Bump the bundler group across 1 directories with 5 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the bundler group with 5 updates in the /. directory:

Package	From	To
rack	1.4.1	2.2.6.4
grape	0.2.1	1.1.0
activesupport	3.2.8	3.2.22.5
net-ldap	0.3.1	0.16.2
json	1.7.5	2.7.1

Updates rack from 1.4.1 to 2.2.6.4

Changelog

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

SPEC Changes

• rack.input is now optional. (#1997, [@​ioquatix])
• Rack::Utils.escape_html is now delegated to CGI.escapeHTML. ' is escaped to [#39](https://github.com/rack/rack/issues/39); instead of #x27;. (decimal vs hexadecimal) (#2099, @​JunichiIto)

Changed

• rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
• Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
• MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
• Add .mjs MIME type (#2057, [@​axilleas])
• Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])
• set_cookie_header utility now supports the partitioned cookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@​flavio-b])
• Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [@​wtn])
• Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [@​wtn])

[3.0.8] - 2023-06-14

• Fix some unused variable verbose warnings. (#2084, [@​jeremyevans], @​skipkayhil)

[3.0.7] - 2023-03-16

• Make query parameters without = have nil values. (#2059, [@​jeremyevans])

[3.0.6.1] - 2023-03-13

• [CVE-2023-27539] Avoid ReDoS in header parsing

[3.0.6] - 2023-03-13

• Add QueryParser#missing_value for handling missing values + tests. (#2052, [@​ioquatix])

[3.0.5] - 2023-03-13

• Split form/query parsing into two steps. (#2038, @​matthewd)

[3.0.4.2] - 2023-03-02

• [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts

[3.0.4.1] - 2023-01-17

• [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
• [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges

... (truncated)

Commits

• 27addc7 bump version
• ee7919e Avoid ReDoS problem
• d6b5b2b bump version
• 9aac375 Limit all multipart parts, not just files
• 2606ac5 bumping version
• f6d4f52 Fix ReDoS in Rack::Utils.get_byte_ranges
• 20bc90c bump version
• 3677f17 Update changelog
• ee25ab9 Fix ReDoS vulnerability in multipart parser
• 19e49f0 Forbid control characters in attributes
• Additional commits viewable in compare view

Updates grape from 0.2.1 to 1.1.0

Changelog

Sourced from grape's changelog.

1.1.0 (2018/8/4)

Features

• #1759: Instrument serialization as 'format_response.grape' - @​zvkemp.

Fixes

• #1762: Fix unsafe HTML rendering on errors - @​ctennis.
• #1759: Update appraisal for rails_edge - @​zvkemp.
• #1758: Fix expanding load_path in gemspec - @​2maz.
• #1765: Use 415 when request body is of an unsupported media type - @​jdmurphy.
• #1771: Fix param aliases with 'given' blocks - @​jereynolds.

1.0.3 (2018/4/23)

Fixes

• #1755: Fix shared params with exactly_one_of - @​milgner.
• #1740: Fix dependent parameter validation using given when parameter is a Hash - @​jvortmann.
• #1737: Fix translating error when passing symbols as params in custom validations - @​mlzhuyi.
• #1749: Allow rescue from non-StandardError exceptions - @​dm1try.
• #1750: Fix a circular dependency warning due to router being loaded by API - @​salasrod.
• #1752: Fix include_missing behavior for aliased parameters - @​jonasoberschweiber.
• #1754: Allow rescue from non-StandardError exceptions to use default error handling - @​jelkster.
• #1756: Allow custom Grape exception handlers when the built-in exception handling is enabled - @​soylent.

1.0.2 (2018/1/10)

Features

• #1686: Avoid coercion of a value if it is valid - @​timothysu.
• #1688: Removes yard docs - @​ramkumar-kr.
• #1702: Added danger-toc, verify correct TOC in README - @​dblock.
• #1711: Automatically coerce arrays and sets of types that implement a parse method - @​dslh.

Fixes

• #1710: Fix wrong transformation of empty Array in declared params - @​pablonahuelgomez.
• #1722: Fix catch-all hiding multiple versions of an endpoint after the first definition - @​zherr.
• #1724: Optional nested array validation - @​ericproulx.
• #1725: Fix rescue_from :all documentation - @​Jelkster.
• #1726: Improved startup performance during API method generation - @​jkowens.
• #1727: Fix infinite loop when mounting endpoint with same superclass - @​jkowens.

1.0.1 (2017/9/8)

Features

• #1652: Add the original exception to the error_formatter the original exception - @​dcsg.

... (truncated)

Commits

• 0fb170c Preparing for release, 1.1.0.
• a152d98 Fix param aliases within 'given' blocks (#1771)
• 2dcef9a Merge pull request #1765 from jdmurphy/415_status
• 6209297 Use 415 status code when content type is not supported
• d845a3a Merge pull request #1764 from budnik/patch-1
• 03f7e4c Fixes few examples syntax
• 6876b71 When returning an HTML error, make sure it's safe (#1763)
• 9a4b939 Merge pull request #1758 from 2maz/master
• 3ee2956 Fix expanding LOAD_PATH in gemspec
• c951628 Merge pull request #1759 from zvkemp/instrument-serialization
• Additional commits viewable in compare view

Updates activesupport from 3.2.8 to 3.2.22.5

Commits

• e4b0a5f bumping version
• c4e0169 bumping version
• ebc3639 bumping version
• 1ac2ddb Preparing for 3.2.22.2 release
• 8d86637 bumping version
• a6fa396 use secure string comparisons for basic auth username / password
• 180aad3 Preparing for 3.2.22 release
• 153cc84 enforce a depth limit on XML documents
• abce1aa Fix ruby 2.2 comparable warnings
• 8f92edb Remove hard dependency on test-unit
• Additional commits viewable in compare view

Updates net-ldap from 0.3.1 to 0.16.2

Release notes

Sourced from net-ldap's releases.

v0.16.2

• Net::LDAP#open does not cache bind result #334
• Fix CI build #333
• Fix to “undefined method 'result_code'” #308
• Fixed Exception: incompatible character encodings: ASCII-8BIT and UTF-8 in filter.rb #285

v0.10.1

• Bug fixes:
  • Fix Integer BER encoding of signed values

Changelog

Sourced from net-ldap's changelog.

=== Net::LDAP 0.16.2

• Net::LDAP#open does not cache bind result {#334}[https://github.com/Net::LDAP#open does not cache bind result ruby-ldap/ruby-net-ldap#334]
• Fix CI build {#333}[https://github.com/Fix CI build ruby-ldap/ruby-net-ldap#333]
• Fix to "undefined method 'result_code'" {#308}[https://github.com/Fix to "undefined method 'result_code'" ruby-ldap/ruby-net-ldap#308]
• Fixed Exception: incompatible character encodings: ASCII-8BIT and UTF-8 in filter.rb {#285}[https://github.com/Fixed Exception: incompatible character encodings: ASCII-8BIT and UTF-8 in filter.rb ruby-ldap/ruby-net-ldap#285]

=== Net::LDAP 0.16.1

• Send DN and newPassword with password_modify request {#271}[https://github.com/Send DN and newPassword with password_modify request ruby-ldap/ruby-net-ldap#271]

=== Net::LDAP 0.16.0

• Sasl fix {#281}[https://github.com/Sasl fix ruby-ldap/ruby-net-ldap#281]
• enable TLS hostname validation {#279}[https://github.com/enable TLS hostname validation ruby-ldap/ruby-net-ldap#279]
• update rubocop to 0.42.0 {#278}[https://github.com/update rubocop to 0.42.0 ruby-ldap/ruby-net-ldap#278]

