Changelog
*Sourced from [rack's changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md).*
> ## [1.1.6, 1.2.8, 1.3.10] 2013-02-07
> - Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
>
> ## [1.5.1] 2013-01-28
> - Rack::Lint check_hijack now conforms to other parts of SPEC
> - Added hash-like methods to Abstract::ID::SessionHash for compatibility
> - Various documentation corrections
>
> ## [1.5.0] 2013-01-21
> - Introduced hijack SPEC, for before-response and after-response hijacking
> - SessionHash is no longer a Hash subclass
> - Rack::File cache_control parameter is removed, in place of headers options
> - Rack::Auth::AbstractRequest#scheme now yields strings, not symbols
> - Rack::Utils cookie functions now format expires in RFC 2822 format
> - Rack::File now has a default mime type
> - rackup -b 'run Rack::Files.new(".")', option provides command line configs
> - Rack::Deflater will no longer double encode bodies
> - Rack::Mime#match? provides convenience for Accept header matching
> - Rack::Utils#q_values provides splitting for Accept headers
> - Rack::Utils#best_q_match provides a helper for Accept headers
> - Rack::Handler.pick provides convenience for finding available servers
> - Puma added to the list of default servers (preferred over Webrick)
> - Various middleware now correctly close body when replacing it
> - Rack::Request#params is no longer persistent with only GET params
> - Rack::Request#update_param and #delete_param provide persistent operations
> - Rack::Request#trusted_proxy? now returns true for local unix sockets
> - Rack::Response no longer forces Content-Types
> - Rack::Sendfile provides local mapping configuration options
> - Rack::Utils#rfc2109 provides old netscape style time output
> - Updated HTTP status codes
> - Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported
>
> ## [1.4.4, 1.3.9, 1.2.7, 1.1.5] 2013-01-13
> - [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
> - Fixed erroneous test case in the 1.3.x series
>
> ## [1.4.3] 2013-01-07
> - Security: Prevent unbounded reads in large multipart boundaries
>
> ## [1.3.8] 2013-01-07
> - Security: Prevent unbounded reads in large multipart boundaries
>
> ## [1.4.2] 2013-01-06
> - Add warnings when users do not provide a session secret
> - Fix parsing performance for unquoted filenames
> - Updated URI backports
> - Fix URI backport version matching, and silence constant warnings
> - Correct parameter parsing with empty values
> - Correct rackup '-I' flag, to allow multiple uses
> - Correct rackup pidfile handling
> ... (truncated)
Commits
- [`0232e22`](https://github.com/rack/rack/commit/0232e227b1cf3e67fbb82b2198311fa8ca618fbd) Bump version number
- [`64baf02`](https://github.com/rack/rack/commit/64baf02a9154ff9d86ab41f078f5aa371e892db7) Update README for todays releases
- [`a227999`](https://github.com/rack/rack/commit/a227999ab37cde072fa75495cd1d3bbcbcaf0474) Use secure_compare for hmac comparison
- [`93abac9`](https://github.com/rack/rack/commit/93abac98b13a0afa90293e4ec597cf505d46a343) Add secure_compare to Rack::Utils
- [`966df94`](https://github.com/rack/rack/commit/966df947b0e826610409c63cdbff7ee325875393) Bump version
- [`e25f400`](https://github.com/rack/rack/commit/e25f4009c8b45d7412d86658a19e95f43d255d07) Update README for release. Add security section.
- [`2ba4761`](https://github.com/rack/rack/commit/2ba4761ad22b33d33199064fb0fac14c05ae5105) Squash warnings in spec_auth
- [`582c927`](https://github.com/rack/rack/commit/582c927b6e80b42b205d012a06334ee18943edc5) Update spec_auth to work with test-spec
- [`c6dd4a6`](https://github.com/rack/rack/commit/c6dd4a6663806a69242b0d0ba1c16533a7145bae) Reimplement auth scheme fix
- [`87e39ba`](https://github.com/rack/rack/commit/87e39bae4fdd43bf3b98ea820c13fe8c451b1cc4) Bump to 1.1.4
- Additional commits viewable in [compare view](https://github.com/rack/rack/compare/1.1.2...1.1.6)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jkrall/analytical/network/alerts).
