rack 3.1.1 → 3.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69ab6baf4f413f1f46aeb79754e00a1785621084eeb2e1f8d0c80bd75374c23b
-  data.tar.gz: 2bb3a1d5a3d081e581ad707f7156538c87d814cf6e7e0768b6e848fc1f199b15
+  metadata.gz: c5d6ff669a9e2d87cf8c2fb3fe727be68d2ac5df2a80a802163ed2cff8905627
+  data.tar.gz: 9e9917744a2d792217fb2f94c3d784fe6fcb0b4c44f7f34b864eafc50f329eb6
 SHA512:
-  metadata.gz: 43e2f54ea2cf8a76ec66ff2170e11c933c6d40fbf45b12d8dd2bbc3c96753393e21bc0c280b10e3b4ba27256fb64d11f8ff54a08ddbab076e29da3e1a154c8c7
-  data.tar.gz: b5f614e1bacf90c269237c86709562d590ac7b5d5ab4b81a668c19d6f5e073b3d569c9c77372efe070537954733f70786b77f4a870ef8d6a27a6e7c16ff001ce
+  metadata.gz: 293185b6af220249e49546d5a200e2cc2b55ff6e2424f472c5f01bdc37f3ed4e3aa4dc54df52108c3a42b7738c2e87dde74891f761f6120959b486f6e8b5eb29
+  data.tar.gz: d36b0721982e00065ee52a54719e86cb1914ec3086629c3958b6d510c9dd513ac75749be55008a5755e96ab918b302cb867719a256e50aced434361225c60da3

data/CHANGELOG.md

@@ -2,70 +2,45 @@
 
 All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
 
-## Unreleased
+## [3.1.2] - 2024-06-11
 
-## [3.1.1] - 2024-06-11
-
-### Added
-
-- Introduce `Rack::VERSION` constant. ([#2199](https://github.com/rack/rack/pull/2199), [@ioquatix])
+## Changed
 
-### Changed
-
-- Invalid cookie keys will now raise an error. ([#2192](https://github.com/rack/rack/pull/2192), [@ioquatix])
 - `Rack::Response` will take in to consideration chunked encoding responses ([#2204](https://github.com/rack/rack/pull/2204), [@tenderlove])
 
-### Removed
+## [3.1.1] - 2024-06-11
 
-- `Rack::Request#values_at` is removed. ([#2200](https://github.com/rack/rack/pull/2200), [@ioquatix])
-- `Rack::Logger` is removed with no replacement. ([#2196](https://github.com/rack/rack/pull/2196), [@ioquatix])
+- Oops, I shouldn't have shipped this
 
 ## [3.1.0] - 2024-06-11
 
-Rack v3.1 is primarily a maintenance release that removes features deprecated in Rack v3.0. Alongside these removals, there are several improvements to the Rack SPEC, mainly focused on enhancing input and output handling. These changes aim to make Rack more efficient and align better with the requirements of server implementations and relevant HTTP specifications.
-
 ### SPEC Changes
 
-- `rack.input` is now optional. ([#1997](https://github.com/rack/rack/pull/1997), [#2018](https://github.com/rack/rack/pull/2018), [@ioquatix])
-- `PATH_INFO` is now validated according to the HTTP/1.1 specification. ([#2117](https://github.com/rack/rack/pull/2117), [#2181](https://github.com/rack/rack/pull/2181), [@ioquatix])
-  - `OPTIONS *` is now accepted. ([#2114](https://github.com/rack/rack/pull/2114), [@doriantaylor](https://github.com/doriantaylor))
-- Introduce optional `rack.protocol` request and response header for handling connection upgrades. ([#1954](https://github.com/rack/rack/pull/1954), [@ioquatix])
+- `rack.input` is now optional. ([#1997](https://github.com/rack/rack/pull/1997), [@ioquatix])
+- `PATH_INFO` is now validated according to the HTTP/1.1 specification. ([#2117](https://github.com/rack/rack/pull/2117), [@ioquatix])
+- `rack.protocol` is an optional environment key and response header for handling connection upgrades.
 
 ### Added
 
-- Introduce `Rack::Multipart::MissingInputError` for improved handling of missing input in `#parse_multipart`. ([#2018](https://github.com/rack/rack/pull/2018), [@ioquatix])
 - Introduce `module Rack::BadRequest` which is included in multipart and query parser errors. ([#2019](https://github.com/rack/rack/pull/2019), [@ioquatix])
-- Add `.mjs` MIME type ([#2057](https://github.com/rack/rack/pull/2057), [@axilleas](https://github.com/axilleas))
-- `set_cookie_header` utility now supports the `partitioned` cookie attribute. This is required by Chrome in some embedded contexts. ([#2131](https://github.com/rack/rack/pull/2131), [@flavio-b](https://github.com/flavio-b))
-- Introduce `rack.early_hints` for sending `103 Early Hints` informational responses. ([#1831](https://github.com/rack/rack/pull/1831), [@casperisfine](https://github.com/casperisfine), [@jeremyevans])
+- Add `.mjs` MIME type ([#2057](https://github.com/rack/rack/pull/2057), [@axilleas])
+- `set_cookie_header` utility now supports the `partitioned` cookie attribute. This is required by Chrome in some embedded contexts. ([#2131](https://github.com/rack/rack/pull/2131), [@flavio-b])
+- `rack.early_hints` is now officially supported as an optional feature (already implemented by Unicorn, Puma, and Falcon). ([#1831](https://github.com/rack/rack/pull/1831), [@casperisfine, @jeremyevans])
 
 ### Changed
 
-- MIME type for JavaScript files (`.js`) changed from `application/javascript` to `text/javascript` ([`1bd0f15`](https://github.com/rack/rack/commit/1bd0f1597d8f4a90d47115f3e156a8ce7870c9c8), [@ioquatix])
+- `rack.input` is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. ([#2018](https://github.com/rack/rack/pull/2018), [@ioquatix])
+- MIME type for JavaScript files (`.js`) changed from `application/javascript` to `text/javascript` ([`1bd0f15`](https://github.com/rack/rack/commit/1bd0f1597d8f4a90d47115f3e156a8ce7870c9c8))
 - Update MIME types associated to `.ttf`, `.woff`, `.woff2` and `.otf` extensions to use mondern `font/*` types. ([#2065](https://github.com/rack/rack/pull/2065), [@davidstosik])
 - `Rack::Utils.escape_html` is now delegated to `CGI.escapeHTML`. `'` is escaped to `#39;` instead of `#x27;`. (decimal vs hexadecimal) ([#2099](https://github.com/rack/rack/pull/2099), [@JunichiIto](https://github.com/JunichiIto))
-- Clarify use of `@buffered` and only update `content-length` when `Rack::Response#finish` is invoked. ([#2149](https://github.com/rack/rack/pull/2149), [@ioquatix])
-
-### Deprecated
-
-- Deprecate automatic cache invalidation in `Request#{GET,POST}` ([#2073](https://github.com/rack/rack/pull/2073), [@jeremyevans])
 - Only cookie keys that are not valid according to the HTTP specifications are escaped. We are planning to deprecate this behaviour, so now a deprecation message will be emitted in this case. In the future, invalid cookie keys may not be accepted. ([#2191](https://github.com/rack/rack/pull/2191), [@ioquatix])
-- `Rack::Logger` is deprecated. ([#2197](https://github.com/rack/rack/pull/2197), [@ioquatix])
-- Add fallback lookup and deprecation warning for obsolete status symbols. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn](https://github.com/wtn))
 
 ### Removed
 
-- Remove deprecated `Rack::Auth::Digest` with no replacement. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
-- Remove deprecated `Rack::Cascade::NotFound` with no replacement. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
-- Remove deprecated `Rack::Chunked` with no replacement. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
-- Remove deprecated `Rack::File`, use `Rack::Files` instead. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
-- Remove deprecated `Rack::QueryParser` `key_space_limit` parameter with no replacement. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
-- Remove deprecated `Rack::Response#header`, use `Rack::Response#headers` instead. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
-- Remove deprecated cookie methods from `Rack::Utils`: `add_cookie_to_header`, `make_delete_cookie_header`, `add_remove_cookie_to_header`. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
-- Remove deprecated `Rack::Utils::HeaderHash`. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
-- Remove deprecated `Rack::VERSION`, `Rack::VERSION_STRING`, `Rack.version`, use `Rack.release` instead. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
-- Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn](https://github.com/wtn))
-- Remove any dependency on `transfer-encoding: chunked`. ([#2195](https://github.com/rack/rack/pull/2195), [@ioquatix])
+- Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn])
+- Add fallback lookup and deprecation warning for obsolete status symbols. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn])
+- Deprecate automatic cache invalidation in `Request#{GET,POST}` ([#2073](https://github.com/rack/rack/pull/2073) ([@jeremyevans])
+- `Rack::Logger` is deprecated. ([#2197](https://github.com/rack/rack/pull/2197), [@ioquatix])
 
 ### Fixed
 

data/lib/rack/logger.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'logger'
+require_relative 'constants'
+
+warn "Rack::Logger is deprecated and will be removed in Rack 3.2.", uplevel: 1
+
+module Rack
+  # Sets up rack.logger to write to rack.errors stream
+  class Logger
+    def initialize(app, level = ::Logger::INFO)
+      @app, @level = app, level
+    end
+
+    def call(env)
+      logger = ::Logger.new(env[RACK_ERRORS])
+      logger.level = @level
+
+      env[RACK_LOGGER] = logger
+      @app.call(env)
+    end
+  end
+end

data/lib/rack/request.rb

@@ -616,6 +616,13 @@ module Rack
         Rack::Request.ip_filter.call(ip)
       end
 
