schema-stitching
schema-stitching copied to clipboard
Published
20 hours ago •
ardatan
ardatan
chore(deps): update dependency rack to v3
trafficstars
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| rack (changelog) | '~> 2.0' -> '~> 3.0' |
Release Notes
rack/rack (rack)
v3.1.7
Fixed
- Do not remove escaped opening/closing quotes for content-disposition filenames. (#​2229, [@​jeremyevans])
- Fix encoding setting for non-binary IO-like objects in MockRequest#env_for. (#​2227, [@​jeremyevans])
Rack::Responseshould not generate invalidcontent-lengthheader. (#​2219, [@​ioquatix])- Allow empty PATH_INFO. (#​2214, [@​ioquatix])
v3.1.6
- Fix several edge cases in
Rack::Request#parse_http_accept_header's implementation. (#​2226, [@​ioquatix])
v3.1.5
Security
- Fix potential ReDoS attack in
Rack::Request#parse_http_accept_header. (GHSA-cj83-2ww7-mvq7, @​dwisiswant0)
v3.1.4
Fixed
- Fix
Rack::Lintmatching some paths incorrectly as authority form. (#​2220, [@​ioquatix])
v3.1.3
Fixed
- Fix passing non-strings to
Rack::Utils.escape_html. (#​2202, [@​earlopain]) Rack::MockResponsegracefully handles empty cookies (#​2203 [@​wynksaiddestroy])
v3.1.2
Rack::Responsewill take in to consideration chunked encoding responses (#​2204, [@​tenderlove])
v3.1.1
- Oops! I shouldn't have shipped that
v3.1.0
:warning: This release includes several breaking changes. Refer to the Removed section below for the list of deprecated methods that have been removed in this release.
Rack v3.1 is primarily a maintenance release that removes features deprecated in Rack v3.0. Alongside these removals, there are several improvements to the Rack SPEC, mainly focused on enhancing input and output handling. These changes aim to make Rack more efficient and align better with the requirements of server implementations and relevant HTTP specifications.
SPEC Changes
rack.inputis now optional. (#​1997, #​2018, [@​ioquatix])PATH_INFOis now validated according to the HTTP/1.1 specification. (#​2117, #​2181, [@​ioquatix])OPTIONS *is now accepted. (#​2114, @​doriantaylor)
- Introduce optional
rack.protocolrequest and response header for handling connection upgrades. (#​1954, [@​ioquatix])
Added
- Introduce
Rack::Multipart::MissingInputErrorfor improved handling of missing input in#parse_multipart. (#​2018, [@​ioquatix]) - Introduce
module Rack::BadRequestwhich is included in multipart and query parser errors. (#​2019, [@​ioquatix]) - Add
.mjsMIME type (#​2057, @​axilleas) set_cookie_headerutility now supports thepartitionedcookie attribute. This is required by Chrome in some embedded contexts. (#​2131, @​flavio-b)- Introduce
rack.early_hintsfor sending103 Early Hintsinformational responses. (#​1831, @​casperisfine, [@​jeremyevans])
Changed
- MIME type for JavaScript files (
.js) changed fromapplication/javascripttotext/javascript(1bd0f15, [@​ioquatix]) - Update MIME types associated to
.ttf,.woff,.woff2and.otfextensions to use mondernfont/*types. (#​2065, [@​davidstosik]) Rack::Utils.escape_htmlis now delegated toCGI.escapeHTML.'is escaped to#​39;instead of#x27;. (decimal vs hexadecimal) (#​2099, @​JunichiIto)- Clarify use of
@bufferedand only updatecontent-lengthwhenRack::Response#finishis invoked. (#​2149, [@​ioquatix])
Deprecated
- Deprecate automatic cache invalidation in
Request#{GET,POST}(#​2073, [@​jeremyevans]) - Only cookie keys that are not valid according to the HTTP specifications are escaped. We are planning to deprecate this behaviour, so now a deprecation message will be emitted in this case. In the future, invalid cookie keys may not be accepted. (#​2191, [@​ioquatix])
