sinatra 3.0.4 → 3.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7596f4ab9a68b8aeebf1a916c1cd752a3e7dd2714dd7fa09b8def139f5b2b8f9
-  data.tar.gz: 38ee8094ab7b9bf06a30c4bbefa2b915af6a8c1d1c4c2ec4b97918e07e8dce25
+  metadata.gz: '08567da318760f376b1c6c8ccafd4e1268ff19a800c90939d9f1448a7c85edcb'
+  data.tar.gz: 4287d74952e33c257cd981ed731e732cd0811dbeaeeb7fa553817ef3ad44a9d8
 SHA512:
-  metadata.gz: 1f2f27088c9dfb616693cbac0bfc80a2c831e8c4126c3fc86d9b9888e0b5a20bab767d0120a1ef1045466e7d4228d265503b91cb23e2c4502d5dea494017cbda
-  data.tar.gz: 1e941fdfd3658202725a247ca4d363fb2d2026a9aa1176f61ca170620317e75dccca16b702ca377f65169a8633e43e9c724076581777e46a13e053b717b8212e
+  metadata.gz: af4979f21e7a5bc8e2aebadc68138ad5885829d5c25060303c526fec354552d178d39ae050f5a49700da4bc4b4653264e5371c6dfda44df585a7f198353f65dc
+  data.tar.gz: 3cd222fd4e5a5337cc63a6df8d813ec695cb2e4ea73294048de169e92c93dcee36a6d90f2bbb0a3525f3d27b86c3499f762f1c0b8904e79c7a012a9852095aeb

data/CHANGELOG.md

@@ -2,6 +2,20 @@
 
 * _Your new feature here._
 
+## 3.0.6 / 2023-04-11
+
+* Fix: Add support to keep open streaming connections with Puma [#1858](https://github.com/sinatra/sinatra/pull/1858) by Jordan Owens
+
+* Fix: Avoid crash in `uri` helper on Integer input [#1890](https://github.com/sinatra/sinatra/pull/1890) by Patrik Ragnarsson
+
+* Fix: Rescue `RuntimeError` when trying to use `SecureRandom` [#1888](https://github.com/sinatra/sinatra/pull/1888) by Stefan Sundin
+
+## 3.0.5 / 2022-12-16
+
+* Fix: Add Zeitwerk compatibility. [#1831](https://github.com/sinatra/sinatra/pull/1831) by Dawid Janczak
+
+* Fix: Allow CALLERS_TO_IGNORE to be overridden
+
 ## 3.0.4 / 2022-11-25
 
 * Fix: Escape filename in the Content-Disposition header. [#1841](https://github.com/sinatra/sinatra/pull/1841) by Kunpei Sakai
@@ -66,6 +80,12 @@
 
 * Docs: Japanese documentation: Make Session section reflect changes done to README.md. [#1731](https://github.com/sinatra/sinatra/pull/1731) by @shu-i-chi
 
+## 2.2.3 / 2022-11-25
+
+* Fix: Escape filename in the Content-Disposition header. [#1841](https://github.com/sinatra/sinatra/pull/1841) by Kunpei Sakai
+
+* Fix: fixed ReDoS for Rack::Protection::IPSpoofing. [#1823](https://github.com/sinatra/sinatra/pull/1823) by @ooooooo-q
+
 ## 2.2.2 / 2022-07-23
 
 * Update mustermann dependency to version 2.

data/CONTRIBUTING.md

@@ -65,21 +65,21 @@ track patch requests.
   also has its own [Git repository](http://github.com/sinatra/sinatra-recipes).
 
 * [The Introduction](http://www.sinatrarb.com/intro.html) is generated from
-  Sinatra's [README file](http://github.com/sinatra/sinatra/blob/master/README.md).
+  Sinatra's [README file](http://github.com/sinatra/sinatra/blob/main/README.md).
 
 * If you want to help translating the documentation, the README is already
   available in
-  [Japanese](http://github.com/sinatra/sinatra/blob/master/README.ja.md),
-  [German](http://github.com/sinatra/sinatra/blob/master/README.de.md),
-  [Chinese](https://github.com/sinatra/sinatra/blob/master/README.zh.md),
-  [Russian](https://github.com/sinatra/sinatra/blob/master/README.ru.md),
-  [European](https://github.com/sinatra/sinatra/blob/master/README.pt-pt.md) and
-  [Brazilian](https://github.com/sinatra/sinatra/blob/master/README.pt-br.md)
+  [Japanese](http://github.com/sinatra/sinatra/blob/main/README.ja.md),
+  [German](http://github.com/sinatra/sinatra/blob/main/README.de.md),
+  [Chinese](https://github.com/sinatra/sinatra/blob/main/README.zh.md),
+  [Russian](https://github.com/sinatra/sinatra/blob/main/README.ru.md),
+  [European](https://github.com/sinatra/sinatra/blob/main/README.pt-pt.md) and
+  [Brazilian](https://github.com/sinatra/sinatra/blob/main/README.pt-br.md)
   Portuguese,
-  [French](https://github.com/sinatra/sinatra/blob/master/README.fr.md),
-  [Spanish](https://github.com/sinatra/sinatra/blob/master/README.es.md),
-  [Korean](https://github.com/sinatra/sinatra/blob/master/README.ko.md), and
-  [Hungarian](https://github.com/sinatra/sinatra/blob/master/README.hu.md).
+  [French](https://github.com/sinatra/sinatra/blob/main/README.fr.md),
+  [Spanish](https://github.com/sinatra/sinatra/blob/main/README.es.md),
+  [Korean](https://github.com/sinatra/sinatra/blob/main/README.ko.md), and
+  [Hungarian](https://github.com/sinatra/sinatra/blob/main/README.hu.md).
   The translations tend to fall behind the English version. Translations into
   other languages would also be appreciated.
 

data/Gemfile

@@ -15,12 +15,12 @@ gem 'rake'
 
 rack_version = ENV['rack'].to_s
 rack_version = nil if rack_version.empty? || (rack_version == 'stable')
-rack_version = { github: 'rack/rack' } if rack_version == 'latest'
+rack_version = { github: 'rack/rack' } if rack_version == 'head'
 gem 'rack', rack_version
 
 puma_version = ENV['puma'].to_s
 puma_version = nil if puma_version.empty? || (puma_version == 'stable')
-puma_version = { github: 'puma/puma' } if puma_version == 'latest'
+puma_version = { github: 'puma/puma' } if puma_version == 'head'
 gem 'puma', puma_version
 
 gem 'minitest', '~> 5.0'
@@ -39,7 +39,7 @@ gem 'commonmarker', '~> 0.23.4', platforms: [:ruby]
 gem 'erubi'
 gem 'eventmachine'
 gem 'falcon', '~> 0.40', platforms: [:ruby]
-gem 'haml', '~> 5'
+gem 'haml', '~> 6'
 gem 'kramdown'
 gem 'liquid'
 gem 'markaby'

data/MAINTENANCE.md

@@ -4,13 +4,13 @@
 
 ### Releases
 
-The next major version of Sinatra will be released from the master branch. Each version will be tagged so it will be possible to branch of should there be a need for bug fixes and other updates.
+The next major version of Sinatra will be released from the main branch. Each version will be tagged so it will be possible to branch of should there be a need for bug fixes and other updates.
 
 ## Issues
 
 ### New features
 
-New features will only be added to the master branch and will not be made available in point releases.
+New features will only be added to the main branch and will not be made available in point releases.
 
 ### Bug fixes
 

data/README.md

@@ -984,7 +984,7 @@ To associate a file extension with a template engine, use
 `tt` for Haml templates, you can do the following:
 
 ```ruby
-Tilt.register :tt, Tilt[:haml]
+Tilt.register Tilt[:haml], :tt
 ```
 
 ### Adding Your Own Template Engine
@@ -992,7 +992,7 @@ Tilt.register :tt, Tilt[:haml]
 First, register your engine with Tilt, then create a rendering method:
 
 ```ruby
-Tilt.register :myat, MyAwesomeTemplateEngine
+Tilt.register MyAwesomeTemplateEngine, :myat
 
 helpers do
   def myat(*args) render(:myat, *args) end
@@ -1933,7 +1933,7 @@ end
 ### Configuring attack protection
 
 Sinatra is using
-[Rack::Protection](https://github.com/sinatra/sinatra/tree/master/rack-protection#readme) to
+[Rack::Protection](https://github.com/sinatra/sinatra/tree/main/rack-protection#readme) to
 defend your application against common, opportunistic attacks. You can
 easily disable this behavior (which will open up your application to tons
 of common vulnerabilities):
@@ -2319,7 +2319,7 @@ end
 ```
 
 The semantics of `use` are identical to those defined for the
-[Rack::Builder](http://www.rubydoc.info/github/rack/rack/master/Rack/Builder) DSL
+[Rack::Builder](https://www.rubydoc.info/github/rack/rack/main/Rack/Builder) DSL
 (most frequently used from rackup files). For example, the `use` method
 accepts multiple/variable args as well as blocks:
 
@@ -2335,7 +2335,7 @@ many of these components automatically based on configuration so you
 typically don't have to `use` them explicitly.
 
 You can find useful middleware in
-[rack](https://github.com/rack/rack/tree/master/lib/rack),
+[rack](https://github.com/rack/rack/tree/main/lib/rack),
 [rack-contrib](https://github.com/rack/rack-contrib#readme),
 or in the [Rack wiki](https://github.com/rack/rack/wiki/List-of-Middleware).
 
@@ -2343,7 +2343,7 @@ or in the [Rack wiki](https://github.com/rack/rack/wiki/List-of-Middleware).
 
 Sinatra tests can be written using any Rack-based testing library or
 framework.
-[Rack::Test](http://www.rubydoc.info/github/brynary/rack-test/master/frames)
+[Rack::Test](https://www.rubydoc.info/github/rack/rack-test/main/frames)
 is recommended:
 
 ```ruby
@@ -2838,7 +2838,7 @@ Running Sinatra on a not officially supported Ruby flavor means that if things o
 ## The Bleeding Edge
 
 If you would like to use Sinatra's latest bleeding-edge code, feel free
-to run your application against the master branch, it should be rather
+to run your application against the main branch, it should be rather
 stable.
 
 We also push out prerelease gems from time to time, so you can do a
@@ -2887,20 +2887,19 @@ SemVerTag.
 
 ## Further Reading
 
-* [Project Website](http://www.sinatrarb.com/) - Additional documentation,
+* [Project Website](https://sinatrarb.com/) - Additional documentation,
   news, and links to other resources.
-* [Contributing](http://www.sinatrarb.com/contributing) - Find a bug? Need
+* [Contributing](https://sinatrarb.com/contributing) - Find a bug? Need
   help? Have a patch?
 * [Issue tracker](https://github.com/sinatra/sinatra/issues)
 * [Twitter](https://twitter.com/sinatra)
 * [Mailing List](https://groups.google.com/forum/#!forum/sinatrarb)
 * IRC: [#sinatra](irc://chat.freenode.net/#sinatra) on [Freenode](https://freenode.net)
-* [Sinatra & Friends](https://sinatrarb.slack.com) on Slack
-  ([get an invite](https://sinatra-slack.herokuapp.com/))
+* [Sinatra & Friends](https://discord.gg/ncjsfsNHh7) on Discord
 * [Sinatra Book](https://github.com/sinatra/sinatra-book) - Cookbook Tutorial
 * [Sinatra Recipes](http://recipes.sinatrarb.com/) - Community contributed
   recipes
-* API documentation for the [latest release](http://www.rubydoc.info/gems/sinatra)
-  or the [current HEAD](http://www.rubydoc.info/github/sinatra/sinatra) on
-  [RubyDoc](http://www.rubydoc.info/)
+* API documentation for the [latest release](https://www.rubydoc.info/gems/sinatra)
+  or the [current HEAD](https://www.rubydoc.info/github/sinatra/sinatra) on
+  [RubyDoc](https://www.rubydoc.info/)
 * [CI Actions](https://github.com/sinatra/sinatra/actions)

data/Rakefile

@@ -1,14 +1,11 @@
 # frozen_string_literal: true
 
 require 'rake/clean'
-require 'rake/testtask'
+require 'minitest/test_task'
 require 'fileutils'
 require 'date'
 
 task default: :test
-task spec: :test
-
-CLEAN.include '**/*.rbc'
 
 def source_version
   @source_version ||= File.read(File.expand_path('VERSION', __dir__)).strip
@@ -24,27 +21,20 @@ def prev_version
   source_version.gsub(/\d+$/) { |s| s.to_i - 1 }
 end
 
-# SPECS ===============================================================
+# Tests ===============================================================
 
-Rake::TestTask.new(:test) do |t|
-  t.test_files = FileList['test/*_test.rb']
-  t.ruby_opts = ['-r rubygems'] if defined? Gem
+Minitest::TestTask.create # Default `test` task
+Minitest::TestTask.create(:'test:core') do |t|
   t.warning = true
-end
-
-Rake::TestTask.new(:'test:core') do |t|
-  core_tests = %w[
+  t.test_globs = %w[
     base delegator encoding extensions filter
     helpers mapped_error middleware rdoc
     readme request response result route_added_hook
     routing server settings sinatra static templates
-  ]
-  t.test_files = core_tests.map { |n| "test/#{n}_test.rb" }
-  t.ruby_opts = ['-r rubygems'] if defined? Gem
-  t.warning = true
+  ].map { |n| "test/#{n}_test.rb" }
 end
 
-# Rcov ================================================================
+# Test code coverage ==================================================
 
 namespace :test do
   desc 'Measures test coverage'
@@ -54,6 +44,7 @@ namespace :test do
     Rake::Task['test'].invoke
   end
 end
+CLEAN.include('coverage')
 
 # Website =============================================================
 

data/VERSION

@@ -1 +1 @@
-3.0.4
+3.0.6

data/examples/chat.rb

@@ -1,11 +1,13 @@
 #!/usr/bin/env ruby -I ../lib -I lib
 # frozen_string_literal: true
 
-require_relative 'rainbows'
+# This example does *not* work properly with WEBrick or other
+# servers that buffer output. To shut down the server, close any
+# open browser tabs that are connected to the chat server.
 
 require 'sinatra'
-set :server, :rainbows
-connections = []
+set :server, :puma
+connections = Set.new
 
 get '/' do
   halt erb(:login) unless params[:user]
@@ -14,13 +16,22 @@ end
 
 get '/stream', provides: 'text/event-stream' do
   stream :keep_open do |out|
-    connections << out
-    out.callback { connections.delete(out) }
+    if connections.add?(out)
+      out.callback { connections.delete(out) }
+    end
+    out << "heartbeat:\n"
+    sleep 1
+  rescue
+    out.close
   end
 end
 
 post '/' do
-  connections.each { |out| out << "data: #{params[:msg]}\n\n" }
+  connections.each do |out|
+    out << "data: #{params[:msg]}\n\n"
+  rescue
+    out.close
+  end
   204 # response without entity body
 end
 
@@ -37,10 +48,10 @@ __END__
 </html>
 
 @@ login
-<form action='/'>
+<form action="/">
   <label for='user'>User Name:</label>
-  <input name='user' value='' />
-  <input type='submit' value="GO!" />
+  <input name="user" value="" />
+  <input type="submit" value="GO!" />
 </form>
 
 @@ chat

data/lib/sinatra/base.rb

@@ -19,7 +19,7 @@ require 'sinatra/version'
 
 module Sinatra
   # The request object. See Rack::Request for more info:
-  # http://rubydoc.info/github/rack/rack/master/Rack/Request
+  # https://rubydoc.info/github/rack/rack/main/Rack/Request
   class Request < Rack::Request
     HEADER_PARAM = /\s*[\w.]+=(?:[\w.]+|"(?:[^"\\]|\\.)*")?\s*/.freeze
     HEADER_VALUE_WITH_PARAMS = %r{(?:(?:\w+|\*)/(?:\w+(?:\.|-|\+)?|\*)*)\s*(?:;#{HEADER_PARAM})*}.freeze
@@ -158,8 +158,8 @@ module Sinatra
 
   # The response object. See Rack::Response and Rack::Response::Helpers for
   # more info:
-  # http://rubydoc.info/github/rack/rack/master/Rack/Response
-  # http://rubydoc.info/github/rack/rack/master/Rack/Response/Helpers
+  # https://rubydoc.info/github/rack/rack/main/Rack/Response
+  # https://rubydoc.info/github/rack/rack/main/Rack/Response/Helpers
   class Response < Rack::Response
     DROP_BODY_RESPONSES = [204, 304].freeze
 
@@ -291,7 +291,7 @@ module Sinatra
       elsif value
         # Rack 2.0 returns a Rack::File::Iterator here instead of
         # Rack::File as it was in the previous API.
-        unless request.head? || value.is_a?(Rack::File::Iterator) || value.is_a?(Stream)
+        unless request.head? || value.is_a?(Rack::Files::Iterator) || value.is_a?(Stream)
           headers.delete 'Content-Length'
         end
         response.body = value
@@ -317,7 +317,7 @@ module Sinatra
     # Generates the absolute URI for a given path in the app.
     # Takes Rack routers and reverse proxies into account.
     def uri(addr = nil, absolute = true, add_script_name = true)
-      return addr if addr =~ /\A[a-z][a-z0-9+.\-]*:/i
+      return addr if addr.to_s =~ /\A[a-z][a-z0-9+.\-]*:/i
 
       uri = [host = String.new]
       if absolute
@@ -429,7 +429,7 @@ module Sinatra
 
       last_modified opts[:last_modified] if opts[:last_modified]
 
-      file   = Rack::File.new(File.dirname(settings.app_file))
+      file   = Rack::Files.new(File.dirname(settings.app_file))
       result = file.serving(request, path)
 
       result[1].each { |k, v| headers[k] ||= v }
@@ -474,8 +474,9 @@ module Sinatra
             @back.call(self)
           rescue Exception => e
             @scheduler.schedule { raise e }
+          ensure
+            close unless @keep_open
           end
-          close unless @keep_open
         end
       end
 
@@ -506,7 +507,16 @@ module Sinatra
     def stream(keep_open = false)
       scheduler = env['async.callback'] ? EventMachine : Stream
       current   = @params.dup
