[Security] Bump oauth from 0.4.7 to 0.5.6

[dependabot-preview]

Bumps oauth from 0.4.7 to 0.5.6. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Improper Certificate Validation in oauth ruby gem lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.

Affected versions: < 0.5.5

Release notes

Sourced from oauth's releases.

Version 0.5.5

Fixed security issue and cleaned up codebase.

v0.5.4

Version 0.5.4

Changelog

Sourced from oauth's changelog.

=== 0.5.6 2021-04-02

• Add metadata to Gemspec file
• Change default timeout to be the same as Net::HTTP default, 60 seconds instead of 30 seconds.
• Add support for PUT requests with Action Controller (#181)

=== 0.5.5 2020-01-19

• Allow redirect to different host but same path
• Add :allow_empty_params option (#155)
• Fixes ssl-noverify
• Various cleanups

=== 0.5.4 2017-12-08

• Fixes UnknownRequestType on Rails 5.1 for ActionDispatch::Request (xprazak2)
• Various cleanups (charliesome)

=== 0.5.3 2017-05-24

• Removing legacy scripts (James Pinto)
• Fix #145 - broken CLI required loading active_support (James Pinto)

=== 0.5.2 2017-05-17

• Adding a development dependency that had not been mentioned (James Pinto)
• Use assert_nil so as to silence a Minitest 6 deprecation warning (James Pinto)
• Stop bundling tests files in the gem (Michal Papis)
• Minor cleanup on tests (James Pinto)
• TravisCI no longer needs libcurl-dev (James Pinto)
• Nokogiri 1.7 does not accept Ruby 2.0 (James Pinto)
• Upgrading to CodeClimate 1.0 (James Pinto)
• Adding support to Ruby 2.4 and head (James Pinto)
• Locking gemspec to Rails 4 so as to allow our next version for Rails 5 (James Pinto)
• Fix #113 adding paths when a full URL has been specified (James Pinto)
• moving development dependency to gemspec (James Pinto)
• Silencing 'Net::HTTPResponse#header is obsolete' (James Pinto)
• Silencing some test warnings (James Pinto)
• Silencing 'loading in progress, circular require considered harmful' (James Pinto)
• Silence 'URI.escape obsolete' (James Pinto)
• Refactored CLI (James Pinto)
• Bug Fix, webmock 2.0 has introduced a new bug (James Pinto)
• Moving test files into test/units/ (James Pinto)
• Adding CodeClimate (James Pinto)
• Reimplementing #82 - Debug Output Option (James Pinto)
• Making a test/support dir (James Pinto)
• Fix #177 - Adjusting to webmock latest recommended implementation for minitest (James Pinto)
• Adding support to Ruby 2.4 and head (James Pinto)
• Upgrading to CodeClimate 1.0 (James Pinto)
• Nokogiri 1.7 does not accept Ruby 2.0 (James Pinto)

... (truncated)

Commits

• 56a189b Update HISTORY and bump version to v0.5.6.
• b5a68c0 Update HISTORY for PUT request feature.
• 243cf06 Merge pull request #181 from rvowles/put-me-pull-you
• 210dd68 Action Controller support for PUT requests
• 8aa97d0 Add OAuth::Signature::HMAC::SHA256 and associated tests
• cd4cab0 Travis - Updating readme link
• d4c7172 Adding explicit support for Ruby 2.5 and 2.6
• 720fcb7 Update HISTORY
• 4f3e717 Merge pull request #172 from ShockwaveNN/feature/gem-metadata
• 59be6bc Merge pull request #163 from smaeda-ks/smaeda-ks/increase-default-timeout
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)