rack · santib · Dec 30, 2025 · Jan 5, 2026 · Jan 5, 2026 · Jan 5, 2026
diff --git a/Appraisals b/Appraisals
@@ -47,21 +47,29 @@ end
 
 appraise "active_support_8-0_redis_cache_store" do
   gem "activesupport", "~> 8.0.0"
+  # Fix connection_pool version requirement for ActiveSupport
+  gem "connection_pool", "~> 2.5"
   gem "redis", "~> 5.0"
 end
 
 appraise "active_support_7-2_redis_cache_store" do
   gem "activesupport", "~> 7.2.0"
+  # Fix connection_pool version requirement for ActiveSupport
+  gem "connection_pool", "~> 2.5"
   gem "redis", "~> 5.0"
 end
 
 appraise "active_support_7-1_redis_cache_store" do
   gem "activesupport", "~> 7.1.0"
+  # Fix connection_pool version requirement for ActiveSupport
+  gem "connection_pool", "~> 2.5"
   gem "redis", "~> 5.0"
 end
 
 appraise "active_support_7-0_redis_cache_store" do
   gem "activesupport", "~> 7.0.0"
+  # Fix connection_pool version requirement for ActiveSupport
+  gem "connection_pool", "~> 2.5"
   gem "redis", "~> 5.0"
 end
 

diff --git a/gemfiles/active_support_7_0_redis_cache_store.gemfile b/gemfiles/active_support_7_0_redis_cache_store.gemfile
@@ -3,6 +3,7 @@
 source "https://rubygems.org"
 
 gem "activesupport", "~> 7.0.0"
+gem "connection_pool", "~> 2.5"
 gem "redis", "~> 5.0"
 
 group :maintenance, optional: true do

diff --git a/gemfiles/active_support_7_1_redis_cache_store.gemfile b/gemfiles/active_support_7_1_redis_cache_store.gemfile
@@ -3,6 +3,7 @@
 source "https://rubygems.org"
 
 gem "activesupport", "~> 7.1.0"
+gem "connection_pool", "~> 2.5"
 gem "redis", "~> 5.0"
 
 group :maintenance, optional: true do

diff --git a/gemfiles/active_support_7_2_redis_cache_store.gemfile b/gemfiles/active_support_7_2_redis_cache_store.gemfile
@@ -3,6 +3,7 @@
 source "https://rubygems.org"
 
 gem "activesupport", "~> 7.2.0"
+gem "connection_pool", "~> 2.5"
 gem "redis", "~> 5.0"
 
 group :maintenance, optional: true do

diff --git a/gemfiles/active_support_8_0_redis_cache_store.gemfile b/gemfiles/active_support_8_0_redis_cache_store.gemfile
@@ -3,6 +3,7 @@
 source "https://rubygems.org"
 
 gem "activesupport", "~> 8.0.0"
+gem "connection_pool", "~> 2.5"
 gem "redis", "~> 5.0"
 
 group :maintenance, optional: true do

diff --git a/rack-attack.gemspec b/rack-attack.gemspec
@@ -44,9 +44,4 @@ Gem::Specification.new do |s|
   if RUBY_ENGINE == "ruby"
     s.add_development_dependency 'byebug', '~> 11.0'
   end
-
-  s.add_development_dependency "activesupport"
-  # Fix activesupport Direct version requirement on connection_pool
-  # can be removed once https://github.com/rails/rails/issues/56291 is ixed and released
-  s.add_development_dependency "connection_pool", "~> 2.5"
 end
diff --git a/spec/acceptance/allow2ban_spec.rb b/spec/acceptance/allow2ban_spec.rb
@@ -5,7 +5,7 @@
 
 describe "allow2ban" do
   before do
-    Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
+    Rack::Attack.cache.store = SimpleMemoryStore.new
 
     Rack::Attack.blocklist("allow2ban pentesters") do |request|
       Rack::Attack::Allow2Ban.filter(request.ip, maxretry: 2, findtime: 30, bantime: 60) do

diff --git a/spec/acceptance/blocking_ip_spec.rb b/spec/acceptance/blocking_ip_spec.rb
@@ -27,19 +27,21 @@
     assert_equal 200, last_response.status
   end
 
-  it "notifies when the request is blocked" do
-    ActiveSupport::Notifications.subscribe("blocklist.rack_attack") do |_name, _start, _finish, _id, payload|
-      notifications.push(payload)
-    end
+  if defined?(::ActiveSupport::Notifications)
+    it "notifies when the request is blocked" do
+      ActiveSupport::Notifications.subscribe("blocklist.rack_attack") do |_name, _start, _finish, _id, payload|
+        notifications.push(payload)
+      end
 
-    get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
+      get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
 
-    assert notifications.empty?
+      assert notifications.empty?
 
