Skip to content

ui: bump the rack group across 1 directory with 3 updates#3916

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/bundler/server/src/main/webapp/WEB-INF/rails/rack-bc1892fb5a
Open

ui: bump the rack group across 1 directory with 3 updates#3916
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/bundler/server/src/main/webapp/WEB-INF/rails/rack-bc1892fb5a

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 18, 2026
edited
Loading

Bumps the rack group with 1 update in the /server/src/main/webapp/WEB-INF/rails directory: rack.

Updates rack from 2.2.22 to 3.2.5

Release notes

Sourced from rack's releases.

v3.2.4

No release notes provided.

v3.0.9.1

What's Changed

Full Changelog: rack/rack@v3.0.9...v3.0.9.1

v3.0.9

What's Changed

  • Fix content-length calcuation in Rack:Response#write #2150

Full Changelog: rack/rack@v3.0.8...v3.0.9

v3.0.8

What's Changed

New Contributors

Full Changelog: rack/rack@v3.0.7...v3.0.8

v3.0.7

What's Changed

Full Changelog: rack/rack@v3.0.6.1...v3.0.7

v3.0.6.1

No release notes provided.

v3.0.4.1

Full Changelog: rack/rack@v3.0.4...v3.0.4.1

v3.0.4

Full Changelog: rack/rack@v3.0.3...v3.0.4

v3.0.3

What's Changed

Full Changelog: rack/rack@v3.0.2...v3.0.3

... (truncated)

Commits
  • bb5f355 Bump patch version.
  • f9bde3b Prevent directory traversal via root prefix bypass.
  • 93a68f5 XSS injection via malicious filename in Rack::Directory.
  • 3b8b0d2 Fix MockResponse#body when the body is a Proc (#2420)
  • 4c24539 Bump patch version.
  • 3ba5e4f Allow Multipart head to span read boundary. (#2392)
  • 32bf888 Bump patch version.
  • e179614 Unbounded read in Rack::Request form parsing can lead to memory exhaustion.
  • 57277b7 Improper handling of proxy headers in Rack::Sendfile may allow proxy bypass.
  • 403b74b Normalize adivsories links.
  • Additional commits viewable in compare view

Updates rack-session from 1.0.2 to 2.1.1

Release notes

Sourced from rack-session's releases.

v2.1.1

Full Changelog: rack/rack-session@v2.1.0...v2.1.1

v2.1.0

Full Changelog: rack/rack-session@v2.0.0...v2.1.0

v2.0.0

What's Changed

Full Changelog: rack/rack-session@v1.0.0...v2.0.0

Changelog

Sourced from rack-session's changelog.

v2.1.1

  • Prevent Rack::Session::Pool from recreating deleted sessions CVE-2025-46336.

v2.1.0

  • Improved compatibility with Ruby 3.3+ and Rack 3+.
  • Add support for cookie option partitioned.
  • Introduce assume_ssl option to allow secure session cookies through insecure proxy.

v2.0.0

  • Initial migration of code from Rack 2, for Rack 3 release.
Commits
  • 96663ec Bump patch version.
  • c58ad79 Don't allow session to be recreated accidentally.
  • 8a02143 Bump minor version.
  • 67c1237 Add release notes.
  • 77c56db Rack 3 compatibility.
  • 1a10ce8 Test on Ruby v3.4.
  • 06b63f5 Bump actions/checkout from 3 to 4 (#47)
  • 9818179 Opt-in for MFA requirement (#45)
  • 9ad38c0 Test and set Ruby v2.5 as minimum. (#46)
  • 4af6114 Add cookie option "partitioned" to DEFAULT_OPTIONS and documentation of class...
  • Additional commits viewable in compare view

Updates rackup from 1.0.1 to 2.3.1

Changelog

Sourced from rackup's changelog.

Releases

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

v2.2.1

  • Try to require webrick and rackup/handler/webrick by default, for compatibility with code that expects them to be available.

v2.2.0

  • Remove old rack shims.
  • Remove webrick dependency.

v2.1.0

  • Correctly support streaming responses with webrick.

v2.0.0

  • Initial release and migration of code from rack.
Commits
  • f3fa1d6 Bump patch version.
  • 583c7dc Fix WEBrick SERVER_PORT handling.
  • adc9596 Bump minor version.
  • 8e538be Update the webrick handler to support OPTIONS * requests. (#40)
  • 7a3e190 Update workflows.
  • 5d18f5a Update spec_server.rb
  • c6cdd47 Fix references from Rack::Server to Rackup::Server in comments
  • e3df7cb Provide a 'Changelog' link on rubygems.org/gems/rackup
  • 39d5226 Documentation for how to access handlers programatically.
  • 301b6dd Update releases.md - fixes #29.
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Mar 18, 2026
@dependabot dependabot bot mentioned this pull request Mar 18, 2026
Closed
@dependabot dependabot bot force-pushed the dependabot/bundler/server/src/main/webapp/WEB-INF/rails/rack-bc1892fb5a branch 5 times, most recently from 6d0184f to 879d2d3 Compare March 24, 2026 22:02
@dependabot
ui: bump the rack group
1e60c90 
Bumps the rack group in /server/src/main/webapp/WEB-INF/rails with 3 updates: [rack](https://github.com/rack/rack), [rack-session](https://github.com/rack/rack-session) and [rackup](https://github.com/rack/rackup).


Updates `rack` from 2.2.22 to 3.2.5
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@v2.2.22...v3.2.5)

Updates `rack-session` from 1.0.2 to 2.1.1
- [Release notes](https://github.com/rack/rack-session/releases)
- [Changelog](https://github.com/rack/rack-session/blob/main/releases.md)
- [Commits](rack/rack-session@v1.0.2...v2.1.1)

Updates `rackup` from 1.0.1 to 2.3.1
- [Release notes](https://github.com/rack/rackup/releases)
- [Changelog](https://github.com/rack/rackup/blob/main/releases.md)
- [Commits](rack/rackup@v1.0.1...v2.3.1)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 3.2.5
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: rack
- dependency-name: rack-session
  dependency-version: 2.1.1
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: rack
- dependency-name: rackup
  dependency-version: 2.3.1
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: rack
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot changed the title ui: bump the rack group in /server/src/main/webapp/WEB-INF/rails with 3 updates ui: bump the rack group across 1 directory with 3 updates Mar 27, 2026
@dependabot dependabot bot force-pushed the dependabot/bundler/server/src/main/webapp/WEB-INF/rails/rack-bc1892fb5a branch from 879d2d3 to 1e60c90 Compare March 27, 2026 18:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants