Skip to content

Commit 5c41ca2

Browse files
rsmithlalrsmithlal
authored
Bump rack-protection from 4.0.0 to 4.1.1 (#701)
Bumps [rack-protection](https://github.com/sinatra/sinatra) from 4.0.0 to 4.1.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md">rack-protection's changelog</a>.</em></p> <blockquote> <h2>4.1.1 / 2024-11-20</h2> <ul> <li>Fix: Restore WEBrick support (<a href="https://redirect.github.com/sinatra/sinatra/pull/2067">#2067</a>)</li> </ul> <h2>4.1.0 / 2024-11-18</h2> <ul> <li>New: Add <code>host_authorization</code> setting (<a href="https://redirect.github.com/sinatra/sinatra/pull/2053">#2053</a>) <ul> <li>Defaults to <code>.localhost</code>, <code>.test</code> and any IP address in development mode.</li> <li>Security: addresses <a href="https://github.com/advisories/GHSA-hxx2-7vcw-mqr3">CVE-2024-21510</a>.</li> </ul> </li> <li>Fix: Return an instance of <code>Sinatra::IndifferentHash</code> when calling <code>#except</code> (<a href="https://redirect.github.com/sinatra/sinatra/pull/2044">#2044</a>)</li> <li>Fix: Address warning from <code>URI</code> for Ruby 3.4 (<a href="https://redirect.github.com/sinatra/sinatra/pull/2060">#2060</a>)</li> <li>Fix: <code>rackup</code> no longer depends on WEBrick, recommend Puma instead (<a href="https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6"><code>4a558503</code></a>)</li> <li>Fix: Zeitwerk 2.7.0+ compatibility (<a href="https://redirect.github.com/sinatra/sinatra/pull/2050">#2050</a>)</li> <li>Fix: Address warning about Hash construction for Ruby 3.4 (<a href="https://redirect.github.com/sinatra/sinatra/pull/2028">#2028</a>)</li> <li>Fix: Declare missing dependencies for Ruby 3.5 (<a href="https://redirect.github.com/sinatra/sinatra/pull/2032">#2032</a>)</li> <li>Fix: Compatibility with <code>--enable-frozen-string-literal</code> (<a href="https://redirect.github.com/sinatra/sinatra/pull/2033">#2033</a>)</li> <li>Fix: Rack 3.1 compatibility (<a href="https://redirect.github.com/sinatra/sinatra/pull/2035">#2035</a>) <ul> <li>Don't depend on <code>Rack::Logger</code></li> <li>Don't delete <code>content-length</code> header when <code>Rack::Files</code> is used</li> </ul> </li> </ul> <h2>4.0.0. / 2024-01-19</h2> <ul> <li> <p>New: Add support for Rack 3 (<a href="https://redirect.github.com/sinatra/sinatra/issues/1857">#1857</a>)</p> <ul> <li>Note: you may want to read the [Rack 3 Upgrade Guide]</li> </ul> </li> <li> <p>Require Ruby 2.7.8 as minimum Ruby version (<a href="https://redirect.github.com/sinatra/sinatra/issues/1993">#1993</a>)</p> </li> <li> <p>Breaking change: Drop support for Rack 2 (<a href="https://redirect.github.com/sinatra/sinatra/issues/1857">#1857</a>)</p> <ul> <li>Note: when using Sinatra to start the web server, you now need the <code>rackup</code> gem installed</li> </ul> </li> <li> <p>Breaking change: Remove the <code>IndifferentHash</code> initializer (<a href="https://redirect.github.com/sinatra/sinatra/issues/1982">#1982</a>)</p> </li> <li> <p>Breaking change: Disable <code>session_hijacking</code> protection by default (<a href="https://redirect.github.com/sinatra/sinatra/issues/1984">#1984</a>)</p> </li> <li> <p>Breaking change: Remove <code>Rack::Protection::EncryptedCookie</code> (<a href="https://redirect.github.com/sinatra/sinatra/issues/1989">#1989</a>)</p> <ul> <li>Note: cookies are still encrypted (by [<code>Rack::Session::Cookie</code>])</li> </ul> </li> </ul> <p><a href="https://redirect.github.com/sinatra/sinatra/issues/1857">#1857</a>: <a href="https://redirect.github.com/sinatra/sinatra/pull/1857">sinatra/sinatra#1857</a> <a href="https://redirect.github.com/sinatra/sinatra/issues/1993">#1993</a>: <a href="https://redirect.github.com/sinatra/sinatra/pull/1993">sinatra/sinatra#1993</a> <a href="https://redirect.github.com/sinatra/sinatra/issues/1982">#1982</a>: <a href="https://redirect.github.com/sinatra/sinatra/pull/1982">sinatra/sinatra#1982</a> <a href="https://redirect.github.com/sinatra/sinatra/issues/1984">#1984</a>: <a href="https://redirect.github.com/sinatra/sinatra/pull/1984">sinatra/sinatra#1984</a> <a href="https://redirect.github.com/sinatra/sinatra/issues/1989">#1989</a>: <a href="https://redirect.github.com/sinatra/sinatra/pull/1989">sinatra/sinatra#1989</a> [<code>Rack::Session::Cookie</code>]: <a href="https://github.com/rack/rack-session">https://github.com/rack/rack-session</a> [Rack 3 Upgrade Guide]: <a href="https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md">https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md</a></p> <h2>3.2.0 / 2023-12-29</h2> <ul> <li> <p>New: Add <code>#except</code> method to <code>Sinatra::IndifferentHash</code> (<a href="https://redirect.github.com/sinatra/sinatra/issues/1940">#1940</a>)</p> </li> <li> <p>New: Use <code>Exception#detailed_message</code> to show backtrace (<a href="https://redirect.github.com/sinatra/sinatra/issues/1952">#1952</a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sinatra/sinatra/commit/7b50a1bbb5324838908dfaa00ec53ad322673a29"><code>7b50a1b</code></a> 4.1.1 release (<a href="https://redirect.github.com/sinatra/sinatra/issues/2068">#2068</a>)</li> <li><a href="https://github.com/sinatra/sinatra/commit/73f3291d114b5b211e067263eeb9c0e197fe8500"><code>73f3291</code></a> 4.1.0 release (<a href="https://redirect.github.com/sinatra/sinatra/issues/2063">#2063</a>)</li> <li><a href="https://github.com/sinatra/sinatra/commit/cd3e00de20ddaff34ea30f7a74a7b9dad189d1d8"><code>cd3e00d</code></a> Add <code>HostAuthorization</code> rack-protection middleware (<a href="https://redirect.github.com/sinatra/sinatra/issues/2053">#2053</a>)</li> <li><a href="https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6"><code>4a55850</code></a> Remove WEBrick</li> <li><a href="https://github.com/sinatra/sinatra/commit/319af3a298cb8278670f285b6c02df0fd084615d"><code>319af3a</code></a> Declare missing dependencies for Ruby 3.5 (<a href="https://redirect.github.com/sinatra/sinatra/issues/2032">#2032</a>)</li> <li><a href="https://github.com/sinatra/sinatra/commit/8d0095fc8c37f39d41caf74637da72c1ac952299"><code>8d0095f</code></a> Adjust <code>CookieTossing</code> spec for Rack 3.1+</li> <li><a href="https://github.com/sinatra/sinatra/commit/5640495babcb4cfd69ba650b293660b7446402da"><code>5640495</code></a> Fix typos in changelog, readme and code comments (<a href="https://redirect.github.com/sinatra/sinatra/issues/2006">#2006</a>)</li> <li>See full diff in <a href="https://github.com/sinatra/sinatra/compare/v4.0.0...v4.1.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack-protection&package-manager=bundler&previous-version=4.0.0&new-version=4.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
2 parents a3fef26 + 6599d62 commit 5c41ca2

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

Gemfile.lock

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -443,8 +443,9 @@ GEM
443443
rack (>= 2.0.0)
444444
rack-mini-profiler (3.3.1)
445445
rack (>= 1.2.0)
446-
rack-protection (4.0.0)
446+
rack-protection (4.1.1)
447447
base64 (>= 0.1.0)
448+
logger (>= 1.6.0)
448449
rack (>= 3.0.0, < 4)
449450
rack-session (2.0.0)
450451
rack (>= 3.0.0)

0 commit comments

Comments
 (0)