From 50bcc6cb03cc00b1f238165102d8c15777e01ae6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Oct 2021 17:54:43 +0000
Subject: [PATCH] Bump puma from 5.3.2 to 5.5.1

Bumps [puma](https://github.com/puma/puma) from 5.3.2 to 5.5.1.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v5.3.2...v5.5.1)

Signed-off-by: Andy Tinkham <andy.tinkham@cyberark.com>

---
updated-dependencies:
- dependency-name: puma
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 CHANGELOG.md | 5 ++++-
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 NOTICES.txt  | 4 ++--
 4 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a248cb679e..47e03b4d68 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,10 +17,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [1.13.2] - 2021-10-13
 
 ### Security
+- Updated puma to 5.5.1 to close 
+  [GHSA-48w2-rm65-62xx](https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx).
+  We were not vulnerable to this issue. [cyberark/conjur#2385](https://github.com/cyberark/conjur/pull/2385)
 - GCP Authenticator: When defining the host using the instance-name annotation,
   you now need to define at least one additional annotation.
   [cyberark/ONYX-9442](https://ca-il-jira.il.cyber-ark.com:8443/browse/ONYX-9442)
-- Updated nokogiri to 1.12.5 in both Gemfile.lock and docs/Gemfile.lock to resolve 
+- Updated nokogiri to 1.12.5 in both Gemfile.lock and docs/Gemfile.lock to resolve
   [CVE-2021-41098](https://github.com/advisories/GHSA-2rr5-8q37-2w7h)
   [cyberark/conjur#2376](https://github.com/cyberark/conjur/pull/2376)
   [cyberark/conjur#2377](https://github.com/cyberark/conjur/pull/2377)
diff --git a/Gemfile b/Gemfile
index 6157087f17..06f2f6cbbc 100644
--- a/Gemfile
+++ b/Gemfile
@@ -18,7 +18,7 @@ gem 'http', '~> 4.2.0'
 gem 'iso8601'
 gem 'jbuilder', '~> 2.7.0'
 gem 'nokogiri', '>= 1.8.2'
-gem 'puma', '~> 5.3.2'
+gem 'puma', '~> 5.5.1'
 gem 'rack', '~> 2.2.3'
 gem 'rails', '~> 5.2'
 gem 'rake'
diff --git a/Gemfile.lock b/Gemfile.lock
index fb7c3911aa..394333661e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -249,7 +249,7 @@ GEM
     net-ldap (0.16.2)
     net-ssh (5.2.0)
     netrc (0.11.0)
-    nio4r (2.5.7)
+    nio4r (2.5.8)
     nokogiri (1.12.5)
       mini_portile2 (~> 2.6.1)
       racc (~> 1.4)
@@ -280,7 +280,7 @@ GEM
       pry (>= 0.10.4)
     psych (3.1.0)
     public_suffix (4.0.6)
-    puma (5.3.2)
+    puma (5.5.1)
       nio4r (~> 2.0)
     racc (1.5.2)
     rack (2.2.3)
@@ -484,7 +484,7 @@ DEPENDENCIES
   pg
   pry-byebug
   pry-rails
-  puma (~> 5.3.2)
+  puma (~> 5.5.1)
   rack (~> 2.2.3)
   rack-rewrite
   rails (~> 5.2)
diff --git a/NOTICES.txt b/NOTICES.txt
index 769084333d..6cc02bbc9f 100644
--- a/NOTICES.txt
+++ b/NOTICES.txt
@@ -19,7 +19,7 @@ Section 2: BSD-2-Clause
 Section 3: BSD-3-Clause
 
 >>> https://rubygems.org/gems/ffi/versions/1.12.2
->>> https://rubygems.org/gems/puma/versions/5.3.2
+>>> https://rubygems.org/gems/puma/versions/5.5.1
 
 Section 4: MIT
 
@@ -193,7 +193,7 @@ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
->>> https://rubygems.org/gems/puma/versions/5.3.2
+>>> https://rubygems.org/gems/puma/versions/5.5.1
 
 Some code copyright (c) 2005, Zed Shaw
 Copyright (c) 2011, Evan Phoenix