Commit 6582ce5
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
Bump rack from 2.2.3.1 to 2.2.6.2 (#478)
Bumps [rack](https://github.com/rack/rack) from 2.2.3.1 to 2.2.6.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rack/rack/blob/main/CHANGELOG.md">rack's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
For info on how to format all future additions to this file please
reference <a href="https://keepachangelog.com/en/1.0.0/">Keep A
Changelog</a>.</p>
<h2>[3.0.3] - 2022-12-07</h2>
<h3>Fixed</h3>
<ul>
<li><code>Rack::URLMap</code> uses non-deprecated form of
<code>Regexp.new</code>. (<a
href="https://github-redirect.dependabot.com/rack/rack/pull/1998">#1998</a>,
<a
href="https://github.com/weizheheng"><code>@weizheheng</code></a>)</li>
</ul>
<h2>[3.0.2] -2022-12-05</h2>
<h3>Fixed</h3>
<ul>
<li><code>Utils.build_nested_query</code> URL-encodes nested field names
including the square brackets.</li>
<li>Allow <code>Rack::Response</code> to pass through streaming bodies.
(<a
href="https://github-redirect.dependabot.com/rack/rack/pull/1993">#1993</a>,
[<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
</ul>
<h2>[3.0.1] - 2022-11-18</h2>
<h3>Fixed</h3>
<ul>
<li><code>MethodOverride</code> does not look for an override if a
request does not include form/parseable data.</li>
<li><code>Rack::Lint::Wrapper</code> correctly handles
<code>respond_to?</code> with <code>to_ary</code>, <code>each</code>,
<code>call</code> and <code>to_path</code>, forwarding to the body. (<a
href="https://github-redirect.dependabot.com/rack/rack/pull/1981">#1981</a>,
[<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
</ul>
<h2>[3.0.0] - 2022-09-06</h2>
<ul>
<li>No changes</li>
</ul>
<h2>[3.0.0.rc1] - 2022-09-04</h2>
<h3>SPEC Changes</h3>
<ul>
<li>Stream argument must implement <code><<</code> <a
href="https://github-redirect.dependabot.com/rack/rack/pull/1959">rack/rack#1959</a></li>
<li><code>close</code> may be called on <code>rack.input</code> <a
href="https://github-redirect.dependabot.com/rack/rack/pull/1956">rack/rack#1956</a></li>
<li><code>rack.response_finished</code> may be used for executing code
after the response has been finished <a
href="https://github-redirect.dependabot.com/rack/rack/pull/1952">rack/rack#1952</a></li>
</ul>
<h2>[3.0.0.beta1] - 2022-08-08</h2>
<h3>Security</h3>
<ul>
<li>Do not use semicolon as GET parameter separator. (<a
href="https://github-redirect.dependabot.com/rack/rack/pull/1733">#1733</a>,
[<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>])</li>
</ul>
<h3>SPEC Changes</h3>
<ul>
<li>Response array must now be non-frozen.</li>
<li>Response <code>status</code> must now be an integer greater than or
equal to 100.</li>
<li>Response <code>headers</code> must now be an unfrozen hash.</li>
<li>Response header keys can no longer include uppercase
characters.</li>
<li>Response header values can be an <code>Array</code> to handle
multiple values (and no longer supports <code>\n</code> encoded
headers).</li>
<li>Response body can now respond to <code>#call</code> (streaming body)
instead of <code>#each</code> (enumerable body), for the equivalent of
response hijacking in previous versions.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/rack/rack/commit/2606ac5d5d180c00a8cbcaa4d634276bab06500e"><code>2606ac5</code></a>
bumping version</li>
<li><a
href="https://github.com/rack/rack/commit/f6d4f528f2df1318a6612845db0b59adc7fe8fc1"><code>f6d4f52</code></a>
Fix ReDoS in Rack::Utils.get_byte_ranges</li>
<li><a
href="https://github.com/rack/rack/commit/20bc90c2431d7fabcd1873410543cf3d72f65004"><code>20bc90c</code></a>
bump version</li>
<li><a
href="https://github.com/rack/rack/commit/3677f170b4ac713defb84cd6a86431623ba0adc0"><code>3677f17</code></a>
Update changelog</li>
<li><a
href="https://github.com/rack/rack/commit/ee25ab9a7ee981d7578f559701085b0cf39bde77"><code>ee25ab9</code></a>
Fix ReDoS vulnerability in multipart parser</li>
<li><a
href="https://github.com/rack/rack/commit/19e49f0f185d7e42ed5b402baec6c897a8c48029"><code>19e49f0</code></a>
Forbid control characters in attributes</li>
<li><a
href="https://github.com/rack/rack/commit/ea39e49442e0008bfce4ad628ce52a4be2a20b5b"><code>ea39e49</code></a>
Bump patch version.</li>
<li><a
href="https://github.com/rack/rack/commit/c0f9de4844052b7867180c587d1b6969be2f114d"><code>c0f9de4</code></a>
Rack::MethodOverride handle QueryParser::ParamsTooDeepError (<a
href="https://github-redirect.dependabot.com/rack/rack/issues/2011">#2011</a>)</li>
<li><a
href="https://github.com/rack/rack/commit/8312a2fd6aee0950d7b2deb548aaf600cb871d80"><code>8312a2f</code></a>
Remove leading dot to fix compatibility with latest cgi gem. (<a
href="https://github-redirect.dependabot.com/rack/rack/issues/1988">#1988</a>)</li>
<li><a
href="https://github.com/rack/rack/commit/2a82c88f1a468d8f68d9d7640886f5153142c272"><code>2a82c88</code></a>
Update tests to work on latest Rubies. (<a
href="https://github-redirect.dependabot.com/rack/rack/issues/1999">#1999</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/rack/rack/compare/2.2.3.1...v2.2.6.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/magicstone-dev/ecko/network/alerts).
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent 5f1d9bd commit 6582ce5
2 files changed
+3
-3
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
12 | | - | |
| 12 | + | |
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
462 | 462 | | |
463 | 463 | | |
464 | 464 | | |
465 | | - | |
| 465 | + | |
466 | 466 | | |
467 | 467 | | |
468 | 468 | | |
| |||
806 | 806 | | |
807 | 807 | | |
808 | 808 | | |
809 | | - | |
| 809 | + | |
810 | 810 | | |
811 | 811 | | |
812 | 812 | | |
| |||
0 commit comments