Bump sinatra from 4.0.0 to 4.1.1 #686
Merged
+11
−9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Diff URLs |
gem compare mustermann 3.0.0 3.0.3Compared versions: ["3.0.0", "3.0.3"]
DIFFERENT date:
3.0.0: 2022-07-24 00:00:00 UTC
3.0.3: 2024-09-03 00:00:00 UTC
DIFFERENT rubygems_version:
3.0.0: 3.0.3.1
3.0.3: 3.5.11
DIFFERENT version:
3.0.0: 3.0.0
3.0.3: 3.0.3
DIFFERENT files:
3.0.0->3.0.3:
* Added:
bench/uri_parser_object.rb +16/-0
* Changed:
lib/mustermann/ast/translator.rb +4/-1
lib/mustermann/pattern.rb +1/-1
lib/mustermann/version.rb +1/-1
DIFFERENT test_files:
3.0.0->3.0.3:
* Deleted:
spec/ast_spec.rb
spec/composite_spec.rb
spec/concat_spec.rb
spec/equality_map_spec.rb
spec/expander_spec.rb
spec/identity_spec.rb
spec/mapper_spec.rb
spec/mustermann_spec.rb
spec/pattern_spec.rb
spec/regexp_based_spec.rb
spec/regular_spec.rb
spec/simple_match_spec.rb
spec/sinatra_spec.rb
spec/to_pattern_spec.rb |
gem compare --diff mustermann 3.0.0 3.0.3Compared versions: ["3.0.0", "3.0.3"]
DIFFERENT files:
3.0.0->3.0.3:
* Added:
bench/uri_parser_object.rb
--- /tmp/20241121-2051-z5o3m0 2024-11-21 03:21:23.962807730 +0000
+++ /tmp/d20241121-2051-rs91qq/mustermann-3.0.3/bench/uri_parser_object.rb 2024-11-21 03:21:23.842808322 +0000
@@ -0,0 +1,16 @@
+require "objspace"
+require "uri"
+require_relative "../lib/mustermann/ast/translator"
+
+translator = Mustermann::AST::Translator.new
+translator.escape("foo")
+
+h1 = ObjectSpace.each_object.inject(Hash.new 0) { |h, o| h[o.class] += 1; h }
+
+100.times do
+ translator.escape("foo")
+end
+
+h2 = ObjectSpace.each_object.inject(Hash.new 0) { |h, o| h[o.class] += 1; h }
+
+raise if (h2[URI::RFC2396_Parser] - h1[URI::RFC2396_Parser] != 0)
* Changed:
lib/mustermann/ast/translator.rb
--- /tmp/d20241121-2051-rs91qq/mustermann-3.0.0/lib/mustermann/ast/translator.rb 2024-11-21 03:21:23.834808361 +0000
+++ /tmp/d20241121-2051-rs91qq/mustermann-3.0.3/lib/mustermann/ast/translator.rb 2024-11-21 03:21:23.954807769 +0000
@@ -13,0 +14,3 @@
+
+ URI_PARSER = defined?(URI::RFC2396_PARSER) ? URI::RFC2396_PARSER : URI::RFC2396_Parser.new
+
@@ -121 +124 @@
- def escape(char, parser: URI::DEFAULT_PARSER, escape: parser.regexp[:UNSAFE], also_escape: nil)
+ def escape(char, parser: URI_PARSER, escape: URI_PARSER.regexp[:UNSAFE], also_escape: nil)
lib/mustermann/pattern.rb
--- /tmp/d20241121-2051-rs91qq/mustermann-3.0.0/lib/mustermann/pattern.rb 2024-11-21 03:21:23.838808342 +0000
+++ /tmp/d20241121-2051-rs91qq/mustermann-3.0.3/lib/mustermann/pattern.rb 2024-11-21 03:21:23.958807750 +0000
@@ -12 +12 @@
- @@uri ||= URI::Parser.new
+ @@uri ||= URI::RFC2396_Parser.new
lib/mustermann/version.rb
--- /tmp/d20241121-2051-rs91qq/mustermann-3.0.0/lib/mustermann/version.rb 2024-11-21 03:21:23.838808342 +0000
+++ /tmp/d20241121-2051-rs91qq/mustermann-3.0.3/lib/mustermann/version.rb 2024-11-21 03:21:23.958807750 +0000
@@ -3 +3 @@
- VERSION ||= '3.0.0'
+ VERSION ||= '3.0.3' |
gem compare rack 3.0.9.1 3.1.8Compared versions: ["3.0.9.1", "3.1.8"]
DIFFERENT date:
3.0.9.1: 2024-02-21 00:00:00 UTC
3.1.8: 2024-10-14 00:00:00 UTC
DIFFERENT rubygems_version:
3.0.9.1: 3.4.10
3.1.8: 3.5.11
DIFFERENT version:
3.0.9.1: 3.0.9.1
3.1.8: 3.1.8
DIFFERENT files:
3.0.9.1->3.1.8:
* Deleted:
lib/rack/auth/digest.rb
lib/rack/auth/digest/md5.rb
lib/rack/auth/digest/nonce.rb
lib/rack/auth/digest/params.rb
lib/rack/auth/digest/request.rb
lib/rack/chunked.rb
lib/rack/file.rb
* Added:
lib/rack/bad_request.rb +8/-0
* Changed:
CHANGELOG.md +132/-4
CONTRIBUTING.md +11/-9
README.md +34/-15
SPEC.rdoc +38/-13
lib/rack.rb +10/-16
lib/rack/auth/basic.rb +1/-2
lib/rack/body_proxy.rb +18/-2
lib/rack/builder.rb +23/-10
lib/rack/cascade.rb +0/-3
lib/rack/constants.rb +3/-0
lib/rack/headers.rb +86/-2
lib/rack/lint.rb +118/-34
(!) New permissions: 100755 -> 100644
(!) File is no longer executable!
