Bump rack from 2.2.3 to 2.2.6.2#25
Closed
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)
Bumps [rack](https://github.com/rack/rack) from 2.2.3 to 2.2.6.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rack/rack/blob/main/CHANGELOG.md">rack's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference <a href="https://keepachangelog.com/en/1.0.0/">Keep A Changelog</a>.</p> <h2>[3.0.3] - 2022-12-07</h2> <h3>Fixed</h3> <ul> <li><code>Rack::URLMap</code> uses non-deprecated form of <code>Regexp.new</code>. (<a href="https://github-redirect.dependabot.com/rack/rack/pull/1998">#1998</a>, <a href="https://github.com/weizheheng"><code>@weizheheng</code></a>)</li> </ul> <h2>[3.0.2] -2022-12-05</h2> <h3>Fixed</h3> <ul> <li><code>Utils.build_nested_query</code> URL-encodes nested field names including the square brackets.</li> <li>Allow <code>Rack::Response</code> to pass through streaming bodies. (<a href="https://github-redirect.dependabot.com/rack/rack/pull/1993">#1993</a>, [<a href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li> </ul> <h2>[3.0.1] - 2022-11-18</h2> <h3>Fixed</h3> <ul> <li><code>MethodOverride</code> does not look for an override if a request does not include form/parseable data.</li> <li><code>Rack::Lint::Wrapper</code> correctly handles <code>respond_to?</code> with <code>to_ary</code>, <code>each</code>, <code>call</code> and <code>to_path</code>, forwarding to the body. (<a href="https://github-redirect.dependabot.com/rack/rack/pull/1981">#1981</a>, [<a href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li> </ul> <h2>[3.0.0] - 2022-09-06</h2> <ul> <li>No changes</li> </ul> <h2>[3.0.0.rc1] - 2022-09-04</h2> <h3>SPEC Changes</h3> <ul> <li>Stream argument must implement <code><<</code> <a href="https://github-redirect.dependabot.com/rack/rack/pull/1959">rack/rack#1959</a></li> <li><code>close</code> may be called on <code>rack.input</code> <a href="https://github-redirect.dependabot.com/rack/rack/pull/1956">rack/rack#1956</a></li> <li><code>rack.response_finished</code> may be used for executing code after the response has been finished <a href="https://github-redirect.dependabot.com/rack/rack/pull/1952">rack/rack#1952</a></li> </ul> <h2>[3.0.0.beta1] - 2022-08-08</h2> <h3>Security</h3> <ul> <li>Do not use semicolon as GET parameter separator. (<a href="https://github-redirect.dependabot.com/rack/rack/pull/1733">#1733</a>, [<a href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>])</li> </ul> <h3>SPEC Changes</h3> <ul> <li>Response array must now be non-frozen.</li> <li>Response <code>status</code> must now be an integer greater than or equal to 100.</li> <li>Response <code>headers</code> must now be an unfrozen hash.</li> <li>Response header keys can no longer include uppercase characters.</li> <li>Response header values can be an <code>Array</code> to handle multiple values (and no longer supports <code>\n</code> encoded headers).</li> <li>Response body can now respond to <code>#call</code> (streaming body) instead of <code>#each</code> (enumerable body), for the equivalent of response hijacking in previous versions.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rack/rack/commit/2606ac5d5d180c00a8cbcaa4d634276bab06500e"><code>2606ac5</code></a> bumping version</li> <li><a href="https://github.com/rack/rack/commit/f6d4f528f2df1318a6612845db0b59adc7fe8fc1"><code>f6d4f52</code></a> Fix ReDoS in Rack::Utils.get_byte_ranges</li> <li><a href="https://github.com/rack/rack/commit/20bc90c2431d7fabcd1873410543cf3d72f65004"><code>20bc90c</code></a> bump version</li> <li><a href="https://github.com/rack/rack/commit/3677f170b4ac713defb84cd6a86431623ba0adc0"><code>3677f17</code></a> Update changelog</li> <li><a href="https://github.com/rack/rack/commit/ee25ab9a7ee981d7578f559701085b0cf39bde77"><code>ee25ab9</code></a> Fix ReDoS vulnerability in multipart parser</li> <li><a href="https://github.com/rack/rack/commit/19e49f0f185d7e42ed5b402baec6c897a8c48029"><code>19e49f0</code></a> Forbid control characters in attributes</li> <li><a href="https://github.com/rack/rack/commit/ea39e49442e0008bfce4ad628ce52a4be2a20b5b"><code>ea39e49</code></a> Bump patch version.</li> <li><a href="https://github.com/rack/rack/commit/c0f9de4844052b7867180c587d1b6969be2f114d"><code>c0f9de4</code></a> Rack::MethodOverride handle QueryParser::ParamsTooDeepError (<a href="https://github-redirect.dependabot.com/rack/rack/issues/2011">#2011</a>)</li> <li><a href="https://github.com/rack/rack/commit/8312a2fd6aee0950d7b2deb548aaf600cb871d80"><code>8312a2f</code></a> Remove leading dot to fix compatibility with latest cgi gem. (<a href="https://github-redirect.dependabot.com/rack/rack/issues/1988">#1988</a>)</li> <li><a href="https://github.com/rack/rack/commit/2a82c88f1a468d8f68d9d7640886f5153142c272"><code>2a82c88</code></a> Update tests to work on latest Rubies. (<a href="https://github-redirect.dependabot.com/rack/rack/issues/1999">#1999</a>)</li> <li>Additional commits viewable in <a href="https://github.com/rack/rack/compare/2.2.3...v2.2.6.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sas2job/magic_ball_tg_bot/network/alerts). </details>
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by dependabot[bot] and has received 1 comments.
Add a comment
Comment form would go here