-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump sinatra-contrib from 4.0.0 to 4.1.1 #687
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Diff URLs |
gem compare mustermann 3.0.0 3.0.3 Compared versions: ["3.0.0", "3.0.3"]
DIFFERENT date:
3.0.0: 2022-07-24 00:00:00 UTC
3.0.3: 2024-09-03 00:00:00 UTC
DIFFERENT rubygems_version:
3.0.0: 3.0.3.1
3.0.3: 3.5.11
DIFFERENT version:
3.0.0: 3.0.0
3.0.3: 3.0.3
DIFFERENT files:
3.0.0->3.0.3:
* Added:
bench/uri_parser_object.rb +16/-0
* Changed:
lib/mustermann/ast/translator.rb +4/-1
lib/mustermann/pattern.rb +1/-1
lib/mustermann/version.rb +1/-1
DIFFERENT test_files:
3.0.0->3.0.3:
* Deleted:
spec/ast_spec.rb
spec/composite_spec.rb
spec/concat_spec.rb
spec/equality_map_spec.rb
spec/expander_spec.rb
spec/identity_spec.rb
spec/mapper_spec.rb
spec/mustermann_spec.rb
spec/pattern_spec.rb
spec/regexp_based_spec.rb
spec/regular_spec.rb
spec/simple_match_spec.rb
spec/sinatra_spec.rb
spec/to_pattern_spec.rb |
gem compare --diff mustermann 3.0.0 3.0.3 Compared versions: ["3.0.0", "3.0.3"]
DIFFERENT files:
3.0.0->3.0.3:
* Added:
bench/uri_parser_object.rb
--- /tmp/20241121-2074-siaxyp 2024-11-21 03:21:54.686477649 +0000
+++ /tmp/d20241121-2074-1zmljk/mustermann-3.0.3/bench/uri_parser_object.rb 2024-11-21 03:21:54.562476598 +0000
@@ -0,0 +1,16 @@
+require "objspace"
+require "uri"
+require_relative "../lib/mustermann/ast/translator"
+
+translator = Mustermann::AST::Translator.new
+translator.escape("foo")
+
+h1 = ObjectSpace.each_object.inject(Hash.new 0) { |h, o| h[o.class] += 1; h }
+
+100.times do
+ translator.escape("foo")
+end
+
+h2 = ObjectSpace.each_object.inject(Hash.new 0) { |h, o| h[o.class] += 1; h }
+
+raise if (h2[URI::RFC2396_Parser] - h1[URI::RFC2396_Parser] != 0)
* Changed:
lib/mustermann/ast/translator.rb
--- /tmp/d20241121-2074-1zmljk/mustermann-3.0.0/lib/mustermann/ast/translator.rb 2024-11-21 03:21:54.554476530 +0000
+++ /tmp/d20241121-2074-1zmljk/mustermann-3.0.3/lib/mustermann/ast/translator.rb 2024-11-21 03:21:54.682477615 +0000
@@ -13,0 +14,3 @@
+
+ URI_PARSER = defined?(URI::RFC2396_PARSER) ? URI::RFC2396_PARSER : URI::RFC2396_Parser.new
+
@@ -121 +124 @@
- def escape(char, parser: URI::DEFAULT_PARSER, escape: parser.regexp[:UNSAFE], also_escape: nil)
+ def escape(char, parser: URI_PARSER, escape: URI_PARSER.regexp[:UNSAFE], also_escape: nil)
lib/mustermann/pattern.rb
--- /tmp/d20241121-2074-1zmljk/mustermann-3.0.0/lib/mustermann/pattern.rb 2024-11-21 03:21:54.558476564 +0000
+++ /tmp/d20241121-2074-1zmljk/mustermann-3.0.3/lib/mustermann/pattern.rb 2024-11-21 03:21:54.682477615 +0000
@@ -12 +12 @@
- @@uri ||= URI::Parser.new
+ @@uri ||= URI::RFC2396_Parser.new
lib/mustermann/version.rb
--- /tmp/d20241121-2074-1zmljk/mustermann-3.0.0/lib/mustermann/version.rb 2024-11-21 03:21:54.558476564 +0000
+++ /tmp/d20241121-2074-1zmljk/mustermann-3.0.3/lib/mustermann/version.rb 2024-11-21 03:21:54.686477649 +0000
@@ -3 +3 @@
- VERSION ||= '3.0.0'
+ VERSION ||= '3.0.3' |
gem compare rack 3.0.9.1 3.1.8 Compared versions: ["3.0.9.1", "3.1.8"]
DIFFERENT date:
3.0.9.1: 2024-02-21 00:00:00 UTC
3.1.8: 2024-10-14 00:00:00 UTC
DIFFERENT rubygems_version:
3.0.9.1: 3.4.10
3.1.8: 3.5.11
DIFFERENT version:
3.0.9.1: 3.0.9.1
3.1.8: 3.1.8
DIFFERENT files:
3.0.9.1->3.1.8:
* Deleted:
lib/rack/auth/digest.rb
lib/rack/auth/digest/md5.rb
lib/rack/auth/digest/nonce.rb
lib/rack/auth/digest/params.rb
lib/rack/auth/digest/request.rb
lib/rack/chunked.rb
lib/rack/file.rb
* Added:
lib/rack/bad_request.rb +8/-0
* Changed:
CHANGELOG.md +132/-4
CONTRIBUTING.md +11/-9
README.md +34/-15
SPEC.rdoc +38/-13
lib/rack.rb +10/-16
lib/rack/auth/basic.rb +1/-2
lib/rack/body_proxy.rb +18/-2
lib/rack/builder.rb +23/-10
lib/rack/cascade.rb +0/-3
lib/rack/constants.rb +3/-0
lib/rack/headers.rb +86/-2
lib/rack/lint.rb +118/-34
(!) New permissions: 100755 -> 100644
(!) File is no longer executable!
