From 8552300dfddc866096468235b4ae054c29ddda0b Mon Sep 17 00:00:00 2001 From: Jake Coffman Date: Mon, 26 Feb 2024 08:15:00 -0600 Subject: [PATCH] regenerate bundler multidir test --- tests/smoke-bundler-version-multidir.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/smoke-bundler-version-multidir.yaml b/tests/smoke-bundler-version-multidir.yaml index 1272399..f8e0eaa 100644 --- a/tests/smoke-bundler-version-multidir.yaml +++ b/tests/smoke-bundler-version-multidir.yaml @@ -258,7 +258,7 @@ output: support_file: false type: file pr-title: Bump the bundler_pkgs across 2 directories with 3 updates - pr-body: "Bumps the bundler_pkgs with 2 updates in the /bundler/multi-dir/foo directory: [sinatra](https://github.com/sinatra/sinatra) and [nokogiri](https://github.com/sparklemotion/nokogiri).\nBumps the bundler_pkgs with 2 updates in the /bundler/multi-dir/bar directory: [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\n\nUpdates `sinatra` from 1.2.2 to 3.1.0\n
\nChangelog\n

Sourced from sinatra's changelog.

\n
\n

3.1.0 / 2023-08-07

\n
    \n
  • \n

    New: Add sass support via sass-embedded #1911 by なつき

    \n
    • \n
  • \n

    New: Add start and stop callbacks #1913 by Jevin Sew

    \n
    • \n
  • \n

    New: Warn on dropping sessions #1900 by Jonathan del Strother

    \n
    • \n
  • \n

    New: Make Puma the default server #1924 by Patrik Ragnarsson

    \n
    • \n
  • \n

    Fix: Remove use of Tilt::Cache #1922 by Jeremy Evans (allows use of Tilt 2.2.0 without deprecation warning)

    \n
    • \n
  • \n

    Fix: rack-protection: specify rack version requirement #1932 by Patrik Ragnarsson

    \n
    • \n
\n

#1911: sinatra/sinatra#1911\n#1913: sinatra/sinatra#1913\n#1900: sinatra/sinatra#1900\n#1924: sinatra/sinatra#1924\n#1922: sinatra/sinatra#1922\n#1932: sinatra/sinatra#1932

\n

3.0.6 / 2023-04-11

\n
    \n
  • \n

    Fix: Add support to keep open streaming connections with Puma #1858 by Jordan Owens

    \n
    • \n
  • \n

    Fix: Avoid crash in uri helper on Integer input #1890 by Patrik Ragnarsson

    \n
    • \n
  • \n

    Fix: Rescue RuntimeError when trying to use SecureRandom #1888 by Stefan Sundin

    \n
    • \n
\n

3.0.5 / 2022-12-16

\n
    \n
  • \n

    Fix: Add Zeitwerk compatibility. #1831 by Dawid Janczak

    \n
    • \n
  • \n

    Fix: Allow CALLERS_TO_IGNORE to be overridden

    \n
    • \n
\n

3.0.4 / 2022-11-25

\n
    \n
  • Fix: Escape filename in the Content-Disposition header. #1841 by Kunpei Sakai
    • \n
\n

3.0.3 / 2022-11-11

\n\n

3.0.2 / 2022-10-01

\n
    \n
  • New: Add Haml 6 support. #1820 by Jordan Owens
    • \n
\n

3.0.1 / 2022-09-26

\n
    \n
  • Fix: Revert removal of rack-protection.rb. #1814 by Olle Jonsson
    • \n
\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n\nUpdates `nokogiri` from 1.11.0 to 1.15.5\n
\nRelease notes\n

Sourced from nokogiri's releases.

\n
\n

1.15.5 / 2023-11-17

\n

Dependencies

\n\n
\n

sha256 checksums:

\n
6dfa1d9837ddb233e234d56e244560ab1bc545d3d1744478060e18691f44ded7  nokogiri-1.15.5-aarch64-linux.gem\ne3ac6608c6e1714bc11ff04e29a43fedf4cac2aea1bd88256cc3b927c06f347f  nokogiri-1.15.5-arm-linux.gem\n4d7b15d53c0397d131376a19875aa97dd1c8b404c2c03bd2171f9b77e9592d40  nokogiri-1.15.5-arm64-darwin.gem\n5f87e71aaeb4f7479b94698737a0aacea77836b4805c7433b655e9565bd56cfe  nokogiri-1.15.5-java.gem\n7612be800909ae51e0a7cfbe1f768757857a9ff0339686814ca67d9bae271ca2  nokogiri-1.15.5-x64-mingw-ucrt.gem\n28fd78d98e12005fe017db5ceccb74b2497f30582e6e26a3344200625fe46aae  nokogiri-1.15.5-x64-mingw32.gem\n0d1b564d7f148a6766380966bb48b23afa72c72c992c69c71d21acd4a7f5c0e4  nokogiri-1.15.5-x86-linux.gem\nd27dbf44c19b83e570e65b660a8a921441d1e8b6063ab1b985b516f78e0a2854  nokogiri-1.15.5-x86-mingw32.gem\n10bafa54935f68aebd23235cb0fc7dfb8f6f5e52131379484771247eb3a0cc70  nokogiri-1.15.5-x86_64-darwin.gem\nc5d9453cc155dc15f08ac699cc1293fd994ec6cfacec48e67653aa95ee946adf  nokogiri-1.15.5-x86_64-linux.gem\n22448ca35dbcbdcec60dbe25ccf452b685a5436c28f21b2fec2e20917aba9100  nokogiri-1.15.5.gem\n
\n

1.15.4 / 2023-08-11

\n

Dependencies

\n\n

Fixed

\n
    \n
  • Fixed a typo in a HTML5 parser error message. [#2927] (Thanks, @​anishathalye!)
    • \n
  • [CRuby] ObjectSpace.memsize_of is now safe to call on Documents with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]
    • \n
\n
\n

sha256 checksums:

\n
14091a07e07045a440213f7d5ced732fa7654ae8b6c7d180137f4124c5284ab8  nokogiri-1.15.4-aarch64-linux.gem\n572ddc19934d010e98821a946d89462ae66b310fecc3fe12c48b0025c2f76855  nokogiri-1.15.4-arm-linux.gem\n707288e293f4fc82a008f90b7ba0180d9f803f6a239a13e424378fedf8cf93e9  nokogiri-1.15.4-arm64-darwin.gem\n04745925f63af61144eccef38a703928629cf97c34dbb1c42e3def17ac77ec92  nokogiri-1.15.4-java.gem\na0bfb65461a0453afed1a41b235fe84d5b9c7f4d70afd45f0dc2fdec8909faf1  nokogiri-1.15.4-x64-mingw-ucrt.gem\nb9d01b9202e33cc23d19b2c1fc18ff4029cdda9b4f937a4baaefd4124a2158ba  nokogiri-1.15.4-x64-mingw32.gem\n</tr></table> \n
\n
\n

... (truncated)

\n
\n
\nChangelog\n

Sourced from nokogiri's changelog.

\n
\n

1.15.5 / 2023-11-17

\n

Dependencies

\n\n

1.15.4 / 2023-08-11

\n

Dependencies

\n\n

Fixed

\n
    \n
  • Fixed a typo in a HTML5 parser error message. #2927 (@​anishathalye)
    • \n
  • [CRuby] ObjectSpace.memsize_of is now safe to call on Documents with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]
    • \n
\n

1.15.3 / 2023-07-05

\n

Fixed

\n
    \n
  • Passing an object that is not a kind of XML::Node as the first parameter to CDATA.new now raises a TypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920
    • \n
  • Passing an object that is not a kind of XML::Node as the first parameter to Schema.from_document now raises a TypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920
    • \n
  • [CRuby] Passing an object that is not a kind of XML::Node as the second parameter to Text.new now raises a TypeError. Previously this would result in a segfault. #2920
    • \n
  • [CRuby] Replacing a node's children via methods like Node#inner_html=, #children=, and #replace no longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see #283 and #595) but should not have included operations involving xmlAddChild(). #2916
    • \n
  • [JRuby] Fixed NPE when serializing an unparented HTML node. [#2559, #2895] (@​cbasguti)
    • \n
\n

1.15.2 / 2023-05-24

\n

Dependencies

\n
    \n
  • [JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8.
    • \n
\n

Fixed

\n
    \n
  • [JRuby] Java 8 support is restored, fixing a regression present in v1.14.0..v1.14.4 and v1.15.0..v1.15.1. #2887
    • \n
\n

1.15.1 / 2023-05-19

\n

Dependencies

\n\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n\nUpdates `rack` from 1.6.13 to 2.2.8.1\n
\nRelease notes\n

Sourced from rack's releases.

\n
\n

v3.0.9.1

\n

What's Changed

\n
    \n
  • Fixed ReDoS in Accept header parsing [CVE-2024-26146]
    • \n
  • Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
    • \n
  • Reject Range headers which are too large [CVE-2024-26141]
    • \n
\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.9...v3.0.9.1

\n

v3.0.9

\n

What's Changed

\n
    \n
  • Fix content-length calcuation in Rack:Response#write #2150
    • \n
\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.8...v3.0.9

\n

v3.0.8

\n

What's Changed

\n\n

New Contributors

\n\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.7...v3.0.8

\n

v3.0.7

\n

What's Changed

\n\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.6.1...v3.0.7

\n

v3.0.6.1

\n

No release notes provided.

