spacedecentral-network
spacedecentral-network copied to clipboard
Bump rack from 2.0.5 to 2.2.7
Bumps rack from 2.0.5 to 2.2.7.
Release notes
Sourced from rack's releases.
v2.2.7
What's Changed
- Correct the year number in the changelog by
@kimulab
in rack/rack#2015- Support underscore in host names for Rack 2.2 (Fixes #2070) by
@jeremyevans
in rack/rack#2071New Contributors
@kimulab
made their first contribution in rack/rack#2015Full Changelog: https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7
v2.2.6.4
No release notes provided.
Changelog
Sourced from rack's changelog.
Changelog
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.
Unreleased
SPEC Changes
rack.input
is now optional. (#1997, [@ioquatix
])Changed
rack.input
is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@ioquatix
])- Introduce
module Rack::BadRequest
which is included in multipart and query parser errors. (#2019, [@ioquatix
])- MIME type for JavaScript files (
.js
) changed fromapplication/javascript
totext/javascript
(1bd0f15
)- Add
.mjs
MIME type (#2057, [@axilleas
])- Update MIME types associated to
.ttf
,.woff
,.woff2
and.otf
extensions to use mondernfont/*
types. (#2065, [@davidstosik
])[3.0.8] - 2023-06-14
- Fix some unused variable verbose warnings. (#2084, [
@jeremyevans
],@skipkayhil
)[3.0.7] - 2023-03-16
- Make query parameters without
=
havenil
values. (#2059, [@jeremyevans
])[3.0.6.1] - 2023-03-13
- [CVE-2023-27539] Avoid ReDoS in header parsing
[3.0.6] - 2023-03-13
- Add
QueryParser#missing_value
for handling missing values + tests. (#2052, [@ioquatix
])[3.0.5] - 2023-03-13
- Split form/query parsing into two steps. (#2038,
@matthewd
)[3.0.4.2] - 2023-03-02
- [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
[3.0.4.1] - 2023-01-17
- [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
- [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
- [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)
[3.0.4] - 2023-01-17
... (truncated)
Commits
983b6e3
Bump patch version.e5a30bf
Support underscore in host names for Rack 2.2 (Fixes #2070) (#2071)70185aa
Merge branch '2-2-sec' into 2-2-stable27addc7
bump versionee7919e
Avoid ReDoS problem6f79642
Merge branch '2-2-sec' into 2-2-stabled6b5b2b
bump version9aac375
Limit all multipart parts, not just filescd4c9f0
Correct the year in the changelog (#2015)2606ac5
bumping version- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.