🚨 [security] Update puma: 3.12.4 → 3.12.6 (patch)

[depfu]

---

🚨 Your version of puma has known security vulnerabilities 🚨

Advisory: CVE-2020-11076
Disclosed: May 22, 2020
URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

HTTP Smuggling via Transfer-Encoding Header in Puma

Impact

By using an invalid transfer-encoding header, an attacker could
smuggle an HTTP response.

Patches

The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

🚨 We recommend to merge and deploy this update as soon as possible! 🚨

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ puma (3.12.4 → 3.12.6) · Repo · Changelog

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)