Rack::Loggeris deprecated. (#​2197, [@​ioquatix])- Add fallback lookup and deprecation warning for obsolete status symbols. (#​2137, @​wtn)
- Deprecate
Rack::Request#values_at, userequest.params.values_atinstead (#​2183, [@​ioquatix])
Removed
- Remove deprecated
Rack::Auth::Digestwith no replacement. (#​1966, [@​ioquatix]) - Remove deprecated
Rack::Cascade::NotFoundwith no replacement. (#​1966, [@​ioquatix]) - Remove deprecated
Rack::Chunkedwith no replacement. (#​1966, [@​ioquatix]) - Remove deprecated
Rack::File, useRack::Filesinstead. (#​1966, [@​ioquatix]) - Remove deprecated
Rack::QueryParserkey_space_limitparameter with no replacement. (#​1966, [@​ioquatix]) - Remove deprecated
Rack::Response#header, useRack::Response#headersinstead. (#​1966, [@​ioquatix]) - Remove deprecated cookie methods from
Rack::Utils:add_cookie_to_header,make_delete_cookie_header,add_remove_cookie_to_header. (#​1966, [@​ioquatix]) - Remove deprecated
Rack::Utils::HeaderHash. (#​1966, [@​ioquatix]) - Remove deprecated
Rack::VERSION,Rack::VERSION_STRING,Rack.version, useRack.releaseinstead. (#​1966, [@​ioquatix]) - Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#​2137, @​wtn)
- Remove any dependency on
transfer-encoding: chunked. (#​2195, [@​ioquatix]) - Remove deprecated
Rack::Request#[], userequest.params[key]instead (#​2183, [@​ioquatix])
Fixed
- In
Rack::Files, ignore theRangeheader if served file is 0 bytes. (#​2159, [@​zarqman])
v3.0.11
- Backport #​2062 to 3-0-stable: Do not allow
BodyProxyto respond toto_str, maketo_arycall close . (#​2062, @​jeremyevans)
v3.0.10
- Backport #​2104 to 3-0-stable: Return empty when parsing a multi-part POST with only one end delimiter. (#​2164, @​JoeDupuis)
v3.0.9.1
Security
- CVE-2024-26146 Fixed ReDoS in Accept header parsing
- CVE-2024-25126 Fixed ReDoS in Content Type header parsing
- CVE-2024-26141 Reject Range headers which are too large
v3.0.9
Security
- CVE-2024-26146 Fixed ReDoS in Accept header parsing
- CVE-2024-25126 Fixed ReDoS in Content Type header parsing
- CVE-2024-26141 Reject Range headers which are too large
v3.0.8
- Fix some unused variable verbose warnings. (#​2084, [@​jeremyevans], @​skipkayhil)
v3.0.7
- Make query parameters without
=havenilvalues. (#​2059, [@​jeremyevans])
v3.0.6.1
- [CVE-2023-27539] Avoid ReDoS in header parsing
v3.0.6
- [CVE-2023-27539] Avoid ReDoS in header parsing
v3.0.5
- Split form/query parsing into two steps. (#​2038, @​matthewd)
v3.0.4.2
- [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
v3.0.4.1
- [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
- [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
- [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)
v3.0.4
- [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
v3.0.3
Fixed
Rack::URLMapuses non-deprecated form ofRegexp.new. (#​1998, @​weizheheng)
v3.0.2
Fixed
Utils.build_nested_queryURL-encodes nested field names including the square brackets.- Allow
Rack::Responseto pass through streaming bodies. (#​1993, [@​ioquatix])
v3.0.1
Fixed
MethodOverridedoes not look for an override if a request does not include form/parseable data.Rack::Lint::Wrappercorrectly handlesrespond_to?withto_ary,each,callandto_path, forwarding to the body. (#​1981, [@​ioquatix])
v3.0.0
- No changes
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
![codesandbox[bot] avatar](https://avatars.githubusercontent.com/in/206332?v=4 "Published by a pub.dev verified publisher"){kind=small}
💻 Website Preview
The latest changes are available as preview in: https://1639c62b.schema-stitching.pages.dev
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}