lib/rack/logger.rb +2/-1
lib/rack/mime.rb +6/-5
lib/rack/mock_request.rb +10/-15
lib/rack/mock_response.rb +14/-16
lib/rack/multipart.rb +34/-1
lib/rack/multipart/parser.rb +132/-64
lib/rack/query_parser.rb +15/-68
lib/rack/request.rb +40/-21
lib/rack/response.rb +28/-20
lib/rack/show_exceptions.rb +6/-2
lib/rack/utils.rb +71/-98
lib/rack/version.rb +1/-14
DIFFERENT extra_rdoc_files:
3.0.9.1->3.1.8:
* Changed:
README.md +34/-15
CHANGELOG.md +132/-4
CONTRIBUTING.md +11/-9 |
|
gem compare rack-protection 4.0.0 4.1.1 Compared versions: ["4.0.0", "4.1.1"]
DIFFERENT date:
4.0.0: 2024-01-19 00:00:00 UTC
4.1.1: 2024-11-20 00:00:00 UTC
DIFFERENT rubygems_version:
4.0.0: 3.5.3
4.1.1: 3.5.22
DIFFERENT version:
4.0.0: 4.0.0
4.1.1: 4.1.1
DIFFERENT files:
4.0.0->4.1.1:
* Added:
lib/rack/protection/host_authorization.rb +110/-0
* Changed:
README.md +5/-0
lib/rack/protection.rb +1/-0
lib/rack/protection/authenticity_token.rb +4/-4
lib/rack/protection/base.rb +7/-0
lib/rack/protection/version.rb +1/-1
rack-protection.gemspec +1/-0
DIFFERENT runtime dependencies:
4.0.0->4.1.1:
* Added:
logger [">= 1.6.0"] (runtime) |
gem compare --diff rack-protection 4.0.0 4.1.1 Compared versions: ["4.0.0", "4.1.1"]
DIFFERENT files:
4.0.0->4.1.1:
* Added:
lib/rack/protection/host_authorization.rb
--- /tmp/20241121-2941-in9y12 2024-11-21 03:22:39.942824715 +0000
+++ /tmp/d20241121-2941-ou5dxd/rack-protection-4.1.1/lib/rack/protection/host_authorization.rb 2024-11-21 03:22:39.822823774 +0000
@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+require 'rack/protection'
+require 'ipaddr'
+
+module Rack
+ module Protection
+ ##
+ # Prevented attack:: DNS rebinding and other Host header attacks
+ # Supported browsers:: all
+ # More infos:: https://en.wikipedia.org/wiki/DNS_rebinding
+ # https://portswigger.net/web-security/host-header
+ #
+ # Blocks HTTP requests with an unrecognized hostname in any of the following
+ # HTTP headers: Host, X-Forwarded-Host, Forwarded
+ #
+ # If you want to permit a specific hostname, you can pass in as the `:permitted_hosts` option:
+ #
+ # use Rack::Protection::HostAuthorization, permitted_hosts: ["www.example.org", "sinatrarb.com"]
+ #
+ # The `:allow_if` option can also be set to a proc to use custom allow/deny logic.
+ class HostAuthorization < Base
+ DOT = '.'
+ PORT_REGEXP = /:\d+\z/.freeze
+ SUBDOMAINS = /[a-z0-9\-.]+/.freeze
+ private_constant :DOT,
+ :PORT_REGEXP,
+ :SUBDOMAINS
+ default_reaction :deny
+ default_options allow_if: nil,
+ message: 'Host not permitted'
+
+ def initialize(*)
+ super
+ @permitted_hosts = []
+ @domain_hosts = []
+ @ip_hosts = []
+ @all_permitted_hosts = Array(options[:permitted_hosts])
+
+ @all_permitted_hosts.each do |host|
+ case host
+ when String
+ if host.start_with?(DOT)
+ domain = host[1..-1]
+ @permitted_hosts << domain.downcase
+ @domain_hosts << /\A#{SUBDOMAINS}#{Regexp.escape(domain)}\z/i
+ else
+ @permitted_hosts << host.downcase
+ end
+ when IPAddr then @ip_hosts << host
+ end
+ end
+ end
+
+ def accepts?(env)
+ return true if options[:allow_if]&.call(env)
+ return true if @all_permitted_hosts.empty?
+
+ request = Request.new(env)
+ origin_host = extract_host(request.host_authority)
+ forwarded_host = extract_host(request.forwarded_authority)
+
+ debug env, "#{self.class} " \
+ "@all_permitted_hosts=#{@all_permitted_hosts.inspect} " \
+ "@permitted_hosts=#{@permitted_hosts.inspect} " \
+ "@domain_hosts=#{@domain_hosts.inspect} " \
+ "@ip_hosts=#{@ip_hosts.inspect} " \
+ "origin_host=#{origin_host.inspect} " \
+ "forwarded_host=#{forwarded_host.inspect}"
+
+ if host_permitted?(origin_host)
+ if forwarded_host.nil?
+ true
+ else
+ host_permitted?(forwarded_host)
+ end
+ else
+ false
+ end
+ end
+
+ private
+
+ def extract_host(authority)
+ authority.to_s.split(PORT_REGEXP).first&.downcase
+ end
+
+ def host_permitted?(host)
+ exact_match?(host) || domain_match?(host) || ip_match?(host)
+ end
+
+ def exact_match?(host)
+ @permitted_hosts.include?(host)
+ end
+
+ def domain_match?(host)
+ return false if host.nil?
