Bump passenger from 3.0.5 to 5.1.0

[dependabot]

Bumps passenger from 3.0.5 to 5.1.0.

Changelog

Sourced from passenger's changelog.

Release 5.1.0

• Upgrades union_station_hooks_core to version 2.1.2.
• [Enterprise] When running a Rails app in multithreaded mode, Passenger Enterprise automatically tags Rails logs with the current thread number. This makes it possible to distinguish logs generated by different threads.
• Fixes permissions issue on Linux when setting OOM score after lowering privileges. Closes GH-1858.
• [Standalone] Allows raw json envvars in Passengerfile.json. Closes GH-1837.
• [Standalone] Make the max_requests option available on the command line as well.
• Fixes unaligned memory access in base64 decoder on platforms that have strict aliasing requirements (non x86/x86_64). Closes GH-1646.
• Introduces daily Passenger security update check to warn (error log) if there are newer Passenger versions with important security fixes (describing what was discovered, what is affected, which version has the fix).
• Fixes compilation on Linux when a non-glibc C library is in use. Closes GH-1870.
• passenger-install-nginx-module and the standalone compiler now add the http v2, realip and addition module flags for Nginx (just like the APT/RPM/autobuilder already had). Closes GH-1788.
• [Apache] Fixes PassengerShowVersionInHeader option. Thanks to Sebastian Welther for contributing this.
• Passenger now reports when you try to use Node.js or Meteor clustering, and tries to continue with just a nonfunctional shim in place, so that if your code uses the clustering APIs your app may still work.
• Updates libev config.sub and config.guess to support newer platforms such as the IBM power 8.
• Fixes an issue where passenger-config couldn't restart an app if the TMPDIR variable was set to /tmp
• passenger-install-apache-module now suggests the correct apache package on Ubuntu Xenial. Closes GH-1884.
• [Standalone] The TempDirToucher will now spend most of its time with reduced privileges, except when it's actively touching files. This allows it to be killed when Passenger is quit in most circumstances. Closes GH-1678.
• Fixes a file overwrite vulnerability (CVE-2016-10345) caused by a predictable temporary file being written by passenger-install-nginx-module. Thanks to Jeremy Evans for reporting this.
• [Standalone] Fixes starting Passenger as a non-extant user. Closes GH-1849.
• Improved look of the error pages for failing to spawn an application (development & production mode), and Error ID is now also shown in production mode.
• [Standalone] Enable ipv6 support by default in builtin nginx. Closes GH-1873.
• [Nginx] Updates to APT package builder (Debian & Ubuntu) with fix for www-data to root privilege escalation via log file handling (CVE-2016-1247/USN-3114-1).
• [Nginx] Updates to RPM package builder (CentOS & RHEL) with fix for 1.10.x system nginx package overriding the nginx from the Passenger repo. Closes GH-1895.
• [Nginx] The preferred Nginx version is now 1.10.2 (previously 1.10.1).
• RPM pkg builder fix for breaking SELinux change in RHEL 7.3.
• RPM pkg builder fix for RHEL6/CentOS6 incompatibility and replacement in Passenger.
• Adds Ubuntu 16.10 "Yakkety" packages.

Release 5.0.30

• Changes mbuf block size from 512 to 4096 bytes to better fit modern requests and significantly speed up disk buffering.
• [Nginx] Fixes PCRE checksum after the preferred version update in 5.0.29 (contributed by: clemensg).
• [Apache] Fixes buffer limit crash on large file upload (when core disk buffer can't keep up with client for some time), and limits per-client buffer memory usage to 130 KB. Closes GH-1620.
• Fixes potential hang when an UnseekableSocket gets serialized to json. Closes GH-1838.

Release 5.0.29

• Fixes the FreeBSD build breaking due to the -ldl flag introduced by the LVE integration patch (5.0.28). Closes GH-1805.
• Fixes per-application interpreter override (ruby, node, python) being ignored in mass deployment mode. Closes GH-1818.
• Fixes incomplete refactor from 5.0.27 that could, under specific conditions, lead to a Passenger crash. Closes GH-1794.
• [Apache] Remove unused code that caused a crash in configurations with thousands of VirtualHost entries. Closes GH-1676.
• [Nginx] Fixes use of invalid logfile name (memory already released) in backup log redirection code. Possibly related to GH-1774.
• [Nginx] The preferred Nginx version is now 1.10.1 (previously 1.10.0).
• [Nginx] The preferred PCRE version is now 8.39 (previously 8.34).
• [Standalone] Passenger Standalone now supports /dev/stdout and /dev/stderr as log file path (via --log-file or Passengerfile.json). This is especially useful in Docker containers. In previous versions logging to those paths did not work, resulting in nothing getting logged at all.

... (truncated)

Commits

• 3a7eb6f Fix Homebrew packaging
• 1f8d5c3 Update passenger_rpm_automation
• a75cbd7 Update passenger_rpm_automation
• d505220 Properly put SELinux code inside ifdefs
• 258c238 Update passenger_rpm_automation
• 0cc5894 Set the SELinux context for various files programatically
• 7eb0f6c Use PEM encoded certificate on non-macOS systems.
• 36d45a1 RPM pkg builder fix for breaking SELinux change in RHEL 7.3 take 2.
• 942d942 Decision to drop 1.8.7 test altogether (remains in jenkins / Enterprise)
• e5b4b08 Fix writing a tmp file with a predictable name in
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #79.