RubyGems - rack - Versions diffs - 3.1.0 → 3.1.1 - Mend

rack 3.1.0 → 3.1.1

Potentially problematic release.

This version of rack might be problematic. Click here for more details.

Files changed (10) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f7f3809c29e2dad213f5abbdace8e3b7633072c2d3741ef484346ca07b8a9e0d
-  data.tar.gz: a05cea9deeb8173edc7a5e5a0647abbf0f8ff1906f74543ad6970311ab4d3a52
+  metadata.gz: 69ab6baf4f413f1f46aeb79754e00a1785621084eeb2e1f8d0c80bd75374c23b
+  data.tar.gz: 2bb3a1d5a3d081e581ad707f7156538c87d814cf6e7e0768b6e848fc1f199b15
 SHA512:
-  metadata.gz: 357615f5163669e77b81660145353bf29d926ab5d92e36e958ae65063c993d9c9411b868090bc99fa6e72a8bd7e82ba5cb430343556a399e2d75acdb45000b62
-  data.tar.gz: 840039910ee854ec1bccff2d3078fb5b187f093480836d6023e290c49925e36e953a1a37372d619a5d3118f1d52fb7b904fed7623688c9b41ea7a7803960fcbb
+  metadata.gz: 43e2f54ea2cf8a76ec66ff2170e11c933c6d40fbf45b12d8dd2bbc3c96753393e21bc0c280b10e3b4ba27256fb64d11f8ff54a08ddbab076e29da3e1a154c8c7
+  data.tar.gz: b5f614e1bacf90c269237c86709562d590ac7b5d5ab4b81a668c19d6f5e073b3d569c9c77372efe070537954733f70786b77f4a870ef8d6a27a6e7c16ff001ce

data/CHANGELOG.md CHANGED Viewed

@@ -2,35 +2,70 @@
 All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
+## Unreleased
+## [3.1.1] - 2024-06-11
+### Added
+- Introduce `Rack::VERSION` constant. ([#2199](https://github.com/rack/rack/pull/2199), [@ioquatix])
+### Changed
+- Invalid cookie keys will now raise an error. ([#2192](https://github.com/rack/rack/pull/2192), [@ioquatix])
+- `Rack::Response` will take in to consideration chunked encoding responses ([#2204](https://github.com/rack/rack/pull/2204), [@tenderlove])
+### Removed
+- `Rack::Request#values_at` is removed. ([#2200](https://github.com/rack/rack/pull/2200), [@ioquatix])
+- `Rack::Logger` is removed with no replacement. ([#2196](https://github.com/rack/rack/pull/2196), [@ioquatix])
 ## [3.1.0] - 2024-06-11
+Rack v3.1 is primarily a maintenance release that removes features deprecated in Rack v3.0. Alongside these removals, there are several improvements to the Rack SPEC, mainly focused on enhancing input and output handling. These changes aim to make Rack more efficient and align better with the requirements of server implementations and relevant HTTP specifications.
 ### SPEC Changes
-- `rack.input` is now optional. ([#1997](https://github.com/rack/rack/pull/1997), [@ioquatix])
-- `PATH_INFO` is now validated according to the HTTP/1.1 specification. ([#2117](https://github.com/rack/rack/pull/2117), [@ioquatix])
-- `rack.protocol` is an optional environment key and response header for handling connection upgrades.
+- `rack.input` is now optional. ([#1997](https://github.com/rack/rack/pull/1997), [#2018](https://github.com/rack/rack/pull/2018), [@ioquatix])
+- `PATH_INFO` is now validated according to the HTTP/1.1 specification. ([#2117](https://github.com/rack/rack/pull/2117), [#2181](https://github.com/rack/rack/pull/2181), [@ioquatix])
+  - `OPTIONS *` is now accepted. ([#2114](https://github.com/rack/rack/pull/2114), [@doriantaylor](https://github.com/doriantaylor))
+- Introduce optional `rack.protocol` request and response header for handling connection upgrades. ([#1954](https://github.com/rack/rack/pull/1954), [@ioquatix])
 ### Added
+- Introduce `Rack::Multipart::MissingInputError` for improved handling of missing input in `#parse_multipart`. ([#2018](https://github.com/rack/rack/pull/2018), [@ioquatix])
 - Introduce `module Rack::BadRequest` which is included in multipart and query parser errors. ([#2019](https://github.com/rack/rack/pull/2019), [@ioquatix])
-- Add `.mjs` MIME type ([#2057](https://github.com/rack/rack/pull/2057), [@axilleas])
-- `set_cookie_header` utility now supports the `partitioned` cookie attribute. This is required by Chrome in some embedded contexts. ([#2131](https://github.com/rack/rack/pull/2131), [@flavio-b])
-- `rack.early_hints` is now officially supported as an optional feature (already implemented by Unicorn, Puma, and Falcon). ([#1831](https://github.com/rack/rack/pull/1831), [@casperisfine, @jeremyevans])
+- Add `.mjs` MIME type ([#2057](https://github.com/rack/rack/pull/2057), [@axilleas](https://github.com/axilleas))
+- `set_cookie_header` utility now supports the `partitioned` cookie attribute. This is required by Chrome in some embedded contexts. ([#2131](https://github.com/rack/rack/pull/2131), [@flavio-b](https://github.com/flavio-b))
+- Introduce `rack.early_hints` for sending `103 Early Hints` informational responses. ([#1831](https://github.com/rack/rack/pull/1831), [@casperisfine](https://github.com/casperisfine), [@jeremyevans])
 ### Changed
-- `rack.input` is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. ([#2018](https://github.com/rack/rack/pull/2018), [@ioquatix])
-- MIME type for JavaScript files (`.js`) changed from `application/javascript` to `text/javascript` ([`1bd0f15`](https://github.com/rack/rack/commit/1bd0f1597d8f4a90d47115f3e156a8ce7870c9c8))
+- MIME type for JavaScript files (`.js`) changed from `application/javascript` to `text/javascript` ([`1bd0f15`](https://github.com/rack/rack/commit/1bd0f1597d8f4a90d47115f3e156a8ce7870c9c8), [@ioquatix])
 - Update MIME types associated to `.ttf`, `.woff`, `.woff2` and `.otf` extensions to use mondern `font/*` types. ([#2065](https://github.com/rack/rack/pull/2065), [@davidstosik])
 - `Rack::Utils.escape_html` is now delegated to `CGI.escapeHTML`. `'` is escaped to `#39;` instead of `#x27;`. (decimal vs hexadecimal) ([#2099](https://github.com/rack/rack/pull/2099), [@JunichiIto](https://github.com/JunichiIto))
+- Clarify use of `@buffered` and only update `content-length` when `Rack::Response#finish` is invoked. ([#2149](https://github.com/rack/rack/pull/2149), [@ioquatix])
+### Deprecated
+- Deprecate automatic cache invalidation in `Request#{GET,POST}` ([#2073](https://github.com/rack/rack/pull/2073), [@jeremyevans])
 - Only cookie keys that are not valid according to the HTTP specifications are escaped. We are planning to deprecate this behaviour, so now a deprecation message will be emitted in this case. In the future, invalid cookie keys may not be accepted. ([#2191](https://github.com/rack/rack/pull/2191), [@ioquatix])
+- `Rack::Logger` is deprecated. ([#2197](https://github.com/rack/rack/pull/2197), [@ioquatix])
+- Add fallback lookup and deprecation warning for obsolete status symbols. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn](https://github.com/wtn))
 ### Removed
-- Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn])
-- Add fallback lookup and deprecation warning for obsolete status symbols. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn])
-- Deprecate automatic cache invalidation in `Request#{GET,POST}` ([#2073](https://github.com/rack/rack/pull/2073) ([@jeremyevans])
-- `Rack::Logger` is deprecated. ([#2197](https://github.com/rack/rack/pull/2197), [@ioquatix])
+- Remove deprecated `Rack::Auth::Digest` with no replacement. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
+- Remove deprecated `Rack::Cascade::NotFound` with no replacement. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
+- Remove deprecated `Rack::Chunked` with no replacement. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
+- Remove deprecated `Rack::File`, use `Rack::Files` instead. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
+- Remove deprecated `Rack::QueryParser` `key_space_limit` parameter with no replacement. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
+- Remove deprecated `Rack::Response#header`, use `Rack::Response#headers` instead. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
+- Remove deprecated cookie methods from `Rack::Utils`: `add_cookie_to_header`, `make_delete_cookie_header`, `add_remove_cookie_to_header`. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
+- Remove deprecated `Rack::Utils::HeaderHash`. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
+- Remove deprecated `Rack::VERSION`, `Rack::VERSION_STRING`, `Rack.version`, use `Rack.release` instead. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
+- Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn](https://github.com/wtn))
+- Remove any dependency on `transfer-encoding: chunked`. ([#2195](https://github.com/rack/rack/pull/2195), [@ioquatix])
 ### Fixed

