Closed agfor closed 9 months ago
@bethesque Sorry for the ping, but this is blocking a security upgrade for us, so I wanted to check if you'll be able to take a look at this soon? Thank you!
@YOU54F there's nothing in the pact-ruby-standalone that needs ruby 2.7 support any more is there?
@YOU54F there's nothing in the pact-ruby-standalone that needs ruby 2.7 support any more is there?
Negative, we were in-fact blocked by the pact mock service, pinning to rack 2.x in upgrading to the latest version of Rack, it was only pact mock service that relied on it in the pact-ruby-standalone bundle
some related PR's in pact-ruby related to the rack 3 dep
Thank you @agfor, appreciate this alot!
Will get the Rack dep updated in Pact ruby standalone šš¾
This commit adds compatibility with Rack 3 and rack-test 2 while maintaining backwards compatibility.
Rack no longer depends on WEBrick since it's not a default gem in recent versions of Ruby, so add the Rackup gem to restore that functionality.
Use
read
instead ofstring
to get the request body in a compatible way.spec/integration/cli_spec.rb
expected the pact files to get written before the server is shut down, whereas all the other similar specs, e.g.spec/integration/control_server_cli_spec.rb
, shut the server down before expecting the files to be present. I'm not sure why exactly this works with Rack 2 but not Rack 3, or why it was just this one file that was different, but given all the other files follow the shut-down-the-server pattern, I changed this file to do the same. All of the assertions are still tested, the setup is the only thing that was changed.Fixes https://github.com/pact-foundation/pact-mock_service/issues/145
There is at least one known security vulnerability in Rack 2 https://github.com/rack/rack/issues/1732 so releasing a new version with this change ASAP would be excellent.