\n

v3.0.4.1

\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.4...v3.0.4.1

\n

v3.0.4

\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.3...v3.0.4

\n

v3.0.3

\n

What's Changed

\n\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.2...v3.0.3

\n

v3.0.2

\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.1...v3.0.2

\n
\n
\n
\nChangelog\n

Sourced from rack's changelog.

\n
\n

Changelog

\n

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

\n

Unreleased

\n

SPEC Changes

\n
    \n
  • rack.input is now optional. (#1997, [@​ioquatix])
    • \n
  • Rack::Utils.escape_html is now delegated to CGI.escapeHTML. ' is escaped to [#39](https://github.com/rack/rack/issues/39); instead of #x27;. (decimal vs hexadecimal) (#2099, @​JunichiIto)
    • \n
\n

Changed

\n
    \n
  • rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
    • \n
  • Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
    • \n
  • MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
    • \n
  • Add .mjs MIME type (#2057, [@​axilleas])
    • \n
  • Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])
    • \n
  • set_cookie_header utility now supports the partitioned cookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@​flavio-b])
    • \n
  • Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [@​wtn])
    • \n
  • Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [@​wtn])
    • \n
\n

[3.0.9] - 2024-01-31

\n
    \n
  • Fix incorrect content-length header that was emitted when Rack::Response#write was used in some situations. (#2150, [@​mattbrictson])
    • \n
\n

[3.0.8] - 2023-06-14

\n\n

[3.0.7] - 2023-03-16

\n\n

[3.0.6.1] - 2023-03-13

\n
    \n
  • [CVE-2023-27539] Avoid ReDoS in header parsing
    • \n
\n

[3.0.6] - 2023-03-13

\n
    \n
  • Add QueryParser#missing_value for handling missing values + tests. (#2052, [@​ioquatix])
    • \n
\n

[3.0.5] - 2023-03-13

\n\n

[3.0.4.2] - 2023-03-02

\n
    \n
  • [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
    • \n
\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n\nUpdates `nokogiri` from 1.11.0 to 1.15.5\n
\nRelease notes\n

Sourced from nokogiri's releases.

\n
\n

1.15.5 / 2023-11-17

\n

Dependencies

\n\n
\n

sha256 checksums:

\n
6dfa1d9837ddb233e234d56e244560ab1bc545d3d1744478060e18691f44ded7  nokogiri-1.15.5-aarch64-linux.gem\ne3ac6608c6e1714bc11ff04e29a43fedf4cac2aea1bd88256cc3b927c06f347f  nokogiri-1.15.5-arm-linux.gem\n4d7b15d53c0397d131376a19875aa97dd1c8b404c2c03bd2171f9b77e9592d40  nokogiri-1.15.5-arm64-darwin.gem\n5f87e71aaeb4f7479b94698737a0aacea77836b4805c7433b655e9565bd56cfe  nokogiri-1.15.5-java.gem\n7612be800909ae51e0a7cfbe1f768757857a9ff0339686814ca67d9bae271ca2  nokogiri-1.15.5-x64-mingw-ucrt.gem\n28fd78d98e12005fe017db5ceccb74b2497f30582e6e26a3344200625fe46aae  nokogiri-1.15.5-x64-mingw32.gem\n0d1b564d7f148a6766380966bb48b23afa72c72c992c69c71d21acd4a7f5c0e4  nokogiri-1.15.5-x86-linux.gem\nd27dbf44c19b83e570e65b660a8a921441d1e8b6063ab1b985b516f78e0a2854  nokogiri-1.15.5-x86-mingw32.gem\n10bafa54935f68aebd23235cb0fc7dfb8f6f5e52131379484771247eb3a0cc70  nokogiri-1.15.5-x86_64-darwin.gem\nc5d9453cc155dc15f08ac699cc1293fd994ec6cfacec48e67653aa95ee946adf  nokogiri-1.15.5-x86_64-linux.gem\n22448ca35dbcbdcec60dbe25ccf452b685a5436c28f21b2fec2e20917aba9100  nokogiri-1.15.5.gem\n
\n

1.15.4 / 2023-08-11

\n

Dependencies

\n\n

Fixed

\n
    \n
  • Fixed a typo in a HTML5 parser error message. [#2927] (Thanks, @​anishathalye!)
    • \n
  • [CRuby] ObjectSpace.memsize_of is now safe to call on Documents with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]
    • \n
\n
\n

sha256 checksums:

\n
14091a07e07045a440213f7d5ced732fa7654ae8b6c7d180137f4124c5284ab8  nokogiri-1.15.4-aarch64-linux.gem\n572ddc19934d010e98821a946d89462ae66b310fecc3fe12c48b0025c2f76855  nokogiri-1.15.4-arm-linux.gem\n707288e293f4fc82a008f90b7ba0180d9f803f6a239a13e424378fedf8cf93e9  nokogiri-1.15.4-arm64-darwin.gem\n04745925f63af61144eccef38a703928629cf97c34dbb1c42e3def17ac77ec92  nokogiri-1.15.4-java.gem\na0bfb65461a0453afed1a41b235fe84d5b9c7f4d70afd45f0dc2fdec8909faf1  nokogiri-1.15.4-x64-mingw-ucrt.gem\nb9d01b9202e33cc23d19b2c1fc18ff4029cdda9b4f937a4baaefd4124a2158ba  nokogiri-1.15.4-x64-mingw32.gem\n</tr></table> \n
\n
\n

... (truncated)

\n
\n
\nChangelog\n

Sourced from nokogiri's changelog.

