Update puma, grpc, and commonmarker to include CVE fixes

heliocola · heliocola · commit 4e6938f2179c · 2023-09-22T13:50:59.000+08:00
diff --git a/.gitignore b/.gitignore
@@ -50,3 +50,6 @@ dump.rdb
 
 # Ignore vendored local databases
 /vendor/*mmdb
+
+# RVM gemset
+.ruby-gemset
diff --git a/Gemfile b/Gemfile
@@ -21,7 +21,7 @@ gem 'grpc', '>= 1.53.0'
 gem 'crawler_detect'
 
 # Serving requests
-gem 'puma', '~> 4.3'
+gem 'puma', '~> 5.6'
 gem 'rack-cors'
 
 # Helper gems for Rails
@@ -90,6 +90,8 @@ group :development, :test do
 
   # To avoid polling for changes on Windows MRI, it needs this opt-in gem
   gem 'wdm', '>= 0.1.0' if Gem.win_platform?
+
+  gem 'bundler-audit'
 end
 
 group :development do
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -133,6 +133,9 @@ GEM
     bullet (7.0.7)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
+    bundler-audit (0.9.1)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
     byebug (11.1.3)
     capybara (3.39.2)
       addressable
@@ -143,7 +146,7 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
-    commonmarker (0.23.8)
+    commonmarker (0.23.10)
     concurrent-ruby (1.2.2)
     connection_pool (2.4.1)
     crack (0.4.5)
@@ -215,11 +218,11 @@ GEM
     geocoder (1.8.1)
     globalid (1.1.0)
       activesupport (>= 5.0)
-    google-protobuf (3.22.2)
-    googleapis-common-protos-types (1.5.0)
-      google-protobuf (~> 3.14)
-    grpc (1.53.0)
-      google-protobuf (~> 3.21)
+    google-protobuf (3.24.3)
+    googleapis-common-protos-types (1.9.0)
+      google-protobuf (~> 3.18)
+    grpc (1.58.0)
+      google-protobuf (~> 3.23)
       googleapis-common-protos-types (~> 1.0)
     haml (6.1.1)
       temple (>= 0.8.2)
@@ -312,7 +315,7 @@ GEM
     net-smtp (0.3.3)
       net-protocol
     netrc (0.11.0)
-    nio4r (2.5.8)
+    nio4r (2.5.9)
     nokogiri (1.15.4)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
@@ -359,7 +362,7 @@ GEM
     propshaft (0.4.0)
       rails (>= 7.0.0.alpha2)
     public_suffix (5.0.3)
-    puma (4.3.12)
+    puma (5.6.7)
       nio4r (~> 2.0)
     qonfig (0.28.0)
     raabro (1.4.0)
@@ -559,6 +562,7 @@ DEPENDENCIES
   bootsnap (>= 1.4.2)
   bugsnag
   bullet
+  bundler-audit
   byebug
   capybara (>= 2.15)
   coinbase_commerce!
@@ -595,7 +599,7 @@ DEPENDENCIES
   opensearch-ruby
   propshaft (= 0.4.0)
   public_suffix
-  puma (~> 4.3)
+  puma (~> 5.6)
   rack-attack (~> 6.6)
   rack-cors
   rails (~> 7.0.1)
