Changelog
*Sourced from [rack's changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md).*
> # Changelog
> All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/)
>
> ## [Unreleased]
> ### Added
> - CHANGELOG.md using keep a changelog formatting by [@twitnithegirl](https://github.com/twitnithegirl)
>
> ### Changed
> - `Rack::Utils.status_code` now raises an error when the status symbol is invalid instead of `500`.
> - `Rack::Request::SCHEME_WHITELIST` has been renamed to `Rack::Request::ALLOWED_SCHEMES`
> - `Rack::Multipart::Parser.get_filename` now accepts file that contains `+` in its name, avoiding the replacement of `+` to space character since filenames with `+` are valid.
>
> ### Removed
> - HISTORY.md by [@twitnithegirl](https://github.com/twitnithegirl)
> - NEWS.md by [@twitnithegirl](https://github.com/twitnithegirl)
>
>
> #
> #
> # History/News Archive
> Items below this line are from the previously maintained HISTORY.md and NEWS.md files.
> #
>
> ## [2.0.0]
> - Rack::Session::Abstract::ID is deprecated. Please change to use Rack::Session::Abstract::Persisted
>
> ## [2.0.0.alpha] 2015-12-04
> - First-party "SameSite" cookies. Browsers omit SameSite cookies from third-party requests, closing the door on many CSRF attacks.
> - Pass `same_site: true` (or `:strict`) to enable: response.set_cookie 'foo', value: 'bar', same_site: true or `same_site: :lax` to use Lax enforcement: response.set_cookie 'foo', value: 'bar', same_site: :lax
> - Based on version 7 of the Same-site Cookies internet draft:
> https://tools.ietf.org/html/draft-west-first-party-cookies-07
> - Thanks to Ben Toews ([@mastahyeti](https://github.com/mastahyeti)) and Bob Long ([@bobjflong](https://github.com/bobjflong)) for updating to drafts 5 and 7.
> - Add `Rack::Events` middleware for adding event based middleware: middleware that does not care about the response body, but only cares about doing work at particular points in the request / response lifecycle.
> - Add `Rack::Request#authority` to calculate the authority under which the response is being made (this will be handy for h2 pushes).
> - Add `Rack::Response::Helpers#cache_control` and `cache_control=`. Use this for setting cache control headers on your response objects.
> - Add `Rack::Response::Helpers#etag` and `etag=`. Use this for setting etag values on the response.
> - Introduce `Rack::Response::Helpers#add_header` to add a value to a multi-valued response header. Implemented in terms of other `Response#*_header` methods, so it's available to any response-like class that includes the `Helpers` module.
> - Add `Rack::Request#add_header` to match.
> - `Rack::Session::Abstract::ID` IS DEPRECATED. Please switch to `Rack::Session::Abstract::Persisted`. `Rack::Session::Abstract::Persisted` uses a request object rather than the `env` hash.
> - Pull `ENV` access inside the request object in to a module. This will help with legacy Request objects that are ENV based but don't want to inherit from Rack::Request
> - Move most methods on the `Rack::Request` to a module `Rack::Request::Helpers` and use public API to get values from the request object. This enables users to mix `Rack::Request::Helpers` in to their own objects so they can implement `(get|set|fetch|each)_header` as they see fit (for example a proxy object).
> - Files and directories with + in the name are served correctly. Rather than unescaping paths like a form, we unescape with a URI parser using `Rack::Utils.unescape_path`. Fixes [#265](https://github-redirect.dependabot.com/rack/rack/issues/265)
> - Tempfiles are automatically closed in the case that there were too
> many posted.
> - Added methods for manipulating response headers that don't assume
> they're stored as a Hash. Response-like classes may include the
> Rack::Response::Helpers module if they define these methods:
> - Rack::Response#has_header?
