Changelog
*Sourced from [rack's changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md).*
> ## [2.0.8] - 2019-12-08
>
> - [[CVE-2019-16782](https://nvd.nist.gov/vuln/detail/CVE-2019-16782)] Prevent timing attacks targeted at session ID lookup. ([@tenderlove](https://github.com/tenderlove), [@rafaelfranca](https://github.com/rafaelfranca))
>
> ## [1.6.12] - 2019-12-08
>
> - [[CVE-2019-16782](https://nvd.nist.gov/vuln/detail/CVE-2019-16782)] Prevent timing attacks targeted at session ID lookup. ([@tenderlove](https://github.com/tenderlove), [@rafaelfranca](https://github.com/rafaelfranca))
Commits
- [`e7ee459`](https://github.com/rack/rack/commit/e7ee459546d217f32afc83e0b168c5eb9f95d784) Bumping version
- [`f1a79b2`](https://github.com/rack/rack/commit/f1a79b208c4ea877420beee62646e0b146402bd0) Introduce a new base class to avoid breaking when upgrading
- [`5b1cab6`](https://github.com/rack/rack/commit/5b1cab667270d7ad1a4d2088adf5ff4eb9845496) Add a version prefix to the private id to make easier to migrate old values
- [`1e96e0f`](https://github.com/rack/rack/commit/1e96e0f197777458216bb3dfdbcce57a0bbba0c5) Fallback to the public id when reading the session in the pool adapter
- [`3ba123d`](https://github.com/rack/rack/commit/3ba123d278f1085ba78fc000df954e507af2d622) Also drop the session with the public id when destroying sessions
- [`6a04bbf`](https://github.com/rack/rack/commit/6a04bbf6b742c305d3a56f9bd6242e6c943cc2ad) Fallback to the legacy id when the new id is not found
- [`dc45a06`](https://github.com/rack/rack/commit/dc45a06b339c707c1f658c123ec7216151878f7a) Add the private id
- [`73a5f79`](https://github.com/rack/rack/commit/73a5f79f6854eed81ecc3e5fb9f8154e967ccc49) revert conditionals to master
- [`4e32262`](https://github.com/rack/rack/commit/4e322629e0c6698c75a3fb541a42571f8543c34c) remove NullSession
- [`1c7e3b2`](https://github.com/rack/rack/commit/1c7e3b259f0741c869dcfbabeb3e0670c4d3f848) remove || raise and get closer to master
- Additional commits viewable in [compare view](https://github.com/rack/rack/compare/2.0.7...2.0.8)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/perches/ohapo/network/alerts).
Bumps rack from 2.0.7 to 2.0.8.
Changelog
*Sourced from [rack's changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md).* > ## [2.0.8] - 2019-12-08 > > - [[CVE-2019-16782](https://nvd.nist.gov/vuln/detail/CVE-2019-16782)] Prevent timing attacks targeted at session ID lookup. ([@tenderlove](https://github.com/tenderlove), [@rafaelfranca](https://github.com/rafaelfranca)) > > ## [1.6.12] - 2019-12-08 > > - [[CVE-2019-16782](https://nvd.nist.gov/vuln/detail/CVE-2019-16782)] Prevent timing attacks targeted at session ID lookup. ([@tenderlove](https://github.com/tenderlove), [@rafaelfranca](https://github.com/rafaelfranca))Commits
- [`e7ee459`](https://github.com/rack/rack/commit/e7ee459546d217f32afc83e0b168c5eb9f95d784) Bumping version - [`f1a79b2`](https://github.com/rack/rack/commit/f1a79b208c4ea877420beee62646e0b146402bd0) Introduce a new base class to avoid breaking when upgrading - [`5b1cab6`](https://github.com/rack/rack/commit/5b1cab667270d7ad1a4d2088adf5ff4eb9845496) Add a version prefix to the private id to make easier to migrate old values - [`1e96e0f`](https://github.com/rack/rack/commit/1e96e0f197777458216bb3dfdbcce57a0bbba0c5) Fallback to the public id when reading the session in the pool adapter - [`3ba123d`](https://github.com/rack/rack/commit/3ba123d278f1085ba78fc000df954e507af2d622) Also drop the session with the public id when destroying sessions - [`6a04bbf`](https://github.com/rack/rack/commit/6a04bbf6b742c305d3a56f9bd6242e6c943cc2ad) Fallback to the legacy id when the new id is not found - [`dc45a06`](https://github.com/rack/rack/commit/dc45a06b339c707c1f658c123ec7216151878f7a) Add the private id - [`73a5f79`](https://github.com/rack/rack/commit/73a5f79f6854eed81ecc3e5fb9f8154e967ccc49) revert conditionals to master - [`4e32262`](https://github.com/rack/rack/commit/4e322629e0c6698c75a3fb541a42571f8543c34c) remove NullSession - [`1c7e3b2`](https://github.com/rack/rack/commit/1c7e3b259f0741c869dcfbabeb3e0670c4d3f848) remove || raise and get closer to master - Additional commits viewable in [compare view](https://github.com/rack/rack/compare/2.0.7...2.0.8)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/perches/ohapo/network/alerts).