lib/rack/logger.rb +2/-1
lib/rack/mime.rb +6/-5
lib/rack/mock_request.rb +10/-15
lib/rack/mock_response.rb +14/-16
lib/rack/multipart.rb +34/-1
lib/rack/multipart/parser.rb +132/-64
lib/rack/query_parser.rb +15/-68
lib/rack/request.rb +40/-21
lib/rack/response.rb +28/-20
lib/rack/show_exceptions.rb +6/-2
lib/rack/utils.rb +71/-98
lib/rack/version.rb +1/-14
DIFFERENT extra_rdoc_files:
3.0.9.1->3.1.8:
* Changed:
README.md +34/-15
CHANGELOG.md +132/-4
CONTRIBUTING.md +11/-9 |
|
gem compare rack-protection 4.0.0 4.1.1Compared versions: ["4.0.0", "4.1.1"]
DIFFERENT date:
4.0.0: 2024-01-19 00:00:00 UTC
4.1.1: 2024-11-20 00:00:00 UTC
DIFFERENT rubygems_version:
4.0.0: 3.5.3
4.1.1: 3.5.22
DIFFERENT version:
4.0.0: 4.0.0
4.1.1: 4.1.1
DIFFERENT files:
4.0.0->4.1.1:
* Added:
lib/rack/protection/host_authorization.rb +110/-0
* Changed:
README.md +5/-0
lib/rack/protection.rb +1/-0
lib/rack/protection/authenticity_token.rb +4/-4
lib/rack/protection/base.rb +7/-0
lib/rack/protection/version.rb +1/-1
rack-protection.gemspec +1/-0
DIFFERENT runtime dependencies:
4.0.0->4.1.1:
* Added:
logger [">= 1.6.0"] (runtime) |
gem compare --diff rack-protection 4.0.0 4.1.1Compared versions: ["4.0.0", "4.1.1"]
DIFFERENT files:
4.0.0->4.1.1:
* Added:
lib/rack/protection/host_authorization.rb
--- /tmp/20241121-3001-gnm11q 2024-11-21 03:22:10.246576716 +0000
+++ /tmp/d20241121-3001-e4caxy/rack-protection-4.1.1/lib/rack/protection/host_authorization.rb 2024-11-21 03:22:10.130577303 +0000
@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+require 'rack/protection'
+require 'ipaddr'
+
+module Rack
+ module Protection
+ ##
+ # Prevented attack:: DNS rebinding and other Host header attacks
+ # Supported browsers:: all
+ # More infos:: https://en.wikipedia.org/wiki/DNS_rebinding
+ # https://portswigger.net/web-security/host-header
+ #
+ # Blocks HTTP requests with an unrecognized hostname in any of the following
+ # HTTP headers: Host, X-Forwarded-Host, Forwarded
+ #
+ # If you want to permit a specific hostname, you can pass in as the `:permitted_hosts` option:
+ #
+ # use Rack::Protection::HostAuthorization, permitted_hosts: ["www.example.org", "sinatrarb.com"]
+ #
+ # The `:allow_if` option can also be set to a proc to use custom allow/deny logic.
+ class HostAuthorization < Base
+ DOT = '.'
+ PORT_REGEXP = /:\d+\z/.freeze
+ SUBDOMAINS = /[a-z0-9\-.]+/.freeze
+ private_constant :DOT,
+ :PORT_REGEXP,
+ :SUBDOMAINS
+ default_reaction :deny
+ default_options allow_if: nil,
+ message: 'Host not permitted'
+
+ def initialize(*)
+ super
+ @permitted_hosts = []
+ @domain_hosts = []
+ @ip_hosts = []
+ @all_permitted_hosts = Array(options[:permitted_hosts])
+
+ @all_permitted_hosts.each do |host|
+ case host
+ when String
+ if host.start_with?(DOT)
+ domain = host[1..-1]
+ @permitted_hosts << domain.downcase
+ @domain_hosts << /\A#{SUBDOMAINS}#{Regexp.escape(domain)}\z/i
+ else
+ @permitted_hosts << host.downcase
+ end
+ when IPAddr then @ip_hosts << host
+ end
+ end
+ end
+
+ def accepts?(env)
+ return true if options[:allow_if]&.call(env)
+ return true if @all_permitted_hosts.empty?
+
+ request = Request.new(env)
+ origin_host = extract_host(request.host_authority)
+ forwarded_host = extract_host(request.forwarded_authority)
+
+ debug env, "#{self.class} " \
+ "@all_permitted_hosts=#{@all_permitted_hosts.inspect} " \
+ "@permitted_hosts=#{@permitted_hosts.inspect} " \
+ "@domain_hosts=#{@domain_hosts.inspect} " \
+ "@ip_hosts=#{@ip_hosts.inspect} " \
+ "origin_host=#{origin_host.inspect} " \
+ "forwarded_host=#{forwarded_host.inspect}"
+
+ if host_permitted?(origin_host)
+ if forwarded_host.nil?
+ true
+ else
+ host_permitted?(forwarded_host)
+ end
+ else
+ false
+ end
+ end
+
+ private
+
+ def extract_host(authority)
+ authority.to_s.split(PORT_REGEXP).first&.downcase
+ end
+
+ def host_permitted?(host)
+ exact_match?(host) || domain_match?(host) || ip_match?(host)
+ end
+
+ def exact_match?(host)
+ @permitted_hosts.include?(host)
+ end
+
+ def domain_match?(host)
+ return false if host.nil?