\n
\n

1.15.5 / 2023-11-17

\n

Dependencies

\n\n

1.15.4 / 2023-08-11

\n

Dependencies

\n\n

Fixed

\n
    \n
  • Fixed a typo in a HTML5 parser error message. #2927 (@​anishathalye)
    • \n
  • [CRuby] ObjectSpace.memsize_of is now safe to call on Documents with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]
    • \n
\n

1.15.3 / 2023-07-05

\n

Fixed

\n
    \n
  • Passing an object that is not a kind of XML::Node as the first parameter to CDATA.new now raises a TypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920
    • \n
  • Passing an object that is not a kind of XML::Node as the first parameter to Schema.from_document now raises a TypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920
    • \n
  • [CRuby] Passing an object that is not a kind of XML::Node as the second parameter to Text.new now raises a TypeError. Previously this would result in a segfault. #2920
    • \n
  • [CRuby] Replacing a node's children via methods like Node#inner_html=, #children=, and #replace no longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see #283 and #595) but should not have included operations involving xmlAddChild(). #2916
    • \n
  • [JRuby] Fixed NPE when serializing an unparented HTML node. [#2559, #2895] (@​cbasguti)
    • \n
\n

1.15.2 / 2023-05-24

\n

Dependencies

\n
    \n
  • [JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8.
    • \n
\n

Fixed

\n
    \n
  • [JRuby] Java 8 support is restored, fixing a regression present in v1.14.0..v1.14.4 and v1.15.0..v1.15.1. #2887
    • \n
\n

1.15.1 / 2023-05-19

\n

Dependencies

\n\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n\nUpdates `rack` from 3.0.0 to 3.0.9.1\n
\nRelease notes\n

Sourced from rack's releases.

\n
\n

v3.0.9.1

\n

What's Changed

\n
    \n
  • Fixed ReDoS in Accept header parsing [CVE-2024-26146]
    • \n
  • Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
    • \n
  • Reject Range headers which are too large [CVE-2024-26141]
    • \n
\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.9...v3.0.9.1

\n

v3.0.9

\n

What's Changed

\n
    \n
  • Fix content-length calcuation in Rack:Response#write #2150
    • \n
\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.8...v3.0.9

\n

v3.0.8

\n

What's Changed

\n\n

New Contributors

\n\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.7...v3.0.8

\n

v3.0.7

\n

What's Changed

\n\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.6.1...v3.0.7

\n

v3.0.6.1

\n

No release notes provided.

\n

v3.0.4.1

\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.4...v3.0.4.1

\n

v3.0.4

\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.3...v3.0.4

\n

v3.0.3

\n

What's Changed

\n\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.2...v3.0.3

\n

v3.0.2

\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.1...v3.0.2

\n
\n
\n
\nChangelog\n

Sourced from rack's changelog.

\n
\n

Changelog

\n

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

\n

Unreleased

\n

SPEC Changes

\n
    \n
  • rack.input is now optional. (#1997, [@​ioquatix])
    • \n
  • Rack::Utils.escape_html is now delegated to CGI.escapeHTML. ' is escaped to [#39](https://github.com/rack/rack/issues/39); instead of #x27;. (decimal vs hexadecimal) (#2099, @​JunichiIto)
    • \n
\n

Changed

\n
    \n
  • rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
    • \n
  • Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
    • \n
  • MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
    • \n
  • Add .mjs MIME type (#2057, [@​axilleas])
    • \n
  • Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])
    • \n
  • set_cookie_header utility now supports the partitioned cookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@​flavio-b])
    • \n
  • Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [@​wtn])
    • \n
  • Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [@​wtn])
    • \n
\n

[3.0.9] - 2024-01-31

\n
    \n
  • Fix incorrect content-length header that was emitted when Rack::Response#write was used in some situations. (#2150, [@​mattbrictson])
    • \n
\n

[3.0.8] - 2023-06-14

\n\n

[3.0.7] - 2023-03-16

\n\n

[3.0.6.1] - 2023-03-13

\n
    \n
  • [CVE-2023-27539] Avoid ReDoS in header parsing
    • \n
\n

[3.0.6] - 2023-03-13

\n
    \n
  • Add QueryParser#missing_value for handling missing values + tests. (#2052, [@​ioquatix])
    • \n
\n

[3.0.5] - 2023-03-13

\n\n

[3.0.4.2] - 2023-03-02

\n
    \n
  • [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
    • \n
\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n" + pr-body: "Bumps the bundler_pkgs with 2 updates in the /bundler/multi-dir/foo directory: [sinatra](https://github.com/sinatra/sinatra) and [nokogiri](https://github.com/sparklemotion/nokogiri).\nBumps the bundler_pkgs with 2 updates in the /bundler/multi-dir/bar directory: [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\n\nUpdates `sinatra` from 1.2.2 to 3.1.0\n
\nChangelog\n

Sourced from sinatra's changelog.

\n
\n

3.1.0 / 2023-08-07

\n
    \n
  • \n

    New: Add sass support via sass-embedded #1911 by なつき

    \n
    • \n
  • \n

    New: Add start and stop callbacks #1913 by Jevin Sew

    \n
    • \n
  • \n

    New: Warn on dropping sessions #1900 by Jonathan del Strother

    \n
    • \n
  • \n

    New: Make Puma the default server #1924 by Patrik Ragnarsson

    \n
    • \n
  • \n

    Fix: Remove use of Tilt::Cache #1922 by Jeremy Evans (allows use of Tilt 2.2.0 without deprecation warning)

    \n
    • \n
  • \n

    Fix: rack-protection: specify rack version requirement #1932 by Patrik Ragnarsson

    \n
    • \n
\n

#1911: sinatra/sinatra#1911\n#1913: sinatra/sinatra#1913\n#1900: sinatra/sinatra#1900\n#1924: sinatra/sinatra#1924\n#1922: sinatra/sinatra#1922\n#1932: sinatra/sinatra#1932

\n

3.0.6 / 2023-04-11

\n
    \n
  • \n

    Fix: Add support to keep open streaming connections with Puma #1858 by Jordan Owens

    \n
    • \n
  • \n

    Fix: Avoid crash in uri helper on Integer input #1890 by Patrik Ragnarsson

    \n
    • \n
  • \n

    Fix: Rescue RuntimeError when trying to use SecureRandom #1888 by Stefan Sundin

    \n
    • \n
\n

3.0.5 / 2022-12-16

\n
    \n
  • \n

    Fix: Add Zeitwerk compatibility. #1831 by Dawid Janczak

    \n
    • \n
  • \n

    Fix: Allow CALLERS_TO_IGNORE to be overridden

    \n
    • \n
\n

3.0.4 / 2022-11-25

\n
    \n
  • Fix: Escape filename in the Content-Disposition header. #1841 by Kunpei Sakai
    • \n
\n

3.0.3 / 2022-11-11

\n\n

3.0.2 / 2022-10-01

\n
    \n
  • New: Add Haml 6 support. #1820 by Jordan Owens
    • \n
\n

3.0.1 / 2022-09-26

\n
    \n
  • Fix: Revert removal of rack-protection.rb. #1814 by Olle Jonsson
    • \n
\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n\nUpdates `nokogiri` from 1.11.0 to 1.15.5\n
\nRelease notes\n

Sourced from nokogiri's releases.

\n
\n

1.15.5 / 2023-11-17

\n

Dependencies

\n\n
\n

sha256 checksums:

\n
6dfa1d9837ddb233e234d56e244560ab1bc545d3d1744478060e18691f44ded7  nokogiri-1.15.5-aarch64-linux.gem\ne3ac6608c6e1714bc11ff04e29a43fedf4cac2aea1bd88256cc3b927c06f347f  nokogiri-1.15.5-arm-linux.gem\n4d7b15d53c0397d131376a19875aa97dd1c8b404c2c03bd2171f9b77e9592d40  nokogiri-1.15.5-arm64-darwin.gem\n5f87e71aaeb4f7479b94698737a0aacea77836b4805c7433b655e9565bd56cfe  nokogiri-1.15.5-java.gem\n7612be800909ae51e0a7cfbe1f768757857a9ff0339686814ca67d9bae271ca2  nokogiri-1.15.5-x64-mingw-ucrt.gem\n28fd78d98e12005fe017db5ceccb74b2497f30582e6e26a3344200625fe46aae  nokogiri-1.15.5-x64-mingw32.gem\n0d1b564d7f148a6766380966bb48b23afa72c72c992c69c71d21acd4a7f5c0e4  nokogiri-1.15.5-x86-linux.gem\nd27dbf44c19b83e570e65b660a8a921441d1e8b6063ab1b985b516f78e0a2854  nokogiri-1.15.5-x86-mingw32.gem\n10bafa54935f68aebd23235cb0fc7dfb8f6f5e52131379484771247eb3a0cc70  nokogiri-1.15.5-x86_64-darwin.gem\nc5d9453cc155dc15f08ac699cc1293fd994ec6cfacec48e67653aa95ee946adf  nokogiri-1.15.5-x86_64-linux.gem\n22448ca35dbcbdcec60dbe25ccf452b685a5436c28f21b2fec2e20917aba9100  nokogiri-1.15.5.gem\n
\n

