sinatra 3.1.0 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 315dee3d85d7778ffa48e041bd60370e9e89ecd3c01dbf0cf9450e41c62dc0d8
-  data.tar.gz: '083a914c0b520684471e2715ec091c67ca8121bfb8b5d4cf410307d6e14e4ac5'
+  metadata.gz: 71d0bb379c736d6c251ceb424cac84dbe3a8b22d80a54473a0af1085b93b7dbf
+  data.tar.gz: 489d48a5e4f934127e04cdafa2d0d582c5143cc2a8f476239ea5b5b0f0e492c9
 SHA512:
-  metadata.gz: 2790a4d58595f0f89667c5fd4530dde2de532ddaf02628f373162cc47d393732b1c9475ab59775c756750dfb52e60e7091118936ac8e70739fb266b46f82d3bd
-  data.tar.gz: eb74f34bf0b9a681557809c656754312eb266e66c3b68fcabbf95699c3273cf4d998e3969224b09df9127ff90f5d34fba5bc93b1ff0c321b4a7646ddfcc0b6b7
+  metadata.gz: fbe92c1867d3ebe8ddc3f707c4e9f9cf2b68bddf2556164b85083ac635650725d63f8c847b4c70d0ad2abf6793b5f1054918b0b7c4e04d303119867be84c3253
+  data.tar.gz: 0727d88e9f5574c304dd3f31c6107a2b3e1cde96914e258c86fee529a1e922b0ff1d023f109fcc3b232f010ae21d9bdb4c365001dc7c3f658c0bd75b95e8d24d

data/AUTHORS.md

@@ -2,31 +2,37 @@ Sinatra was designed and developed by Blake Mizerany in California.
 
 ### Current Team
 
-* **Konstantin Haase** (maintainer)
+* **Eloy Perez**
+* **Jordan Owens**
+* **Olle Jonsson**
+* **Patrik Ragnarsson**
 * **Zachary Scott**
-* **Kashyap Kondamudi**
-* **Ashley Williams**
-* **Trevor Bramble**
-* **Kunpei Sakai**
 
 ### Alumni
 
 * **Blake Mizerany** (creator)
+* **Konstantin Haase** (maintainer)
 * **Ryan Tomayko**
 * **Simon Rozet**
 * **Katrina Owen**
+* **Kashyap Kondamudi**
+* **Ashley Williams**
+* **Trevor Bramble**
+* **Kunpei Sakai**
 
 ### Thanks
 
 Sinatra would not have been possible without strong company backing.
 In the past, financial and emotional support have been provided mainly by
-[Heroku](http://heroku.com), [GitHub](https://github.com) and
-[Engine Yard](http://www.engineyard.com/), and is now taken care of by
-[Travis CI](http://travis-ci.com/).
+[Heroku](https://heroku.com), [GitHub](https://github.com),
+[Engine Yard](http://www.engineyard.com/) and [Travis CI](https://travis-ci.com/),
+and is now taken care of by [84codes](https://www.84codes.com/).
 
 Special thanks to the following extraordinary individuals, without whom
 Sinatra would not be possible:
 
+* [Benoit Daloze](https://eregon.me/blog/) (eregon) for help around TruffleRuby
+  and keyword arguments use in mustermann.
 * [Ryan Tomayko](http://tomayko.com/) (rtomayko) for constantly fixing
   whitespace errors __60d5006__
 * [Ezra Zygmuntowicz](http://brainspl.at/) (ezmobius) for initial help and