+ return false if host.start_with?(DOT)
+
+ @domain_hosts.any? { |domain_host| host.match?(domain_host) }
+ end
+
+ def ip_match?(host)
+ @ip_hosts.any? { |ip_host| ip_host.include?(host) }
+ rescue IPAddr::InvalidAddressError
+ false
+ end
+ end
+ end
+end
* Changed:
README.md
--- /tmp/d20241121-3001-e4caxy/rack-protection-4.0.0/README.md 2024-11-21 03:22:10.122577343 +0000
+++ /tmp/d20241121-3001-e4caxy/rack-protection-4.1.1/README.md 2024-11-21 03:22:10.130577303 +0000
@@ -36,0 +37,4 @@
+## DNS rebinding and other Host header attacks
+
+* [`Rack::Protection::HostAuthorization`][host-authorization] (not included by `use Rack::Protection`)
+
@@ -111,0 +116 @@
+[host-authorization]: https://github.com/sinatra/sinatra/blob/main/rack-protection/lib/rack/protection/host_authorization.rb
lib/rack/protection.rb
--- /tmp/d20241121-3001-e4caxy/rack-protection-4.0.0/lib/rack/protection.rb 2024-11-21 03:22:10.126577324 +0000
+++ /tmp/d20241121-3001-e4caxy/rack-protection-4.1.1/lib/rack/protection.rb 2024-11-21 03:22:10.130577303 +0000
@@ -14,0 +15 @@
+ autoload :HostAuthorization, 'rack/protection/host_authorization'
lib/rack/protection/authenticity_token.rb
--- /tmp/d20241121-3001-e4caxy/rack-protection-4.0.0/lib/rack/protection/authenticity_token.rb 2024-11-21 03:22:10.126577324 +0000
+++ /tmp/d20241121-3001-e4caxy/rack-protection-4.1.1/lib/rack/protection/authenticity_token.rb 2024-11-21 03:22:10.130577303 +0000
@@ -49 +49 @@
- # ruby server.rb
+ # puma server.ru
@@ -51 +51 @@
- # Here is <tt>server.rb</tt>:
+ # Here is <tt>server.ru</tt>:
@@ -57 +57 @@
- # use Rack::Session::Cookie, secret: 'secret'
+ # use Rack::Session::Cookie, secret: 'CHANGEMEaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
@@ -91 +91 @@
- # Rack::Handler::WEBrick.run app
+ # run app
lib/rack/protection/base.rb
--- /tmp/d20241121-3001-e4caxy/rack-protection-4.0.0/lib/rack/protection/base.rb 2024-11-21 03:22:10.126577324 +0000
+++ /tmp/d20241121-3001-e4caxy/rack-protection-4.1.1/lib/rack/protection/base.rb 2024-11-21 03:22:10.130577303 +0000
@@ -60,0 +61,7 @@
+ def debug(env, message)
+ return unless options[:logging]
+
+ l = options[:logger] || env['rack.logger'] || ::Logger.new(env['rack.errors'])
+ l.debug(message)
+ end
+
lib/rack/protection/version.rb
--- /tmp/d20241121-3001-e4caxy/rack-protection-4.0.0/lib/rack/protection/version.rb 2024-11-21 03:22:10.126577324 +0000
+++ /tmp/d20241121-3001-e4caxy/rack-protection-4.1.1/lib/rack/protection/version.rb 2024-11-21 03:22:10.130577303 +0000
@@ -5 +5 @@
- VERSION = '4.0.0'
+ VERSION = '4.1.1'
rack-protection.gemspec
--- /tmp/d20241121-3001-e4caxy/rack-protection-4.0.0/rack-protection.gemspec 2024-11-21 03:22:10.126577324 +0000
+++ /tmp/d20241121-3001-e4caxy/rack-protection-4.1.1/rack-protection.gemspec 2024-11-21 03:22:10.246576716 +0000
@@ -42,0 +43 @@
+ s.add_dependency 'logger', '>= 1.6.0' |
gem compare sinatra 4.0.0 4.1.1Compared versions: ["4.0.0", "4.1.1"]
DIFFERENT date:
4.0.0: 2024-01-19 00:00:00 UTC
4.1.1: 2024-11-20 00:00:00 UTC
DIFFERENT rubygems_version:
4.0.0: 3.5.3
4.1.1: 3.5.22
DIFFERENT version:
4.0.0: 4.0.0
4.1.1: 4.1.1
DIFFERENT files:
4.0.0->4.1.1:
* Added:
lib/sinatra/middleware/logger.rb +21/-0
* Changed:
CHANGELOG.md +22/-2
Gemfile +7/-2
README.md +32/-10
VERSION +1/-1
lib/sinatra/base.rb +37/-14
lib/sinatra/indifferent_hash.rb +1/-1
lib/sinatra/version.rb +1/-1
sinatra.gemspec +2/-1
DIFFERENT extra_rdoc_files:
4.0.0->4.1.1:
* Changed:
README.md +32/-10
DIFFERENT runtime dependencies:
4.0.0->4.1.1:
* Added:
logger [">= 1.6.0"] (runtime)
* Updated:
rack-protection from: ["= 4.0.0"] to: ["= 4.1.1"]
DIFFERENT Gemfile dependencies
4.0.0->4.1.1:
* Added:
ostruct [">= 0"] (runtime)
webrick [">= 0"] (runtime)
* Deleted
zeitwerk [">= 0"] (runtime)
* Updated
slim from: ["~> 4"] to: ["~> 5"] |
gem compare --diff sinatra 4.0.0 4.1.1Compared versions: ["4.0.0", "4.1.1"]
DIFFERENT files:
4.0.0->4.1.1:
* Added:
lib/sinatra/middleware/logger.rb
--- /tmp/20241121-3265-7sq0eq 2024-11-21 03:22:32.862463334 +0000
+++ /tmp/d20241121-3265-2wytl7/sinatra-4.1.1/lib/sinatra/middleware/logger.rb 2024-11-21 03:22:32.858463353 +0000
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'logger'
+
+module Sinatra
+ module Middleware
+ class Logger
+ def initialize(app, level = ::Logger::INFO)
+ @app, @level = app, level
+ end
+
+ def call(env)
+ logger = ::Logger.new(env[Rack::RACK_ERRORS])
+ logger.level = @level
+
+ env[Rack::RACK_LOGGER] = logger
+ @app.call(env)
+ end
+ end
+ end
+end
* Changed:
CHANGELOG.md
--- /tmp/d20241121-3265-2wytl7/sinatra-4.0.0/CHANGELOG.md 2024-11-21 03:22:32.850463394 +0000
+++ /tmp/d20241121-3265-2wytl7/sinatra-4.1.1/CHANGELOG.md 2024-11-21 03:22:32.854463374 +0000
@@ -0,0 +1,20 @@
+## 4.1.1 / 2024-11-20
+
+* Fix: Restore WEBrick support ([#2067](https://github.com/sinatra/sinatra/pull/2067))
+
+## 4.1.0 / 2024-11-18
+
+* New: Add `host_authorization` setting ([#2053](https://github.com/sinatra/sinatra/pull/2053))
+ * Defaults to `.localhost`, `.test` and any IP address in development mode.
