Skip to content

chore(deps): bump puma from 8.0.1 to 8.0.2#149

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/bundler/puma-8.0.2
Jun 3, 2026
Merged

chore(deps): bump puma from 8.0.1 to 8.0.2#149
github-actions[bot] merged 1 commit into
mainfrom
dependabot/bundler/puma-8.0.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor

Bumps puma from 8.0.1 to 8.0.2.

Release notes

Sourced from puma's releases.

v8.0.2

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)

Security advisories

Changelog

Sourced from puma's changelog.

8.0.2 / 2026-05-27

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 3, 2026
@fralps

fralps commented Jun 3, 2026

Copy link
Copy Markdown
Owner

@dependabot rebase

Bumps [puma](https://github.com/puma/puma) from 8.0.1 to 8.0.2.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](puma/puma@v8.0.1...v8.0.2)

---
updated-dependencies:
- dependency-name: puma
  dependency-version: 8.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/puma-8.0.2 branch from 1eeb2cc to 9a9727b Compare June 3, 2026 13:53
@github-actions github-actions Bot merged commit 573578e into main Jun 3, 2026
3 checks passed
@github-actions github-actions Bot deleted the dependabot/bundler/puma-8.0.2 branch June 3, 2026 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant