redis_on_rails
redis_on_rails copied to clipboard
Published
20 hours ago •
obie
obie
Bump rack from 1.4.1 to 1.4.7
trafficstars
Bumps rack from 1.4.1 to 1.4.7.
Changelog
Sourced from rack's changelog.
Changelog
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.
Unreleased
Note: There are many unreleased changes in Rack (
masteris around 300 commits ahead of2-0-stable), and below is not an exhaustive list. If you would like to help out and document some of the unreleased changes, PRs are welcome.Added
Changed
- Use
Time#httpdateformat for Expires, as proposed by RFC 7231. (@nanaya)- Make
Utils.status_coderaise an error when the status symbol is invalid instead of500.- Rename
Request::SCHEME_WHITELISTtoRequest::ALLOWED_SCHEMES.- Make
Multipart::Parser.get_filenameaccept files with+in their name.- Add Falcon to the default handler fallbacks. (@ioquatix)
- Update codebase to avoid string mutations in preparation for
frozen_string_literals. (@pat)- Change
MockRequest#env_forto rely on the input optionally responding to#sizeinstead of#length. (@janko)- Rename
Rack::File->Rack::Filesand add deprecation notice. (@postmodern).Removed
Documentation
- Update broken example in
Session::Abstract::IDdocumentation. (tonytonyjan)- Add Padrino to the list of frameworks implmenting Rack. (@wikimatze)
- Remove Mongrel from the suggested server options in the help output. (@tricknotes)
- Replace
HISTORY.mdandNEWS.mdwithCHANGELOG.md. (@twitnithegirl)- Backfill
CHANGELOG.mdfrom 2.0.1 to 2.0.7 releases. (@drenmi)[2.0.8] - 2019-12-08
- [CVE-2019-16782] Prevent timing attacks targeted at session ID lookup. (@tenderlove, @rafaelfranca)
[1.6.12] - 2019-12-08
- [CVE-2019-16782] Prevent timing attacks targeted at session ID lookup. (@tenderlove, @rafaelfranca)
[2.0.7] - 2019-04-02
Fixed
- Remove calls to
#eof?on Rack input inMultipart::Parser, as this breaks the specification. (@matthewd)- Preserve forwarded IP addresses for trusted proxy chains. (@SamSaffron)
[2.0.6] - 2018-11-05
Fixed
... (truncated)
Commits
f5c0968bumping versionbf5bd20Merge pull request #814 from johnnaegle/only_increment_open_file_count_for_fi...e4f4df5Explicitly fail when hitting the multipart limit1ae52c1bumping the release88b067eraise an exception if the parameters are too deep688516aPrevent signals from being sent to pid 09939d40Bump version number56374f2Update README for todays releases5c9b0dePrevent symlink path traversals6c39dfcUse secure_compare for hmac comparison- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot ignore this [patch|minor|major] versionwill close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}