Skip to content

Bump puma from 8.0.1 to 8.0.2#932

Merged
chvp merged 3 commits into
mainfrom
dependabot/bundler/puma-8.0.2
May 30, 2026
Merged

Bump puma from 8.0.1 to 8.0.2#932
chvp merged 3 commits into
mainfrom
dependabot/bundler/puma-8.0.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 30, 2026
edited
Loading

Bumps puma from 8.0.1 to 8.0.2.

Release notes

Sourced from puma's releases.

v8.0.2

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)

Security advisories

Changelog

Sourced from puma's changelog.

8.0.2 / 2026-05-27

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 30, 2026
@dependabot dependabot Bot requested a review from chvp as a code owner May 30, 2026 06:02
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 30, 2026
@chvp
Copy link
Copy Markdown
Member

chvp commented May 30, 2026

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/bundler/puma-8.0.2 branch from 7d2e806 to 45048f8 Compare May 30, 2026 10:36
@chvp
Copy link
Copy Markdown
Member

chvp commented May 30, 2026

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/bundler/puma-8.0.2 branch from 7f44380 to 6c0cfc0 Compare May 30, 2026 10:46
dependabot Bot and others added 3 commits May 30, 2026 12:53
@dependabot @chvp
Bump puma from 8.0.1 to 8.0.2
986d504 
Bumps [puma](https://github.com/puma/puma) from 8.0.1 to 8.0.2.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](puma/puma@v8.0.1...v8.0.2)

---
updated-dependencies:
- dependency-name: puma
  dependency-version: 8.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @chvp
Update gemset.nix
d5acfac
@chvp
Fix missing checksums header
95fe1f9
@chvp chvp force-pushed the dependabot/bundler/puma-8.0.2 branch from cf503d7 to 95fe1f9 Compare May 30, 2026 10:53
@chvp chvp merged commit d40b087 into main May 30, 2026
5 checks passed
@chvp chvp deleted the dependabot/bundler/puma-8.0.2 branch May 30, 2026 10:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chvp chvp chvp approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chvp