data/CHANGELOG.md

@@ -1,6 +1,50 @@
-## Unreleased
+## 4.0.0. / 2024-01-19
 
-* _Your new feature here._
+* New: Add support for Rack 3 ([#1857])
+  * Note: you may want to read the [Rack 3 Upgrade Guide]
+
+* Require Ruby 2.7.8 as minimum Ruby version ([#1993])
+
+* Breaking change: Drop support for Rack 2 ([#1857])
+  * Note: when using Sinatra to start the web server, you now need the `rackup` gem installed
+
+* Breaking change: Remove the `IndifferentHash` initializer ([#1982])
+
+* Breaking change: Disable `session_hijacking` protection by default ([#1984])
+
+* Breaking change: Remove `Rack::Protection::EncryptedCookie` ([#1989])
+  * Note: cookies are still encrypted (by [`Rack::Session::Cookie`])
+
+[#1857]: https://github.com/sinatra/sinatra/pull/1857
+[#1993]: https://github.com/sinatra/sinatra/pull/1993
+[#1982]: https://github.com/sinatra/sinatra/pull/1982
+[#1984]: https://github.com/sinatra/sinatra/pull/1984
+[#1989]: https://github.com/sinatra/sinatra/pull/1989
+[`Rack::Session::Cookie`]: https://github.com/rack/rack-session
+[Rack 3 Upgrade Guide]: https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md
+
+## 3.2.0 / 2023-12-29
+
+* New: Add `#except` method to `Sinatra::IndifferentHash` ([#1940])
+
+* New: Use `Exception#detailed_message` to show backtrace ([#1952])
+
+* New: Add `Sinatra::HamlHelpers` to sinatra-contrib ([#1960])
+
+* Fix: Add `base64` to rack-protection runtime dependencies ([#1946])
+
+* Fix: Avoid open-ended dependencies for sinatra-contrib and rack-protection ([#1949])
+
+* Fix: Helpful message when `Sinatra::Runner` times out ([#1975])
+
+* Fix: Ruby 3.3 + Bundler 2.5 compatibility ([#1975])
+
+[#1940]: https://github.com/sinatra/sinatra/pull/1940
+[#1946]: https://github.com/sinatra/sinatra/pull/1946
+[#1949]: https://github.com/sinatra/sinatra/pull/1949
+[#1952]: https://github.com/sinatra/sinatra/pull/1952
+[#1960]: https://github.com/sinatra/sinatra/pull/1960
+[#1975]: https://github.com/sinatra/sinatra/pull/1975
 
 ## 3.1.0 / 2023-08-07
 
@@ -16,6 +60,7 @@
 
 * Fix: rack-protection: specify rack version requirement [#1932] by Patrik Ragnarsson
 
+[#1911]: https://github.com/sinatra/sinatra/pull/1911
 [#1913]: https://github.com/sinatra/sinatra/pull/1913
 [#1900]: https://github.com/sinatra/sinatra/pull/1900
 [#1924]: https://github.com/sinatra/sinatra/pull/1924

data/Gemfile

@@ -1,13 +1,5 @@
 # frozen_string_literal: true
 
-# Why use bundler?
-# Well, not all development dependencies install on all rubies. Moreover, `gem
-# install sinatra --development` doesn't work, as it will also try to install
-# development dependencies of our dependencies, and those are not conflict free.
-# So, here we are, `bundle install`.
-#
-# If you have issues with a gem: `bundle install --without-coffee-script`.
-
 source 'https://rubygems.org'
 gemspec
 
@@ -18,29 +10,29 @@ rack_version = nil if rack_version.empty? || (rack_version == 'stable')
 rack_version = { github: 'rack/rack' } if rack_version == 'head'
 gem 'rack', rack_version
 
+rack_session_version = ENV['rack_session'].to_s
+rack_session_version = nil if rack_session_version.empty? || (rack_session_version == 'stable')
+rack_session_version = { github: 'rack/rack-session' } if rack_session_version == 'head'
+gem 'rack-session', rack_session_version
+
+gem 'rackup'
+
 puma_version = ENV['puma'].to_s
 puma_version = nil if puma_version.empty? || (puma_version == 'stable')
 puma_version = { github: 'puma/puma' } if puma_version == 'head'
 gem 'puma', puma_version
 
 gem 'minitest', '~> 5.0'
-gem 'rack-test', github: 'rack/rack-test'
+gem 'rack-test'
 gem 'rubocop', '~> 1.32.0', require: false
-gem 'yard'
+gem 'yard' # used by rake doc
 
 gem 'rack-protection', path: 'rack-protection'
 gem 'sinatra-contrib', path: 'sinatra-contrib'
 