+ * Security: addresses [CVE-2024-21510](https://github.com/advisories/GHSA-hxx2-7vcw-mqr3).
+* Fix: Return an instance of `Sinatra::IndifferentHash` when calling `#except` ([#2044](https://github.com/sinatra/sinatra/pull/2044))
+* Fix: Address warning from `URI` for Ruby 3.4 ([#2060](https://github.com/sinatra/sinatra/pull/2060))
+* Fix: `rackup` no longer depends on WEBrick, recommend Puma instead ([`4a558503`](https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6))
+* Fix: Zeitwerk 2.7.0+ compatibility ([#2050](https://github.com/sinatra/sinatra/pull/2050))
+* Fix: Address warning about Hash construction for Ruby 3.4 ([#2028](https://github.com/sinatra/sinatra/pull/2028))
+* Fix: Declare missing dependencies for Ruby 3.5 ([#2032](https://github.com/sinatra/sinatra/pull/2032))
+* Fix: Compatibility with `--enable-frozen-string-literal` ([#2033](https://github.com/sinatra/sinatra/pull/2033))
+* Fix: Rack 3.1 compatibility ([#2035](https://github.com/sinatra/sinatra/pull/2035))
+ * Don't depend on `Rack::Logger`
+ * Don't delete `content-length` header when `Rack::Files` is used
+
@@ -246 +266 @@
-* Add QuietLogger that excludes pathes from Rack::CommonLogger [1250](https://github.com/sinatra/sinatra/pull/1250) by Christoph Wagner
+* Add QuietLogger that excludes paths from Rack::CommonLogger [1250](https://github.com/sinatra/sinatra/pull/1250) by Christoph Wagner
@@ -1612 +1632 @@
- * Regular expressions may now be used in route pattens; captures are
+ * Regular expressions may now be used in route patterns; captures are
Gemfile
--- /tmp/d20241121-3265-2wytl7/sinatra-4.0.0/Gemfile 2024-11-21 03:22:32.850463394 +0000
+++ /tmp/d20241121-3265-2wytl7/sinatra-4.1.1/Gemfile 2024-11-21 03:22:32.854463374 +0000
@@ -24,0 +25,4 @@
+zeitwerk_version = ENV['zeitwerk'].to_s
+zeitwerk_version = nil if zeitwerk_version.empty? || (zeitwerk_version == 'stable')
+gem 'zeitwerk', zeitwerk_version
+
@@ -44,0 +49 @@
+gem 'ostruct'
@@ -51 +56 @@
-gem 'slim', '~> 4'
+gem 'slim', '~> 5'
@@ -53 +58 @@
-gem 'zeitwerk'
+gem 'webrick'
README.md
--- /tmp/d20241121-3265-2wytl7/sinatra-4.0.0/README.md 2024-11-21 03:22:32.850463394 +0000
+++ /tmp/d20241121-3265-2wytl7/sinatra-4.1.1/README.md 2024-11-21 03:22:32.858463353 +0000
@@ -18 +18 @@
-Install the gem:
+Install the gems needed:
@@ -21,2 +21 @@
-gem install sinatra
-gem install puma # or any other server
+gem install sinatra rackup puma
@@ -1995,0 +1995,27 @@
+ <dt>host_authorization</dt>
+ <dd>
+ <p>
+ You can pass a hash of options to <tt>host_authorization</tt>,
+ to be used by the <tt>Rack::Protection::HostAuthorization</tt> middleware.
+ </p>
+ <p>
+ The middleware can block requests with unrecognized hostnames, to prevent DNS rebinding
+ and other host header attacks. It checks the <tt>Host</tt>, <tt>X-Forwarded-Host</tt>
+ and <tt>Forwarded</tt> headers.
+ </p>
+ <p>
+ Useful options are:
+ <ul>
+ <li><tt>permitted_hosts</tt> – an array of hostnames (and <tt>IPAddr</tt> objects) your app recognizes
+ <ul>
+ <li>in the <tt>development</tt> environment, it is set to <tt>.localhost</tt>, <tt>.test</tt> and any IPv4/IPv6 address</li>
+ <li>if empty, any hostname is permitted (the default for any other environment)</li>
+ </ul>
+ </li>
+ <li><tt>status</tt> – the HTTP status code used in the response when a request is blocked (defaults to <tt>403</tt>)</li>
+ <li><tt>message</tt> – the body used in the response when a request is blocked (defaults to <tt>Host not permitted</tt>)</li>
+ <li><tt>allow_if</tt> – supply a <tt>Proc</tt> to use custom allow/deny logic, the proc is passed the request environment</li>
+ </ul>
+ </p>
+ </dd>
+
@@ -2089,6 +2115,2 @@
- If you are using a WEBrick web server, presumably for your development
- environment, you can pass a hash of options to <tt>server_settings</tt>,
- such as <tt>SSLEnable</tt> or <tt>SSLVerifyClient</tt>. However, web
- servers such as Puma do not support this, so you can set
- <tt>server_settings</tt> by defining it as a method when you call
- <tt>configure</tt>.
+ You can pass a hash of options to <tt>server_settings</tt>,
+ such as <tt>Host</tt> or <tt>Port</tt>.
@@ -2815 +2837 @@
-underlying Rack handler (server) like Puma or WEBrick. Sinatra
+underlying Rack handler (server) like Puma or Falcon. Sinatra
VERSION
--- /tmp/d20241121-3265-2wytl7/sinatra-4.0.0/VERSION 2024-11-21 03:22:32.850463394 +0000
+++ /tmp/d20241121-3265-2wytl7/sinatra-4.1.1/VERSION 2024-11-21 03:22:32.858463353 +0000
@@ -1 +1 @@
-4.0.0
+4.1.1
lib/sinatra/base.rb
--- /tmp/d20241121-3265-2wytl7/sinatra-4.0.0/lib/sinatra/base.rb 2024-11-21 03:22:32.854463374 +0000
+++ /tmp/d20241121-3265-2wytl7/sinatra-4.1.1/lib/sinatra/base.rb 2024-11-21 03:22:32.858463353 +0000
@@ -16,0 +17 @@
+require 'ipaddr'
@@ -24,0 +26,2 @@
+require_relative 'middleware/logger'
+
@@ -64 +67 @@
- @env.include? 'HTTP_X_FORWARDED_HOST'
+ !forwarded_authority.nil?
@@ -297 +300 @@
- unless request.head? || value.is_a?(Rack::Files::Iterator) || value.is_a?(Stream)
+ unless request.head? || value.is_a?(Rack::Files::BaseIterator) || value.is_a?(Stream)
@@ -975 +978 @@
- URI_INSTANCE = URI::Parser.new
+ URI_INSTANCE = defined?(URI::RFC2396_PARSER) ? URI::RFC2396_PARSER : URI::RFC2396_Parser.new
@@ -1295 +1298 @@
- %r{zeitwerk/kernel\.rb} # Zeitwerk kernel#require decorator
+ %r{zeitwerk/(core_ext/)?kernel\.rb} # Zeitwerk kernel#require decorator
@@ -1601 +1604 @@
- # Puma, Falcon, or WEBrick (in that order). If given a block, will call
+ # Puma, Falcon (in that order). If given a block, will call
@@ -1606 +1609 @@
- Sinatra could not start, the "rackup" gem was not found!
+ Sinatra could not start, the required gems weren't found!
@@ -1608 +1611 @@
- Add it to your bundle with:
+ Add them to your bundle with:
@@ -1610 +1613 @@
- bundle add rackup
+ bundle add rackup puma
@@ -1612 +1615 @@
- or install it with:
+ or install them with:
@@ -1614 +1617 @@
- gem install rackup
+ gem install rackup puma
@@ -1821,0 +1825 @@
+ setup_host_authorization builder
@@ -1838 +1842 @@
- builder.use Rack::NullLogger
+ builder.use Sinatra::Middleware::Logger, ::Logger::FATAL
@@ -1847 +1851 @@
- builder.use Rack::Logger, logging
+ builder.use Sinatra::Middleware::Logger, logging
@@ -1849 +1853 @@
- builder.use Rack::Logger
+ builder.use Sinatra::Middleware::Logger
@@ -1869,0 +1874,4 @@
+ def setup_host_authorization(builder)
+ builder.use Rack::Protection::HostAuthorization, host_authorization
+ end
+
@@ -1964 +1972 @@
- set :server, %w[HTTP webrick]
+ set :server, %w[webrick]
@@ -1967,0 +1976,15 @@
+ set :host_authorization, ->() do
+ if development?
