Date | Commit message (Collapse) |
|
Now that Rack::Chunked is gracefully a no-op for non-1.1 HTTP
versions, do not cause unnecessary pain for end users upgrading
to Rack 3.
|
|
895beec0622d (chunked: do not chunk on pre-HTTP/1.0 clients, 2013-11-12)
was written in 2013 in anticipation of HTTP/1.2 and future versions
supporting chunked encoding. As of 2022, HTTP/1.2 is yet to happen,
and is unlikely given HTTP/2 and HTTP/3 both exist. So limit
chunking to HTTP/1.1, since HTTP/1.x will remain in use for years
to come, and there's still a few odd places using HTTP/0.9.
|
|
|
|
|
|
This passes all specs, but may result in different behavior.
Fixes #1957
|
|
|
|
* Add rack.response_finished to Rack::Lint
This updates Rack::Lint to validate that `rack.response_finished` is an
array of callables when present in the `env`. e.g. procs, lambdas, or
objects that respond to `call`.
This validates that:
* `rack.response_finished` is an array
* The contents of the array all respond to `call`
|
|
|
|
This is a better check that the internals are correctly using
require_relative and not relying on autoload.
|
|
Minor edits while here.
|
|
* Update version identifier in README.
* Add compatibility details in the upgrade guide.
* More elaborate installation details.
|
|
|
|
|
|
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1 to 2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v1...v2)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
* Raise ArgumentError if both app and block given.
|
|
into a separate gem. (#1937)
|
|
Similar to the changes made in 6d18e5183b7bbc34dc406b63ff98a377a85d5ec3,
we shouldn't deprecate this without an appropriate replacement.
Fixes #1845
|
|
> Dependency Review GitHub Action in your repository to enforce dependency
> reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version
> changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
|
|
|
|
* Move Rack::MockRequest/Response into dedicated files.
At some point I think we want to improve the implementation of `Rack::Mock`
in a separate gem. So let's be consistent with naming these files to avoid
clobbering namespace in the future.
|
|
* Separate full and partial rack hijack.
- Remove `rack.hijack_io` which is at best difficult to use and at worst buggy.
- Separate full and partial hijack specifications, `rack.hijack?` implies that partial hijacking is supported, `rack.hijack` implies that full hijacking is supported.
|
|
|
|
|
|
* Only `each` and `call` are optionally required as part of consuming the body + extra clarifications.
* Extra explanation to make the usage of `close` crystal clear.
* Clarified expected usage.
|
|
GzipWriter#close also closes the underlying IO, which in turn closes the
wrapped response body. If that body is a Rack::BodyProxy, the associated
block will run too early, before control has returned to the app server.
GzipWriter#finish closes the gzip stream, but not the underlying IO. The
response body will then be closed by the app server after iteration.
|
|
* Replaces references to the master branch with main.
* Removes a bad link in a comment as a reference for
not parsing CGI ISINDEX parameters.
|
|
|
|
|
|
|
|
in order not to allocate another Array object for passing the response
to the next middleware.
Co-authored-by: Samuel Williams <samuel.williams@oriontransfer.co.nz>
|
|
|
|
Ruby 3.2 will provide `Exception#detailed_message` which returns more
informative message including hints for debugging.
https://bugs.ruby-lang.org/issues/18564
The did_you_mean gem and error_highlight gem is planned to use the
method to add their hints in Ruby 3.2. So using `Exception#message` will
not include did_you_mean and error_highlight hints.
This changeset uses `Exception#detailed_message` if available to show
exceptions.
|
|
... to allow automatic line wrapping for very long lines.
|
|
Ruby 3.1's error_highlight feature prints a code snippet with a
underline. To make it readable, an exception message should be rendered
by a monospace font and in "pre" format, i.e., whitespaces are preserved
and newlines are respected.
|
|
|
|
https://github.com/rack/rack/blob/2.2.4/CHANGELOG.md includes an entry from 2.2.4 which is not currently visible on main branch. Copy the changelog contents over from the `CHANGELOG.md` on `2.2.4` tag and submit it as a PR against main branch.
|
|
When using \x prefix, users would expect hex escaping.
|
|
RubyForge isn't available anymore, so we should remove these tasks
|
|
|
|
|
|
|
|
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure.
Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot
GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
|
|
|
|
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
|
|
If :input is already provided, this string allocation is unnecessary.
|