yegor256 / 0rsk

Online Risk Manager
https://www.0rsk.com
MIT License
20 stars 2 forks source link

Update dependency rack to v3 #105

Open renovate[bot] opened 8 months ago

renovate[bot] commented 8 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
rack (changelog) '2.2.8.1' -> '3.1.8' age adoption passing confidence

Release Notes

rack/rack (rack) ### [`v3.1.8`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#318---2024-10-14) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.1.7...v3.1.8) ##### Fixed - Resolve deprecation warnings about uri `DEFAULT_PARSER`. ([#​2249](https://redirect.github.com/rack/rack/pull/2249), \[[@​earlopain](https://redirect.github.com/earlopain)]) ### [`v3.1.7`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#317---2024-07-11) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.1.6...v3.1.7) ##### Fixed - Do not remove escaped opening/closing quotes for content-disposition filenames. ([#​2229](https://redirect.github.com/rack/rack/pull/2229), \[[@​jeremyevans](https://redirect.github.com/jeremyevans)]) - Fix encoding setting for non-binary IO-like objects in MockRequest#env_for. ([#​2227](https://redirect.github.com/rack/rack/pull/2227), \[[@​jeremyevans](https://redirect.github.com/jeremyevans)]) - `Rack::Response` should not generate invalid `content-length` header. ([#​2219](https://redirect.github.com/rack/rack/pull/2219), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Allow empty PATH_INFO. ([#​2214](https://redirect.github.com/rack/rack/pull/2214), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) ### [`v3.1.6`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#316---2024-07-03) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.1.5...v3.1.6) - Fix several edge cases in `Rack::Request#parse_http_accept_header`'s implementation. ([#​2226](https://redirect.github.com/rack/rack/pull/2226), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) ### [`v3.1.5`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#315---2024-07-02) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.1.4...v3.1.5) ##### Security - Fix potential ReDoS attack in `Rack::Request#parse_http_accept_header`. ([GHSA-cj83-2ww7-mvq7](https://redirect.github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7), [@​dwisiswant0](https://redirect.github.com/dwisiswant0)) ### [`v3.1.4`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#314---2024-06-22) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.1.3...v3.1.4) ##### Fixed - Fix `Rack::Lint` matching some paths incorrectly as authority form. ([#​2220](https://redirect.github.com/rack/rack/pull/2220), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) ### [`v3.1.3`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#313---2024-06-12) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.1.2...v3.1.3) ##### Fixed - Fix passing non-strings to `Rack::Utils.escape_html`. ([#​2202](https://redirect.github.com/rack/rack/pull/2202), \[[@​earlopain](https://redirect.github.com/earlopain)]) - `Rack::MockResponse` gracefully handles empty cookies ([#​2203](https://redirect.github.com/rack/rack/pull/2203) \[[@​wynksaiddestroy](https://redirect.github.com/wynksaiddestroy)]) ### [`v3.1.2`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#312---2024-06-11) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.1.1...v3.1.2) - `Rack::Response` will take in to consideration chunked encoding responses ([#​2204](https://redirect.github.com/rack/rack/pull/2204), \[[@​tenderlove](https://redirect.github.com/tenderlove)]) ### [`v3.1.1`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#311---2024-06-11) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.1.0...v3.1.1) - Oops! I shouldn't have shipped that ### [`v3.1.0`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#310---2024-06-11) :warning: **This release includes several breaking changes.