[openstreetmap/openstreetmap-website] Bump puma from 3.12.2 to 3.12.3 (#2550)

dependabot[bot] notifications at github.com
Fri Feb 28 20:41:58 UTC 2020


Bumps [puma](https://github.com/puma/puma) from 3.12.2 to 3.12.3.
<details>
<summary>Changelog</summary>

*Sourced from [puma's changelog](https://github.com/puma/puma/blob/master/History.md).*

> ## 4.3.2 and 3.12.3 / 2020-02-27
> 
> * Security
>   * Fix: Prevent HTTP Response splitting via CR/LF in header values. CVE-2020-5247.
</details>
<details>
<summary>Commits</summary>

- [`2ff978f`](https://github.com/puma/puma/commit/2ff978fa9f27fd3fcd11ddf774d684fda250c46e) 3.12.3
- [`3a2b918`](https://github.com/puma/puma/commit/3a2b9186b7ca31c9cfda8c88b824618e9c3d842c) Test backport
- [`37928cb`](https://github.com/puma/puma/commit/37928cbe5a80a3541d390c60cf131f9c344e77f6) 4.3.2 and 3.12.3 release notes
- [`1b17e85`](https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03) Merge pull request from GHSA-84j7-475p-hp8v
- See full diff in [compare view](https://github.com/puma/puma/compare/v3.12.2...v3.12.3)
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=puma&package-manager=bundler&previous-version=3.12.2&new-version=3.12.3)](https://help.github.com/articles/configuring-automated-security-fixes)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openstreetmap/openstreetmap-website/network/alerts).

</details>
You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/2550

-- Commit Summary --

  * Bump puma from 3.12.2 to 3.12.3

-- File Changes --

    M Gemfile (2)
    M Gemfile.lock (4)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/2550.patch
https://github.com/openstreetmap/openstreetmap-website/pull/2550.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2550
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20200228/600daf31/attachment.htm>


More information about the rails-dev mailing list