Bumps rack from 1.1.2 to 1.1.6.
Changelog
*Sourced from [rack's changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md).* > ## [1.1.6, 1.2.8, 1.3.10] 2013-02-07 > - Fix CVE-2013-0263, timing attack against Rack::Session::Cookie > > ## [1.5.1] 2013-01-28 > - Rack::Lint check_hijack now conforms to other parts of SPEC > - Added hash-like methods to Abstract::ID::SessionHash for compatibility > - Various documentation corrections > > ## [1.5.0] 2013-01-21 > - Introduced hijack SPEC, for before-response and after-response hijacking > - SessionHash is no longer a Hash subclass > - Rack::File cache_control parameter is removed, in place of headers options > - Rack::Auth::AbstractRequest#scheme now yields strings, not symbols > - Rack::Utils cookie functions now format expires in RFC 2822 format > - Rack::File now has a default mime type > - rackup -b 'run Rack::Files.new(".")', option provides command line configs > - Rack::Deflater will no longer double encode bodies > - Rack::Mime#match? provides convenience for Accept header matching > - Rack::Utils#q_values provides splitting for Accept headers > - Rack::Utils#best_q_match provides a helper for Accept headers > - Rack::Handler.pick provides convenience for finding available servers > - Puma added to the list of default servers (preferred over Webrick) > - Various middleware now correctly close body when replacing it > - Rack::Request#params is no longer persistent with only GET params > - Rack::Request#update_param and #delete_param provide persistent operations > - Rack::Request#trusted_proxy? now returns true for local unix sockets > - Rack::Response no longer forces Content-Types > - Rack::Sendfile provides local mapping configuration options > - Rack::Utils#rfc2109 provides old netscape style time output > - Updated HTTP status codes > - Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported > > ## [1.4.4, 1.3.9, 1.2.7, 1.1.5] 2013-01-13 > - [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings > - Fixed erroneous test case in the 1.3.x series > > ## [1.4.3] 2013-01-07 > - Security: Prevent unbounded reads in large multipart boundaries > > ## [1.3.8] 2013-01-07 > - Security: Prevent unbounded reads in large multipart boundaries > > ## [1.4.2] 2013-01-06 > - Add warnings when users do not provide a session secret > - Fix parsing performance for unquoted filenames > - Updated URI backports > - Fix URI backport version matching, and silence constant warnings > - Correct parameter parsing with empty values > - Correct rackup '-I' flag, to allow multiple uses > - Correct rackup pidfile handling > ... (truncated)Commits
- [`0232e22`](https://github.com/rack/rack/commit/0232e227b1cf3e67fbb82b2198311fa8ca618fbd) Bump version number - [`64baf02`](https://github.com/rack/rack/commit/64baf02a9154ff9d86ab41f078f5aa371e892db7) Update README for todays releases - [`a227999`](https://github.com/rack/rack/commit/a227999ab37cde072fa75495cd1d3bbcbcaf0474) Use secure_compare for hmac comparison - [`93abac9`](https://github.com/rack/rack/commit/93abac98b13a0afa90293e4ec597cf505d46a343) Add secure_compare to Rack::Utils - [`966df94`](https://github.com/rack/rack/commit/966df947b0e826610409c63cdbff7ee325875393) Bump version - [`e25f400`](https://github.com/rack/rack/commit/e25f4009c8b45d7412d86658a19e95f43d255d07) Update README for release. Add security section. - [`2ba4761`](https://github.com/rack/rack/commit/2ba4761ad22b33d33199064fb0fac14c05ae5105) Squash warnings in spec_auth - [`582c927`](https://github.com/rack/rack/commit/582c927b6e80b42b205d012a06334ee18943edc5) Update spec_auth to work with test-spec - [`c6dd4a6`](https://github.com/rack/rack/commit/c6dd4a6663806a69242b0d0ba1c16533a7145bae) Reimplement auth scheme fix - [`87e39ba`](https://github.com/rack/rack/commit/87e39bae4fdd43bf3b98ea820c13fe8c451b1cc4) Bump to 1.1.4 - Additional commits viewable in [compare view](https://github.com/rack/rack/compare/1.1.2...1.1.6)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jkrall/analytical/network/alerts).