=== Net::LDAP 0.15.0

• Respect connect_timeout when establishing SSL connections {#273}[https://github.com/Respect connect_timeout when establishing SSL connections ruby-ldap/ruby-net-ldap#273]

=== Net::LDAP 0.14.0

• Normalize the encryption parameter passed to the LDAP constructor {#264}[https://github.com/Normalize the encryption parameter passed to the LDAP constructor ruby-ldap/ruby-net-ldap#264]
• Update Docs: Net::LDAP now requires ruby >= 2 {#261}[https://github.com/Update Docs: Net::LDAP now requires ruby >= 2 ruby-ldap/ruby-net-ldap#261]
• fix symbol proc {#255}[https://github.com/fix symbol proc ruby-ldap/ruby-net-ldap#255]
• fix trailing commas {#256}[https://github.com/fix trailing commas ruby-ldap/ruby-net-ldap#256]
• fix deprecated hash methods {#254}[https://github.com/fix deprecated hash methods ruby-ldap/ruby-net-ldap#254]
• fix space after comma {#253}[https://github.com/fix space after comma ruby-ldap/ruby-net-ldap#253]
• fix space inside brackets {#252}[https://github.com/fix space inside brackets ruby-ldap/ruby-net-ldap#252]
• Rubocop style fixes {#249}[https://github.com/Rubocop style fixes ruby-ldap/ruby-net-ldap#249]
• Lazy initialize Net::LDAP::Connection's internal socket {#235}[https://github.com/Lazy initialize Net::LDAP::Connection's internal socket ruby-ldap/ruby-net-ldap#235]
• Support for rfc3062 Password Modify, closes #163 {#178}[https://github.com/Support for rfc3062 Password Modify, closes #163 ruby-ldap/ruby-net-ldap#178]

=== Net::LDAP 0.13.0

Avoid this release for because of an backwards incompatibility in how encryption is initialized ruby-ldap/ruby-net-ldap#264. We did not yank it because people have already worked around it.

• Set a connect_timeout for the creation of a socket {#243}[https://github.com/Set a connect_timeout for the creation of a socket ruby-ldap/ruby-net-ldap#243]
• Update bundler before installing gems with bundler {#245}[https://github.com/Update bundler before installing gems with bundler ruby-ldap/ruby-net-ldap#245]
• Net::LDAP#encryption accepts string {#239}[https://github.com/Net::LDAP#encryption accepts string ruby-ldap/ruby-net-ldap#239]
• Adds correct UTF-8 encoding to Net::BER::BerIdentifiedString {#242}[https://github.com/Adds correct UTF-8 encoding to Net::BER::BerIdentifiedString ruby-ldap/ruby-net-ldap#242]
• Remove 2.3.0-preview since ruby-head already is included {#241}[https://github.com/Remove 2.3.0-preview since ruby-head already is included ruby-ldap/ruby-net-ldap#241]
• Drop support for ruby 1.9.3 {#240}[https://github.com/Drop support for ruby 1.9.3 ruby-ldap/ruby-net-ldap#240]
• Fixed capitalization of StartTLSError {#234}[https://github.com/Fixed capitalization of StartTLSError ruby-ldap/ruby-net-ldap#234]

=== Net::LDAP 0.12.1

... (truncated)

Commits

• See full diff in compare view

Updates json from 1.7.5 to 2.7.1

Release notes

Sourced from json's releases.

v2.7.1

What's Changed

Improved

• [DOC] RDoc for additions by @​BurdetteLamar in flori/json#557

Fixed

• JSON.dump: handle unenclosed hashes regression by @​casperisfine in flori/json#554
• Overload kwargs in JSON.dump by @​k0kubun in flori/json#556
• Fix JSON.dump overload combination by @​tompng in flori/json#558

Misc

• Remove needless encodings by @​hsbt in flori/json#559
• Unify versions by @​hsbt in flori/json#560

New Contributors

• @​k0kubun made their first contribution in flori/json#556
• @​tompng made their first contribution in flori/json#558