-    get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-    assert_equal 1, notifications.size
-    notification = notifications.pop
-    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+      assert_equal 1, notifications.size
+      notification = notifications.pop
+      assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+    end
   end
 end
diff --git a/spec/acceptance/blocking_spec.rb b/spec/acceptance/blocking_spec.rb
@@ -23,21 +23,23 @@
     assert_equal 200, last_response.status
   end
 
-  it "notifies when the request is blocked" do
-    ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, payload|
-      notifications.push(payload)
-    end
+  if defined?(::ActiveSupport::Notifications)
+    it "notifies when the request is blocked" do
+      ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, payload|
+        notifications.push(payload)
+      end
 
-    get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
+      get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
 
-    assert notifications.empty?
+      assert notifications.empty?
 
-    get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-    assert_equal 1, notifications.size
-    notification = notifications.pop
-    assert_nil notification[:request].env["rack.attack.matched"]
-    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+      assert_equal 1, notifications.size
+      notification = notifications.pop
+      assert_nil notification[:request].env["rack.attack.matched"]
+      assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+    end
   end
 end
 
@@ -62,20 +64,22 @@
     assert_equal 200, last_response.status
   end
 
-  it "notifies when the request is blocked" do
-    ActiveSupport::Notifications.subscribe("blocklist.rack_attack") do |_name, _start, _finish, _id, payload|
-      notifications.push(payload)
-    end
+  if defined?(::ActiveSupport::Notifications)
+    it "notifies when the request is blocked" do
+      ActiveSupport::Notifications.subscribe("blocklist.rack_attack") do |_name, _start, _finish, _id, payload|
+        notifications.push(payload)
+      end
 
-    get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
+      get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
 
-    assert notifications.empty?
+      assert notifications.empty?
 
-    get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-    assert_equal 1, notifications.size
-    notification = notifications.pop
-    assert_equal "block 1.2.3.4", notification[:request].env["rack.attack.matched"]
-    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+      assert_equal 1, notifications.size
+      notification = notifications.pop
+      assert_equal "block 1.2.3.4", notification[:request].env["rack.attack.matched"]
+      assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+    end
   end
 end
diff --git a/spec/acceptance/blocking_subnet_spec.rb b/spec/acceptance/blocking_subnet_spec.rb
@@ -27,19 +27,21 @@
     assert_equal 200, last_response.status
   end
 
-  it "notifies when the request is blocked" do
-    ActiveSupport::Notifications.subscribe("blocklist.rack_attack") do |_name, _start, _finish, _id, payload|
-      notifications.push(payload)
-    end
+  if defined?(::ActiveSupport::Notifications)
+    it "notifies when the request is blocked" do
+      ActiveSupport::Notifications.subscribe("blocklist.rack_attack") do |_name, _start, _finish, _id, payload|
+        notifications.push(payload)
+      end
 
-    get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
+      get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
 
-    assert notifications.empty?
+      assert notifications.empty?
 
-    get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-    assert_equal 1, notifications.size
-    notification = notifications.pop
-    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+      assert_equal 1, notifications.size
+      notification = notifications.pop
+      assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+    end
   end
 end
diff --git a/spec/acceptance/cache_store_config_with_rails_spec.rb b/spec/acceptance/cache_store_config_with_rails_spec.rb
@@ -4,32 +4,34 @@
 require "minitest/stub_const"
 require "ostruct"
 
-describe "Cache store config with Rails" do
-  before do
-    Rack::Attack.throttle("by ip", limit: 1, period: 60) do |request|
-      request.ip
+if defined?(::ActiveSupport::Cache::MemoryStore)
+  describe "Cache store config with Rails" do
+    before do
+      Rack::Attack.throttle("by ip", limit: 1, period: 60) do |request|
+        request.ip
+      end
     end
-  end
 
-  unless defined?(Rails)
-    it "fails when Rails.cache is not set" do
-      Object.stub_const(:Rails, OpenStruct.new(cache: nil)) do
-        assert_raises(Rack::Attack::MissingStoreError) do
-          get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+    unless defined?(Rails)
+      it "fails when Rails.cache is not set" do
+        Object.stub_const(:Rails, OpenStruct.new(cache: nil)) do
+          assert_raises(Rack::Attack::MissingStoreError) do
+            get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+          end
         end
       end
     end
-  end
 
-  it "works when Rails.cache is set" do
-    Object.stub_const(:Rails, OpenStruct.new(cache: ActiveSupport::Cache::MemoryStore.new)) do
-      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+    it "works when Rails.cache is set" do
+      Object.stub_const(:Rails, OpenStruct.new(cache: ActiveSupport::Cache::MemoryStore.new)) do
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-      assert_equal 200, last_response.status
+        assert_equal 200, last_response.status
 
-      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-      assert_equal 429, last_response.status
+        assert_equal 429, last_response.status
+      end
     end
   end
 end
diff --git a/spec/acceptance/customizing_throttled_response_spec.rb b/spec/acceptance/customizing_throttled_response_spec.rb
@@ -4,7 +4,7 @@
 
 describe "Customizing throttled response" do
   before do
-    Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
+    Rack::Attack.cache.store = SimpleMemoryStore.new
 
     Rack::Attack.throttle("by ip", limit: 1, period: 60) do |request|
       request.ip

diff --git a/spec/acceptance/fail2ban_spec.rb b/spec/acceptance/fail2ban_spec.rb
@@ -7,7 +7,7 @@
   let(:notifications) { [] }
 
   before do
-    Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
+    Rack::Attack.cache.store = SimpleMemoryStore.new
 
     Rack::Attack.blocklist("fail2ban pentesters") do |request|
       Rack::Attack::Fail2Ban.filter(request.ip, maxretry: 2, findtime: 30, bantime: 60) do
@@ -78,43 +78,45 @@
     end
   end
 
-  it "notifies when the request is blocked" do
-    ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, payload|
-      notifications.push(payload)
-    end
+  if defined?(::ActiveSupport::Notifications)
+    it "notifies when the request is blocked" do
+      ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, payload|
+        notifications.push(payload)
+      end
 
-    get "/"
+      get "/"
 
-    assert_equal 200, last_response.status
-    assert notifications.empty?
+      assert_equal 200, last_response.status
+      assert notifications.empty?
 
-    get "/private-place"
+      get "/private-place"
 
-    assert_equal 403, last_response.status
-    assert_equal 1, notifications.size
-    notification = notifications.pop
-    assert_equal 'fail2ban pentesters', notification[:request].env["rack.attack.matched"]
-    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+      assert_equal 403, last_response.status
+      assert_equal 1, notifications.size
+      notification = notifications.pop
+      assert_equal 'fail2ban pentesters', notification[:request].env["rack.attack.matched"]
+      assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
 
-    get "/"
+      get "/"
 
-    assert_equal 200, last_response.status
-    assert notifications.empty?
+      assert_equal 200, last_response.status
+      assert notifications.empty?
 
-    get "/private-place"
+      get "/private-place"
 
-    assert_equal 403, last_response.status
-    assert_equal 1, notifications.size
-    notification = notifications.pop
-    assert_equal 'fail2ban pentesters', notification[:request].env["rack.attack.matched"]
-    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+      assert_equal 403, last_response.status
+      assert_equal 1, notifications.size
+      notification = notifications.pop
+      assert_equal 'fail2ban pentesters', notification[:request].env["rack.attack.matched"]
+      assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
 
-    get "/"
+      get "/"
 
-    assert_equal 403, last_response.status
-    assert_equal 1, notifications.size
-    notification = notifications.pop
-    assert_equal 'fail2ban pentesters', notification[:request].env["rack.attack.matched"]
-    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+      assert_equal 403, last_response.status
+      assert_equal 1, notifications.size
+      notification = notifications.pop
+      assert_equal 'fail2ban pentesters', notification[:request].env["rack.attack.matched"]
+      assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+    end
   end
 end
diff --git a/spec/acceptance/safelisting_ip_spec.rb b/spec/acceptance/safelisting_ip_spec.rb
@@ -43,16 +43,18 @@
     assert_equal 200, last_response.status
   end
 
-  it "notifies when the request is safe" do
-    ActiveSupport::Notifications.subscribe("safelist.rack_attack") do |_name, _start, _finish, _id, payload|
-      notifications.push(payload)
+  if defined?(::ActiveSupport::Notifications)
+    it "notifies when the request is safe" do
+      ActiveSupport::Notifications.subscribe("safelist.rack_attack") do |_name, _start, _finish, _id, payload|
+        notifications.push(payload)
+      end
+
+      get "/admin", {}, "REMOTE_ADDR" => "5.6.7.8"
+
+      assert_equal 200, last_response.status
+      assert_equal 1, notifications.size
+      notification = notifications.pop
+      assert_equal :safelist, notification[:request].env["rack.attack.match_type"]
     end
-
-    get "/admin", {}, "REMOTE_ADDR" => "5.6.7.8"
-
-    assert_equal 200, last_response.status
-    assert_equal 1, notifications.size
-    notification = notifications.pop
-    assert_equal :safelist, notification[:request].env["rack.attack.match_type"]
   end
 end