+ return false if host.start_with?(DOT)
+
+ @domain_hosts.any? { |domain_host| host.match?(domain_host) }
+ end
+
+ def ip_match?(host)
+ @ip_hosts.any? { |ip_host| ip_host.include?(host) }
+ rescue IPAddr::InvalidAddressError
+ false
+ end
+ end
+ end
+end
* Changed:
README.md
--- /tmp/d20241121-2941-ou5dxd/rack-protection-4.0.0/README.md 2024-11-21 03:22:39.818823744 +0000
+++ /tmp/d20241121-2941-ou5dxd/rack-protection-4.1.1/README.md 2024-11-21 03:22:39.822823774 +0000
@@ -36,0 +37,4 @@
+## DNS rebinding and other Host header attacks
+
+* [`Rack::Protection::HostAuthorization`][host-authorization] (not included by `use Rack::Protection`)
+
@@ -111,0 +116 @@
+[host-authorization]: https://github.com/sinatra/sinatra/blob/main/rack-protection/lib/rack/protection/host_authorization.rb
lib/rack/protection.rb
--- /tmp/d20241121-2941-ou5dxd/rack-protection-4.0.0/lib/rack/protection.rb 2024-11-21 03:22:39.818823744 +0000
+++ /tmp/d20241121-2941-ou5dxd/rack-protection-4.1.1/lib/rack/protection.rb 2024-11-21 03:22:39.822823774 +0000
@@ -14,0 +15 @@
+ autoload :HostAuthorization, 'rack/protection/host_authorization'
lib/rack/protection/authenticity_token.rb
--- /tmp/d20241121-2941-ou5dxd/rack-protection-4.0.0/lib/rack/protection/authenticity_token.rb 2024-11-21 03:22:39.818823744 +0000
+++ /tmp/d20241121-2941-ou5dxd/rack-protection-4.1.1/lib/rack/protection/authenticity_token.rb 2024-11-21 03:22:39.822823774 +0000
@@ -49 +49 @@
- # ruby server.rb
+ # puma server.ru
@@ -51 +51 @@
- # Here is <tt>server.rb</tt>:
+ # Here is <tt>server.ru</tt>:
@@ -57 +57 @@
- # use Rack::Session::Cookie, secret: 'secret'
+ # use Rack::Session::Cookie, secret: 'CHANGEMEaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
@@ -91 +91 @@
- # Rack::Handler::WEBrick.run app
+ # run app
lib/rack/protection/base.rb
--- /tmp/d20241121-2941-ou5dxd/rack-protection-4.0.0/lib/rack/protection/base.rb 2024-11-21 03:22:39.818823744 +0000
+++ /tmp/d20241121-2941-ou5dxd/rack-protection-4.1.1/lib/rack/protection/base.rb 2024-11-21 03:22:39.822823774 +0000
@@ -60,0 +61,7 @@
+ def debug(env, message)
+ return unless options[:logging]
+
+ l = options[:logger] || env['rack.logger'] || ::Logger.new(env['rack.errors'])
+ l.debug(message)
+ end
+
lib/rack/protection/version.rb
--- /tmp/d20241121-2941-ou5dxd/rack-protection-4.0.0/lib/rack/protection/version.rb 2024-11-21 03:22:39.822823774 +0000
+++ /tmp/d20241121-2941-ou5dxd/rack-protection-4.1.1/lib/rack/protection/version.rb 2024-11-21 03:22:39.826823806 +0000
@@ -5 +5 @@
- VERSION = '4.0.0'
+ VERSION = '4.1.1'
rack-protection.gemspec
--- /tmp/d20241121-2941-ou5dxd/rack-protection-4.0.0/rack-protection.gemspec 2024-11-21 03:22:39.822823774 +0000
+++ /tmp/d20241121-2941-ou5dxd/rack-protection-4.1.1/rack-protection.gemspec 2024-11-21 03:22:39.942824715 +0000
@@ -42,0 +43 @@
+ s.add_dependency 'logger', '>= 1.6.0' |
gem compare sinatra 4.0.0 4.1.1 Compared versions: ["4.0.0", "4.1.1"]
DIFFERENT date:
4.0.0: 2024-01-19 00:00:00 UTC
4.1.1: 2024-11-20 00:00:00 UTC
DIFFERENT rubygems_version:
4.0.0: 3.5.3
4.1.1: 3.5.22
DIFFERENT version:
4.0.0: 4.0.0
4.1.1: 4.1.1
DIFFERENT files:
4.0.0->4.1.1:
* Added:
lib/sinatra/middleware/logger.rb +21/-0
* Changed:
CHANGELOG.md +22/-2
Gemfile +7/-2
README.md +32/-10
VERSION +1/-1
lib/sinatra/base.rb +37/-14
lib/sinatra/indifferent_hash.rb +1/-1
lib/sinatra/version.rb +1/-1
sinatra.gemspec +2/-1
DIFFERENT extra_rdoc_files:
4.0.0->4.1.1:
* Changed:
README.md +32/-10
DIFFERENT runtime dependencies:
4.0.0->4.1.1:
* Added:
logger [">= 1.6.0"] (runtime)
* Updated:
rack-protection from: ["= 4.0.0"] to: ["= 4.1.1"]
DIFFERENT Gemfile dependencies
4.0.0->4.1.1:
* Added:
ostruct [">= 0"] (runtime)
webrick [">= 0"] (runtime)
* Deleted
zeitwerk [">= 0"] (runtime)
* Updated
slim from: ["~> 4"] to: ["~> 5"] |
gem compare --diff sinatra 4.0.0 4.1.1 Compared versions: ["4.0.0", "4.1.1"]
DIFFERENT files:
4.0.0->4.1.1:
* Added:
lib/sinatra/middleware/logger.rb
--- /tmp/20241121-3206-hxwt7z 2024-11-21 03:23:02.242993884 +0000
+++ /tmp/d20241121-3206-fmmabq/sinatra-4.1.1/lib/sinatra/middleware/logger.rb 2024-11-21 03:23:02.242993884 +0000
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'logger'
+
+module Sinatra
+ module Middleware
+ class Logger
+ def initialize(app, level = ::Logger::INFO)
+ @app, @level = app, level
+ end
+
+ def call(env)
+ logger = ::Logger.new(env[Rack::RACK_ERRORS])
+ logger.level = @level
+
+ env[Rack::RACK_LOGGER] = logger
+ @app.call(env)
+ end
+ end
+ end
+end
* Changed:
CHANGELOG.md
--- /tmp/d20241121-3206-fmmabq/sinatra-4.0.0/CHANGELOG.md 2024-11-21 03:23:02.234993832 +0000
+++ /tmp/d20241121-3206-fmmabq/sinatra-4.1.1/CHANGELOG.md 2024-11-21 03:23:02.238993858 +0000
@@ -0,0 +1,20 @@
+## 4.1.1 / 2024-11-20
+
+* Fix: Restore WEBrick support ([#2067](https://github.com/sinatra/sinatra/pull/2067))
+
+## 4.1.0 / 2024-11-18
+
+* New: Add `host_authorization` setting ([#2053](https://github.com/sinatra/sinatra/pull/2053))
+ * Defaults to `.localhost`, `.test` and any IP address in development mode.
+ * Security: addresses [CVE-2024-21510](https://github.com/advisories/GHSA-hxx2-7vcw-mqr3).
+* Fix: Return an instance of `Sinatra::IndifferentHash` when calling `#except` ([#2044](https://github.com/sinatra/sinatra/pull/2044))
+* Fix: Address warning from `URI` for Ruby 3.4 ([#2060](https://github.com/sinatra/sinatra/pull/2060))
+* Fix: `rackup` no longer depends on WEBrick, recommend Puma instead ([`4a558503`](https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6))
+* Fix: Zeitwerk 2.7.0+ compatibility ([#2050](https://github.com/sinatra/sinatra/pull/2050))
+* Fix: Address warning about Hash construction for Ruby 3.4 ([#2028](https://github.com/sinatra/sinatra/pull/2028))
+* Fix: Declare missing dependencies for Ruby 3.5 ([#2032](https://github.com/sinatra/sinatra/pull/2032))
+* Fix: Compatibility with `--enable-frozen-string-literal` ([#2033](https://github.com/sinatra/sinatra/pull/2033))
+* Fix: Rack 3.1 compatibility ([#2035](https://github.com/sinatra/sinatra/pull/2035))
+ * Don't depend on `Rack::Logger`
+ * Don't delete `content-length` header when `Rack::Files` is used
+
@@ -246 +266 @@
-* Add QuietLogger that excludes pathes from Rack::CommonLogger [1250](https://github.com/sinatra/sinatra/pull/1250) by Christoph Wagner
+* Add QuietLogger that excludes paths from Rack::CommonLogger [1250](https://github.com/sinatra/sinatra/pull/1250) by Christoph Wagner
@@ -1612 +1632 @@
- * Regular expressions may now be used in route pattens; captures are
+ * Regular expressions may now be used in route patterns; captures are
Gemfile
--- /tmp/d20241121-3206-fmmabq/sinatra-4.0.0/Gemfile 2024-11-21 03:23:02.234993832 +0000
+++ /tmp/d20241121-3206-fmmabq/sinatra-4.1.1/Gemfile 2024-11-21 03:23:02.238993858 +0000
@@ -24,0 +25,4 @@
+zeitwerk_version = ENV['zeitwerk'].to_s
+zeitwerk_version = nil if zeitwerk_version.empty? || (zeitwerk_version == 'stable')
+gem 'zeitwerk', zeitwerk_version
+
@@ -44,0 +49 @@
+gem 'ostruct'
@@ -51 +56 @@
-gem 'slim', '~> 4'
+gem 'slim', '~> 5'
@@ -53 +58 @@
-gem 'zeitwerk'
+gem 'webrick'
README.md
--- /tmp/d20241121-3206-fmmabq/sinatra-4.0.0/README.md 2024-11-21 03:23:02.234993832 +0000
+++ /tmp/d20241121-3206-fmmabq/sinatra-4.1.1/README.md 2024-11-21 03:23:02.238993858 +0000
@@ -18 +18 @@
-Install the gem:
+Install the gems needed:
@@ -21,2 +21 @@
-gem install sinatra
-gem install puma # or any other server
+gem install sinatra rackup puma
@@ -1995,0 +1995,27 @@
+ <dt>host_authorization</dt>
+ <dd>
+ <p>
+ You can pass a hash of options to <tt>host_authorization</tt>,
+ to be used by the <tt>Rack::Protection::HostAuthorization</tt> middleware.
+ </p>
+ <p>
+ The middleware can block requests with unrecognized hostnames, to prevent DNS rebinding
+ and other host header attacks. It checks the <tt>Host</tt>, <tt>X-Forwarded-Host</tt>
+ and <tt>Forwarded</tt> headers.
+ </p>
+ <p>
+ Useful options are:
+ <ul>
+ <li><tt>permitted_hosts</tt> – an array of hostnames (and <tt>IPAddr</tt> objects) your app recognizes
+ <ul>
+ <li>in the <tt>development</tt> environment, it is set to <tt>.localhost</tt>, <tt>.test</tt> and any IPv4/IPv6 address</li>
+ <li>if empty, any hostname is permitted (the default for any other environment)</li>
+ </ul>
+ </li>
+ <li><tt>status</tt> – the HTTP status code used in the response when a request is blocked (defaults to <tt>403</tt>)</li>
+ <li><tt>message</tt> – the body used in the response when a request is blocked (defaults to <tt>Host not permitted</tt>)</li>
+ <li><tt>allow_if</tt> – supply a <tt>Proc</tt> to use custom allow/deny logic, the proc is passed the request environment</li>
+ </ul>
+ </p>
+ </dd>
+
@@ -2089,6 +2115,2 @@
- If you are using a WEBrick web server, presumably for your development
- environment, you can pass a hash of options to <tt>server_settings</tt>,
- such as <tt>SSLEnable</tt> or <tt>SSLVerifyClient</tt>. However, web
- servers such as Puma do not support this, so you can set
- <tt>server_settings</tt> by defining it as a method when you call
- <tt>configure</tt>.
+ You can pass a hash of options to <tt>server_settings</tt>,
+ such as <tt>Host</tt> or <tt>Port</tt>.
@@ -2815 +2837 @@
-underlying Rack handler (server) like Puma or WEBrick. Sinatra
+underlying Rack handler (server) like Puma or Falcon. Sinatra
VERSION
--- /tmp/d20241121-3206-fmmabq/sinatra-4.0.0/VERSION 2024-11-21 03:23:02.234993832 +0000
+++ /tmp/d20241121-3206-fmmabq/sinatra-4.1.1/VERSION 2024-11-21 03:23:02.242993884 +0000
@@ -1 +1 @@
-4.0.0
+4.1.1
lib/sinatra/base.rb
--- /tmp/d20241121-3206-fmmabq/sinatra-4.0.0/lib/sinatra/base.rb 2024-11-21 03:23:02.234993832 +0000
+++ /tmp/d20241121-3206-fmmabq/sinatra-4.1.1/lib/sinatra/base.rb 2024-11-21 03:23:02.242993884 +0000
@@ -16,0 +17 @@
+require 'ipaddr'
@@ -24,0 +26,2 @@
+require_relative 'middleware/logger'
+
@@ -64 +67 @@
- @env.include? 'HTTP_X_FORWARDED_HOST'
+ !forwarded_authority.nil?
@@ -297 +300 @@
- unless request.head? || value.is_a?(Rack::Files::Iterator) || value.is_a?(Stream)
+ unless request.head? || value.is_a?(Rack::Files::BaseIterator) || value.is_a?(Stream)
@@ -975 +978 @@
- URI_INSTANCE = URI::Parser.new
+ URI_INSTANCE = defined?(URI::RFC2396_PARSER) ? URI::RFC2396_PARSER : URI::RFC2396_Parser.new
@@ -1295 +1298 @@
- %r{zeitwerk/kernel\.rb} # Zeitwerk kernel#require decorator
+ %r{zeitwerk/(core_ext/)?kernel\.rb} # Zeitwerk kernel#require decorator
@@ -1601 +1604 @@
- # Puma, Falcon, or WEBrick (in that order). If given a block, will call
+ # Puma, Falcon (in that order). If given a block, will call
@@ -1606 +1609 @@
- Sinatra could not start, the "rackup" gem was not found!
+ Sinatra could not start, the required gems weren't found!
@@ -1608 +1611 @@
- Add it to your bundle with:
+ Add them to your bundle with:
@@ -1610 +1613 @@
- bundle add rackup
+ bundle add rackup puma
@@ -1612 +1615 @@
- or install it with:
+ or install them with:
@@ -1614 +1617 @@
- gem install rackup
+ gem install rackup puma
@@ -1821,0 +1825 @@
+ setup_host_authorization builder
@@ -1838 +1842 @@
- builder.use Rack::NullLogger
+ builder.use Sinatra::Middleware::Logger, ::Logger::FATAL
@@ -1847 +1851 @@
- builder.use Rack::Logger, logging
+ builder.use Sinatra::Middleware::Logger, logging
@@ -1849 +1853 @@
- builder.use Rack::Logger
+ builder.use Sinatra::Middleware::Logger
@@ -1869,0 +1874,4 @@
+ def setup_host_authorization(builder)
+ builder.use Rack::Protection::HostAuthorization, host_authorization
+ end
+
@@ -1964 +1972 @@
- set :server, %w[HTTP webrick]
+ set :server, %w[webrick]
@@ -1967,0 +1976,15 @@
+ set :host_authorization, ->() do
+ if development?
+ {
+ permitted_hosts: [
+ "localhost",
+ ".localhost",
+ ".test",
+ IPAddr.new("0.0.0.0/0"),
+ IPAddr.new("::/0"),
+ ]
+ }
+ else
+ {}
+ end
+ end
lib/sinatra/indifferent_hash.rb
--- /tmp/d20241121-3206-fmmabq/sinatra-4.0.0/lib/sinatra/indifferent_hash.rb 2024-11-21 03:23:02.238993858 +0000
+++ /tmp/d20241121-3206-fmmabq/sinatra-4.1.1/lib/sinatra/indifferent_hash.rb 2024-11-21 03:23:02.242993884 +0000
@@ -188 +188 @@
- super(*keys)
+ self.class[super(*keys)]
lib/sinatra/version.rb
--- /tmp/d20241121-3206-fmmabq/sinatra-4.0.0/lib/sinatra/version.rb 2024-11-21 03:23:02.238993858 +0000
+++ /tmp/d20241121-3206-fmmabq/sinatra-4.1.1/lib/sinatra/version.rb 2024-11-21 03:23:02.242993884 +0000
@@ -4 +4 @@
- VERSION = '4.0.0'
+ VERSION = '4.1.1'
sinatra.gemspec
--- /tmp/d20241121-3206-fmmabq/sinatra-4.0.0/sinatra.gemspec 2024-11-21 03:23:02.238993858 +0000
+++ /tmp/d20241121-3206-fmmabq/sinatra-4.1.1/sinatra.gemspec 2024-11-21 03:23:02.242993884 +0000
@@ -47,0 +48 @@
+ s.add_dependency 'logger', '>= 1.6.0'
@@ -50 +50,0 @@
- s.add_dependency 'rack-session', '>= 2.0.0', '< 3'
@@ -51,0 +52 @@
+ s.add_dependency 'rack-session', '>= 2.0.0', '< 3' |
gem compare sinatra-contrib 4.0.0 4.1.1 Compared versions: ["4.0.0", "4.1.1"]
DIFFERENT date:
4.0.0: 2024-01-19 00:00:00 UTC
4.1.1: 2024-11-20 00:00:00 UTC
DIFFERENT rubygems_version:
4.0.0: 3.5.3
4.1.1: 3.5.22
DIFFERENT version:
4.0.0: 4.0.0
4.1.1: 4.1.1
DIFFERENT files:
4.0.0->4.1.1:
* Changed:
README.md +1/-1
ideas.md +1/-1
lib/sinatra/capture.rb +1/-1
lib/sinatra/contrib/version.rb +1/-1
lib/sinatra/haml_helpers.rb +1/-1
lib/sinatra/link_header.rb +2/-0
lib/sinatra/reloader.rb +2/-2
lib/sinatra/runner.rb +1/-1
lib/sinatra/webdav.rb +1/-1
DIFFERENT runtime dependencies:
4.0.0->4.1.1:
* Updated:
rack-protection from: ["= 4.0.0"] to: ["= 4.1.1"]
sinatra from: ["= 4.0.0"] to: ["= 4.1.1"] |
gem compare --diff sinatra-contrib 4.0.0 4.1.1 Compared versions: ["4.0.0", "4.1.1"]
DIFFERENT files:
4.0.0->4.1.1:
* Changed:
README.md
--- /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.0.0/README.md 2024-11-21 03:23:24.591156577 +0000
+++ /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.1.1/README.md 2024-11-21 03:23:24.711157570 +0000
@@ -72 +72 @@
-* `sinatra/quiet_logger`: Extension to exclude specific pathes from access log.
+* `sinatra/quiet_logger`: Extension to exclude specific paths from access log.
ideas.md
--- /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.0.0/ideas.md 2024-11-21 03:23:24.591156577 +0000
+++ /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.1.1/ideas.md 2024-11-21 03:23:24.711157570 +0000
@@ -13 +13 @@
- restrictive than curent value, set caching headers that way for most helper
+ restrictive than current value, set caching headers that way for most helper
lib/sinatra/capture.rb
--- /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.0.0/lib/sinatra/capture.rb 2024-11-21 03:23:24.591156577 +0000
+++ /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.1.1/lib/sinatra/capture.rb 2024-11-21 03:23:24.711157570 +0000
@@ -95 +95 @@
- @_out_buf = ''
+ @_out_buf = +''
lib/sinatra/contrib/version.rb
--- /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.0.0/lib/sinatra/contrib/version.rb 2024-11-21 03:23:24.591156577 +0000
+++ /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.1.1/lib/sinatra/contrib/version.rb 2024-11-21 03:23:24.711157570 +0000
@@ -5 +5 @@
- VERSION = '4.0.0'
+ VERSION = '4.1.1'
lib/sinatra/haml_helpers.rb
--- /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.0.0/lib/sinatra/haml_helpers.rb 2024-11-21 03:23:24.595156610 +0000
+++ /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.1.1/lib/sinatra/haml_helpers.rb 2024-11-21 03:23:24.711157570 +0000
@@ -16 +16 @@
- # register Sinatra::HamlHelpers
+ # helpers Sinatra::HamlHelpers
lib/sinatra/link_header.rb
--- /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.0.0/lib/sinatra/link_header.rb 2024-11-21 03:23:24.595156610 +0000
+++ /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.1.1/lib/sinatra/link_header.rb 2024-11-21 03:23:24.715157603 +0000
@@ -90,0 +91,2 @@
+ link = response['Link'] = +link
+
lib/sinatra/reloader.rb
--- /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.0.0/lib/sinatra/reloader.rb 2024-11-21 03:23:24.711157570 +0000
+++ /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.1.1/lib/sinatra/reloader.rb 2024-11-21 03:23:24.715157603 +0000
@@ -398 +398 @@
- # Indicates an extesion is being registered.
+ # Indicates an extension is being registered.
@@ -403 +403 @@
- # Indicates the extesion has already been registered.