1.15.4 / 2023-08-11

\n

Dependencies

\n\n

Fixed

\n
    \n
  • Fixed a typo in a HTML5 parser error message. [#2927] (Thanks, @​anishathalye!)
    • \n
  • [CRuby] ObjectSpace.memsize_of is now safe to call on Documents with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]
    • \n
\n
\n

sha256 checksums:

\n
14091a07e07045a440213f7d5ced732fa7654ae8b6c7d180137f4124c5284ab8  nokogiri-1.15.4-aarch64-linux.gem\n572ddc19934d010e98821a946d89462ae66b310fecc3fe12c48b0025c2f76855  nokogiri-1.15.4-arm-linux.gem\n707288e293f4fc82a008f90b7ba0180d9f803f6a239a13e424378fedf8cf93e9  nokogiri-1.15.4-arm64-darwin.gem\n04745925f63af61144eccef38a703928629cf97c34dbb1c42e3def17ac77ec92  nokogiri-1.15.4-java.gem\na0bfb65461a0453afed1a41b235fe84d5b9c7f4d70afd45f0dc2fdec8909faf1  nokogiri-1.15.4-x64-mingw-ucrt.gem\nb9d01b9202e33cc23d19b2c1fc18ff4029cdda9b4f937a4baaefd4124a2158ba  nokogiri-1.15.4-x64-mingw32.gem\n</tr></table> \n
\n
\n

... (truncated)

\n
\n
\nChangelog\n

Sourced from nokogiri's changelog.

\n
\n

1.15.5 / 2023-11-17

\n

Dependencies

\n\n

1.15.4 / 2023-08-11

\n

Dependencies

\n\n

Fixed

\n
    \n
  • Fixed a typo in a HTML5 parser error message. #2927 (@​anishathalye)
    • \n
  • [CRuby] ObjectSpace.memsize_of is now safe to call on Documents with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]
    • \n
\n

1.15.3 / 2023-07-05

\n

Fixed

\n
    \n
  • Passing an object that is not a kind of XML::Node as the first parameter to CDATA.new now raises a TypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920
    • \n
  • Passing an object that is not a kind of XML::Node as the first parameter to Schema.from_document now raises a TypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920
    • \n
  • [CRuby] Passing an object that is not a kind of XML::Node as the second parameter to Text.new now raises a TypeError. Previously this would result in a segfault. #2920
    • \n
  • [CRuby] Replacing a node's children via methods like Node#inner_html=, #children=, and #replace no longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see #283 and #595) but should not have included operations involving xmlAddChild(). #2916
    • \n
  • [JRuby] Fixed NPE when serializing an unparented HTML node. [#2559, #2895] (@​cbasguti)
    • \n
\n

1.15.2 / 2023-05-24

\n

Dependencies

\n
    \n
  • [JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8.
    • \n
\n

Fixed

\n
    \n
  • [JRuby] Java 8 support is restored, fixing a regression present in v1.14.0..v1.14.4 and v1.15.0..v1.15.1. #2887
    • \n
\n

1.15.1 / 2023-05-19

\n

Dependencies

\n\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n\nUpdates `rack` from 1.6.13 to 2.2.8.1\n
\nRelease notes\n

Sourced from rack's releases.

\n
\n

v3.0.9.1

\n

What's Changed

\n
    \n
  • Fixed ReDoS in Accept header parsing [CVE-2024-26146]
    • \n
  • Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
    • \n
  • Reject Range headers which are too large [CVE-2024-26141]
    • \n
\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.9...v3.0.9.1

\n

v3.0.9

\n

What's Changed

\n
    \n
  • Fix content-length calcuation in Rack:Response#write #2150
    • \n
\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.8...v3.0.9

\n

v3.0.8

\n

What's Changed

\n\n

New Contributors

\n\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.7...v3.0.8

\n

v3.0.7

\n

What's Changed

\n\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.6.1...v3.0.7

\n

v3.0.6.1

\n

No release notes provided.

\n

v3.0.4.1

\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.4...v3.0.4.1

\n

v3.0.4

\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.3...v3.0.4

\n

v3.0.3

\n

What's Changed

\n\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.2...v3.0.3

\n

v3.0.2

\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.1...v3.0.2

\n
\n
\n
\nChangelog\n

Sourced from rack's changelog.