data/lib/rack/constants.rb CHANGED Viewed

@@ -22,6 +22,7 @@ module Rack
   ETAG              = 'etag'
   EXPIRES           = 'expires'
   SET_COOKIE        = 'set-cookie'
+  TRANSFER_ENCODING = 'transfer-encoding'
   # HTTP method verbs
   GET     = 'GET'

data/lib/rack/content_length.rb CHANGED Viewed

@@ -21,6 +21,7 @@ module Rack
       if !STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) &&
          !headers[CONTENT_LENGTH] &&
+         !headers[TRANSFER_ENCODING] &&
          body.respond_to?(:to_ary)
         response[2] = body = body.to_ary

data/lib/rack/request.rb CHANGED Viewed

@@ -616,13 +616,6 @@ module Rack
         Rack::Request.ip_filter.call(ip)
       end
-      # like Hash#values_at
-      def values_at(*keys)
-        warn("Request#values_at is deprecated and will be removed in a future version of Rack. Please use request.params.values_at instead", uplevel: 1)
-        keys.map { |key| params[key] }
-      end
       private
       def default_session; {}; end

data/lib/rack/response.rb CHANGED Viewed

@@ -25,6 +25,7 @@ module Rack
       self.new(body, status, headers)
     end
+    CHUNKED = 'chunked'
     STATUS_WITH_NO_ENTITY_BODY = Utils::STATUS_WITH_NO_ENTITY_BODY
     attr_accessor :length, :status, :body
@@ -89,7 +90,11 @@ module Rack
       self.status = status
       self.location = target
     end
+    def chunked?
+      CHUNKED == get_header(TRANSFER_ENCODING)
+    end
     def no_entity_body?
       # The response body is an enumerable body and it is not allowed to have an entity body.
       @body.respond_to?(:each) && STATUS_WITH_NO_ENTITY_BODY[@status]
@@ -105,7 +110,7 @@ module Rack
         close
         return [@status, @headers, []]
       else
-        if @length && @length > 0
+        if @length && @length > 0 && !chunked?
           set_header CONTENT_LENGTH, @length.to_s
         end

