inch-ci / inch_ci-web

Web frontend for Inch CI
http://inch-ci.org/
MIT License
139 stars 20 forks source link

Bump rack from 1.5.2 to 1.5.5 #252

Open dependabot[bot] opened 5 years ago

dependabot[bot] commented 5 years ago

Bumps rack from 1.5.2 to 1.5.5.

Changelog *Sourced from [rack's changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md).* > # Changelog > > All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/). > > ## Unreleased > > _Note: There are many unreleased changes in Rack (`master` is around 300 commits ahead of `2-0-stable`), and below is not an exhaustive list. If you would like to help out and document some of the unreleased changes, PRs are welcome._ > > ### Added > > ### Changed > > - Use `Time#httpdate` format for Expires, as proposed by RFC 7231. ([@​nanaya](https://github.com/nanaya)) > - Make `Utils.status_code` raise an error when the status symbol is invalid instead of `500`. > - Rename `Request::SCHEME_WHITELIST` to `Request::ALLOWED_SCHEMES`. > - Make `Multipart::Parser.get_filename` accept files with `+` in their name. > - Add Falcon to the default handler fallbacks. ([@​ioquatix](https://github.com/ioquatix)) > - Update codebase to avoid string mutations in preparation for `frozen_string_literals`. ([@​pat](https://github.com/pat)) > - Change `MockRequest#env_for` to rely on the input optionally responding to `#size` instead of `#length`. ([@​janko](https://github.com/janko)) > > ### Removed > > ### Documentation > > - Update broken example in `Session::Abstract::ID` documentation. ([tonytonyjan](https://github.com/tonytonyjan)) > - Add Padrino to the list of frameworks implmenting Rack. ([@​wikimatze](https://github.com/wikimatze)) > - Remove Mongrel from the suggested server options in the help output. ([@​tricknotes](https://github.com/tricknotes)) > - Replace `HISTORY.md` and `NEWS.md` with `CHANGELOG.md`. ([@​twitnithegirl](https://github.com/twitnithegirl)) > - Backfill `CHANGELOG.md` from 2.0.1 to 2.0.7 releases. ([@​drenmi](https://github.com/Drenmi)) > > ## [2.0.7] - 2019-04-02 > > ### Fixed > > - Remove calls to `#eof?` on Rack input in `Multipart::Parser`, as this breaks the specification. ([@​matthewd](https://github.com/matthewd)) > - Preserve forwarded IP addresses for trusted proxy chains. ([@​SamSaffron](https://github.com/SamSaffron)) > > ## [2.0.6] - 2018-11-05 > > ### Fixed > > - [[CVE-2018-16470](https://nvd.nist.gov/vuln/detail/CVE-2018-16470)] Reduce buffer size of `Multipart::Parser` to avoid pathological parsing. ([@​tenderlove](https://github.com/tenderlove)) > - Fix a call to a non-existing method `#accepts_html` in the `ShowExceptions` middleware. ([@​tomelm](https://github.com/tomelm)) > - [[CVE-2018-16471](https://nvd.nist.gov/vuln/detail/CVE-2018-16471)] Whitelist HTTP and HTTPS schemes in `Request#scheme` to prevent a possible XSS attack. ([@​PatrickTulskie](https://github.com/PatrickTulskie)) > > ## [2.0.5] - 2018-04-23 > > ### Fixed > > - Record errors originating from invalid UTF8 in `MethodOverride` middleware instead of breaking. ([@​mclark](https://github.com/mclark)) > ... (truncated)
Commits - [`e7e0646`](https://github.com/rack/rack/commit/e7e064611e1004ec62b593ec993a06d967d6c72e) bump version - [`55db152`](https://github.com/rack/rack/commit/55db152b59af51343aa301a0bc53dcc9fc035911) Merge pull request [#814](https://github-redirect.dependabot.com/rack/rack/issues/814) from johnnaegle/only_increment_open_file_count_for_fi... - [`90e627a`](https://github.com/rack/rack/commit/90e627ab60d4df281206621a34271a9867a84fc7) Explicitly fail when hitting the multipart limit - [`0d8bc9e`](https://github.com/rack/rack/commit/0d8bc9eeba857861baa6365422925375a49afb5c) bumping version - [`8e88a53`](https://github.com/rack/rack/commit/8e88a5300a7eebbad675d83b591e66865df91251) updating history - [`fa15479`](https://github.com/rack/rack/commit/fa15479e232663b2b5b048155b8e74228ab75d7e) raise an exception if the parameters are too deep - [`14e139c`](https://github.com/rack/rack/commit/14e139c4a87c2e1a94dd3e305d6f485a19719855) use shasum - [`7255985`](https://github.com/rack/rack/commit/7255985e1358743bf0ab489d15bfbbd57e53ea36) bumping to 1.5.3 - [`99f725b`](https://github.com/rack/rack/commit/99f725b583b357376ffbb7b3b042c5daa3106ad6) updating OkJson due to CVE-2014-9490 - [`bf6dc2f`](https://github.com/rack/rack/commit/bf6dc2f78fa7ea7bca3369bf9df2973a775a0770) Merge pull request [#756](https://github-redirect.dependabot.com/rack/rack/issues/756) from filipegiusti/fix-large-posts - Additional commits viewable in [compare view](https://github.com/rack/rack/compare/1.5.2...1.5.5)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/inch-ci/inch_ci-web/network/alerts).