Bump passenger from 6.0.4 to 6.0.5

[dependabot-preview]

Bumps passenger from 6.0.4 to 6.0.5.

Release notes

Sourced from passenger's releases.

Release 6.0.5

• [Enterprise] Fixed a regression (introduced in 5.0.0) where Flying Passenger could not update the Passenger configuration. Closes GH-1554.
• Adds Ubuntu 20.04 "Focal" packages, and removes Ubuntu 19.04 "Disco" packages.
• Adds RHEL / CentOS 8 packages.
• [Nginx] Converts CentOS 7 packages to provide a dynamic module instead of a full Nginx install.
• Fixes the encoding name for xml output from the passenger-status --show=xml command. Closes GH-2248.
• Adds the 'etc' gem as an explicit dependency. Closes GH-2124.
• Adds a user agent to the passenger pre-spawn script. Closes GH-1534.
• Fixes a compilation issue on FreeBSD. Closes GH-2240.
• Fixes an issue where rack bodies may not be processed correctly.
• Improves the database reconnection speed in forked processes. closes GH-2253.
• [Nginx] Adds a config option passenger_temp_path to set the path used for the disk backed response cache. Re-Closes GH-2075.
• [Apache] Protects the path info and script name passed to the app from modifications done by mod_security. Closes GH-2198.
• Ensures baseuri is set per request, even if config is loaded from cache. Closes GH-2117.
• Make temp dir toucher cleanup code more resilient to permissions issues.
• [Nginx] Bumps the preferred Nginx version to 1.18.0 (previously 1.17.3).
• [Nginx] The preferred PCRE version is now 8.44 (previously 8.43).
• Removed deprecated rubyforge gemspec property. Contributed by @olleolleolle.
• Adds an option for specifying the attributes on the sticky session cookie:

• Apache: PassengerStickySessionsCookieAttributes "SameSite=Lax; Secure;"
• Nginx: passenger_sticky_sessions_cookie_attributes "SameSite=Lax; Secure;"
• Standalone: --sticky-sessions-cookie-attributes "SameSite=Lax; Secure;"

• Updated various library versions used in precompiled binaries (used for e.g. gem installs):

  • ccache 3.7.9 (was 3.7.3)
  • Curl 7.69.1 (was 7.66.0)
  • Git 2.26.2 (was 2.23.0)
  • GnuPG 2.2.20 (was 2.2.17)
  • libgpg_error 1.37 (was 1.36)
  • OpenSSL 1.0.2u (was 1.0.2t)
  • PCRE 8.44 (was 8.43)
  • s3cmd 2.1.0 (was 2.0.2)
  • RubyGems 3.0.8 (was 3.0.6)
  • Rubies:
    • 2.4.6 -> 2.4.10
    • 2.5.5 -> 2.5.8
    • 2.6.3 -> 2.6.6
    • 2.7.1

Changelog

Sourced from passenger's changelog.

Release 6.0.5

• [Enterprise] Fixed a regression (introduced in 5.0.0) where Flying Passenger could not update the Passenger configuration. Closes GH-1554.
• Adds Ubuntu 20.04 "Focal" packages, and removes Ubuntu 19.04 "Disco" packages.
• Adds RHEL / CentOS 8 packages.
• [Nginx] Converts CentOS 7 packages to provide a dynamic module instead of a full Nginx install.
• Fixes the encoding name for xml output from the passenger-status --show=xml command. Closes GH-2248.
• Adds the 'etc' gem as an explicit dependency. Closes GH-2124.
• Adds a user agent to the passenger pre-spawn script. Closes GH-1534.
• Fixes a compilation issue on FreeBSD. Closes GH-2240.
• Fixes an issue where rack bodies may not be processed correctly.
• Improves the database reconnection speed in forked processes. closes GH-2253.
• [Nginx] Adds a config option passenger_temp_path to set the path used for the disk backed response cache. Re-Closes GH-2075.
• [Apache] Protects the path info and script name passed to the app from modifications done by mod_security. Closes GH-2198.
• Ensures baseuri is set per request, even if config is loaded from cache. Closes GH-2117.
• Make temp dir toucher cleanup code more resilient to permissions issues.
• [Nginx] Bumps the preferred Nginx version to 1.18.0 (previously 1.17.3).
• [Nginx] The preferred PCRE version is now 8.44 (previously 8.43).
• Removed deprecated rubyforge gemspec property. Contributed by @olleolleolle.
• Adds an option for specifying the attributes on the sticky session cookie:

• Apache: PassengerStickySessionsCookieAttributes "SameSite=Lax; Secure;"
• Nginx: passenger_sticky_sessions_cookie_attributes "SameSite=Lax; Secure;"
• Standalone: --sticky-sessions-cookie-attributes "SameSite=Lax; Secure;"

• Updated various library versions used in precompiled binaries (used for e.g. gem installs):

  • ccache 3.7.9 (was 3.7.3)
  • Curl 7.69.1 (was 7.66.0)
  • Git 2.26.2 (was 2.23.0)
  • GnuPG 2.2.20 (was 2.2.17)
  • libgpg_error 1.37 (was 1.36)
  • OpenSSL 1.0.2u (was 1.0.2t)
  • PCRE 8.44 (was 8.43)
  • s3cmd 2.1.0 (was 2.0.2)
  • RubyGems 3.0.8 (was 3.0.6)
  • Rubies:
    • 2.4.6 -> 2.4.10
    • 2.5.5 -> 2.5.8
    • 2.6.3 -> 2.6.6
    • 2.7.1

Commits

• 90a4634 edit changelog for release
• 3b98a8d bump homebrew package rev
• e77760d put rack shim for bodyproxy::each back in, we rely on it
• 737cb7b sticky cookie attributes
• def11d2 address deprecated delegation syntax
• 3790eec reconnect active record db like the docs say.
• 502906d handle rack returning a BodyProxy object
• 8a2a786 Credit and changelog for gemspec’s rubyforge property removal
• 3ad5137 Gemspec: Drop EOL'd property rubyforge_project (#2214)
• 1402a2b passenger_apt_automation and passenger_rpm_automation: fix publishing packages
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

• Update frequency
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[codecov]

Codecov Report

Merging #7985 into master will decrease coverage by 3.73%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #7985      +/-   ##
==========================================
- Coverage   82.04%   78.30%   -3.74%     
==========================================
  Files          97       97              
  Lines        5643     5643              
==========================================
- Hits         4630     4419     -211     
- Misses       1013     1224     +211     

Impacted Files	Coverage Δ
app/mailers/subscription_mailer.rb	49.01% <0.00%> (-45.10%)	⬇️
app/models/concerns/node_shared.rb	59.70% <0.00%> (-30.59%)	⬇️
app/mailers/admin_mailer.rb	69.56% <0.00%> (-30.44%)	⬇️
app/models/answer.rb	73.68% <0.00%> (-26.32%)	⬇️
app/mailers/comment_mailer.rb	74.28% <0.00%> (-25.72%)	⬇️
app/models/concerns/statistics.rb	88.52% <0.00%> (-8.20%)	⬇️
app/models/tag.rb	90.04% <0.00%> (-7.47%)	⬇️
app/models/node.rb	84.51% <0.00%> (-6.56%)	⬇️
app/models/answer_selection.rb	31.25% <0.00%> (-6.25%)	⬇️
app/models/comment.rb	72.06% <0.00%> (-4.83%)	⬇️
... and 4 more