ThreadPool#shutdown timeout accuracy (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2221">#2221</a>)</li>
<li>Fix <code>UserFileDefaultOptions#fetch</code> to properly use <code>default</code> (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2233">#2233</a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/puma/puma/commit/13e18e8078c800adfc52af687acc1d8de5f3988d"><code>13e18e8</code></a> Puma 5</li>
<li><a href="https://github.com/puma/puma/commit/4be4069d6e7db8a06196c758b9b7cb3c7b42c473"><code>4be4069</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/puma/puma/issues/2370">#2370</a> from MSP-Greg/fix-2368</li>
<li><a href="https://github.com/puma/puma/commit/b895566894d9f75ba3b896d5759bb1c6589244ee"><code>b895566</code></a> Fix my errors in 2368</li>
<li><a href="https://github.com/puma/puma/commit/038a0d9da95a58d128bbbd76ebaacacd184e47e2"><code>038a0d9</code></a> Documentation - add version info, misc fixes [ci skip] (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2368">#2368</a>)</li>
<li><a href="https://github.com/puma/puma/commit/18f1810c9cdec3fac50fc49dc35e8b478d637f32"><code>18f1810</code></a> test/helper.rb -TimeoutEveryTestCase - set non MRI timeouts to 60 sec</li>
<li><a href="https://github.com/puma/puma/commit/0ab0eecb29325670d6e56223c85162aaa4ac5694"><code>0ab0eec</code></a> Leave DISABLE_SSL undocumented</li>
<li><a href="https://github.com/puma/puma/commit/1ebdf11ab1d886e6731dd5930930ce9a7db80079"><code>1ebdf11</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/puma/puma/issues/2305">#2305</a> from MSP-Greg/no-ssl</li>
<li><a href="https://github.com/puma/puma/commit/7b3c08ab6b5c509e0d8cada274d4c98294e500d1"><code>7b3c08a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/puma/puma/issues/2365">#2365</a> from MSP-Greg/test-timeout</li>
<li><a href="https://github.com/puma/puma/commit/5b5698648edcd5a938e992140d8b9c2a0b95008b"><code>5b56986</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/puma/puma/issues/2364">#2364</a> from MSP-Greg/share-cert</li>
<li><a href="https://github.com/puma/puma/commit/fe2c25ba559a5ccebf9426a54102f91156e335a7"><code>fe2c25b</code></a> README.md - add 'SSL Connection Support' section</li>
<li>Additional commits viewable in <a href="https://github.com/puma/puma/compare/v4.3.6...v5.0.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=puma&package-manager=bundler&previous-version=4.3.6&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/2843

-- Commit Summary --

  * Bump puma from 4.3.6 to 5.0.0

-- File Changes --

    M Gemfile (2)
    M Gemfile.lock (6)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/2843.patch
https://github.com/openstreetmap/openstreetmap-website/pull/2843.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2843
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20200917/50216971/attachment-0001.htm>

More information about the rails-dev mailing list