** Refer to the **Removed** section below for the list of deprecated methods that have been removed in this release. Rack v3.1 is primarily a maintenance release that removes features deprecated in Rack v3.0. Alongside these removals, there are several improvements to the Rack SPEC, mainly focused on enhancing input and output handling. These changes aim to make Rack more efficient and align better with the requirements of server implementations and relevant HTTP specifications. ##### SPEC Changes - `rack.input` is now optional. ([#​1997](https://redirect.github.com/rack/rack/pull/1997), [#​2018](https://redirect.github.com/rack/rack/pull/2018), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - `PATH_INFO` is now validated according to the HTTP/1.1 specification. ([#​2117](https://redirect.github.com/rack/rack/pull/2117), [#​2181](https://redirect.github.com/rack/rack/pull/2181), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - `OPTIONS *` is now accepted. ([#​2114](https://redirect.github.com/rack/rack/pull/2114), [@​doriantaylor](https://redirect.github.com/doriantaylor)) - Introduce optional `rack.protocol` request and response header for handling connection upgrades. ([#​1954](https://redirect.github.com/rack/rack/pull/1954), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) ##### Added - Introduce `Rack::Multipart::MissingInputError` for improved handling of missing input in `#parse_multipart`. ([#​2018](https://redirect.github.com/rack/rack/pull/2018), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Introduce `module Rack::BadRequest` which is included in multipart and query parser errors. ([#​2019](https://redirect.github.com/rack/rack/pull/2019), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Add `.mjs` MIME type ([#​2057](https://redirect.github.com/rack/rack/pull/2057), [@​axilleas](https://redirect.github.com/axilleas)) - `set_cookie_header` utility now supports the `partitioned` cookie attribute. This is required by Chrome in some embedded contexts. ([#​2131](https://redirect.github.com/rack/rack/pull/2131), [@​flavio-b](https://redirect.github.com/flavio-b)) - Introduce `rack.early_hints` for sending `103 Early Hints` informational responses. ([#​1831](https://redirect.github.com/rack/rack/pull/1831), [@​casperisfine](https://redirect.github.com/casperisfine), \[[@​jeremyevans](https://redirect.github.com/jeremyevans)]) ##### Changed - MIME type for JavaScript files (`.js`) changed from `application/javascript` to `text/javascript` ([`1bd0f15`](https://redirect.github.com/rack/rack/commit/1bd0f1597d8f4a90d47115f3e156a8ce7870c9c8), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Update MIME types associated to `.ttf`, `.woff`, `.woff2` and `.otf` extensions to use mondern `font/*` types. ([#​2065](https://redirect.github.com/rack/rack/pull/2065), \[[@​davidstosik](https://redirect.github.com/davidstosik)]) - `Rack::Utils.escape_html` is now delegated to `CGI.escapeHTML`. `'` is escaped to `#​39;` instead of `#x27;`. (decimal vs hexadecimal) ([#​2099](https://redirect.github.com/rack/rack/pull/2099), [@​JunichiIto](https://redirect.github.com/JunichiIto)) - Clarify use of `@buffered` and only update `content-length` when `Rack::Response#finish` is invoked. ([#​2149](https://redirect.github.com/rack/rack/pull/2149), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) ##### Deprecated - Deprecate automatic cache invalidation in `Request#{GET,POST}` ([#​2073](https://redirect.github.com/rack/rack/pull/2073), \[[@​jeremyevans](https://redirect.github.com/jeremyevans)]) - Only cookie keys that are not valid according to the HTTP specifications are escaped. We are planning to deprecate this behaviour, so now a deprecation message will be emitted in this case. In the future, invalid cookie keys may not be accepted. ([#​2191](https://redirect.github.com/rack/rack/pull/2191), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - `Rack::Logger` is deprecated. ([#​2197](https://redirect.github.com/rack/rack/pull/2197), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Add fallback lookup and deprecation warning for obsolete status symbols. ([#​2137](https://redirect.github.com/rack/rack/pull/2137), [@​wtn](https://redirect.github.com/wtn)) - Deprecate `Rack::Request#values_at`, use `request.params.values_at` instead ([#​2183](https://redirect.github.com/rack/rack/pull/2183), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) ##### Removed - Remove deprecated `Rack::Auth::Digest` with no replacement. ([#​1966](https://redirect.github.com/rack/rack/pull/1966), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Remove deprecated `Rack::Cascade::NotFound` with no replacement. ([#​1966](https://redirect.github.com/rack/rack/pull/1966), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Remove deprecated `Rack::Chunked` with no replacement. ([#​1966](https://redirect.github.com/rack/rack/pull/1966), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Remove deprecated `Rack::File`, use `Rack::Files` instead. ([#​1966](https://redirect.github.com/rack/rack/pull/1966), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Remove deprecated `Rack::QueryParser` `key_space_limit` parameter with no replacement. ([#​1966](https://redirect.github.com/rack/rack/pull/1966), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Remove deprecated `Rack::Response#header`, use `Rack::Response#headers` instead. ([#​1966](https://redirect.github.com/rack/rack/pull/1966), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Remove deprecated cookie methods from `Rack::Utils`: `add_cookie_to_header`, `make_delete_cookie_header`, `add_remove_cookie_to_header`. ([#​1966](https://redirect.github.com/rack/rack/pull/1966), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Remove deprecated `Rack::Utils::HeaderHash`. ([#​1966](https://redirect.github.com/rack/rack/pull/1966), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Remove deprecated `Rack::VERSION`, `Rack::VERSION_STRING`, `Rack.version`, use `Rack.release` instead. ([#​1966](https://redirect.github.com/rack/rack/pull/1966), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. ([#​2137](https://redirect.github.com/rack/rack/pull/2137), [@​wtn](https://redirect.github.com/wtn)) - Remove any dependency on `transfer-encoding: chunked`. ([#​2195](https://redirect.github.com/rack/rack/pull/2195), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) - Remove deprecated `Rack::Request#[]`, use `request.params[key]` instead ([#​2183](https://redirect.github.com/rack/rack/pull/2183), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) ##### Fixed - In `Rack::Files`, ignore the `Range` header if served file is 0 bytes. ([#​2159](https://redirect.github.com/rack/rack/pull/2159), \[[@​zarqman](https://redirect.github.com/zarqman)]) ### [`v3.0.11`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#3011---2024-05-10) - Backport [#​2062](https://redirect.github.com/rack/rack/issues/2062) to 3-0-stable: Do not allow `BodyProxy` to respond to `to_str`, make `to_ary` call close . ([#​2062](https://redirect.github.com/rack/rack/pull/2062), [@​jeremyevans](https://redirect.github.com/jeremyevans)) ### [`v3.0.10`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#3010---2024-03-21) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.0.9.1...v3.0.10) - Backport [#​2104](https://redirect.github.com/rack/rack/issues/2104) to 3-0-stable: Return empty when parsing a multi-part POST with only one end delimiter. ([#​2164](https://redirect.github.com/rack/rack/pull/2164), [@​JoeDupuis](https://redirect.github.com/JoeDupuis)) ### [`v3.0.9.1`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#3091---2024-02-21) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.0.9...v3.0.9.1) ##### Security - [CVE-2024-26146] Fixed ReDoS in Accept header parsing - [CVE-2024-25126] Fixed ReDoS in Content Type header parsing - [CVE-2024-26141] Reject Range headers which are too large [CVE-2024-26146]: https://redirect.github.com/advisories/GHSA-54rr-7fvw-6x8f [CVE-2024-25126]: https://redirect.github.com/advisories/GHSA-22f2-v57c-j9cx [CVE-2024-26141]: https://redirect.github.com/advisories/GHSA-xj5v-6v4g-jfw6 ### [`v3.0.9`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#3091---2024-02-21) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.0.8...v3.0.9) ##### Security - [CVE-2024-26146] Fixed ReDoS in Accept header parsing - [CVE-2024-25126] Fixed ReDoS in Content Type header parsing - [CVE-2024-26141] Reject Range headers which are too large [CVE-2024-26146]: https://redirect.github.com/advisories/GHSA-54rr-7fvw-6x8f [CVE-2024-25126]: https://redirect.github.com/advisories/GHSA-22f2-v57c-j9cx [CVE-2024-26141]: https://redirect.github.com/advisories/GHSA-xj5v-6v4g-jfw6 ### [`v3.0.8`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#308---2023-06-14) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.0.7...v3.0.8) - Fix some unused variable verbose warnings. ([#​2084](https://redirect.github.com/rack/rack/pull/2084), \[[@​jeremyevans](https://redirect.github.com/jeremyevans)], [@​skipkayhil](https://redirect.github.com/skipkayhil)) ### [`v3.0.7`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#307---2023-03-16) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.0.6.1...v3.0.7) - Make query parameters without `=` have `nil` values. ([#​2059](https://redirect.github.com/rack/rack/pull/2059), \[[@​jeremyevans](https://redirect.github.com/jeremyevans)]) ### [`v3.0.6.1`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#3061---2023-03-13) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.0.6...v3.0.6.1) - \[CVE-2023-27539] Avoid ReDoS in header parsing ### [`v3.0.6`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#3061---2023-03-13) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.0.5...v3.0.6) - \[CVE-2023-27539] Avoid ReDoS in header parsing ### [`v3.0.5`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#305---2023-03-13) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.0.4.2...v3.0.5) - Split form/query parsing into two steps. ([#​2038](https://redirect.github.com/rack/rack/pull/2038), [@​matthewd](https://redirect.github.com/matthewd)) ### [`v3.0.4.2`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#3042---2023-03-02) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.0.4.1...v3.0.4.2) - \[CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts ### [`v3.0.4.1`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#3041---2023-01-17) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.0.4...v3.0.4.1) - \[CVE-2022-44571] Fix ReDoS vulnerability in multipart parser - \[CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges - \[CVE-2022-44572] Forbid control characters in attributes (also ReDoS) ### [`v3.0.4`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#3042---2023-03-02) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.0.3...v3.0.4) - \[CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts ### [`v3.0.3`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#303---2022-12-27) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.0.2...v3.0.3) ##### Fixed - `Rack::URLMap` uses non-deprecated form of `Regexp.new`. ([#​1998](https://redirect.github.com/rack/rack/pull/1998), [@​weizheheng](https://redirect.github.com/weizheheng)) ### [`v3.0.2`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#302--2022-12-05) [Compare Source](https://redirect.github.com/rack/rack/compare/v3.0.1...v3.0.2) ##### Fixed - `Utils.build_nested_query` URL-encodes nested field names including the square brackets. - Allow `Rack::Response` to pass through streaming bodies. ([#​1993](https://redirect.github.com/rack/rack/pull/1993), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) ### [`v3.0.1`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#301---2022-11-18) [Compare Source](https://redirect.github.com/rack/rack/compare/3.0.0...v3.0.1) ##### Fixed - `MethodOverride` does not look for an override if a request does not include form/parseable data. - `Rack::Lint::Wrapper` correctly handles `respond_to?` with `to_ary`, `each`, `call` and `to_path`, forwarding to the body. ([#​1981](https://redirect.github.com/rack/rack/pull/1981), \[[@​ioquatix](https://redirect.github.com/ioquatix)]) ### [`v3.0.0`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#300---2022-09-06) [Compare Source](https://redirect.github.com/rack/rack/compare/v2.2.10...3.0.0) - No changes ### [`v2.2.10`](https://redirect.github.com/rack/rack/blob/HEAD/CHANGELOG.md#2210---2024-10-14) [Compare Source](https://redirect.github.com/rack/rack/compare/v2.2.9...v2.2.10) - Fix compatibility issues with Ruby v3.4.0. ([#​2248](https://redirect.github.com/rack/rack/pull/2248), [@​byroot](https://redirect.github.com/byroot)) ### [`v2.2.9`](https://redirect.github.com/rack/rack/compare/v2.2.8.1...v2.2.9) [Compare Source](https://redirect.github.com/rack/rack/compare/v2.2.8.1...v2.2.9)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] commented 8 months ago

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

The artifact failure details are included below:

File name: Gemfile.lock
Fetching gem metadata from https://rubygems.org/.........
Resolving dependencies...

Could not find compatible versions

Because thin >= 1.7.0 depends on rack >= 1, < 3
  and Gemfile depends on rack = 3.0.10,
  thin >= 1.7.0 cannot be used.
So, because Gemfile depends on thin = 1.8.2,
  version solving has failed.
renovate[bot] commented 5 months ago

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

The artifact failure details are included below:

File name: Gemfile.lock
Fetching gem metadata from https://rubygems.org/.........
Resolving dependencies...

Could not find compatible versions

Because thin >= 1.7.0 depends on rack >= 1, < 3
  and Gemfile depends on rack = 3.1.8,
  thin >= 1.7.0 cannot be used.
So, because Gemfile depends on thin = 1.8.2,
  version solving has failed.