🚨 [security] Update puma: 3.12.1 → 3.12.2 (patch)

🚨 Your version of puma has known security vulnerabilities 🚨

Advisory: CVE-2019-16770 Disclosed: December 05, 2019 URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

Keepalive thread overload/DoS in puma

A poorly-behaved client could use keepalive requests to monopolize
Puma's reactor and create a denial of service attack.

If more keepalive connections to Puma are opened than there are
threads available, additional connections will wait permanently if
the attacker sends requests frequently enough.

🚨 We recommend to merge and deploy this update as soon as possible! 🚨

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ puma (3.12.1 → 3.12.2) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 3 commits:

Depfu Status

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@depfu rebase
Rebases against your default branch and redoes this update

@depfu merge
Merges this PR once your tests are passing and conflicts are resolved

@depfu close
Closes this PR and deletes the branch

@depfu reopen
Restores the branch and reopens this PR (if it's closed)

@depfu pause
Ignores all future updates for this dependency and closes this PR

@depfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR

@depfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)

sadovnik / reader

🚨 [security] Update puma: 3.12.1 → 3.12.2 (patch) #223

What changed?

✳️ puma (3.12.1 → 3.12.2) · Repo · Changelog