cyberark · micahlee · Oct 29, 2021 · Oct 12, 2021 · codeclimate · Oct 21, 2021
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,10 +17,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [1.13.2] - 2021-10-13
 
 ### Security
+- Updated puma to 5.5.1 to close 
+ [GHSA-48w2-rm65-62xx](https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx).
+ We were not vulnerable to this issue. [cyberark/conjur#2385](https://github.com/cyberark/conjur/pull/2385)
 - GCP Authenticator: When defining the host using the instance-name annotation,
  you now need to define at least one additional annotation.
  [cyberark/ONYX-9442](https://ca-il-jira.il.cyber-ark.com:8443/browse/ONYX-9442)
-- Updated nokogiri to 1.12.5 in both Gemfile.lock and docs/Gemfile.lock to resolve 
+- Updated nokogiri to 1.12.5 in both Gemfile.lock and docs/Gemfile.lock to resolve
  [CVE-2021-41098](https://github.com/advisories/GHSA-2rr5-8q37-2w7h)
  [cyberark/conjur#2376](https://github.com/cyberark/conjur/pull/2376)
  [cyberark/conjur#2377](https://github.com/cyberark/conjur/pull/2377)

diff --git a/Gemfile b/Gemfile
@@ -18,7 +18,7 @@ gem 'http', '~> 4.2.0'
 gem 'iso8601'
 gem 'jbuilder', '~> 2.7.0'
 gem 'nokogiri', '>= 1.8.2'
-gem 'puma', '~> 5.3.2'
+gem 'puma', '~> 5.5.1'
 gem 'rack', '~> 2.2.3'
 gem 'rails', '~> 5.2'
 gem 'rake'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -249,7 +249,7 @@ GEM
  net-ldap (0.16.2)
  net-ssh (5.2.0)
  netrc (0.11.0)
- nio4r (2.5.7)
+ nio4r (2.5.8)
  nokogiri (1.12.5)
  mini_portile2 (~> 2.6.1)
  racc (~> 1.4)
@@ -280,7 +280,7 @@ GEM
  pry (>= 0.10.4)
  psych (3.1.0)
  public_suffix (4.0.6)
- puma (5.3.2)
+ puma (5.5.1)
  nio4r (~> 2.0)
  racc (1.5.2)
  rack (2.2.3)
@@ -484,7 +484,7 @@ DEPENDENCIES
  pg
  pry-byebug
  pry-rails
- puma (~> 5.3.2)
+ puma (~> 5.5.1)
  rack (~> 2.2.3)
  rack-rewrite
  rails (~> 5.2)

diff --git a/NOTICES.txt b/NOTICES.txt
@@ -19,7 +19,7 @@ Section 2: BSD-2-Clause
 Section 3: BSD-3-Clause
 
 >>> https://rubygems.org/gems/ffi/versions/1.12.2
->>> https://rubygems.org/gems/puma/versions/5.3.2
+>>> https://rubygems.org/gems/puma/versions/5.5.1
 
 Section 4: MIT
 
@@ -193,7 +193,7 @@ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
->>> https://rubygems.org/gems/puma/versions/5.3.2
+>>> https://rubygems.org/gems/puma/versions/5.5.1
 
 Some code copyright (c) 2005, Zed Shaw
 Copyright (c) 2011, Evan Phoenix