CGA1123 / shed

🏚 Cross service client timeout/deadline propagation and load-shedding for Ruby and Go.
MIT License
6 stars 0 forks source link

Update rack requirement from ~> 2 to ~> 3 in /ruby #25

Open dependabot[bot] opened 2 years ago

dependabot[bot] commented 2 years ago

Updates the requirements on rack to permit the latest version.

Changelog

Sourced from rack's changelog.

[3.0.0] - 2022-09-06

  • No changes

[3.0.0.rc1] - 2022-09-04

SPEC Changes

[3.0.0.beta1] - 2022-08-08

Security

SPEC Changes

  • Response array must now be non-frozen.
  • Response status must now be an integer greater than or equal to 100.
  • Response headers must now be an unfrozen hash.
  • Response header keys can no longer include uppercase characters.
  • Response header values can be an Array to handle multiple values (and no longer supports \n encoded headers).
  • Response body can now respond to #call (streaming body) instead of #each (enumerable body), for the equivalent of response hijacking in previous versions.
  • Middleware must no longer call #each on the body, but they can call #to_ary on the body if it responds to #to_ary.
  • rack.input is no longer required to be rewindable.
  • rack.multithread/rack.multiprocess/rack.run_once/rack.version are no longer required environment keys.
  • SERVER_PROTOCOL is now a required environment key, matching the HTTP protocol used in the request.
  • rack.hijack? (partial hijack) and rack.hijack (full hijack) are now independently optional.
  • rack.hijack_io has been removed completely.
  • rack.response_finished is an optional environment key which contains an array of callable objects that must accept #call(env, status, headers, error) and are invoked after the response is finished (either successfully or unsucessfully).
  • It is okay to call #close on rack.input to indicate that you no longer need or care about the input.
  • The stream argument supplied to the streaming body and hijack must support #<< for writing output.

Removed

  • Remove rack.multithread/rack.multiprocess/rack.run_once. These variables generally come too late to be useful. (#1720, [@​ioquatix], [@​jeremyevans]))
  • Remove deprecated Rack::Request::SCHEME_WHITELIST. ([@​jeremyevans])
  • Remove internal cookie deletion using pattern matching, there are very few practical cases where it would be useful and browsers handle it correctly without us doing anything special. (#1844, [@​ioquatix])
  • Remove rack.version as it comes too late to be useful. (#1938, [@​ioquatix])
  • Extract rackup command, Rack::Server, Rack::Handler and related code into a separate gem. (#1937, [@​ioquatix])

Added

  • Rack::Headers added to support lower-case header keys. ([@​jeremyevans])
  • Rack::Utils#set_cookie_header now supports escape_key: false to avoid key escaping. ([@​jeremyevans])
  • Rack::RewindableInput supports size. (@​ahorek)
  • Rack::RewindableInput::Middleware added for making rack.input rewindable. ([@​jeremyevans])

... (truncated)

Commits
  • 52901ca bump version, update changelog
  • e58e2eb Fix unclosed strings in UPGRADE-GUIDE.md (#1960)
  • 12742a0 bump version, update changelog
  • 6aad539 The stream argument must implement #<<. (#1959)
  • ffee3c5 Allow calling close on rack.input. (#1956)
  • 6fc4a32 Make MockResponse#body work if body.each reuses strings for performance
  • 1a9b98d For some reason, the recently released version breaks Ruby v2.5.
  • 856c4f9 Add rack.response_finished to Rack::Lint. (#1952)
  • 1a37044 Refactor tests. (#1953)
  • 293b8e7 Do not add lib to load path when running separate tests
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)