rack 3.1.15 → 3.2.0

data/lib/rack/utils.rb

@@ -181,12 +181,16 @@ module Rack
     # doesn't get monkey-patched by rails
     if defined?(ERB::Escape) && ERB::Escape.instance_method(:html_escape)
       define_method(:escape_html, ERB::Escape.instance_method(:html_escape))
+    # :nocov:
+    # Ruby 3.2/ERB 4.0 added ERB::Escape#html_escape, so the else
+    # branch cannot be hit on the current Ruby version.
     else
       require 'cgi/escape'
       # Escape ampersands, brackets and quotes to their HTML/XML entities.
       def escape_html(string)
         CGI.escapeHTML(string.to_s)
       end
+    # :nocov:
     end
 
     def select_best_encoding(available_encodings, accept_encoding)
@@ -254,26 +258,18 @@ module Rack
       parse_cookies_header env[HTTP_COOKIE]
     end
 
-    # A valid cookie key according to RFC2616.
+    # A valid cookie key according to RFC6265 and RFC2616.
     # A <cookie-name> can be any US-ASCII characters, except control characters, spaces, or tabs. It also must not contain a separator character like the following: ( ) < > @ , ; : \ " / [ ] ? = { }.
     VALID_COOKIE_KEY = /\A[!#$%&'*+\-\.\^_`|~0-9a-zA-Z]+\z/.freeze
     private_constant :VALID_COOKIE_KEY
 
-    private def escape_cookie_key(key)
-      if key =~ VALID_COOKIE_KEY
-        key
-      else
-        warn "Cookie key #{key.inspect} is not valid according to RFC2616; it will be escaped. This behaviour is deprecated and will be removed in a future version of Rack.", uplevel: 2
-        escape(key)
-      end
-    end
-
     # :call-seq:
     #   set_cookie_header(key, value) -> encoded string
     #
     # Generate an encoded string using the provided +key+ and +value+ suitable
     # for the +set-cookie+ header according to RFC6265. The +value+ may be an
-    # instance of either +String+ or +Hash+.
+    # instance of either +String+ or +Hash+. If the cookie key is invalid (as
+    # defined by RFC6265), an +ArgumentError+ will be raised.
     #
     # If the cookie +value+ is an instance of +Hash+, it considers the following
     # cookie attribute keys: +domain+, +max_age+, +expires+ (must be instance
@@ -281,10 +277,6 @@ module Rack
     # details about the interpretation of these fields, consult
     # [RFC6265 Section 5.2](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2).
     #
-    # An extra cookie attribute +escape_key+ can be provided to control whether
-    # or not the cookie key is URL encoded. If explicitly set to +false+, the
-    # cookie key name will not be url encoded (escaped). The default is +true+.
-    #
     #   set_cookie_header("myname", "myvalue")
     #   # => "myname=myvalue"
     #
@@ -292,9 +284,12 @@ module Rack
     #   # => "myname=myvalue; max-age=10"
     #
     def set_cookie_header(key, value)
+      unless key =~ VALID_COOKIE_KEY
+        raise ArgumentError, "invalid cookie key: #{key.inspect}"
+      end
+
       case value
       when Hash
-        key = escape_cookie_key(key) unless value[:escape_key] == false
         domain  = "; domain=#{value[:domain]}"   if value[:domain]
         path    = "; path=#{value[:path]}"       if value[:path]
         max_age = "; max-age=#{value[:max_age]}" if value[:max_age]
@@ -316,8 +311,6 @@ module Rack
           end
         partitioned = "; partitioned" if value[:partitioned]
         value = value[:value]
-      else
-        key = escape_cookie_key(key)
       end
 
       value = [value] unless Array === value
@@ -416,7 +409,7 @@ module Rack
       return nil if size.zero?
       return nil unless http_range && http_range =~ /bytes=([^;]+)/
       ranges = []
-      $1.split(/,\s*/).each do |range_spec|
+      $1.split(/,[ \t]*/).each do |range_spec|
         return nil unless range_spec.include?('-')
         range = range_spec.split('-')
         r0, r1 = range[0], range[1]
@@ -592,11 +585,9 @@ module Rack
           fallback_code = OBSOLETE_SYMBOLS_TO_STATUS_CODES.fetch(status) { raise ArgumentError, "Unrecognized status code #{status.inspect}" }
           message = "Status code #{status.inspect} is deprecated and will be removed in a future version of Rack."
           if canonical_symbol = OBSOLETE_SYMBOL_MAPPINGS[status]
-            # message = "#{message} Please use #{canonical_symbol.inspect} instead."
-            # For now, let's not emit any warning when there is a mapping.
-          else
-            warn message, uplevel: 3
+            message = "#{message} Please use #{canonical_symbol.inspect} instead."
           end
+          warn message, uplevel: 3
           fallback_code
         end
       else

data/lib/rack/version.rb

@@ -5,17 +5,13 @@
 # Rack is freely distributable under the terms of an MIT-style license.
 # See MIT-LICENSE or https://opensource.org/licenses/MIT.
 
-# The Rack main module, serving as a namespace for all core Rack
-# modules and classes.
-#
-# All modules meant for use in your application are <tt>autoload</tt>ed here,
-# so it should be enough just to <tt>require 'rack'</tt> in your code.
-
 module Rack
-  RELEASE = "3.1.15"
+  VERSION = "3.2.0"
+
+  RELEASE = VERSION
 
   # Return the Rack release as a dotted string.
   def self.release
-    RELEASE
+    VERSION
   end
 end

data/lib/rack.rb

@@ -34,7 +34,6 @@ module Rack
   autoload :Headers, "rack/headers"
   autoload :Lint, "rack/lint"
   autoload :Lock, "rack/lock"
-  autoload :Logger, "rack/logger"
   autoload :MediaType, "rack/media_type"
   autoload :MethodOverride, "rack/method_override"
   autoload :Mime, "rack/mime"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack
 version: !ruby/object:Gem::Version
-  version: 3.1.15
+  version: 3.2.0
 platform: ruby
 authors:
 - Leah Neukirchen
@@ -107,7 +107,6 @@ files:
 - lib/rack/headers.rb
 - lib/rack/lint.rb
 - lib/rack/lock.rb
-- lib/rack/logger.rb
 - lib/rack/media_type.rb
 - lib/rack/method_override.rb
 - lib/rack/mime.rb
@@ -142,6 +141,7 @@ metadata:
   changelog_uri: https://github.com/rack/rack/blob/main/CHANGELOG.md
   documentation_uri: https://rubydoc.info/github/rack/rack
   source_code_uri: https://github.com/rack/rack
+  rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
 - lib

data/lib/rack/logger.rb

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-require 'logger'
-require_relative 'constants'
-
-warn "Rack::Logger is deprecated and will be removed in Rack 3.2.", uplevel: 1
-
-module Rack
-  # Sets up rack.logger to write to rack.errors stream
-  class Logger
-    def initialize(app, level = ::Logger::INFO)
-      @app, @level = app, level
-    end
-
-    def call(env)
-      logger = ::Logger.new(env[RACK_ERRORS])
-      logger.level = @level
-
-      env[RACK_LOGGER] = logger
-      @app.call(env)
-    end
-  end
-end