chore(deps): update dependency sinatra to v4 [security]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sinatra (source, changelog)	`"~> 2.0"` -> `"~> 4.1"`

GitHub Vulnerability Alerts

CVE-2024-21510

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.

Release Notes

sinatra/sinatra (sinatra)

### [`v4.1.0`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#410--2024-11-18) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v4.0.0...v4.1.0) - New: Add `host_authorization` setting ([#2053](https://redirect.github.com/sinatra/sinatra/pull/2053)) - Defaults to `.localhost`, `.test` and any IP address in development mode. - Security: addresses [CVE-2018-11627](https://redirect.github.com/advisories/GHSA-hxx2-7vcw-mqr3). - Fix: Return an instance of `Sinatra::IndifferentHash` when calling `#except` ([#2044](https://redirect.github.com/sinatra/sinatra/pull/2044)) - Fix: Address warning from `URI` for Ruby 3.4 ([#2060](https://redirect.github.com/sinatra/sinatra/pull/2060)) - Fix: `rackup` no longer depends on WEBrick, recommend Puma instead ([`4a558503`](https://redirect.github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6)) - Fix: Zeitwerk 2.7.0+ compatibility ([#2050](https://redirect.github.com/sinatra/sinatra/pull/2050)) - Fix: Address warning about Hash construction for Ruby 3.4 ([#2028](https://redirect.github.com/sinatra/sinatra/pull/2028)) - Fix: Declare missing dependencies for Ruby 3.5 ([#2032](https://redirect.github.com/sinatra/sinatra/pull/2032)) - Fix: Compatibility with `--enable-frozen-string-literal` ([#2033](https://redirect.github.com/sinatra/sinatra/pull/2033)) - Fix: Rack 3.1 compatibility ([#2035](https://redirect.github.com/sinatra/sinatra/pull/2035)) - Don't depend on `Rack::Logger` - Don't delete `content-length` header when `Rack::Files` is used ### [`v4.0.0`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#400--2024-01-19) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v3.2.0...v4.0.0) - New: Add support for Rack 3 ([#1857]) - Note: you may want to read the [Rack 3 Upgrade Guide] - Require Ruby 2.7.8 as minimum Ruby version ([#1993]) - Breaking change: Drop support for Rack 2 ([#1857]) - Note: when using Sinatra to start the web server, you now need the `rackup` gem installed - Breaking change: Remove the `IndifferentHash` initializer ([#1982]) - Breaking change: Disable `session_hijacking` protection by default ([#1984]) - Breaking change: Remove `Rack::Protection::EncryptedCookie` ([#1989]) - Note: cookies are still encrypted (by [`Rack::Session::Cookie`][Rack::Session::Cookie]) [#1857]: https://redirect.github.com/sinatra/sinatra/pull/1857 [#1993]: https://redirect.github.com/sinatra/sinatra/pull/1993 [#1982]: https://redirect.github.com/sinatra/sinatra/pull/1982 [#1984]: https://redirect.github.com/sinatra/sinatra/pull/1984 [#1989]: https://redirect.github.com/sinatra/sinatra/pull/1989 [`Rack::Session::Cookie`]: https://redirect.github.com/rack/rack-session [Rack 3 Upgrade Guide]: https://redirect.github.com/rack/rack/blob/main/UPGRADE-GUIDE.md ### [`v3.2.0`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#320--2023-12-29) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v3.1.0...v3.2.0) - New: Add `#except` method to `Sinatra::IndifferentHash` ([#1940]) - New: Use `Exception#detailed_message` to show backtrace ([#1952]) - New: Add `Sinatra::HamlHelpers` to sinatra-contrib ([#1960]) - Fix: Add `base64` to rack-protection runtime dependencies ([#1946]) - Fix: Avoid open-ended dependencies for sinatra-contrib and rack-protection ([#1949]) - Fix: Helpful message when `Sinatra::Runner` times out ([#1975]) - Fix: Ruby 3.3 + Bundler 2.5 compatibility ([#1975]) [#1940]: https://redirect.github.com/sinatra/sinatra/pull/1940 [#1946]: https://redirect.github.com/sinatra/sinatra/pull/1946 [#1949]: https://redirect.github.com/sinatra/sinatra/pull/1949 [#1952]: https://redirect.github.com/sinatra/sinatra/pull/1952 [#1960]: https://redirect.github.com/sinatra/sinatra/pull/1960 [#1975]: https://redirect.github.com/sinatra/sinatra/pull/1975 ### [`v3.1.0`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#310--2023-08-07) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v3.0.6...v3.1.0) - New: Add sass support via sass-embedded [#1911] by なつき - New: Add start and stop callbacks [#1913] by Jevin Sew - New: Warn on dropping sessions [#1900] by Jonathan del Strother - New: Make Puma the default server [#1924] by Patrik Ragnarsson - Fix: Remove use of Tilt::Cache [#1922] by Jeremy Evans (allows use of Tilt 2.2.0 without deprecation warning) - Fix: rack-protection: specify rack version requirement [#1932] by Patrik Ragnarsson [#1911]: https://redirect.github.com/sinatra/sinatra/pull/1911 [#1913]: https://redirect.github.com/sinatra/sinatra/pull/1913 [#1900]: https://redirect.github.com/sinatra/sinatra/pull/1900 [#1924]: https://redirect.github.com/sinatra/sinatra/pull/1924 [#1922]: https://redirect.github.com/sinatra/sinatra/pull/1922 [#1932]: https://redirect.github.com/sinatra/sinatra/pull/1932 ### [`v3.0.6`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#306--2023-04-11) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v3.0.5...v3.0.6) - Fix: Add support to keep open streaming connections with Puma [#1858](https://redirect.github.com/sinatra/sinatra/pull/1858) by Jordan Owens - Fix: Avoid crash in `uri` helper on Integer input [#1890](https://redirect.github.com/sinatra/sinatra/pull/1890) by Patrik Ragnarsson - Fix: Rescue `RuntimeError` when trying to use `SecureRandom` [#1888](https://redirect.github.com/sinatra/sinatra/pull/1888) by Stefan Sundin ### [`v3.0.5`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#305--2022-12-16) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v3.0.4...v3.0.5) - Fix: Add Zeitwerk compatibility. [#1831](https://redirect.github.com/sinatra/sinatra/pull/1831) by Dawid Janczak - Fix: Allow CALLERS_TO_IGNORE to be overridden ### [`v3.0.4`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#304--2022-11-25) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v3.0.3...v3.0.4) - Fix: Escape filename in the Content-Disposition header. [#1841](https://redirect.github.com/sinatra/sinatra/pull/1841) by Kunpei Sakai ### [`v3.0.3`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#303--2022-11-11) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v3.0.2...v3.0.3) - Fix: fixed ReDoS for Rack::Protection::IPSpoofing. [#1823](https://redirect.github.com/sinatra/sinatra/pull/1823) by [@ooooooo-q](https://redirect.github.com/ooooooo-q) ### [`v3.0.2`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#302--2022-10-01) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v3.0.1...v3.0.2) - New: Add Haml 6 support. [#1820](https://redirect.github.com/sinatra/sinatra/pull/1820) by Jordan Owens ### [`v3.0.1`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#301--2022-09-26) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v3.0.0...v3.0.1) - Fix: Revert removal of rack-protection.rb. [#1814](https://redirect.github.com/sinatra/sinatra/pull/1814) by Olle Jonsson - Fix: Revert change to server start and stop messaging by using Kernel#warn. Renamed internal warn method warn_for_deprecation. [#1818](https://redirect.github.com/sinatra/sinatra/pull/1818) by Jordan Owens ### [`v3.0.0`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#300--2022-09-26) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.2.4...v3.0.0) - New: Add Falcon support. [#1794](https://redirect.github.com/sinatra/sinatra/pull/1794) by Samuel Williams and [@horaciob](https://redirect.github.com/horaciob) - New: Add AES GCM encryption support for session cookies. \[[#1324](https://redirect.github.com/sinatra/sinatra/issues/1324)] ([https://github.com/sinatra/sinatra/pull/1324](https://redirect.github.com/sinatra/sinatra/pull/1324)) by Michael Coyne - Deprecated: Sinatra Reloader will