-      body Stream.new(scheduler, keep_open) { |out| with_params(current) { yield(out) } }
+      stream = if scheduler == Stream  && keep_open
+        Stream.new(scheduler, false) do |out|
+          until out.closed?
+            with_params(current) { yield(out) }
+          end
+        end
+      else
+        Stream.new(scheduler, keep_open) { |out| with_params(current) { yield(out) } }
+      end
+      body stream
     end
 
     # Specify response freshness policy for HTTP caches (Cache-Control header).
@@ -1216,11 +1226,16 @@ module Sinatra
         %r{rubygems/(custom|core_ext/kernel)_require\.rb$}, # rubygems require hacks
         /active_support/,                                   # active_support require hacks
         %r{bundler(/(?:runtime|inline))?\.rb},              # bundler require hacks
-        /<internal:/                                        # internal in ruby >= 1.9.2
+        /<internal:/,                                       # internal in ruby >= 1.9.2
+        %r{zeitwerk/kernel\.rb}                             # Zeitwerk kernel#require decorator
       ].freeze
 
       attr_reader :routes, :filters, :templates, :errors
 
+      def callers_to_ignore
+        CALLERS_TO_IGNORE
+      end
+
       # Removes all routes, filters, middleware and extension hooks from the
       # current class (not routes/filters/... defined by its superclass).
       def reset!
@@ -1787,7 +1802,7 @@ module Sinatra
       def cleaned_caller(keep = 3)
         caller(1)
           .map! { |line| line.split(/:(?=\d|in )/, 3)[0, keep] }
-          .reject { |file, *_| CALLERS_TO_IGNORE.any? { |pattern| file =~ pattern } }
+          .reject { |file, *_| callers_to_ignore.any? { |pattern| file =~ pattern } }
       end
     end
 
@@ -1833,8 +1848,9 @@ module Sinatra
     begin
       require 'securerandom'
       set :session_secret, SecureRandom.hex(64)
-    rescue LoadError, NotImplementedError
+    rescue LoadError, NotImplementedError, RuntimeError
       # SecureRandom raises a NotImplementedError if no random device is available
+      # RuntimeError raised due to broken openssl backend: https://bugs.ruby-lang.org/issues/19230
       set :session_secret, format('%064x', Kernel.rand((2**256) - 1))
     end
 

data/lib/sinatra/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sinatra
-  VERSION = '3.0.3'
+  VERSION = '3.0.6'
 end

data/sinatra.gemspec

@@ -36,7 +36,7 @@ RubyGems 2.0 or newer is required to protect against public gem pushes. You can
 
   s.metadata = {
     'source_code_uri' => 'https://github.com/sinatra/sinatra',
-    'changelog_uri' => 'https://github.com/sinatra/sinatra/blob/master/CHANGELOG.md',
+    'changelog_uri' => 'https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md',
     'homepage_uri' => 'http://sinatrarb.com/',
     'bug_tracker_uri' => 'https://github.com/sinatra/sinatra/issues',
     'mailing_list_uri' => 'http://groups.google.com/group/sinatrarb',

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sinatra
 version: !ruby/object:Gem::Version
-  version: 3.0.4
+  version: 3.0.6
 platform: ruby
 authors:
 - Blake Mizerany
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-11-25 00:00:00.000000000 Z
+date: 2023-04-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mustermann
@@ -53,14 +53,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.0.4
+        version: 3.0.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.0.4
+        version: 3.0.6
 - !ruby/object:Gem::Dependency
   name: tilt
   requirement: !ruby/object:Gem::Requirement
@@ -128,7 +128,7 @@ licenses:
 - MIT
 metadata:
   source_code_uri: https://github.com/sinatra/sinatra
-  changelog_uri: https://github.com/sinatra/sinatra/blob/master/CHANGELOG.md
+  changelog_uri: https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md
   homepage_uri: http://sinatrarb.com/
   bug_tracker_uri: https://github.com/sinatra/sinatra/issues
   mailing_list_uri: http://groups.google.com/group/sinatrarb
@@ -154,7 +154,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: Classy web-development dressed in a DSL