-# traces 0.10.0 started to use Ruby 2.7 syntax without specifying required Ruby version
-# https://github.com/socketry/traces/pull/8#discussion_r1237988182
-# async-http 0.60.2 added traces 0.10.0 as dependency
-# https://github.com/socketry/async-http/pull/124/files#r1237988899
-gem 'traces', '< 0.10.0' if RUBY_VERSION >= '2.6.0' && RUBY_VERSION < '2.7.0'
-
-gem 'activesupport', '~> 6.1'
-
 gem 'asciidoctor'
 gem 'builder'
+gem 'childprocess', '>= 5'
 gem 'commonmarker', '~> 0.23.4', platforms: [:ruby]
 gem 'erubi'
 gem 'eventmachine'
@@ -52,15 +44,18 @@ gem 'markaby'
 gem 'nokogiri', '> 1.5.0'
 gem 'pandoc-ruby', '~> 2.0.2'
 gem 'rabl'
-gem 'rainbows', platforms: [:mri] # uses #fork
 gem 'rdiscount', platforms: [:ruby]
 gem 'rdoc'
 gem 'redcarpet', platforms: [:ruby]
-gem 'sass-embedded', '~> 1.54'
 gem 'simplecov', require: false
 gem 'slim', '~> 4'
 gem 'yajl-ruby', platforms: [:ruby]
-
-gem 'json', platforms: %i[jruby mri]
-
-gem 'jar-dependencies', '= 0.4.1', platforms: [:jruby] # Gem::LoadError with jar-dependencies 0.4.2
+gem 'zeitwerk'
+
+# sass-embedded depends on google-protobuf
+# which fails to be installed on JRuby and TruffleRuby under aarch64
+# https://github.com/jruby/jruby/issues/8062
+# https://github.com/protocolbuffers/protobuf/issues/11935
+java    = %w(jruby truffleruby).include?(RUBY_ENGINE)
+aarch64 = RbConfig::CONFIG["target_cpu"] == 'aarch64'
+gem 'sass-embedded', '~> 1.54' unless java && aarch64

data/README.md

@@ -846,7 +846,7 @@ It also takes a block for inline templates (see [example](#inline-templates)).
 <table>
   <tr>
     <td>Dependency</td>
-    <td><a href="http://slim-lang.com/" title="Slim Lang">Slim Lang</a></td>
+    <td><a href="https://slim-template.github.io/" title="Slim Lang">Slim Lang</a></td>
   </tr>
   <tr>
     <td>File Extension</td>
@@ -1199,22 +1199,6 @@ $ ruby -e "require 'securerandom'; puts SecureRandom.hex(64)"
 99ae8af...snip...ec0f262ac
 ```
 
-**Session Secret Generation (Bonus Points)**
-
-Use the [sysrandom gem](https://github.com/cryptosphere/sysrandom#readme) to
-use the system RNG facilities to generate random values instead of
-userspace `OpenSSL` which MRI Ruby currently defaults to:
-
-```text
-$ gem install sysrandom
-Building native extensions.  This could take a while...
-Successfully installed sysrandom-1.x
-1 gem installed
-
-$ ruby -e "require 'sysrandom/securerandom'; puts SecureRandom.hex(64)"
-99ae8af...snip...ec0f262ac
-```
-
 **Session Secret Environment Variable**
 
 Set a `SESSION_SECRET` environment variable for Sinatra to the value you
@@ -1229,14 +1213,10 @@ purposes only:
 **Session Secret App Config**
 
 Set up your app config to fail-safe to a secure random secret
-if the `SESSION_SECRET` environment variable is not available.
-
-For bonus points use the [sysrandom
-gem](https://github.com/cryptosphere/sysrandom#readme) here as well:
+if the `SESSION_SECRET` environment variable is not available:
 
