From f49e6b3d57fdbb78d248d800b3eaad2a420795ba Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 22 Feb 2022 14:17:10 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-PUMA-2400629
---
 Gemfile      | 2 +-
 Gemfile.lock | 8 +++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index ff94179..d92a6e8 100644
--- a/Gemfile
+++ b/Gemfile
@@ -11,7 +11,7 @@ gem 'pg'
 gem 'json-compare'
 gem 'rails-erd'
 gem 'ruby-graphviz'
-gem 'puma'
+gem 'puma', '>= 4.3.11'
 gem 'sinatra-twitter-bootstrap', :require => 'sinatra/twitter-bootstrap'
 
 group :development do
diff --git a/Gemfile.lock b/Gemfile.lock
index 0e3700d..0fe9217 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -33,12 +33,14 @@ GEM
     minitest (5.10.1)
     multi_json (1.12.1)
     mysql2 (0.4.5)
+    nio4r (2.5.8)
     pg (0.20.0)
     pry (0.10.4)
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
       slop (~> 3.4)
-    puma (3.8.2)
+    puma (5.6.2)
+      nio4r (~> 2.0)
     rack (1.5.5)
     rack-protection (1.5.3)
       rack
@@ -122,7 +124,7 @@ DEPENDENCIES
   mysql2
   pg
   pry
-  puma
+  puma (>= 4.3.11)
   rails-erd
   rake (~> 12.0)
   ruby-graphviz
@@ -135,4 +137,4 @@ DEPENDENCIES
   tux
 
 BUNDLED WITH
-   1.15.0
+   1.17.3