be removed in the next major release. - Fix: Internal Sinatra errors now extend `Sinatra::Error`. This fixes [#1204](https://redirect.github.com/sinatra/sinatra/issues/1204) and [#1518](https://redirect.github.com/sinatra/sinatra/issues/1518). [bda8c29d](https://redirect.github.com/sinatra/sinatra/commit/bda8c29d70619d53f5b1c181140638d340695514) by Jordan Owens - Fix: Preserve query param value if named route param nil. [#1676](https://redirect.github.com/sinatra/sinatra/pull/1676) by Jordan Owens - Require Ruby 2.6 as minimum Ruby version. [#1699](https://redirect.github.com/sinatra/sinatra/pull/1699) by Eloy Pérez - Breaking change: Remove support for the Stylus template engine. [#1697](https://redirect.github.com/sinatra/sinatra/pull/1697) by Eloy Pérez - Breaking change: Remove support for the erubis template engine. [#1761](https://redirect.github.com/sinatra/sinatra/pull/1761) by Eloy Pérez - Breaking change: Remove support for the textile template engine. [#1766](https://redirect.github.com/sinatra/sinatra/pull/1766) by Eloy Pérez - Breaking change: Remove support for SASS as a template engine. [#1768](https://redirect.github.com/sinatra/sinatra/pull/1768) by Eloy Pérez - Breaking change: Remove support for Wlang as a template engine. [#1780](https://redirect.github.com/sinatra/sinatra/pull/1780) by Eloy Pérez - Breaking change: Remove support for CoffeeScript as a template engine. [#1790](https://redirect.github.com/sinatra/sinatra/pull/1790) by Eloy Pérez - Breaking change: Remove support for Mediawiki as a template engine. [#1791](https://redirect.github.com/sinatra/sinatra/pull/1791) by Eloy Pérez - Breaking change: Remove support for Creole as a template engine. [#1792](https://redirect.github.com/sinatra/sinatra/pull/1792) by Eloy Pérez - Breaking change: Remove support for Radius as a template engine. [#1793](https://redirect.github.com/sinatra/sinatra/pull/1793) by Eloy Pérez - Breaking change: Remove support for the defunct Less templating library. See [#1716](https://redirect.github.com/sinatra/sinatra/issues/1716), [#1715](https://redirect.github.com/sinatra/sinatra/issues/1715) for more discussion and background. [d1af2f1e](https://redirect.github.com/sinatra/sinatra/commit/d1af2f1e6c8710419dfe3102a660f7a32f0e67e3) by Olle Jonsson - Breaking change: Remove Reel integration. [54597502](https://redirect.github.com/sinatra/sinatra/commit/545975025927a27a1daca790598620038979f1c5) by Olle Jonsson - CI: Start testing on Ruby 3.1. [60e221940](https://redirect.github.com/sinatra/sinatra/commit/60e2219407e6ae067bf3e53eb060ee4860c60c8d) and [b0fa4bef](https://redirect.github.com/sinatra/sinatra/commit/b0fa4beffaa3b10bf02947d0a35e137403296c6b) by Johannes Würbach - Use `Kernel#caller_locations`. [#1491](https://redirect.github.com/sinatra/sinatra/pull/1491) by Julik Tarkhanov - Docs: Japanese documentation: Add notes about the `default_content_type` setting. [#1650](https://redirect.github.com/sinatra/sinatra/pull/1650) by Akifumi Tominaga - Docs: Polish documentation: Add section about Multithreaded modes and Routes. [#1708](https://redirect.github.com/sinatra/sinatra/pull/1708) by Patrick Gramatowski - Docs: Japanese documentation: Make Session section reflect changes done to README.md. [#1731](https://redirect.github.com/sinatra/sinatra/pull/1731) by [@shu-i-chi](https://redirect.github.com/shu-i-chi) ### [`v2.2.4`](https://redirect.github.com/sinatra/sinatra/compare/v2.2.3...v2.2.4) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.2.3...v2.2.4) ### [`v2.2.3`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#223--2022-11-25) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.2.2...v2.2.3) - Fix: Escape filename in the Content-Disposition header. [#1841](https://redirect.github.com/sinatra/sinatra/pull/1841) by Kunpei Sakai - Fix: fixed ReDoS for Rack::Protection::IPSpoofing. [#1823](https://redirect.github.com/sinatra/sinatra/pull/1823) by [@ooooooo-q](https://redirect.github.com/ooooooo-q) ### [`v2.2.2`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#222--2022-07-23) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.2.1...v2.2.2) - Update mustermann dependency to version 2. ### [`v2.2.1`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#221--2022-07-15) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.2.0...v2.2.1) - Fix JRuby regression by using ruby2\_keywords for delegation. [#1750](https://redirect.github.com/sinatra/sinatra/issues/1750) by Patrik Ragnarsson - Add JRuby to CI. [#1755](https://redirect.github.com/sinatra/sinatra/issues/1755) by Karol Bucek ### [`v2.2.0`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#220--2022-02-15) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.1.0...v2.2.0) - Breaking change: Add `#select`, `#reject` and `#compact` methods to `Sinatra::IndifferentHash`. If hash keys need to be converted to symbols, call `#to_h` to get a `Hash` instance first. [#1711](https://redirect.github.com/sinatra/sinatra/pull/1711) by Olivier Bellone - Handle EOFError raised by Rack and return Bad Request 400 status. [#1743](https://redirect.github.com/sinatra/sinatra/pull/1743) by tamazon - Minor refactors in `base.rb`. [#1640](https://redirect.github.com/sinatra/sinatra/pull/1640) by ceclinux - Add escaping to the static 404 page. [#1645](https://redirect.github.com/sinatra/sinatra/pull/1645) by Chris Gavin - Remove `detect_rack_handler` method. [#1652](https://redirect.github.com/sinatra/sinatra/pull/1652) by ceclinux - Respect content type set in superclass before filter. Fixes [#1647](https://redirect.github.com/sinatra/sinatra/issues/1647) [#1649](https://redirect.github.com/sinatra/sinatra/pull/1649) by Jordan Owens - *Revert "Use prepend instead of include for helpers.* [#1662](https://redirect.github.com/sinatra/sinatra/pull/1662) by namusyaka - Fix usage of inherited `Sinatra::Base` classes keyword arguments. Fixes [#1669](https://redirect.github.com/sinatra/sinatra/issues/1669) [#1670](https://redirect.github.com/sinatra/sinatra/pull/1670) by Cadu Ribeiro - Reduce RDoc generation time by not including every README. Fixes [#1578](https://redirect.github.com/sinatra/sinatra/issues/1578) [#1671](https://redirect.github.com/sinatra/sinatra/pull/1671) by Eloy Pérez - Add support for per form csrf tokens. Fixes [#1616](https://redirect.github.com/sinatra/sinatra/issues/1616) [#1653](https://redirect.github.com/sinatra/sinatra/pull/1653) by Jordan Owens - Update MAINTENANCE.md with the `stable` branch status. [#1681](https://redirect.github.com/sinatra/sinatra/pull/1681) by Fredrik Rubensson - Validate expanded path matches `public_dir` when serving static files. [#1683](https://redirect.github.com/sinatra/sinatra/pull/1683) by cji-stripe - Fix Delegator to pass keyword arguments for Ruby 3.0. [#1684](https://redirect.github.com/sinatra/sinatra/pull/1684) by andrewtblake - Fix use with keyword arguments for Ruby 3.0. [#1701](https://redirect.github.com/sinatra/sinatra/pull/1701) by Robin Wallin - Fix memory leaks for proc template. Fixes [#1704](https://redirect.github.com/sinatra/sinatra/issues/1714) [#1719](https://redirect.github.com/sinatra/sinatra/pull/1719) by Slevin - Remove unnecessary `test_files` from the gemspec. [#1712](https://redirect.github.com/sinatra/sinatra/pull/1712) by Masataka Pocke Kuwabara - Docs: Spanish documentation: Update README.es.md with removal of Thin. [#1630](https://redirect.github.com/sinatra/sinatra/pull/1630) by Espartaco Palma - Docs: German documentation: Fixed typos in German README.md. [#1648](https://redirect.github.com/sinatra/sinatra/pull/1648) by Juri - Docs: Japanese documentation: Update README.ja.md with removal of Thin. [#1629](https://redirect.github.com/sinatra/sinatra/pull/1629) by Ryuichi KAWAMATA - Docs: English documentation: Various minor fixes to README.md. [#1663](https://redirect.github.com/sinatra/sinatra/pull/1663) by