+ {
+ permitted_hosts: [
+ "localhost",
+ ".localhost",
+ ".test",
+ IPAddr.new("0.0.0.0/0"),
+ IPAddr.new("::/0"),
+ ]
+ }
+ else
+ {}
+ end
+ end
lib/sinatra/indifferent_hash.rb
--- /tmp/d20241121-3265-2wytl7/sinatra-4.0.0/lib/sinatra/indifferent_hash.rb 2024-11-21 03:22:32.854463374 +0000
+++ /tmp/d20241121-3265-2wytl7/sinatra-4.1.1/lib/sinatra/indifferent_hash.rb 2024-11-21 03:22:32.858463353 +0000
@@ -188 +188 @@
- super(*keys)
+ self.class[super(*keys)]
lib/sinatra/version.rb
--- /tmp/d20241121-3265-2wytl7/sinatra-4.0.0/lib/sinatra/version.rb 2024-11-21 03:22:32.854463374 +0000
+++ /tmp/d20241121-3265-2wytl7/sinatra-4.1.1/lib/sinatra/version.rb 2024-11-21 03:22:32.862463334 +0000
@@ -4 +4 @@
- VERSION = '4.0.0'
+ VERSION = '4.1.1'
sinatra.gemspec
--- /tmp/d20241121-3265-2wytl7/sinatra-4.0.0/sinatra.gemspec 2024-11-21 03:22:32.854463374 +0000
+++ /tmp/d20241121-3265-2wytl7/sinatra-4.1.1/sinatra.gemspec 2024-11-21 03:22:32.862463334 +0000
@@ -47,0 +48 @@
+ s.add_dependency 'logger', '>= 1.6.0'
@@ -50 +50,0 @@
- s.add_dependency 'rack-session', '>= 2.0.0', '< 3'
@@ -51,0 +52 @@
+ s.add_dependency 'rack-session', '>= 2.0.0', '< 3' |
gem compare sinatra-contrib 4.0.0 4.1.1Compared versions: ["4.0.0", "4.1.1"]
DIFFERENT date:
4.0.0: 2024-01-19 00:00:00 UTC
4.1.1: 2024-11-20 00:00:00 UTC
DIFFERENT rubygems_version:
4.0.0: 3.5.3
4.1.1: 3.5.22
DIFFERENT version:
4.0.0: 4.0.0
4.1.1: 4.1.1
DIFFERENT files:
4.0.0->4.1.1:
* Changed:
README.md +1/-1
ideas.md +1/-1
lib/sinatra/capture.rb +1/-1
lib/sinatra/contrib/version.rb +1/-1
lib/sinatra/haml_helpers.rb +1/-1
lib/sinatra/link_header.rb +2/-0
lib/sinatra/reloader.rb +2/-2
lib/sinatra/runner.rb +1/-1
lib/sinatra/webdav.rb +1/-1
DIFFERENT runtime dependencies:
4.0.0->4.1.1:
* Updated:
rack-protection from: ["= 4.0.0"] to: ["= 4.1.1"]
sinatra from: ["= 4.0.0"] to: ["= 4.1.1"] |
gem compare --diff sinatra-contrib 4.0.0 4.1.1Compared versions: ["4.0.0", "4.1.1"]
DIFFERENT files:
4.0.0->4.1.1:
* Changed:
README.md
--- /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.0.0/README.md 2024-11-21 03:22:55.862346500 +0000
+++ /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.1.1/README.md 2024-11-21 03:22:55.982345896 +0000
@@ -72 +72 @@
-* `sinatra/quiet_logger`: Extension to exclude specific pathes from access log.
+* `sinatra/quiet_logger`: Extension to exclude specific paths from access log.
ideas.md
--- /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.0.0/ideas.md 2024-11-21 03:22:55.862346500 +0000
+++ /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.1.1/ideas.md 2024-11-21 03:22:55.982345896 +0000
@@ -13 +13 @@
- restrictive than curent value, set caching headers that way for most helper
+ restrictive than current value, set caching headers that way for most helper
lib/sinatra/capture.rb
--- /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.0.0/lib/sinatra/capture.rb 2024-11-21 03:22:55.862346500 +0000
+++ /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.1.1/lib/sinatra/capture.rb 2024-11-21 03:22:55.982345896 +0000
@@ -95 +95 @@
- @_out_buf = ''
+ @_out_buf = +''
lib/sinatra/contrib/version.rb
--- /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.0.0/lib/sinatra/contrib/version.rb 2024-11-21 03:22:55.862346500 +0000
+++ /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.1.1/lib/sinatra/contrib/version.rb 2024-11-21 03:22:55.982345896 +0000
@@ -5 +5 @@
- VERSION = '4.0.0'
+ VERSION = '4.1.1'
lib/sinatra/haml_helpers.rb
--- /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.0.0/lib/sinatra/haml_helpers.rb 2024-11-21 03:22:55.862346500 +0000
+++ /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.1.1/lib/sinatra/haml_helpers.rb 2024-11-21 03:22:55.982345896 +0000
@@ -16 +16 @@
- # register Sinatra::HamlHelpers
+ # helpers Sinatra::HamlHelpers
lib/sinatra/link_header.rb
--- /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.0.0/lib/sinatra/link_header.rb 2024-11-21 03:22:55.862346500 +0000
+++ /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.1.1/lib/sinatra/link_header.rb 2024-11-21 03:22:55.982345896 +0000
@@ -90,0 +91,2 @@
+ link = response['Link'] = +link
+
lib/sinatra/reloader.rb
--- /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.0.0/lib/sinatra/reloader.rb 2024-11-21 03:22:55.866346479 +0000
+++ /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.1.1/lib/sinatra/reloader.rb 2024-11-21 03:22:55.982345896 +0000
@@ -398 +398 @@
- # Indicates an extesion is being registered.
+ # Indicates an extension is being registered.
@@ -403 +403 @@
- # Indicates the extesion has already been registered.
