Changelog
*Sourced from [rack's changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md).*
> # Changelog
>
> All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
>
> ## Unreleased
>
> _Note: There are many unreleased changes in Rack (`master` is around 300 commits ahead of `2-0-stable`), and below is not an exhaustive list. If you would like to help out and document some of the unreleased changes, PRs are welcome._
>
> ### Added
>
> ### Changed
>
> - Use `Time#httpdate` format for Expires, as proposed by RFC 7231. ([@nanaya](https://github.com/nanaya))
> - Make `Utils.status_code` raise an error when the status symbol is invalid instead of `500`.
> - Rename `Request::SCHEME_WHITELIST` to `Request::ALLOWED_SCHEMES`.
> - Make `Multipart::Parser.get_filename` accept files with `+` in their name.
> - Add Falcon to the default handler fallbacks. ([@ioquatix](https://github.com/ioquatix))
> - Update codebase to avoid string mutations in preparation for `frozen_string_literals`. ([@pat](https://github.com/pat))
> - Change `MockRequest#env_for` to rely on the input optionally responding to `#size` instead of `#length`. ([@janko](https://github.com/janko))
> - Rename `Rack::File` -> `Rack::Files` and add deprecation notice. ([@postmodern](https://github.com/postmodern)).
>
> ### Removed
>
> ### Documentation
>
> - Update broken example in `Session::Abstract::ID` documentation. ([tonytonyjan](https://github.com/tonytonyjan))
> - Add Padrino to the list of frameworks implmenting Rack. ([@wikimatze](https://github.com/wikimatze))
> - Remove Mongrel from the suggested server options in the help output. ([@tricknotes](https://github.com/tricknotes))
> - Replace `HISTORY.md` and `NEWS.md` with `CHANGELOG.md`. ([@twitnithegirl](https://github.com/twitnithegirl))
> - Backfill `CHANGELOG.md` from 2.0.1 to 2.0.7 releases. ([@drenmi](https://github.com/Drenmi))
>
> ## [2.0.7] - 2019-04-02
>
> ### Fixed
>
> - Remove calls to `#eof?` on Rack input in `Multipart::Parser`, as this breaks the specification. ([@matthewd](https://github.com/matthewd))
> - Preserve forwarded IP addresses for trusted proxy chains. ([@SamSaffron](https://github.com/SamSaffron))
>
> ## [2.0.6] - 2018-11-05
>
> ### Fixed
>
> - [[CVE-2018-16470](https://nvd.nist.gov/vuln/detail/CVE-2018-16470)] Reduce buffer size of `Multipart::Parser` to avoid pathological parsing. ([@tenderlove](https://github.com/tenderlove))
> - Fix a call to a non-existing method `#accepts_html` in the `ShowExceptions` middleware. ([@tomelm](https://github.com/tomelm))
> - [[CVE-2018-16471](https://nvd.nist.gov/vuln/detail/CVE-2018-16471)] Whitelist HTTP and HTTPS schemes in `Request#scheme` to prevent a possible XSS attack. ([@PatrickTulskie](https://github.com/PatrickTulskie))
>
> ## [2.0.5] - 2018-04-23
>
> ### Fixed
>
> ... (truncated)
Commits
- [`2bef132`](https://github.com/rack/rack/commit/2bef132505cb2f80c432e3f4526dfef969cd2e25) Bumping version for release
- [`97ca63d`](https://github.com/rack/rack/commit/97ca63d87d88b4088fb1995b14103d4fe6a5e594) Whitelist http/https schemes
- [`7b5054e`](https://github.com/rack/rack/commit/7b5054eedfdbd8f7dd5f348b0a02678b64fdd9de) Merge pull request [#1296](https://github-redirect.dependabot.com/rack/rack/issues/1296) from tomelm/fix-prefers-plaintext
- [`fdcd03a`](https://github.com/rack/rack/commit/fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77) Bump version for release
- [`2293c6a`](https://github.com/rack/rack/commit/2293c6a21925a70a2e9e67138edd341c5418ec4b) Merge pull request [#1249](https://github-redirect.dependabot.com/rack/rack/issues/1249) from mclark/handle-invalid-method-parameters
- [`b27dd86`](https://github.com/rack/rack/commit/b27dd86738c21110cc5e8befa2fa217f81124ee3) handle failure to upcase invalid strings
- [`274d934`](https://github.com/rack/rack/commit/274d934f32cc08a550f9e37bfdced7e228b42196) Stick with a passing version of Rubygems and bundler
- [`617aac0`](https://github.com/rack/rack/commit/617aac0fb89f25603afc2b6497fdc3333354aee5) bump version for release
- [`dc017e7`](https://github.com/rack/rack/commit/dc017e78612ae96e222cee8619dba0bb1dbc11a9) Merge pull request [#1237](https://github-redirect.dependabot.com/rack/rack/issues/1237) from eileencodes/backport-1137
- [`4d6965a`](https://github.com/rack/rack/commit/4d6965abb840d4543bcaf00e96482afe94442045) Backport pull request [#1137](https://github-redirect.dependabot.com/rack/rack/issues/1137) from unabridged/fix-eof-failure
- Additional commits viewable in [compare view](https://github.com/rack/rack/compare/1.5.2...1.6.11)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/evernote/evernote-oauth-ruby/network/alerts).
dependabot[bot]
commented
4 years ago
Bumps rack from 1.5.2 to 1.6.11.