Yanis Zafirópulos - Docs: English documentation: Document when `dump_errors` is enabled. Fixes [#1664](https://redirect.github.com/sinatra/sinatra/issues/1664) [#1665](https://redirect.github.com/sinatra/sinatra/pull/1665) by Patrik Ragnarsson - Docs: Brazilian Portuguese documentation: Update README.pt-br.md with translation fixes. [#1668](https://redirect.github.com/sinatra/sinatra/pull/1668) by Vitor Oliveira ##### CI - Use latest JRuby 9.2.16.0 on CI. [#1682](https://redirect.github.com/sinatra/sinatra/pull/1682) by Olle Jonsson - Switch CI from travis to GitHub Actions. [#1691](https://redirect.github.com/sinatra/sinatra/pull/1691) by namusyaka - Skip the Slack action if `secrets.SLACK_WEBHOOK` is not set. [#1705](https://redirect.github.com/sinatra/sinatra/pull/1705) by Robin Wallin - Small CI improvements. [#1703](https://redirect.github.com/sinatra/sinatra/pull/1703) by Robin Wallin - Drop auto-generated boilerplate comments from CI configuration file. [#1728](https://redirect.github.com/sinatra/sinatra/pull/1728) by Olle Jonsson ##### sinatra-contrib - Do not raise when key is an enumerable. [#1619](https://redirect.github.com/sinatra/sinatra/pull/1619) by Ulysse Buonomo ##### Rack protection - Fix broken `origin_whitelist` option. Fixes [#1641](https://redirect.github.com/sinatra/sinatra/issues/1641) [#1642](https://redirect.github.com/sinatra/sinatra/pull/1642) by Takeshi YASHIRO ### [`v2.1.0`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#210--2020-09-05) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.0.8.1...v2.1.0) - Fix additional Ruby 2.7 keyword warnings [#1586](https://redirect.github.com/sinatra/sinatra/pull/1586) by Stefan Sundin - Drop Ruby 2.2 support [#1455](https://redirect.github.com/sinatra/sinatra/pull/1455) by Eloy Pérez - Add Rack::Protection::ReferrerPolicy [#1291](https://redirect.github.com/sinatra/sinatra/pull/1291) by Stefan Sundin - Add `default_content_type` setting. Fixes [#1238](https://redirect.github.com/sinatra/sinatra/pull/1238) [#1239](https://redirect.github.com/sinatra/sinatra/pull/1239) by Mike Pastore - Allow `set :` in sinatra-namespace [#1255](https://redirect.github.com/sinatra/sinatra/pull/1255) by Christian Höppner - Use prepend instead of include for helpers. Fixes [#1213](https://redirect.github.com/sinatra/sinatra/pull/1213) [#1214](https://redirect.github.com/sinatra/sinatra/pull/1214) by Mike Pastore - Fix issue with passed routes and provides Fixes [#1095](https://redirect.github.com/sinatra/sinatra/pull/1095) [#1606](https://redirect.github.com/sinatra/sinatra/pull/1606) by Mike Pastore, Jordan Owens - Add QuietLogger that excludes paths from Rack::CommonLogger [1250](https://redirect.github.com/sinatra/sinatra/pull/1250) by Christoph Wagner - Sinatra::Contrib dependency updates. Fixes [#1207](https://redirect.github.com/sinatra/sinatra/pull/1207) [#1411](https://redirect.github.com/sinatra/sinatra/pull/1411) by Mike Pastore - Allow CSP to fallback to default-src. Fixes [#1484](https://redirect.github.com/sinatra/sinatra/pull/1484) [#1490](https://redirect.github.com/sinatra/sinatra/pull/1490) by Jordan Owens - Replace `origin_whitelist` with `permitted_origins`. Closes [#1620](https://redirect.github.com/sinatra/sinatra/issues/1620) [#1625](https://redirect.github.com/sinatra/sinatra/pull/1625) by rhymes - Use Rainbows instead of thin for async/stream features. Closes [#1624](https://redirect.github.com/sinatra/sinatra/issues/1624) [#1627](https://redirect.github.com/sinatra/sinatra/pull/1627) by Ryuichi KAWAMATA - Enable EscapedParams if passed via settings. Closes [#1615](https://redirect.github.com/sinatra/sinatra/issues/1615) [#1632](https://redirect.github.com/sinatra/sinatra/issues/1632) by Anders Bälter - Support for parameters in mime types. Fixes [#1141](https://redirect.github.com/sinatra/sinatra/issues/1141) by John Hope - Handle null byte when serving static files [#1574](https://redirect.github.com/sinatra/sinatra/issues/1574) by Kush Fanikiso - Improve development support and documentation and source code by Olle Jonsson, Pierre-Adrien Buisson, Shota Iguchi ### [`v2.0.8.1`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#2081--2020-01-02) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.0.8...v2.0.8.1) - Allow multiple hashes to be passed in `merge` and `merge!