Bump puma from 5.3.2 to 5.5.1

Bumps [puma](https://github.com/puma/puma) from 5.3.2 to 5.5.1. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](puma/puma@v5.3.2...v5.5.1) Signed-off-by: Andy Tinkham <andy.tinkham@cyberark.com> --- updated-dependencies: - dependency-name: puma dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
cyberark · Oct 21, 2021 · 09dbbc4 · 09dbbc4
1 parent a0f35e0
commit 09dbbc4
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,9 +17,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [1.13.2] - 2021-10-13
 
 ### Security
+=======
+- Updated puma to 5.5.1 to close 
+ [GHSA-48w2-rm65-62xx](https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx). 
+ We were not vulnerable to this issue. [cyberark/conjur#2385](https://github.com/cyberark/conjur/pull/2385)
 - GCP Authenticator: When defining the host using the instance-name annotation,
  you now need to define at least one additional annotation.
- [cyberark/ONYX-9442](https://ca-il-jira.il.cyber-ark.com:8443/browse/ONYX-9442)
+ [cyberark/ONYX-9442](https://ca-il-jira.il.cyber-ark.com:8443/browse/ONYX-9442)>>>>>>> cd4c2a2d (Bump puma from 5.3.2 to 5.5.1)
 - Updated nokogiri to 1.12.5 in both Gemfile.lock and docs/Gemfile.lock to resolve 
  [CVE-2021-41098](https://github.com/advisories/GHSA-2rr5-8q37-2w7h)
  [cyberark/conjur#2376](https://github.com/cyberark/conjur/pull/2376)

diff --git a/Gemfile b/Gemfile
@@ -18,7 +18,7 @@ gem 'http', '~> 4.2.0'
 gem 'iso8601'
 gem 'jbuilder', '~> 2.7.0'
 gem 'nokogiri', '>= 1.8.2'
-gem 'puma', '~> 5.3.2'
+gem 'puma', '~> 5.5.1'
 gem 'rack', '~> 2.2.3'
 gem 'rails', '~> 5.2'
 gem 'rake'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -249,7 +249,7 @@ GEM
  net-ldap (0.16.2)
  net-ssh (5.2.0)
  netrc (0.11.0)
- nio4r (2.5.7)
+ nio4r (2.5.8)
  nokogiri (1.12.5)
  mini_portile2 (~> 2.6.1)
  racc (~> 1.4)
@@ -280,7 +280,7 @@ GEM
  pry (>= 0.10.4)
  psych (3.1.0)
  public_suffix (4.0.6)
- puma (5.3.2)
+ puma (5.5.1)
  nio4r (~> 2.0)
  racc (1.5.2)
  rack (2.2.3)
@@ -484,7 +484,7 @@ DEPENDENCIES
  pg
  pry-byebug
  pry-rails
- puma (~> 5.3.2)
+ puma (~> 5.5.1)
  rack (~> 2.2.3)
  rack-rewrite
  rails (~> 5.2)

diff --git a/NOTICES.txt b/NOTICES.txt
@@ -19,7 +19,7 @@ Section 2: BSD-2-Clause
 Section 3: BSD-3-Clause
 
 >>> https://rubygems.org/gems/ffi/versions/1.12.2
->>> https://rubygems.org/gems/puma/versions/5.3.2
+>>> https://rubygems.org/gems/puma/versions/5.5.1
 
 Section 4: MIT
 
@@ -193,7 +193,7 @@ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
->>> https://rubygems.org/gems/puma/versions/5.3.2
+>>> https://rubygems.org/gems/puma/versions/5.5.1
 
 Some code copyright (c) 2005, Zed Shaw
 Copyright (c) 2011, Evan Phoenix