\n
\n

Changelog

\n

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

\n

Unreleased

\n

SPEC Changes

\n
    \n
  • rack.input is now optional. (#1997, [@​ioquatix])
    • \n
  • Rack::Utils.escape_html is now delegated to CGI.escapeHTML. ' is escaped to [#39](https://github.com/rack/rack/issues/39); instead of #x27;. (decimal vs hexadecimal) (#2099, @​JunichiIto)
    • \n
\n

Changed

\n
    \n
  • rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
    • \n
  • Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
    • \n
  • MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
    • \n
  • Add .mjs MIME type (#2057, [@​axilleas])
    • \n
  • Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])
    • \n
  • set_cookie_header utility now supports the partitioned cookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@​flavio-b])
    • \n
  • Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [@​wtn])
    • \n
  • Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [@​wtn])
    • \n
  • In Rack::Files, ignore the Range header if served file is 0 bytes. (#2159, [@​zarqman])
    • \n
\n

[3.0.9] - 2024-01-31

\n
    \n
  • Fix incorrect content-length header that was emitted when Rack::Response#write was used in some situations. (#2150, [@​mattbrictson])
    • \n
\n

[3.0.8] - 2023-06-14

\n\n

[3.0.7] - 2023-03-16

\n\n

[3.0.6.1] - 2023-03-13

\n
    \n
  • [CVE-2023-27539] Avoid ReDoS in header parsing
    • \n
\n

[3.0.6] - 2023-03-13

\n
    \n
  • Add QueryParser#missing_value for handling missing values + tests. (#2052, [@​ioquatix])
    • \n
\n

[3.0.5] - 2023-03-13

\n\n

[3.0.4.2] - 2023-03-02

\n
    \n
  • [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
    • \n
\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n\nUpdates `nokogiri` from 1.11.0 to 1.15.5\n
\nRelease notes\n

Sourced from nokogiri's releases.

\n
\n

1.15.5 / 2023-11-17

\n

Dependencies

\n\n
\n

sha256 checksums:

\n
6dfa1d9837ddb233e234d56e244560ab1bc545d3d1744478060e18691f44ded7  nokogiri-1.15.5-aarch64-linux.gem\ne3ac6608c6e1714bc11ff04e29a43fedf4cac2aea1bd88256cc3b927c06f347f  nokogiri-1.15.5-arm-linux.gem\n4d7b15d53c0397d131376a19875aa97dd1c8b404c2c03bd2171f9b77e9592d40  nokogiri-1.15.5-arm64-darwin.gem\n5f87e71aaeb4f7479b94698737a0aacea77836b4805c7433b655e9565bd56cfe  nokogiri-1.15.5-java.gem\n7612be800909ae51e0a7cfbe1f768757857a9ff0339686814ca67d9bae271ca2  nokogiri-1.15.5-x64-mingw-ucrt.gem\n28fd78d98e12005fe017db5ceccb74b2497f30582e6e26a3344200625fe46aae  nokogiri-1.15.5-x64-mingw32.gem\n0d1b564d7f148a6766380966bb48b23afa72c72c992c69c71d21acd4a7f5c0e4  nokogiri-1.15.5-x86-linux.gem\nd27dbf44c19b83e570e65b660a8a921441d1e8b6063ab1b985b516f78e0a2854  nokogiri-1.15.5-x86-mingw32.gem\n10bafa54935f68aebd23235cb0fc7dfb8f6f5e52131379484771247eb3a0cc70  nokogiri-1.15.5-x86_64-darwin.gem\nc5d9453cc155dc15f08ac699cc1293fd994ec6cfacec48e67653aa95ee946adf  nokogiri-1.15.5-x86_64-linux.gem\n22448ca35dbcbdcec60dbe25ccf452b685a5436c28f21b2fec2e20917aba9100  nokogiri-1.15.5.gem\n
\n

1.15.4 / 2023-08-11

\n

Dependencies

\n\n

Fixed

\n
    \n
  • Fixed a typo in a HTML5 parser error message. [#2927] (Thanks, @​anishathalye!)
    • \n
  • [CRuby] ObjectSpace.memsize_of is now safe to call on Documents with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]
    • \n
\n
\n

sha256 checksums:

\n
14091a07e07045a440213f7d5ced732fa7654ae8b6c7d180137f4124c5284ab8  nokogiri-1.15.4-aarch64-linux.gem\n572ddc19934d010e98821a946d89462ae66b310fecc3fe12c48b0025c2f76855  nokogiri-1.15.4-arm-linux.gem\n707288e293f4fc82a008f90b7ba0180d9f803f6a239a13e424378fedf8cf93e9  nokogiri-1.15.4-arm64-darwin.gem\n04745925f63af61144eccef38a703928629cf97c34dbb1c42e3def17ac77ec92  nokogiri-1.15.4-java.gem\na0bfb65461a0453afed1a41b235fe84d5b9c7f4d70afd45f0dc2fdec8909faf1  nokogiri-1.15.4-x64-mingw-ucrt.gem\nb9d01b9202e33cc23d19b2c1fc18ff4029cdda9b4f937a4baaefd4124a2158ba  nokogiri-1.15.4-x64-mingw32.gem\n</tr></table> \n
\n
\n

... (truncated)

\n
\n
\nChangelog\n

Sourced from nokogiri's changelog.

