Update puma requirement from ~> 3.0 to ~> 5.4

[dependabot-preview]

Updates the requirements on puma to permit the latest version.

Release notes

Sourced from puma's releases.

5.4.0 - Super Flight

• Features

  • Better/expanded names for threadpool threads (#2657)
  • Allow pkg_config for OpenSSL (#2648, #1412)
  • Add rack_url_scheme to Puma::DSL, allows setting of rack.url_scheme header (#2586, #2569)

• Bugfixes

  • Binder#parse - allow for symlinked unix path, add create_activated_fds debug ENV (#2643, #2638)
  • Fix deprecation warning: minissl.c - Use Random.bytes if available (#2642)
  • Client certificates: set session id context while creating SSLContext (#2633)

• Refactor

  • Replace IO.select with IO#wait_* when checking a single IO (#2666)

Changelog

Sourced from puma's changelog.

5.4.0 / 2021-07-28

• Features

  • Better/expanded names for threadpool threads (#2657)
  • Allow pkg_config for OpenSSL (#2648, #1412)
  • Add rack_url_scheme to Puma::DSL, allows setting of rack.url_scheme header (#2586, #2569)

• Bugfixes

  • Binder#parse - allow for symlinked unix path, add create_activated_fds debug ENV (#2643, #2638)
  • Fix deprecation warning: minissl.c - Use Random.bytes if available (#2642)
  • Client certificates: set session id context while creating SSLContext (#2633)

• Refactor

  • Replace IO.select with IO#wait_* when checking a single IO (#2666)

5.3.2 / 2021-05-21

• Bugfixes
  • Gracefully handle Rack not accepting CLI options (#2630, #2626)
  • Fix sigterm misbehavior (#2629)
  • Improvements to keepalive-connection shedding (#2628)

5.3.1 / 2021-05-11

• Security
  • Close keepalive connections after the maximum number of fast inlined requests (CVE-2021-29509) (#2625)

5.3.0 / 2021-05-07

• Features

  • Add support for Linux's abstract sockets (#2564, #2526)
  • Add debug to worker timeout and startup (#2559, #2528)
  • Print warning when running one-worker cluster (#2565, #2534)
  • Don't close systemd activated socket on pumactl restart (#2563, #2504)

• Bugfixes

  • systemd - fix event firing (#2591, #2572)
  • Immediately unlink temporary files (#2613)
  • Improve parsing of HTTP_HOST header (#2605, #2584)
  • Handle fatal error that has no backtrace (#2607, #2552)
  • Fix timing out requests too early (#2606, #2574)
  • Handle segfault in Ruby 2.6.6 on thread-locals (#2567, #2566)
  • Server#closed_socket? - parameter may be a MiniSSL::Socket (#2596)
  • Define UNPACK_TCP_STATE_FROM_TCP_INFO in the right place (#2588, #2556)
  • request.rb - fix chunked assembly for ascii incompatible encodings, add test (#2585, #2583)

• Performance

  • Reset peerip only if remote_addr_header is set (#2609)
  • Reduce puma_parser struct size (#2590)

... (truncated)

Commits

• f041b02 5.4.0 (#2668)
• 6e4257f Replace IO.select with IO#wait_* when checking a single IO (#2666)
• bda19f8 Reference restart docs from deployment docs (#2664)
• f5750dd preload! -> preload_app! in docs/deployment.md (#2663)
• 7d54416 CONTRIBUTING: update section about changelog (#2660)
• 51105f0 Better names for thread pool threads (#2657)
• 1893628 Fix deadlock issue in thread pool (#2656)
• 8264d20 Binder#parse - allow for symlinked unix path, add create_activated_fds debug ...
• 4ff7d75 extconf.rb - allow pkg_config for OpenSSL (#2648)
• 6a085e6 minissl.c - Use Random.bytes if available (#2642)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)