+ # Indicates the extension has already been registered.
lib/sinatra/runner.rb
--- /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.0.0/lib/sinatra/runner.rb 2024-11-21 03:23:24.711157570 +0000
+++ /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.1.1/lib/sinatra/runner.rb 2024-11-21 03:23:24.715157603 +0000
@@ -95 +95 @@
- @log ||= ''
+ @log ||= +''
lib/sinatra/webdav.rb
--- /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.0.0/lib/sinatra/webdav.rb 2024-11-21 03:23:24.711157570 +0000
+++ /tmp/d20241121-3465-jbztjm/sinatra-contrib-4.1.1/lib/sinatra/webdav.rb 2024-11-21 03:23:24.715157603 +0000
@@ -24 +24 @@
- # You can use it in classic application just by requring the extension:
+ # You can use it in classic application just by requiring the extension: |
gem compare tilt 2.3.0 2.4.0 Compared versions: ["2.3.0", "2.4.0"]
DIFFERENT date:
2.3.0: 2023-09-14 00:00:00 UTC
2.4.0: 2024-06-27 00:00:00 UTC
DIFFERENT rubygems_version:
2.3.0: 3.4.10
2.4.0: 3.5.9
DIFFERENT version:
2.3.0: 2.3.0
2.4.0: 2.4.0
DIFFERENT files:
2.3.0->2.4.0:
* Changed:
lib/tilt.rb +1/-1
lib/tilt/commonmarker.rb +85/-44
lib/tilt/erubis.rb +2/-0
lib/tilt/etanni.rb +2/-2
lib/tilt/maruku.rb +2/-0
lib/tilt/sass.rb +15/-6
lib/tilt/wikicloth.rb +2/-0 |
gem compare --diff tilt 2.3.0 2.4.0 Compared versions: ["2.3.0", "2.4.0"]
DIFFERENT files:
2.3.0->2.4.0:
* Changed:
lib/tilt.rb
--- /tmp/d20241121-3799-ww6527/tilt-2.3.0/lib/tilt.rb 2024-11-21 03:23:46.919331045 +0000
+++ /tmp/d20241121-3799-ww6527/tilt-2.4.0/lib/tilt.rb 2024-11-21 03:23:46.927331106 +0000
@@ -8 +8 @@
- VERSION = '2.3.0'
+ VERSION = '2.4.0'
lib/tilt/commonmarker.rb
--- /tmp/d20241121-3799-ww6527/tilt-2.3.0/lib/tilt/commonmarker.rb 2024-11-21 03:23:46.919331045 +0000
+++ /tmp/d20241121-3799-ww6527/tilt-2.4.0/lib/tilt/commonmarker.rb 2024-11-21 03:23:46.927331106 +0000
@@ -5,35 +5,37 @@
-aliases = {
- :smartypants => :SMART
-}.freeze
-parse_opts = [
- :FOOTNOTES,
- :LIBERAL_HTML_TAG,
- :SMART,
- :smartypants,
- :STRIKETHROUGH_DOUBLE_TILDE,
- :UNSAFE,
- :VALIDATE_UTF8,
-].freeze
-render_opts = [
- :FOOTNOTES,
- :FULL_INFO_STRING,
- :GITHUB_PRE_LANG,
- :HARDBREAKS,
- :NOBREAKS,
- :SAFE, # Removed in v0.18.0 (2018-10-17)
- :SOURCEPOS,
- :TABLE_PREFER_STYLE_ATTRIBUTES,
- :UNSAFE,
-].freeze
-exts = [
- :autolink,
- :strikethrough,
- :table,
- :tagfilter,
- :tasklist,
-].freeze
-
-
-Tilt::CommonMarkerTemplate = Tilt::StaticTemplate.subclass do
- extensions = exts.select do |extension|
- @options[extension]
+if defined?(::Commonmarker)
+ aliases = {
+ :smartypants => :smart
+ }.freeze
+ parse_opts = [
+ :smart,
+ :default_info_string,
+ ].freeze
+ render_opts = [
+ :hardbreaks,
+ :github_pre_lang,
+ :width,
+ :unsafe,
+ :escape,
+ :sourcepos,
+ ].freeze
+ exts = [
+ :strikethrough,
+ :tagfilter,
+ :table,
+ :autolink,
+ :tasklist,
+ :superscript,
+ :header_ids,
+ :footnotes,
+ :description_lists,
+ :front_matter_delimiter,
+ :shortcodes,
+ ].freeze
+
+ Tilt::CommonMarkerTemplate = Tilt::StaticTemplate.subclass do
+ parse_options = @options.select { |key, _| parse_opts.include?(key.downcase) }.transform_keys(&:downcase)
+ parse_options.merge!(@options.select { |key, _| aliases.has_key?(key) }.transform_keys { |key| aliases[key] })
+ render_options = @options.select { |key, _| render_opts.include?(key.downcase) }.transform_keys(&:downcase)
+ extensions = @options.select { |key, _| exts.include?(key) }.transform_keys(&:downcase)
+
+ Commonmarker.to_html(@data, options: { parse: parse_options, render: render_options, extension: extensions })
@@ -40,0 +43,32 @@
+# :nocov:
+else
+ aliases = {
+ :smartypants => :SMART
+ }.freeze
+ parse_opts = [
+ :FOOTNOTES,
+ :LIBERAL_HTML_TAG,
+ :SMART,
+ :smartypants,
+ :STRIKETHROUGH_DOUBLE_TILDE,
+ :UNSAFE,
+ :VALIDATE_UTF8,
+ ].freeze
+ render_opts = [
+ :FOOTNOTES,
+ :FULL_INFO_STRING,
+ :GITHUB_PRE_LANG,
+ :HARDBREAKS,
+ :NOBREAKS,
+ :SAFE, # Removed in v0.18.0 (2018-10-17)
+ :SOURCEPOS,
+ :TABLE_PREFER_STYLE_ATTRIBUTES,
+ :UNSAFE,
+ ].freeze
+ exts = [
+ :autolink,
+ :strikethrough,
+ :table,
+ :tagfilter,
+ :tasklist,
+ ].freeze
@@ -42,5 +76,3 @@
- parse_options, render_options = [parse_opts, render_opts].map do |opts|
- opts = opts.select do |option|
- @options[option]
- end.map! do |option|
- aliases[option] || option
+ Tilt::CommonMarkerTemplate = Tilt::StaticTemplate.subclass do
+ extensions = exts.select do |extension|
+ @options[extension]
@@ -49,3 +81,6 @@
- opts = :DEFAULT unless opts.any?
