gma
commented
4 years ago Thanks for that, I hadn't seen that CVE. I have done some work towards Rack 2 already, I'll brush it off and have a look.
Closed etc closed 4 years ago
gma
commented
4 years ago Thanks for that, I hadn't seen that CVE. I have done some work towards Rack 2 already, I'll brush it off and have a look.
gma
commented
4 years ago I've got a rack-2 branch that appears to be working well. Do you fancy taking it for a spin before I release it as 0.12.0?
There have been a few significant upgrades since 0.11.1, so if you're interested and can spare the time I'd love to hear if you encounter any issues...
I've dropped Ruby 2.2, 2.3 and 2.4 from the Travis build too. 2.5, 2.6 and 2.7 are all running fine.
gma
commented
4 years ago @etc This is how I've tested it on a couple of my sites, in Gemfile:
gem 'nesta', git: 'https://github.com/gma/nesta', branch: 'rack-2'
etc
commented
4 years ago Thanks! I've run my site locally from that branch and all seems to work fine.
gma
commented
4 years ago Cheers @etc. I've just merged the branch to master and pushed out a new release (0.12.0).
etc
commented
4 years ago Brilliant, thanks.
Because of the fact that Nesta currently relies on an old version of Sinatra, which in turn relies on an old version of Rack, it is currently vulnerable to this: https://github.com/advisories/GHSA-j6w9-fv6q-3q52. Does anything stand in the way of updating the Sinatra dependency so that Nesta uses Rack version 2.1.4 or later?