146: added bundler-audit, bumped puma from 3.12.4 to 6.3.1 #183
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #146
Added the gem "bundler-audit" to gemfile and ran bundle install and bundle update. Then ran bundler-audit. The only security issues bundler-audit identified were related to puma, which we had pinned to version 3.12.4. Bundler and Dependabot both suggest upgrading puma to either >= 5.7.1 or >= 6.3.1. I chose 6.3.1 because as a newer version it's more likely to have a longer shelf life than the 5.7.1 version.
No conflicts were encountered, and our internal testing still runs without error. Due to the fact that this is a major update with puma, I'm thinking we may want to test-deploy this branch to make sure that puma still plays nice with our codebase and configurations before we merge it up.