data/lib/rack/utils.rb CHANGED Viewed

@@ -244,26 +244,18 @@ module Rack
       parse_cookies_header env[HTTP_COOKIE]
     end
-    # A valid cookie key according to RFC2616.
+    # A valid cookie key according to RFC6265 and RFC2616.
     # A <cookie-name> can be any US-ASCII characters, except control characters, spaces, or tabs. It also must not contain a separator character like the following: ( ) < > @ , ; : \ " / [ ] ? = { }.
     VALID_COOKIE_KEY = /\A[!#$%&'*+\-\.\^_`|~0-9a-zA-Z]+\z/.freeze
     private_constant :VALID_COOKIE_KEY
-    private def escape_cookie_key(key)
-      if key =~ VALID_COOKIE_KEY
-        key
-      else
-        warn "Cookie key #{key.inspect} is not valid according to RFC2616; it will be escaped. This behaviour is deprecated and will be removed in a future version of Rack.", uplevel: 2
-        escape(key)
-      end
-    end
     # :call-seq:
     #   set_cookie_header(key, value) -> encoded string
     #
     # Generate an encoded string using the provided +key+ and +value+ suitable
     # for the +set-cookie+ header according to RFC6265. The +value+ may be an
-    # instance of either +String+ or +Hash+.
+    # instance of either +String+ or +Hash+. If the cookie key is invalid (as
+    # defined by RFC6265), an +ArgumentError+ will be raised.
     #
     # If the cookie +value+ is an instance of +Hash+, it considers the following
     # cookie attribute keys: +domain+, +max_age+, +expires+ (must be instance
@@ -271,10 +263,6 @@ module Rack
     # details about the interpretation of these fields, consult
     # [RFC6265 Section 5.2](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2).
     #
-    # An extra cookie attribute +escape_key+ can be provided to control whether
-    # or not the cookie key is URL encoded. If explicitly set to +false+, the
-    # cookie key name will not be url encoded (escaped). The default is +true+.
-    #
     #   set_cookie_header("myname", "myvalue")
     #   # => "myname=myvalue"
     #
@@ -282,9 +270,12 @@ module Rack
     #   # => "myname=myvalue; max-age=10"
     #
     def set_cookie_header(key, value)
+      unless key =~ VALID_COOKIE_KEY
+        raise ArgumentError, "invalid cookie key: #{key.inspect}"
+      end
       case value
       when Hash
-        key = escape_cookie_key(key) unless value[:escape_key] == false
         domain  = "; domain=#{value[:domain]}"   if value[:domain]
         path    = "; path=#{value[:path]}"       if value[:path]
         max_age = "; max-age=#{value[:max_age]}" if value[:max_age]
@@ -306,8 +297,6 @@ module Rack
           end
         partitioned = "; partitioned" if value[:partitioned]
         value = value[:value]
-      else
-        key = escape_cookie_key(key)
       end
       value = [value] unless Array === value

data/lib/rack/version.rb CHANGED Viewed

@@ -5,17 +5,13 @@
 # Rack is freely distributable under the terms of an MIT-style license.
 # See MIT-LICENSE or https://opensource.org/licenses/MIT.
-# The Rack main module, serving as a namespace for all core Rack
-# modules and classes.
-#
-# All modules meant for use in your application are <tt>autoload</tt>ed here,
-# so it should be enough just to <tt>require 'rack'</tt> in your code.
 module Rack
-  RELEASE = "3.1.0"
+  VERSION = "3.1.1"
+  RELEASE = VERSION
   # Return the Rack release as a dotted string.
   def self.release
-    RELEASE
+    VERSION
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.1.1
 platform: ruby
 authors:
 - Leah Neukirchen
@@ -108,7 +108,6 @@ files:
 - lib/rack/headers.rb
 - lib/rack/lint.rb
 - lib/rack/lock.rb
-- lib/rack/logger.rb
 - lib/rack/media_type.rb
 - lib/rack/method_override.rb
 - lib/rack/mime.rb
@@ -158,7 +157,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.9
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: A modular Ruby webserver interface.

data/lib/rack/logger.rb DELETED Viewed

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-require 'logger'
-require_relative 'constants'
-warn "Rack::Logger is deprecated and will be removed in Rack 3.2.", uplevel: 1
-module Rack
-  # Sets up rack.logger to write to rack.errors stream
-  class Logger
-    def initialize(app, level = ::Logger::INFO)
-      @app, @level = app, level
-    end
-    def call(env)
-      logger = ::Logger.new(env[RACK_ERRORS])
-      logger.level = @level
-      env[RACK_LOGGER] = logger
-      @app.call(env)
-    end
-  end
-end