(security) Merge pull request #338 from sleede/dependabot/bundler/puma-4.3.12

Bump puma from 4.3.11 to 4.3.12
2025-02-20 14:54:15 +01:00 · 2022-04-13 10:38:40 +02:00 · 2022-04-13 10:38:40 +02:00 · 01395dd74c
commit 01395dd74c
parent 63a25e4cf4 94443d07a8
3 changed files with 5 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,7 @@
 # Changelog Fab-manager

+- Fix a security issue: updated puma to 4.3.12 to fix [CVE-2022-24790](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790)
+
 ## v5.3.10 2022 April 12

 - Updated generate invoice reference method
--- a/2
+++ b/2
@ -7,7 +7,7 @@ gem 'rails', '~> 5.2.4'
 # Used by rails 5.2 to reduce the app boot time by over 50%
 gem 'bootsnap'
 # Use Puma as web server
-gem 'puma', '4.3.11'
+gem 'puma', '4.3.12'
 gem 'shakapacker', '6.2.0'

 # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -273,7 +273,7 @@ GEM
    prawn-table (0.2.2)
      prawn (>= 1.3.0, < 3.0.0)
    public_suffix (4.0.6)
-    puma (4.3.11)
+    puma (4.3.12)
      nio4r (~> 2.0)
    pundit (2.1.0)
      activesupport (>= 3.0.0)
@ -489,7 +489,7 @@ DEPENDENCIES
  pg_search
  prawn
  prawn-table
-  puma (= 4.3.11)
+  puma (= 4.3.12)
  pundit
  railroady
  rails (~> 5.2.4)