+ # Indicates the extension has already been registered.
lib/sinatra/runner.rb
--- /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.0.0/lib/sinatra/runner.rb 2024-11-21 03:22:55.978345915 +0000
+++ /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.1.1/lib/sinatra/runner.rb 2024-11-21 03:22:55.986345875 +0000
@@ -95 +95 @@
- @log ||= ''
+ @log ||= +''
lib/sinatra/webdav.rb
--- /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.0.0/lib/sinatra/webdav.rb 2024-11-21 03:22:55.982345896 +0000
+++ /tmp/d20241121-3523-3b8dlv/sinatra-contrib-4.1.1/lib/sinatra/webdav.rb 2024-11-21 03:22:55.986345875 +0000
@@ -24 +24 @@
- # You can use it in classic application just by requring the extension:
+ # You can use it in classic application just by requiring the extension: |
gem compare tilt 2.3.0 2.4.0Compared versions: ["2.3.0", "2.4.0"]
DIFFERENT date:
2.3.0: 2023-09-14 00:00:00 UTC
2.4.0: 2024-06-27 00:00:00 UTC
DIFFERENT rubygems_version:
2.3.0: 3.4.10
2.4.0: 3.5.9
DIFFERENT version:
2.3.0: 2.3.0
2.4.0: 2.4.0
DIFFERENT files:
2.3.0->2.4.0:
* Changed:
lib/tilt.rb +1/-1
lib/tilt/commonmarker.rb +85/-44
lib/tilt/erubis.rb +2/-0
lib/tilt/etanni.rb +2/-2
lib/tilt/maruku.rb +2/-0
lib/tilt/sass.rb +15/-6
lib/tilt/wikicloth.rb +2/-0 |
gem compare --diff tilt 2.3.0 2.4.0Compared versions: ["2.3.0", "2.4.0"]
DIFFERENT files:
2.3.0->2.4.0:
* Changed:
lib/tilt.rb
--- /tmp/d20241121-3857-jlc1ko/tilt-2.3.0/lib/tilt.rb 2024-11-21 03:23:18.790227471 +0000
+++ /tmp/d20241121-3857-jlc1ko/tilt-2.4.0/lib/tilt.rb 2024-11-21 03:23:18.794227451 +0000
@@ -8 +8 @@
- VERSION = '2.3.0'
+ VERSION = '2.4.0'
lib/tilt/commonmarker.rb
--- /tmp/d20241121-3857-jlc1ko/tilt-2.3.0/lib/tilt/commonmarker.rb 2024-11-21 03:23:18.790227471 +0000
+++ /tmp/d20241121-3857-jlc1ko/tilt-2.4.0/lib/tilt/commonmarker.rb 2024-11-21 03:23:18.798227430 +0000
@@ -5,35 +5,37 @@
-aliases = {
- :smartypants => :SMART
-}.freeze
-parse_opts = [
- :FOOTNOTES,
- :LIBERAL_HTML_TAG,
- :SMART,
- :smartypants,
- :STRIKETHROUGH_DOUBLE_TILDE,
- :UNSAFE,
- :VALIDATE_UTF8,
-].freeze
-render_opts = [
- :FOOTNOTES,
- :FULL_INFO_STRING,
- :GITHUB_PRE_LANG,
- :HARDBREAKS,
- :NOBREAKS,
- :SAFE, # Removed in v0.18.0 (2018-10-17)
- :SOURCEPOS,
- :TABLE_PREFER_STYLE_ATTRIBUTES,
- :UNSAFE,
-].freeze
-exts = [
- :autolink,
- :strikethrough,
- :table,
- :tagfilter,
- :tasklist,
-].freeze
-
-
-Tilt::CommonMarkerTemplate = Tilt::StaticTemplate.subclass do
- extensions = exts.select do |extension|
- @options[extension]
+if defined?(::Commonmarker)
+ aliases = {
+ :smartypants => :smart
+ }.freeze
+ parse_opts = [
+ :smart,
+ :default_info_string,
+ ].freeze
+ render_opts = [
+ :hardbreaks,
+ :github_pre_lang,
+ :width,
+ :unsafe,
+ :escape,
+ :sourcepos,
+ ].freeze
+ exts = [
+ :strikethrough,
+ :tagfilter,
+ :table,
+ :autolink,
+ :tasklist,
+ :superscript,
+ :header_ids,
+ :footnotes,
+ :description_lists,
+ :front_matter_delimiter,
+ :shortcodes,
+ ].freeze
+
+ Tilt::CommonMarkerTemplate = Tilt::StaticTemplate.subclass do
+ parse_options = @options.select { |key, _| parse_opts.include?(key.downcase) }.transform_keys(&:downcase)
+ parse_options.merge!(@options.select { |key, _| aliases.has_key?(key) }.transform_keys { |key| aliases[key] })
+ render_options = @options.select { |key, _| render_opts.include?(key.downcase) }.transform_keys(&:downcase)
+ extensions = @options.select { |key, _| exts.include?(key) }.transform_keys(&:downcase)
+
+ Commonmarker.to_html(@data, options: { parse: parse_options, render: render_options, extension: extensions })
@@ -40,0 +43,32 @@
+# :nocov:
+else
+ aliases = {
+ :smartypants => :SMART
+ }.freeze
+ parse_opts = [
+ :FOOTNOTES,
+ :LIBERAL_HTML_TAG,
+ :SMART,
+ :smartypants,
+ :STRIKETHROUGH_DOUBLE_TILDE,
+ :UNSAFE,
+ :VALIDATE_UTF8,
+ ].freeze
+ render_opts = [
+ :FOOTNOTES,
+ :FULL_INFO_STRING,
+ :GITHUB_PRE_LANG,
+ :HARDBREAKS,
+ :NOBREAKS,
+ :SAFE, # Removed in v0.18.0 (2018-10-17)
+ :SOURCEPOS,
+ :TABLE_PREFER_STYLE_ATTRIBUTES,
+ :UNSAFE,
+ ].freeze
+ exts = [
+ :autolink,
+ :strikethrough,
+ :table,
+ :tagfilter,
+ :tasklist,
+ ].freeze
@@ -42,5 +76,3 @@
- parse_options, render_options = [parse_opts, render_opts].map do |opts|
- opts = opts.select do |option|
- @options[option]
- end.map! do |option|
- aliases[option] || option
+ Tilt::CommonMarkerTemplate = Tilt::StaticTemplate.subclass do
+ extensions = exts.select do |extension|
+ @options[extension]
@@ -49,3 +81,6 @@
- opts = :DEFAULT unless opts.any?