- opts
- end
+ parse_options, render_options = [parse_opts, render_opts].map do |opts|
+ opts = opts.select do |option|
+ @options[option]
+ end.map! do |option|
+ aliases[option] || option
+ end
@@ -53 +88,6 @@
- CommonMarker.render_doc(@data, parse_options, extensions).to_html(render_options, extensions)
+ opts = :DEFAULT unless opts.any?
+ opts
+ end
+
+ CommonMarker.render_doc(@data, parse_options, extensions).to_html(render_options, extensions)
+ end
@@ -54,0 +95 @@
+# :nocov:
lib/tilt/erubis.rb
--- /tmp/d20241121-3799-ww6527/tilt-2.3.0/lib/tilt/erubis.rb 2024-11-21 03:23:46.923331076 +0000
+++ /tmp/d20241121-3799-ww6527/tilt-2.4.0/lib/tilt/erubis.rb 2024-11-21 03:23:46.927331106 +0000
@@ -4,0 +5,2 @@
+warn 'tilt/erubis is deprecated, as erubis requires modifying string literals', uplevel: 1
+
lib/tilt/etanni.rb
--- /tmp/d20241121-3799-ww6527/tilt-2.3.0/lib/tilt/etanni.rb 2024-11-21 03:23:46.923331076 +0000
+++ /tmp/d20241121-3799-ww6527/tilt-2.4.0/lib/tilt/etanni.rb 2024-11-21 03:23:46.927331106 +0000
@@ -8 +8 @@
- chomp = "<<#{separator}.chomp!"
+ chomp = "<<#{separator}.chomp"
@@ -16 +16 @@
- @code = "_out_ = [<<#{separator}.chomp!]\n#{temp}#{stop}_out_.join"
+ @code = "_out_ = [<<#{separator}.chomp]\n#{temp}#{stop}_out_.join"
lib/tilt/maruku.rb
--- /tmp/d20241121-3799-ww6527/tilt-2.3.0/lib/tilt/maruku.rb 2024-11-21 03:23:46.923331076 +0000
+++ /tmp/d20241121-3799-ww6527/tilt-2.4.0/lib/tilt/maruku.rb 2024-11-21 03:23:46.931331137 +0000
@@ -4,0 +5,2 @@
+warn 'tilt/maruku is deprecated, as maruku requires modifying string literals', uplevel: 1
+
lib/tilt/sass.rb
--- /tmp/d20241121-3799-ww6527/tilt-2.3.0/lib/tilt/sass.rb 2024-11-21 03:23:46.923331076 +0000
+++ /tmp/d20241121-3799-ww6527/tilt-2.4.0/lib/tilt/sass.rb 2024-11-21 03:23:46.931331137 +0000
@@ -15,0 +16,7 @@
+ ALLOWED_KEYS = (defined?(::Sass::Compiler) ? ::Sass::Compiler : ::Sass::Embedded).
+ instance_method(:compile_string).
+ parameters.
+ map{|k, v| v if k == :key}.
+ compact rescue nil
+ private_constant :ALLOWED_KEYS
+
@@ -25,3 +32,5 @@
- @options[:url] = ::URI::File.build([nil, ::URI::DEFAULT_PARSER.escape(path)]).to_s
- @options[:syntax] = :indented
- @options
+ opts = @options.dup
+ opts[:url] = ::URI::File.build([nil, ::URI::DEFAULT_PARSER.escape(path)]).to_s
+ opts[:syntax] = :indented
+ opts.delete_if{|k| !ALLOWED_KEYS.include?(k)} if ALLOWED_KEYS
+ opts
@@ -64,3 +73,3 @@
- super
- @options[:syntax] = :scss
- @options
+ opts = super
+ opts[:syntax] = :scss
+ opts
lib/tilt/wikicloth.rb
--- /tmp/d20241121-3799-ww6527/tilt-2.3.0/lib/tilt/wikicloth.rb 2024-11-21 03:23:46.927331106 +0000
+++ /tmp/d20241121-3799-ww6527/tilt-2.4.0/lib/tilt/wikicloth.rb 2024-11-21 03:23:46.931331137 +0000
@@ -4,0 +5,2 @@
+warn 'tilt/wikicloth is deprecated, as wikicloth requires modifying string literals', uplevel: 1
+ |
Bumps [sinatra-contrib](https://github.com/sinatra/sinatra) from 4.0.0 to 4.1.1. - [Changelog](https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md) - [Commits](sinatra/sinatra@v4.0.0...v4.1.1) --- updated-dependencies: - dependency-name: sinatra-contrib dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/bundler/sinatra-contrib-4.1.1
branch
from
November 25, 2024 07:15
ae7d02a
to
375c0ba
Compare
Looks like sinatra-contrib is up-to-date now, so this is no longer needed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps sinatra-contrib from 4.0.0 to 4.1.1.
Changelog
Sourced from sinatra-contrib's changelog.
... (truncated)
Commits
7b50a1b
4.1.1 release (#2068)73f3291
4.1.0 release (#2063)ef00c6a
FixSinatra::HamlHelpers
docs (#2046)973c936
Fix compatibility with--enable-frozen-string-literal
(#2033)5640495
Fix typos in changelog, readme and code comments (#2006)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)