fix: pact_broker/Gemfile & pact_broker/Gemfile.lock to reduce vulnerabilities (#46)

snyk-bot · web-flow · commit 893bb128298b · 2021-05-13T19:12:04.000+10:00
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-PUMA-1291014
diff --git a/pact_broker/Gemfile b/pact_broker/Gemfile
@@ -2,7 +2,7 @@ source 'https://rubygems.org'
 
 gem "pact_broker"
 gem "pg", "~>1.0"
-gem "puma", "~> 3.12"
+gem "puma", "~> 4.3", ">= 4.3.8"
 gem "mysql2", "~>0.3"
 gem "sqlite3", "~>1.3"
 gem "rake", "~> 13.0"
diff --git a/pact_broker/Gemfile.lock b/pact_broker/Gemfile.lock
@@ -63,6 +63,7 @@ GEM
     mustermann (1.1.1)
       ruby2_keywords (~> 0.0.1)
     mysql2 (0.5.3)
+    nio4r (2.5.7)
     nokogiri (1.11.2)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
@@ -101,7 +102,8 @@ GEM
       thor (~> 0.18)
     padrino-support (0.15.0)
     pg (1.2.3)
-    puma (3.12.6)
+    puma (4.3.8)
+      nio4r (~> 2.0)
     racc (1.5.2)
     rack (2.2.3)
     rack-protection (2.1.0)
@@ -159,7 +161,7 @@ DEPENDENCIES
   mysql2 (~> 0.3)
   pact_broker
   pg (~> 1.0)
-  puma (~> 3.12)
+  puma (~> 4.3, >= 4.3.8)
   rake (~> 13.0)
   sqlite3 (~> 1.3)
   webrick (~> 1.6)
