search

MagLev / maglev

GemStone Maglev Ruby Repository
http://maglev.github.io
518 stars 43 forks source link

Bump rack from 1.3.2 to 1.3.10 in /examples/rails/myapp #467

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps rack from 1.3.2 to 1.3.10.

Changelog

Sourced from rack's changelog.

[1.1.6, 1.2.8, 1.3.10] 2013-02-07

  • Fix CVE-2013-0263, timing attack against Rack::Session::Cookie

[1.5.1] 2013-01-28

  • Rack::Lint check_hijack now conforms to other parts of SPEC
  • Added hash-like methods to Abstract::ID::SessionHash for compatibility
  • Various documentation corrections

[1.5.0] 2013-01-21

  • Introduced hijack SPEC, for before-response and after-response hijacking
  • SessionHash is no longer a Hash subclass
  • Rack::File cache_control parameter is removed, in place of headers options
  • Rack::Auth::AbstractRequest#scheme now yields strings, not symbols
  • Rack::Utils cookie functions now format expires in RFC 2822 format
  • Rack::File now has a default mime type
  • rackup -b 'run Rack::Files.new(".")', option provides command line configs
  • Rack::Deflater will no longer double encode bodies
  • Rack::Mime#match? provides convenience for Accept header matching
  • Rack::Utils#q_values provides splitting for Accept headers
  • Rack::Utils#best_q_match provides a helper for Accept headers
  • Rack::Handler.pick provides convenience for finding available servers
  • Puma added to the list of default servers (preferred over Webrick)
  • Various middleware now correctly close body when replacing it
  • Rack::Request#params is no longer persistent with only GET params
  • Rack::Request#update_param and #delete_param provide persistent operations
  • Rack::Request#trusted_proxy? now returns true for local unix sockets
  • Rack::Response no longer forces Content-Types
  • Rack::Sendfile provides local mapping configuration options
  • Rack::Utils#rfc2109 provides old netscape style time output
  • Updated HTTP status codes
  • Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported

[1.4.4, 1.3.9, 1.2.7, 1.1.5] 2013-01-13

  • [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
  • Fixed erroneous test case in the 1.3.x series

[1.4.3] 2013-01-07

  • Security: Prevent unbounded reads in large multipart boundaries

[1.3.8] 2013-01-07

  • Security: Prevent unbounded reads in large multipart boundaries

[1.4.2] 2013-01-06

  • Add warnings when users do not provide a session secret
  • Fix parsing performance for unquoted filenames
  • Updated URI backports
  • Fix URI backport version matching, and silence constant warnings
  • Correct parameter parsing with empty values
  • Correct rackup '-I' flag, to allow multiple uses
  • Correct rackup pidfile handling

... (truncated)

Commits
  • a176b53 Bump version number
  • fa8a2b0 Update README for todays releases
  • 26c8500 Use secure_compare for hmac comparison
  • feea59c Add secure_compare to Rack::Utils
  • 8ded2f7 Bump version
  • fca6e46 Update README for release. Add security section.
  • f7b7e1f Remove error test, implementation not backported
  • 6f43b04 Squash warnings in spec_auth
  • 89f6fc8 Reimplement auth scheme fix
  • 231d1a9 Add release announcements to README
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/MagLev/maglev/network/alerts).