\n
\n

1.15.5 / 2023-11-17

\n

Dependencies

\n\n

1.15.4 / 2023-08-11

\n

Dependencies

\n\n

Fixed

\n
    \n
  • Fixed a typo in a HTML5 parser error message. #2927 (@​anishathalye)
    • \n
  • [CRuby] ObjectSpace.memsize_of is now safe to call on Documents with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]
    • \n
\n

1.15.3 / 2023-07-05

\n

Fixed

\n
    \n
  • Passing an object that is not a kind of XML::Node as the first parameter to CDATA.new now raises a TypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920
    • \n
  • Passing an object that is not a kind of XML::Node as the first parameter to Schema.from_document now raises a TypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920
    • \n
  • [CRuby] Passing an object that is not a kind of XML::Node as the second parameter to Text.new now raises a TypeError. Previously this would result in a segfault. #2920
    • \n
  • [CRuby] Replacing a node's children via methods like Node#inner_html=, #children=, and #replace no longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see #283 and #595) but should not have included operations involving xmlAddChild(). #2916
    • \n
  • [JRuby] Fixed NPE when serializing an unparented HTML node. [#2559, #2895] (@​cbasguti)
    • \n
\n

1.15.2 / 2023-05-24

\n

Dependencies

\n
    \n
  • [JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8.
    • \n
\n

Fixed

\n
    \n
  • [JRuby] Java 8 support is restored, fixing a regression present in v1.14.0..v1.14.4 and v1.15.0..v1.15.1. #2887
    • \n
\n

1.15.1 / 2023-05-19

\n

Dependencies

\n\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n\nUpdates `rack` from 3.0.0 to 3.0.9.1\n
\nRelease notes\n

Sourced from rack's releases.

\n
\n

v3.0.9.1

\n

What's Changed

\n
    \n
  • Fixed ReDoS in Accept header parsing [CVE-2024-26146]
    • \n
  • Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
    • \n
  • Reject Range headers which are too large [CVE-2024-26141]
    • \n
\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.9...v3.0.9.1

\n

v3.0.9

\n

What's Changed

\n
    \n
  • Fix content-length calcuation in Rack:Response#write #2150
    • \n
\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.8...v3.0.9

\n

v3.0.8

\n

What's Changed

\n\n

New Contributors

\n\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.7...v3.0.8

\n

v3.0.7

\n

What's Changed

\n\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.6.1...v3.0.7

\n

v3.0.6.1

\n

No release notes provided.

\n

v3.0.4.1

\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.4...v3.0.4.1

\n

v3.0.4

\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.3...v3.0.4

\n

v3.0.3

\n

What's Changed

\n\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.2...v3.0.3

\n

v3.0.2

\n

Full Changelog: https://github.com/rack/rack/compare/v3.0.1...v3.0.2

\n
\n
\n
\nChangelog\n

Sourced from rack's changelog.

\n
\n

Changelog

\n

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

\n

Unreleased

\n

SPEC Changes

\n
    \n
  • rack.input is now optional. (#1997, [@​ioquatix])
    • \n
  • Rack::Utils.escape_html is now delegated to CGI.escapeHTML. ' is escaped to [#39](https://github.com/rack/rack/issues/39); instead of #x27;. (decimal vs hexadecimal) (#2099, @​JunichiIto)
    • \n
\n

Changed

\n
    \n
  • rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
    • \n
  • Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
    • \n
  • MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
    • \n
  • Add .mjs MIME type (#2057, [@​axilleas])
    • \n
  • Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])
    • \n
  • set_cookie_header utility now supports the partitioned cookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@​flavio-b])
    • \n
  • Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [@​wtn])
    • \n
  • Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [@​wtn])
    • \n
  • In Rack::Files, ignore the Range header if served file is 0 bytes. (#2159, [@​zarqman])
    • \n
\n

[3.0.9] - 2024-01-31

\n
    \n
  • Fix incorrect content-length header that was emitted when Rack::Response#write was used in some situations. (#2150, [@​mattbrictson])
    • \n
\n

[3.0.8] - 2023-06-14

\n\n

[3.0.7] - 2023-03-16

\n\n

[3.0.6.1] - 2023-03-13

\n
    \n
  • [CVE-2023-27539] Avoid ReDoS in header parsing
    • \n
\n

[3.0.6] - 2023-03-13

\n
    \n
  • Add QueryParser#missing_value for handling missing values + tests. (#2052, [@​ioquatix])
    • \n
\n

[3.0.5] - 2023-03-13

\n\n

[3.0.4.2] - 2023-03-02

\n
    \n
  • [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
    • \n
\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n" commit-message: |- Bump the bundler_pkgs across 2 directories with 3 updates