[Security] Upgrade: Bump oauth from 0.5.4 to 0.5.6

[dependabot-preview[bot]]

Bumps oauth from 0.5.4 to 0.5.6.

Release notes

Sourced from oauth's releases.

Version 0.5.5

Fixed security issue and cleaned up codebase.

Changelog

Sourced from oauth's changelog.

=== 0.5.6 2021-04-02

• Add metadata to Gemspec file
• Change default timeout to be the same as Net::HTTP default, 60 seconds instead of 30 seconds.
• Add support for PUT requests with Action Controller (#181)

=== 0.5.5 2020-01-19

• Allow redirect to different host but same path
• Add :allow_empty_params option (#155)
• Fixes ssl-noverify
• Various cleanups

Commits

• 56a189b Update HISTORY and bump version to v0.5.6.
• b5a68c0 Update HISTORY for PUT request feature.
• 243cf06 Merge pull request #181 from rvowles/put-me-pull-you
• 210dd68 Action Controller support for PUT requests
• 8aa97d0 Add OAuth::Signature::HMAC::SHA256 and associated tests
• cd4cab0 Travis - Updating readme link
• d4c7172 Adding explicit support for Ruby 2.5 and 2.6
• 720fcb7 Update HISTORY
• 4f3e717 Merge pull request #172 from ShockwaveNN/feature/gem-metadata
• 59be6bc Merge pull request #163 from smaeda-ks/smaeda-ks/increase-default-timeout
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

We've just been alerted that this update fixes a security vulnerability:

Sourced from The GitHub Security Advisory Database.

Improper Certificate Validation in oauth ruby gem

lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.

Affected versions: ["< 0.5.5"]