From 08fb343e73f746091a11e4397d7a3f3be7e56f8b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 31 Jan 2024 23:47:29 +0000
Subject: [PATCH] Bump rack from 3.0.8 to 3.0.9 (#488)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [rack](https://github.com/rack/rack) from 3.0.8 to 3.0.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rack/rack/releases">rack's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.9</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix content-length calcuation in Rack:Response#write <a
href="https://redirect.github.com/rack/rack/issues/2150">#2150</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rack/rack/compare/v3.0.8...v3.0.9">https://github.com/rack/rack/compare/v3.0.8...v3.0.9</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rack/rack/blob/main/CHANGELOG.md">rack's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
For info on how to format all future additions to this file please
reference <a href="https://keepachangelog.com/en/1.0.0/">Keep A
Changelog</a>.</p>
<h2>Unreleased</h2>
<h3>SPEC Changes</h3>
<ul>
<li><code>rack.input</code> is now optional. (<a
href="https://redirect.github.com/rack/rack/pull/1997">#1997</a>, [<a
href="https://github.com/ioquatix"><code>@​ioquatix</code></a>])</li>
<li><code>Rack::Utils.escape_html</code> is now delegated to
<code>CGI.escapeHTML</code>. <code>'</code> is escaped to
<code>[#39](https://github.com/rack/rack/issues/39);</code> instead of
<code>#x27;</code>. (decimal vs hexadecimal) (<a
href="https://redirect.github.com/rack/rack/pull/2099">#2099</a>, <a
href="https://github.com/JunichiIto"><code>@​JunichiIto</code></a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>rack.input</code> is now optional, and if missing, will raise
an error. Use this to fail on multipart parsing a request without an
input body. (<a
href="https://redirect.github.com/rack/rack/pull/2018">#2018</a>, [<a
href="https://github.com/ioquatix"><code>@​ioquatix</code></a>])</li>
<li>Introduce <code>module Rack::BadRequest</code> which is included in
multipart and query parser errors. (<a
href="https://redirect.github.com/rack/rack/pull/2019">#2019</a>, [<a
href="https://github.com/ioquatix"><code>@​ioquatix</code></a>])</li>
<li>MIME type for JavaScript files (<code>.js</code>) changed from
<code>application/javascript</code> to <code>text/javascript</code> (<a
href="https://github.com/rack/rack/commit/1bd0f1597d8f4a90d47115f3e156a8ce7870c9c8"><code>1bd0f15</code></a>)</li>
<li>Add <code>.mjs</code> MIME type (<a
href="https://redirect.github.com/rack/rack/pull/2057">#2057</a>, [<a
href="https://github.com/axilleas"><code>@​axilleas</code></a>])</li>
<li>Update MIME types associated to <code>.ttf</code>,
<code>.woff</code>, <code>.woff2</code> and <code>.otf</code> extensions
to use mondern <code>font/*</code> types. (<a
href="https://redirect.github.com/rack/rack/pull/2065">#2065</a>, [<a
href="https://github.com/davidstosik"><code>@​davidstosik</code></a>])</li>
<li><code>set_cookie_header</code> utility now supports the
<code>partitioned</code> cookie attribute. This is required by Chrome in
some embedded contexts. (<a
href="https://redirect.github.com/rack/rack/pull/2131">#2131</a>, [<a
href="https://github.com/flavio-b"><code>@​flavio-b</code></a>])</li>
<li>Remove non-standard status codes 306, 509, &amp; 510 and update
descriptions for 413, 422, &amp; 451. (<a
href="https://redirect.github.com/rack/rack/pull/2137">#2137</a>, [<a
href="https://github.com/wtn"><code>@​wtn</code></a>])</li>
<li>Add fallback lookup and deprecation warning for obsolete status
symbols. (<a
href="https://redirect.github.com/rack/rack/pull/2137">#2137</a>, [<a
href="https://github.com/wtn"><code>@​wtn</code></a>])</li>
<li>Fix incorrect content-length header that was emitted when
<code>Rack::Response#write</code> was used in some situations. (<a
href="https://redirect.github.com/rack/rack/pull/2150">#2150</a>, [<a
href="https://github.com/mattbrictson"><code>@​mattbrictson</code></a>])</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/rack/rack/commit/0b3f997e7bb14c1dc42130e1eb50e62797d8c039"><code>0b3f997</code></a>
Bump patch version.</li>
<li><a
href="https://github.com/rack/rack/commit/d3d415ed68fe9471f04bafe4a299eb099330fcb1"><code>d3d415e</code></a>
Update Ruby versions for external tests: drop v2.7 and add v3.2 and
v3.3. (<a
href="https://redirect.github.com/rack/rack/issues/2">#2</a>...</li>
<li><a
href="https://github.com/rack/rack/commit/c8b977f6c3a002b6e6f395ce8b5c14f21dad7f39"><code>c8b977f</code></a>
Fix content-length calcuation in Rack:Response#write (<a
href="https://redirect.github.com/rack/rack/issues/2150">#2150</a>)</li>
<li><a
href="https://github.com/rack/rack/commit/8d1bf996e30897f740c54669d891eeda8036113d"><code>8d1bf99</code></a>
Update CHANGELOG for 3.0.8 (<a
href="https://redirect.github.com/rack/rack/issues/2086">#2086</a>)</li>
<li>See full diff in <a
href="https://github.com/rack/rack/compare/v3.0.8...v3.0.9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack&package-manager=bundler&previous-version=3.0.8&new-version=3.0.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 3df90515..c83fcca7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -73,7 +73,7 @@ GEM
     psych (5.1.2)
       stringio
     racc (1.7.3)
-    rack (3.0.8)
+    rack (3.0.9)
     rack-session (2.0.0)
       rack (>= 3.0.0)
     rack-test (2.1.0)