Upgrade puma in the initial-placeholder app, to satisfy Dependabot

So, Dependabot correctly reported that this version of puma is vulernable, which I fixed in the main app already—but I didn't notice we also use that version in this cute tiny placeholder app we use early in the deployment process. There's not a real security need to upgrade this, as this placeholder app has no access to useful data when it is run, but I think it's better to resolve this by fixing it than by silencing Dependabot! May as well!
2023-10-26 14:48:21 -07:00 · 2023-10-26 14:48:21 -07:00 · 06258b1dd5
commit 06258b1dd5
parent 556d50c4ed
2 changed files with 3 additions and 3 deletions
--- a/deploy/files/initial-placeholder/Gemfile
+++ b/deploy/files/initial-placeholder/Gemfile
@ -1,2 +1,2 @@
 source 'https://rubygems.org'
-gem 'puma', '~> 6.3'
+gem 'puma', '~> 6.3', '>= 6.3.1'
--- a/deploy/files/initial-placeholder/Gemfile.lock
+++ b/deploy/files/initial-placeholder/Gemfile.lock
@ -2,7 +2,7 @@ GEM
  remote: https://rubygems.org/
  specs:
    nio4r (2.5.9)
-    puma (6.3.0)
+    puma (6.4.0)
      nio4r (~> 2.0)

 PLATFORMS
@ -10,7 +10,7 @@ PLATFORMS
  x86_64-linux

 DEPENDENCIES
-  puma (~> 6.3)
+  puma (~> 6.3, >= 6.3.1)

 BUNDLED WITH
   2.4.18