- opts
- end
+ parse_options, render_options = [parse_opts, render_opts].map do |opts|
+ opts = opts.select do |option|
+ @options[option]
+ end.map! do |option|
+ aliases[option] || option
+ end
@@ -53 +88,6 @@
- CommonMarker.render_doc(@data, parse_options, extensions).to_html(render_options, extensions)
+ opts = :DEFAULT unless opts.any?
+ opts
+ end
+
+ CommonMarker.render_doc(@data, parse_options, extensions).to_html(render_options, extensions)
+ end
@@ -54,0 +95 @@
+# :nocov:
lib/tilt/erubis.rb
--- /tmp/d20241121-3857-jlc1ko/tilt-2.3.0/lib/tilt/erubis.rb 2024-11-21 03:23:18.790227471 +0000
+++ /tmp/d20241121-3857-jlc1ko/tilt-2.4.0/lib/tilt/erubis.rb 2024-11-21 03:23:18.798227430 +0000
@@ -4,0 +5,2 @@
+warn 'tilt/erubis is deprecated, as erubis requires modifying string literals', uplevel: 1
+
lib/tilt/etanni.rb
--- /tmp/d20241121-3857-jlc1ko/tilt-2.3.0/lib/tilt/etanni.rb 2024-11-21 03:23:18.790227471 +0000
+++ /tmp/d20241121-3857-jlc1ko/tilt-2.4.0/lib/tilt/etanni.rb 2024-11-21 03:23:18.798227430 +0000
@@ -8 +8 @@
- chomp = "<<#{separator}.chomp!"
+ chomp = "<<#{separator}.chomp"
@@ -16 +16 @@
- @code = "_out_ = [<<#{separator}.chomp!]\n#{temp}#{stop}_out_.join"
+ @code = "_out_ = [<<#{separator}.chomp]\n#{temp}#{stop}_out_.join"
lib/tilt/maruku.rb
--- /tmp/d20241121-3857-jlc1ko/tilt-2.3.0/lib/tilt/maruku.rb 2024-11-21 03:23:18.790227471 +0000
+++ /tmp/d20241121-3857-jlc1ko/tilt-2.4.0/lib/tilt/maruku.rb 2024-11-21 03:23:18.798227430 +0000
@@ -4,0 +5,2 @@
+warn 'tilt/maruku is deprecated, as maruku requires modifying string literals', uplevel: 1
+
lib/tilt/sass.rb
--- /tmp/d20241121-3857-jlc1ko/tilt-2.3.0/lib/tilt/sass.rb 2024-11-21 03:23:18.794227451 +0000
+++ /tmp/d20241121-3857-jlc1ko/tilt-2.4.0/lib/tilt/sass.rb 2024-11-21 03:23:18.798227430 +0000
@@ -15,0 +16,7 @@
+ ALLOWED_KEYS = (defined?(::Sass::Compiler) ? ::Sass::Compiler : ::Sass::Embedded).
+ instance_method(:compile_string).
+ parameters.
+ map{|k, v| v if k == :key}.
+ compact rescue nil
+ private_constant :ALLOWED_KEYS
+
@@ -25,3 +32,5 @@
- @options[:url] = ::URI::File.build([nil, ::URI::DEFAULT_PARSER.escape(path)]).to_s
- @options[:syntax] = :indented
- @options
+ opts = @options.dup
+ opts[:url] = ::URI::File.build([nil, ::URI::DEFAULT_PARSER.escape(path)]).to_s
+ opts[:syntax] = :indented
+ opts.delete_if{|k| !ALLOWED_KEYS.include?(k)} if ALLOWED_KEYS
+ opts
@@ -64,3 +73,3 @@
- super
- @options[:syntax] = :scss
- @options
+ opts = super
+ opts[:syntax] = :scss
+ opts
lib/tilt/wikicloth.rb
--- /tmp/d20241121-3857-jlc1ko/tilt-2.3.0/lib/tilt/wikicloth.rb 2024-11-21 03:23:18.794227451 +0000
+++ /tmp/d20241121-3857-jlc1ko/tilt-2.4.0/lib/tilt/wikicloth.rb 2024-11-21 03:23:18.802227410 +0000
@@ -4,0 +5,2 @@
+warn 'tilt/wikicloth is deprecated, as wikicloth requires modifying string literals', uplevel: 1
+ |
Bumps [sinatra](https://github.com/sinatra/sinatra) from 4.0.0 to 4.1.1. - [Changelog](https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md) - [Commits](sinatra/sinatra@v4.0.0...v4.1.1) --- updated-dependencies: - dependency-name: sinatra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/bundler/sinatra-4.1.1
branch
from
3497f20
to
bc01b70
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps sinatra from 4.0.0 to 4.1.1.
Changelog
Sourced from sinatra's changelog.
... (truncated)
Commits
7b50a1b4.1.1 release (#2068)3f6c577Restore WEBrick support (#2067)38cd687Multiple\<dd>tags breaks the website HTML (#2066)80c3ad6Update CHANGELOG with correct CVE (#2064)73f32914.1.0 release (#2063)cd3e00dAddHostAuthorizationrack-protection middleware (#2053)8c4cd0bReturn an instance ofSinatra::IndifferentHashwhen calling#except(#2044)3c888f7AddressURIdepreciation (#2060)0d33ef8CI: don't test falcon on Ruby 2.74a55850Remove WEBrickDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)