Full Changelog: ruby/json@v2.7.0...v2.7.1

v2.7.0

What's Changed

Improved

• Perf. improvements to Hash#to_json in pure implementation generator. by @​vipulnsward in flori/json#203
• Remove unnecessary initialization of create_id in JSON.parse() by @​Watson1978 in flori/json#454

Added

• Call super in included hook by @​paracycle in flori/json#486
• Rename escape_slash in script_safe and also escape E+2028 and E+2029 by @​casperisfine in flori/json#525
• Add a strict option to Generator by @​casperisfine in flori/json#519

Fixed

• Fix homepage url in gemspec by @​unasuke in flori/json#508
• Fix dead link to Ragel in README by @​okuramasafumi in flori/json#509
• [DOC] Fix yet another dead link to Ragel by @​nobu in flori/json#510
• Fix "unexpected token" offset for Infinity by @​jhawthorn in flori/json#507
• Use ruby_xfree to free buffers by @​casperisfine in flori/json#518

Compatibility changes

• JRuby requires a minimum of Java 8 by @​headius in flori/json#516
• Rename JSON::ParseError to JSON:ParserError by @​dalizard in flori/json#530
• Removed code for Ruby 1.8 by @​hsbt in flori/json#540
• alias_method is private on Ruby 2.3 and 2.4 by @​hsbt in flori/json#541

... (truncated)

Changelog

Sourced from json's changelog.

2023-12-05 (2.7.1)

• JSON.dump: handle unenclosed hashes regression #554
• Overload kwargs in JSON.dump #556
• [DOC] RDoc for additions #557
• Fix JSON.dump overload combination #558

2023-12-01 (2.7.0)

• Add a strict option to Generator #519
• escape_slash option was renamed as script_safe and now also escape U+2028 and U+2029. escape_slash is now an alias of script_safe #525
• Remove unnecessary initialization of create_id in JSON.parse() #454
• Improvements to Hash#to_json in pure implementation generator #203
• Use ruby_xfree to free buffers #518
• Fix "unexpected token" offset for Infinity #507
• Avoid using deprecated BigDecimal.new on JRuby #546
• Removed code for Ruby 1.8 #540
• Rename JSON::ParseError to JSON:ParserError #530
• Call super in included hook #486
• JRuby requires a minimum of Java 8 #516
• Always indent even if empty #517

2022-11-30 (2.6.3)

• bugfix json/pure mixing escaped with literal unicode raises Encoding::CompatibilityError #483
• Stop including the parser source LINE in exceptions #470

2022-11-17 (2.6.2)

• Remove unknown keyword arg from DateTime.parse #488
• Ignore java artifacts by @​hsbt #489
• Fix parser bug for empty string allocation #496

2021-10-24 (2.6.1)

• Restore version.rb with 2.6.1

2021-10-14 (2.6.0)

• Use rb_enc_interned_str if available to reduce allocations in freeze: true mode. #451.
• Bump required_ruby_version to 2.3.
• Fix compatibility with GC.compact.
• Fix some compilation warnings. #469

2020-12-22 (2.5.1)

• Restore the compatibility for constants of JSON class.

2020-12-22 (2.5.0)

... (truncated)

Commits

• a1af7a3 Bump up 2.7.1
• 0242621 Changelog for 2.7.1
• a561ed9 Removed needless assignment
• ed59dbb Merge pull request #560 from flori/unify-versions
• 113ade8 Removed obsoleted version definition
• 3ef57b5 Detect json version from version.rb
• da84ab4 Merge pull request #559 from flori/remove-needless-encodings
• 39d6c85 cosmetics
• 11b3121 The modern Ruby uses utf-8 encodings by default
• 3f2efd6 [DOC] RDoc for additions (#557)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Dependabot can't resolve your Ruby dependency files. Because of this, Dependabot cannot update this pull request.

[GrantBirki]

@dependabot recreate

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.