From 06258b1dd5e689a1e3492440476f6e0eab21164b Mon Sep 17 00:00:00 2001 From: Matchu Date: Thu, 26 Oct 2023 14:48:21 -0700 Subject: [PATCH] Upgrade puma in the initial-placeholder app, to satisfy Dependabot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit So, Dependabot correctly reported that this version of puma is vulernable, which I fixed in the main app already—but I didn't notice we also use that version in this cute tiny placeholder app we use early in the deployment process. There's not a real security need to upgrade this, as this placeholder app has no access to useful data when it is run, but I think it's better to resolve this by fixing it than by silencing Dependabot! May as well! --- deploy/files/initial-placeholder/Gemfile | 2 +- deploy/files/initial-placeholder/Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/files/initial-placeholder/Gemfile b/deploy/files/initial-placeholder/Gemfile index d924ac61..6dd33e29 100644 --- a/deploy/files/initial-placeholder/Gemfile +++ b/deploy/files/initial-placeholder/Gemfile @@ -1,2 +1,2 @@ source 'https://rubygems.org' -gem 'puma', '~> 6.3' \ No newline at end of file +gem 'puma', '~> 6.3', '>= 6.3.1' \ No newline at end of file diff --git a/deploy/files/initial-placeholder/Gemfile.lock b/deploy/files/initial-placeholder/Gemfile.lock index a6fc75df..2b58bc3d 100644 --- a/deploy/files/initial-placeholder/Gemfile.lock +++ b/deploy/files/initial-placeholder/Gemfile.lock @@ -2,7 +2,7 @@ GEM remote: https://rubygems.org/ specs: nio4r (2.5.9) - puma (6.3.0) + puma (6.4.0) nio4r (~> 2.0) PLATFORMS @@ -10,7 +10,7 @@ PLATFORMS x86_64-linux DEPENDENCIES - puma (~> 6.3) + puma (~> 6.3, >= 6.3.1) BUNDLED WITH 2.4.18