Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gemspec: Use Puma >=4.3.8 to avoid security issue #956

Merged

Conversation

olleolleolle
Copy link
Contributor

@olleolleolle olleolleolle commented May 20, 2021

What kind of change is this?

Puma is a development dependency, and this PR updates how we include it, to avoid a warning about a CVE.

Did you add tests for your changes?

No.

Summary of changes

Mitigates warnings about CVE-2021-29509.

Other information

The Puma we pointed to was quite old.

The logs already say: Using puma 5.3.1 in GH Actions.

@olleolleolle olleolleolle changed the title gemspec: Use Puma >=-4.3.8 to avoid security issue gemspec: Use Puma >=4.3.8 to avoid security issue May 20, 2021
@olleolleolle olleolleolle added the Dependencies Updates to dependencies. label May 20, 2021
@olleolleolle olleolleolle merged commit 8e51007 into master May 20, 2021
@olleolleolle olleolleolle deleted the gemspec-Use-Puma->=-4.3.8-to-avoid-security-issue branch May 20, 2021 08:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Dependencies Updates to dependencies.
Development

Successfully merging this pull request may close these issues.

1 participant