+      # like Hash#values_at
+      def values_at(*keys)
+        warn("Request#values_at is deprecated and will be removed in a future version of Rack. Please use request.params.values_at instead", uplevel: 1)
+        
+        keys.map { |key| params[key] }
+      end
+
       private
 
       def default_session; {}; end

data/lib/rack/utils.rb

@@ -244,18 +244,26 @@ module Rack
       parse_cookies_header env[HTTP_COOKIE]
     end
 
-    # A valid cookie key according to RFC6265 and RFC2616.
+    # A valid cookie key according to RFC2616.
     # A <cookie-name> can be any US-ASCII characters, except control characters, spaces, or tabs. It also must not contain a separator character like the following: ( ) < > @ , ; : \ " / [ ] ? = { }.
     VALID_COOKIE_KEY = /\A[!#$%&'*+\-\.\^_`|~0-9a-zA-Z]+\z/.freeze
     private_constant :VALID_COOKIE_KEY
 
+    private def escape_cookie_key(key)
+      if key =~ VALID_COOKIE_KEY
+        key
+      else
+        warn "Cookie key #{key.inspect} is not valid according to RFC2616; it will be escaped. This behaviour is deprecated and will be removed in a future version of Rack.", uplevel: 2
+        escape(key)
+      end
+    end
+
     # :call-seq:
     #   set_cookie_header(key, value) -> encoded string
     #
     # Generate an encoded string using the provided +key+ and +value+ suitable
     # for the +set-cookie+ header according to RFC6265. The +value+ may be an
-    # instance of either +String+ or +Hash+. If the cookie key is invalid (as
-    # defined by RFC6265), an +ArgumentError+ will be raised.
+    # instance of either +String+ or +Hash+.
     #
     # If the cookie +value+ is an instance of +Hash+, it considers the following
     # cookie attribute keys: +domain+, +max_age+, +expires+ (must be instance
@@ -263,6 +271,10 @@ module Rack
     # details about the interpretation of these fields, consult
     # [RFC6265 Section 5.2](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2).
     #
+    # An extra cookie attribute +escape_key+ can be provided to control whether
+    # or not the cookie key is URL encoded. If explicitly set to +false+, the
+    # cookie key name will not be url encoded (escaped). The default is +true+.
+    #
     #   set_cookie_header("myname", "myvalue")
     #   # => "myname=myvalue"
     #
@@ -270,12 +282,9 @@ module Rack
     #   # => "myname=myvalue; max-age=10"
     #
     def set_cookie_header(key, value)
-      unless key =~ VALID_COOKIE_KEY
-        raise ArgumentError, "invalid cookie key: #{key.inspect}"
-      end
-
       case value
       when Hash
+        key = escape_cookie_key(key) unless value[:escape_key] == false
         domain  = "; domain=#{value[:domain]}"   if value[:domain]
         path    = "; path=#{value[:path]}"       if value[:path]
         max_age = "; max-age=#{value[:max_age]}" if value[:max_age]
@@ -297,6 +306,8 @@ module Rack
           end
         partitioned = "; partitioned" if value[:partitioned]
         value = value[:value]
+      else
+        key = escape_cookie_key(key)
       end
 
       value = [value] unless Array === value

data/lib/rack/version.rb

@@ -5,13 +5,17 @@
 # Rack is freely distributable under the terms of an MIT-style license.
 # See MIT-LICENSE or https://opensource.org/licenses/MIT.
 
-module Rack
-  VERSION = "3.1.1"
+# The Rack main module, serving as a namespace for all core Rack
+# modules and classes.
+#
+# All modules meant for use in your application are <tt>autoload</tt>ed here,
+# so it should be enough just to <tt>require 'rack'</tt> in your code.
 
-  RELEASE = VERSION
+module Rack
+  RELEASE = "3.1.2"
 
   # Return the Rack release as a dotted string.
   def self.release
-    VERSION
+    RELEASE
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack
 version: !ruby/object:Gem::Version
-  version: 3.1.1
+  version: 3.1.2
 platform: ruby
 authors:
 - Leah Neukirchen
@@ -108,6 +108,7 @@ files:
 - lib/rack/headers.rb
 - lib/rack/lint.rb
 - lib/rack/lock.rb
+- lib/rack/logger.rb
 - lib/rack/media_type.rb
 - lib/rack/method_override.rb
 - lib/rack/mime.rb