> - Rack::Response#get_header
> - Rack::Response#set_header
> ... (truncated)
Commits
- [`2bef132`](https://github.com/rack/rack/commit/2bef132505cb2f80c432e3f4526dfef969cd2e25) Bumping version for release
- [`97ca63d`](https://github.com/rack/rack/commit/97ca63d87d88b4088fb1995b14103d4fe6a5e594) Whitelist http/https schemes
- [`7b5054e`](https://github.com/rack/rack/commit/7b5054eedfdbd8f7dd5f348b0a02678b64fdd9de) Merge pull request [#1296](https://github-redirect.dependabot.com/rack/rack/issues/1296) from tomelm/fix-prefers-plaintext
- [`fdcd03a`](https://github.com/rack/rack/commit/fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77) Bump version for release
- [`2293c6a`](https://github.com/rack/rack/commit/2293c6a21925a70a2e9e67138edd341c5418ec4b) Merge pull request [#1249](https://github-redirect.dependabot.com/rack/rack/issues/1249) from mclark/handle-invalid-method-parameters
- [`b27dd86`](https://github.com/rack/rack/commit/b27dd86738c21110cc5e8befa2fa217f81124ee3) handle failure to upcase invalid strings
- [`274d934`](https://github.com/rack/rack/commit/274d934f32cc08a550f9e37bfdced7e228b42196) Stick with a passing version of Rubygems and bundler
- [`617aac0`](https://github.com/rack/rack/commit/617aac0fb89f25603afc2b6497fdc3333354aee5) bump version for release
- [`dc017e7`](https://github.com/rack/rack/commit/dc017e78612ae96e222cee8619dba0bb1dbc11a9) Merge pull request [#1237](https://github-redirect.dependabot.com/rack/rack/issues/1237) from eileencodes/backport-1137
- [`4d6965a`](https://github.com/rack/rack/commit/4d6965abb840d4543bcaf00e96482afe94442045) Backport pull request [#1137](https://github-redirect.dependabot.com/rack/rack/issues/1137) from unabridged/fix-eof-failure
- Additional commits viewable in [compare view](https://github.com/rack/rack/compare/1.5.2...1.6.11)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/antirez/lamernews/network/alerts).
Bumps rack from 1.5.2 to 1.6.11.
Changelog
*Sourced from [rack's changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md).* > # Changelog > All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/) > > ## [Unreleased] > ### Added > - CHANGELOG.md using keep a changelog formatting by [@twitnithegirl](https://github.com/twitnithegirl) > > ### Changed > - `Rack::Utils.status_code` now raises an error when the status symbol is invalid instead of `500`. > - `Rack::Request::SCHEME_WHITELIST` has been renamed to `Rack::Request::ALLOWED_SCHEMES` > - `Rack::Multipart::Parser.get_filename` now accepts file that contains `+` in its name, avoiding the replacement of `+` to space character since filenames with `+` are valid. > > ### Removed > - HISTORY.md by [@twitnithegirl](https://github.com/twitnithegirl) > - NEWS.md by [@twitnithegirl](https://github.com/twitnithegirl) > > > # > # > # History/News Archive > Items below this line are from the previously maintained HISTORY.md and NEWS.md files. > # > > ## [2.0.0] > - Rack::Session::Abstract::ID is deprecated. Please change to use Rack::Session::Abstract::Persisted > > ## [2.0.0.alpha] 2015-12-04 > - First-party "SameSite" cookies. Browsers omit SameSite cookies from third-party requests, closing the door on many CSRF attacks. > - Pass `same_site: true` (or `:strict`) to enable: response.set_cookie 'foo', value: 'bar', same_site: true or `same_site: :lax` to use Lax enforcement: response.set_cookie 'foo', value: 'bar', same_site: :lax > - Based on version 7 of the Same-site Cookies internet draft: > https://tools.ietf.org/html/draft-west-first-party-cookies-07 > - Thanks to Ben Toews ([@mastahyeti](https://github.com/mastahyeti)) and Bob Long ([@bobjflong](https://github.com/bobjflong)) for updating to drafts 5 and 7. > - Add `Rack::Events` middleware for adding event based middleware: middleware that does not care about the response body, but only cares about doing work at particular points in the request / response lifecycle. > - Add `Rack::Request#authority` to calculate the authority under which the response is being made (this will be handy for h2 pushes). > - Add `Rack::Response::Helpers#cache_control` and `cache_control=`. Use this for setting cache control headers on your response objects. > - Add `Rack::Response::Helpers#etag` and `etag=`. Use this for setting etag values on the response. > - Introduce `Rack::Response::Helpers#add_header` to add a value to a multi-valued response header. Implemented in terms of other `Response#*_header` methods, so it's available to any response-like class that includes the `Helpers` module. > - Add `Rack::Request#add_header` to match. > - `Rack::Session::Abstract::ID` IS DEPRECATED. Please switch to `Rack::Session::Abstract::Persisted`. `Rack::Session::Abstract::Persisted` uses a request object rather than the `env` hash. > - Pull `ENV` access inside the request object in to a module. This will help with legacy Request objects that are ENV based but don't want to inherit from Rack::Request > - Move most methods on the `Rack::Request` to a module `Rack::Request::Helpers` and use public API to get values from the request object. This enables users to mix `Rack::Request::Helpers` in to their own objects so they can implement `(get|set|fetch|each)_header` as they see fit (for example a proxy object). > - Files and directories with + in the name are served correctly. Rather than unescaping paths like a form, we unescape with a URI parser using `Rack::Utils.unescape_path`. Fixes [#265](https://github-redirect.dependabot.com/rack/rack/issues/265) > - Tempfiles are automatically closed in the case that there were too > many posted. > - Added methods for manipulating response headers that don't assume > they're stored as a Hash. Response-like classes may include the > Rack::Response::Helpers module if they define these methods: > - Rack::Response#has_header? > - Rack::Response#get_header > - Rack::Response#set_header > ... (truncated)Commits
- [`2bef132`](https://github.com/rack/rack/commit/2bef132505cb2f80c432e3f4526dfef969cd2e25) Bumping version for release - [`97ca63d`](https://github.com/rack/rack/commit/97ca63d87d88b4088fb1995b14103d4fe6a5e594) Whitelist http/https schemes - [`7b5054e`](https://github.com/rack/rack/commit/7b5054eedfdbd8f7dd5f348b0a02678b64fdd9de) Merge pull request [#1296](https://github-redirect.dependabot.com/rack/rack/issues/1296) from tomelm/fix-prefers-plaintext - [`fdcd03a`](https://github.com/rack/rack/commit/fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77) Bump version for release - [`2293c6a`](https://github.com/rack/rack/commit/2293c6a21925a70a2e9e67138edd341c5418ec4b) Merge pull request [#1249](https://github-redirect.dependabot.com/rack/rack/issues/1249) from mclark/handle-invalid-method-parameters - [`b27dd86`](https://github.com/rack/rack/commit/b27dd86738c21110cc5e8befa2fa217f81124ee3) handle failure to upcase invalid strings - [`274d934`](https://github.com/rack/rack/commit/274d934f32cc08a550f9e37bfdced7e228b42196) Stick with a passing version of Rubygems and bundler - [`617aac0`](https://github.com/rack/rack/commit/617aac0fb89f25603afc2b6497fdc3333354aee5) bump version for release - [`dc017e7`](https://github.com/rack/rack/commit/dc017e78612ae96e222cee8619dba0bb1dbc11a9) Merge pull request [#1237](https://github-redirect.dependabot.com/rack/rack/issues/1237) from eileencodes/backport-1137 - [`4d6965a`](https://github.com/rack/rack/commit/4d6965abb840d4543bcaf00e96482afe94442045) Backport pull request [#1137](https://github-redirect.dependabot.com/rack/rack/issues/1137) from unabridged/fix-eof-failure - Additional commits viewable in [compare view](https://github.com/rack/rack/compare/1.5.2...1.6.11)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/antirez/lamernews/network/alerts).