forked from OpenNeo/impress
Upgrade puma in the initial-placeholder app, to satisfy Dependabot
So, Dependabot correctly reported that this version of puma is vulernable, which I fixed in the main app already—but I didn't notice we also use that version in this cute tiny placeholder app we use early in the deployment process. There's not a real security need to upgrade this, as this placeholder app has no access to useful data when it is run, but I think it's better to resolve this by fixing it than by silencing Dependabot! May as well!
This commit is contained in:
parent
556d50c4ed
commit
06258b1dd5
2 changed files with 3 additions and 3 deletions
|
@ -1,2 +1,2 @@
|
||||||
source 'https://rubygems.org'
|
source 'https://rubygems.org'
|
||||||
gem 'puma', '~> 6.3'
|
gem 'puma', '~> 6.3', '>= 6.3.1'
|
|
@ -2,7 +2,7 @@ GEM
|
||||||
remote: https://rubygems.org/
|
remote: https://rubygems.org/
|
||||||
specs:
|
specs:
|
||||||
nio4r (2.5.9)
|
nio4r (2.5.9)
|
||||||
puma (6.3.0)
|
puma (6.4.0)
|
||||||
nio4r (~> 2.0)
|
nio4r (~> 2.0)
|
||||||
|
|
||||||
PLATFORMS
|
PLATFORMS
|
||||||
|
@ -10,7 +10,7 @@ PLATFORMS
|
||||||
x86_64-linux
|
x86_64-linux
|
||||||
|
|
||||||
DEPENDENCIES
|
DEPENDENCIES
|
||||||
puma (~> 6.3)
|
puma (~> 6.3, >= 6.3.1)
|
||||||
|
|
||||||
BUNDLED WITH
|
BUNDLED WITH
|
||||||
2.4.18
|
2.4.18
|
||||||
|
|
Loading…
Reference in a new issue