` for `Sinatra::IndifferentHash` [#1572](https://redirect.github.com/sinatra/sinatra/pull/1572) by Shota Iguchi ### [`v2.0.8`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#2081--2020-01-02) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.0.7...v2.0.8) - Allow multiple hashes to be passed in `merge` and `merge!` for `Sinatra::IndifferentHash` [#1572](https://redirect.github.com/sinatra/sinatra/pull/1572) by Shota Iguchi ### [`v2.0.7`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#207--2019-08-22) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.0.6...v2.0.7) - Fix a regression [#1560](https://redirect.github.com/sinatra/sinatra/pull/1560) by Kunpei Sakai ### [`v2.0.6`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#206--2019-08-21) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.0.5...v2.0.6) - Fix an issue setting environment from command line option [#1547](https://redirect.github.com/sinatra/sinatra/pull/1547), [#1554](https://redirect.github.com/sinatra/sinatra/pull/1554) by Jordan Owens, Kunpei Sakai - Support pandoc as a new markdown renderer [#1533](https://redirect.github.com/sinatra/sinatra/pull/1533) by Vasiliy - Remove outdated code for tilt 1.x [#1532](https://redirect.github.com/sinatra/sinatra/pull/1532) by Vasiliy - Remove an extra logic for `force_encoding` [#1527](https://redirect.github.com/sinatra/sinatra/pull/1527) by Jordan Owens - Avoid multiple errors even if `params` contains special values [#1526](https://redirect.github.com/sinatra/sinatra/pull/1527) by Kunpei Sakai - Support `bundler/inline` with `require 'sinatra'` integration [#1520](https://redirect.github.com/sinatra/sinatra/pull/1520) by Kunpei Sakai - Avoid `TypeError` when params contain a key without a value on Ruby < 2.4 [#1516](https://redirect.github.com/sinatra/sinatra/pull/1516) by Samuel Giddins - Improve development support and documentation and source code by Olle Jonsson, Basavanagowda Kanur, Yuki MINAMIYA ### [`v2.0.5`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#205--2018-12-22) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.0.4...v2.0.5) - Avoid FrozenError when params contains frozen value [#1506](https://redirect.github.com/sinatra/sinatra/pull/1506) by Kunpei Sakai - Add support for Erubi [#1494](https://redirect.github.com/sinatra/sinatra/pull/1494) by [@tkmru](https://redirect.github.com/tkmru) - `IndifferentHash` monkeypatch warning improvements [#1477](https://redirect.github.com/sinatra/sinatra/pull/1477) by Mike Pastore - Improve development support and documentation and source code by Anusree Prakash, Jordan Owens, [@ceclinux](https://redirect.github.com/ceclinux) and [@krororo](https://redirect.github.com/krororo). ##### sinatra-contrib - Add `flush` option to `content_for` [#1225](https://redirect.github.com/sinatra/sinatra/pull/1225) by Shota Iguchi - Drop activesupport dependency from sinatra-contrib [#1448](https://redirect.github.com/sinatra/sinatra/pull/1448) - Update `yield_content` to append default to ERB template buffer [#1500](https://redirect.github.com/sinatra/sinatra/pull/1500) by Jordan Owens ##### rack-protection - Don't track the Accept-Language header by default [#1504](https://redirect.github.com/sinatra/sinatra/pull/1504) by Artem Chistyakov ### [`v2.0.4`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#204--2018-09-15) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.0.3...v2.0.4) - Don't blow up when passing frozen string to `send_file` disposition [#1137](https://redirect.github.com/sinatra/sinatra/pull/1137) by