Changelog
*Sourced from [rack's changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md).* > # Changelog > > All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/). > > ## Unreleased > > _Note: There are many unreleased changes in Rack (`master` is around 300 commits ahead of `2-0-stable`), and below is not an exhaustive list. If you would like to help out and document some of the unreleased changes, PRs are welcome._ > > ### Added > > ### Changed > > - Use `Time#httpdate` format for Expires, as proposed by RFC 7231. ([@nanaya](https://github.com/nanaya)) > - Make `Utils.status_code` raise an error when the status symbol is invalid instead of `500`. > - Rename `Request::SCHEME_WHITELIST` to `Request::ALLOWED_SCHEMES`. > - Make `Multipart::Parser.get_filename` accept files with `+` in their name. > - Add Falcon to the default handler fallbacks. ([@ioquatix](https://github.com/ioquatix)) > - Update codebase to avoid string mutations in preparation for `frozen_string_literals`. ([@pat](https://github.com/pat)) > - Change `MockRequest#env_for` to rely on the input optionally responding to `#size` instead of `#length`. ([@janko](https://github.com/janko)) > - Rename `Rack::File` -> `Rack::Files` and add deprecation notice. ([@postmodern](https://github.com/postmodern)). > > ### Removed > > ### Documentation > > - Update broken example in `Session::Abstract::ID` documentation. ([tonytonyjan](https://github.com/tonytonyjan)) > - Add Padrino to the list of frameworks implmenting Rack. ([@wikimatze](https://github.com/wikimatze)) > - Remove Mongrel from the suggested server options in the help output. ([@tricknotes](https://github.com/tricknotes)) > - Replace `HISTORY.md` and `NEWS.md` with `CHANGELOG.md`. ([@twitnithegirl](https://github.com/twitnithegirl)) > - Backfill `CHANGELOG.md` from 2.0.1 to 2.0.7 releases. ([@drenmi](https://github.com/Drenmi)) > > ## [2.0.7] - 2019-04-02 > > ### Fixed > > - Remove calls to `#eof?` on Rack input in `Multipart::Parser`, as this breaks the specification. ([@matthewd](https://github.com/matthewd)) > - Preserve forwarded IP addresses for trusted proxy chains. ([@SamSaffron](https://github.com/SamSaffron)) > > ## [2.0.6] - 2018-11-05 > > ### Fixed > > - [[CVE-2018-16470](https://nvd.nist.gov/vuln/detail/CVE-2018-16470)] Reduce buffer size of `Multipart::Parser` to avoid pathological parsing. ([@tenderlove](https://github.com/tenderlove)) > - Fix a call to a non-existing method `#accepts_html` in the `ShowExceptions` middleware. ([@tomelm](https://github.com/tomelm)) > - [[CVE-2018-16471](https://nvd.nist.gov/vuln/detail/CVE-2018-16471)] Whitelist HTTP and HTTPS schemes in `Request#scheme` to prevent a possible XSS attack. ([@PatrickTulskie](https://github.com/PatrickTulskie)) > > ## [2.0.5] - 2018-04-23 > > ### Fixed > > ... (truncated)Commits
- [`2bef132`](https://github.com/rack/rack/commit/2bef132505cb2f80c432e3f4526dfef969cd2e25) Bumping version for release - [`97ca63d`](https://github.com/rack/rack/commit/97ca63d87d88b4088fb1995b14103d4fe6a5e594) Whitelist http/https schemes - [`7b5054e`](https://github.com/rack/rack/commit/7b5054eedfdbd8f7dd5f348b0a02678b64fdd9de) Merge pull request [#1296](https://github-redirect.dependabot.com/rack/rack/issues/1296) from tomelm/fix-prefers-plaintext - [`fdcd03a`](https://github.com/rack/rack/commit/fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77) Bump version for release - [`2293c6a`](https://github.com/rack/rack/commit/2293c6a21925a70a2e9e67138edd341c5418ec4b) Merge pull request [#1249](https://github-redirect.dependabot.com/rack/rack/issues/1249) from mclark/handle-invalid-method-parameters - [`b27dd86`](https://github.com/rack/rack/commit/b27dd86738c21110cc5e8befa2fa217f81124ee3) handle failure to upcase invalid strings - [`274d934`](https://github.com/rack/rack/commit/274d934f32cc08a550f9e37bfdced7e228b42196) Stick with a passing version of Rubygems and bundler - [`617aac0`](https://github.com/rack/rack/commit/617aac0fb89f25603afc2b6497fdc3333354aee5) bump version for release - [`dc017e7`](https://github.com/rack/rack/commit/dc017e78612ae96e222cee8619dba0bb1dbc11a9) Merge pull request [#1237](https://github-redirect.dependabot.com/rack/rack/issues/1237) from eileencodes/backport-1137 - [`4d6965a`](https://github.com/rack/rack/commit/4d6965abb840d4543bcaf00e96482afe94442045) Backport pull request [#1137](https://github-redirect.dependabot.com/rack/rack/issues/1137) from unabridged/fix-eof-failure - Additional commits viewable in [compare view](https://github.com/rack/rack/compare/1.5.2...1.6.11)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/evernote/evernote-oauth-ruby/network/alerts).