Andrew Selder - Fix ubygems LoadError [#1436](https://redirect.github.com/sinatra/sinatra/pull/1436) by Pavel Rosický - Unescape regex captures [#1446](https://redirect.github.com/sinatra/sinatra/pull/1446) by Jordan Owens - Slight performance improvements for IndifferentHash [#1427](https://redirect.github.com/sinatra/sinatra/pull/1427) by Mike Pastore - Improve development support and documentation and source code by Will Yang, Jake Craige, Grey Baker and Guilherme Goettems Schneider ### [`v2.0.3`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#203--2018-06-09) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.0.2...v2.0.3) - Fix the backports gem regression [#1442](https://redirect.github.com/sinatra/sinatra/issues/1442) by Marc-André Lafortune ### [`v2.0.2`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#202--2018-06-05) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.0.1...v2.0.2) - Escape invalid query parameters [#1432](https://redirect.github.com/sinatra/sinatra/issues/1432) by Kunpei Sakai - The patch fixes [CVE-2018-11627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11627). - Fix undefined method error for `Sinatra::RequiredParams` with hash key [#1431](https://redirect.github.com/sinatra/sinatra/issues/1431) by Arpit Chauhan - Add xml content-types to valid html_types for Rack::Protection [#1413](https://redirect.github.com/sinatra/sinatra/issues/1413) by Reenan Arbitrario - Encode route parameters using :default_encoding setting [#1412](https://redirect.github.com/sinatra/sinatra/issues/1412) by Brian m. Carlson - Fix unpredictable behaviour from Sinatra::ConfigFile [#1244](https://redirect.github.com/sinatra/sinatra/issues/1244) by John Hope - Add Sinatra::IndifferentHash#slice [#1405](https://redirect.github.com/sinatra/sinatra/issues/1405) by Shota Iguchi - Remove status code 205 from drop body response [#1398](https://redirect.github.com/sinatra/sinatra/issues/1398) by Shota Iguchi - Ignore empty captures from params [#1390](https://redirect.github.com/sinatra/sinatra/issues/1390) by Shota Iguchi - Improve development support and documentation and source code by Zp Yuan, Andreas Finger, Olle Jonsson, Shota Iguchi, Nikita Bulai and Joshua O'Brien ### [`v2.0.1`](https://redirect.github.com/sinatra/sinatra/blob/HEAD/CHANGELOG.md#201--2018-02-17) [Compare Source](https://redirect.github.com/sinatra/sinatra/compare/v2.0.0...v2.0.1) - Repair nested namespaces, by avoiding prefix duplication [#1322](https://redirect.github.com/sinatra/sinatra/issues/1322). Fixes [#1310](https://redirect.github.com/sinatra/sinatra/issues/1310) by Kunpei Sakai - Add pattern matches to values for Mustermann::Concat [#1333](https://redirect.github.com/sinatra/sinatra/issues/1333). Fixes [#1332](https://redirect.github.com/sinatra/sinatra/issues/1332) by Dawa Ometto - Ship the VERSION file with the gem, to allow local unpacking [#1338](https://redirect.github.com/sinatra/sinatra/issues/1338) by Olle Jonsson - Fix issue with custom error handler on bad request [#1351](https://redirect.github.com/sinatra/sinatra/issues/1351). Fixes [#1350](https://redirect.github.com/sinatra/sinatra/issues/1350) by Jordan Owens - Override Rack::ShowExceptions#pretty to set custom template [#1377](https://redirect.github.com/sinatra/sinatra/issues/1377). Fixes [#1376](https://redirect.github.com/sinatra/sinatra/issues/1376) by Jordan Owens - Enhanced path validation in Windows [#1379](https://redirect.github.com/sinatra/sinatra/issues/1379) by Orange Tsai from DEVCORE - The patch fixes [CVE-2018-7212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7212) - Improve development support and documentation by Faheel Ahmad, Shota Iguchi, Olle Jonsson, Manabu Niseki, John Hope, Horacio, Ice-Storm, GraniteRock, Raman Skaskevich, Carlos Azuaje, 284km, Dan Rice and Zachary Scott

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

googleapis / google-cloud-ruby