 ```ruby
 require 'securerandom'
-# -or- require 'sysrandom/securerandom'
 set :session_secret, ENV.fetch('SESSION_SECRET') { SecureRandom.hex(64) }
 ```
 
@@ -1441,53 +1421,9 @@ to `stream` finishes executing. Streaming does not work at all with Shotgun.
 
 If the optional parameter is set to `keep_open`, it will not call `close` on
 the stream object, allowing you to close it at any later point in the
-execution flow. This only works on evented servers, like Rainbows.
-Other servers will still close the stream:
-
-```ruby
-# config.ru
-require 'sinatra/base'
-
-class App < Sinatra::Base
-  connections = []
-
-  get '/subscribe', provides: 'text/event-stream'  do
-    # register a client's interest in server events
-    stream(:keep_open) do |out|
-      connections << out
-      # purge dead connections
-      connections.reject!(&:closed?)
-    end
-  end
-
-  post '/' do
-    connections.each do |out|
-      # notify client that a new message has arrived
-      out << "data: #{params[:msg]}\n\n"
-
-      # indicate client to connect again
-      out.close
-    end
-
-    204 # response without entity body
-  end
-end
-
-run App
-```
-
-```ruby
-# rainbows.conf
-Rainbows! do
-  use :EventMachine
-end
-````
+execution flow.
 
-Run:
-
-```shell
-rainbows -c rainbows.conf
-```
+You can have a look at the [chat example](https://github.com/sinatra/sinatra/blob/main/examples/chat.rb)
 
 It's also possible for the client to close the connection when trying to
 write to the socket. Because of this, it's recommended to check
@@ -1986,7 +1922,7 @@ set :protection, :except => :path_traversal
 You can also hand in an array in order to disable a list of protections:
 
 ```ruby
-set :protection, :except => [:path_traversal, :session_hijacking]
+set :protection, :except => [:path_traversal, :remote_token]
 ```
 
 By default, Sinatra will only set up session based protection if `:sessions`
@@ -2878,68 +2814,30 @@ by Konstantin_
 Sinatra doesn't impose any concurrency model but leaves that to the
 underlying Rack handler (server) like Puma or WEBrick. Sinatra
 itself is thread-safe, so there won't be any problem if the Rack handler
-uses a threaded model of concurrency. This would mean that when starting
-the server, you'd have to specify the correct invocation method for the
-specific Rack handler. The following example is a demonstration of how
-to start a multi-threaded Rainbows server:
-
-```ruby
-# config.ru
-
-require 'sinatra/base'
-
-class App < Sinatra::Base
-  get '/' do
-    "Hello, World"
-  end
-end
-
-run App
-```
-
-```ruby
-# rainbows.conf
-
-# Rainbows configurator is based on Unicorn.
-Rainbows! do
-  use :ThreadSpawn
-end
-```
-
-To start the server, the command would be:
-
-```shell
-rainbows -c rainbows.conf
-```
+uses a threaded model of concurrency.
 
 ## Requirement
 
 The following Ruby versions are officially supported:
 <dl>
-  <dt>Ruby 2.6</dt>
+  <dt>Ruby</dt>
   <dd>
-    2.6 is fully supported and recommended. There are currently no plans to
-    drop official support for it.
+    <a href="https://www.ruby-lang.org/en/downloads/">The stable releases</a> are fully supported and recommended.
   </dd>
 
-  <dt>Rubinius</dt>
+  <dt>TruffleRuby</dt>
   <dd>
-    Rubinius is officially supported (Rubinius >= 2.x). It is recommended to
-    <tt>gem install puma</tt>.
+    The latest stable release of TruffleRuby is supported.
   </dd>
 
   <dt>JRuby</dt>
   <dd>
-    The latest stable release of JRuby is officially supported. It is not
-    recommended to use C extensions with JRuby. It is recommended to
-    <tt>gem install trinidad</tt>.
+    The latest stable release of JRuby is supported. It is not
+    recommended to use C extensions with JRuby.
   </dd>
 </dl>
 
-Versions of Ruby before 2.6 are no longer supported as of Sinatra 3.0.0.
-
-We also keep an eye on upcoming Ruby versions. Expect upcoming
-3.x releases to be fully supported.
+Versions of Ruby before 2.7.8 are no longer supported as of Sinatra 4.0.0.
 
 Sinatra should work on any operating system supported by the chosen Ruby
 implementation.

data/Rakefile

@@ -191,7 +191,7 @@ if defined?(Gem)
       end
     end
 
-    desc 'Commits the version to github repository'
+    desc 'Commits the version to git (no push)'
     task :commit_version do
       %w[
         lib/sinatra
@@ -203,10 +203,22 @@ if defined?(Gem)
       end
 
       sh <<-SH
-        git commit --allow-empty -a -m '#{source_version} release'  &&
-        git tag -s v#{source_version} -m '#{source_version} release'  &&
-        git push && (git push origin || true) &&
-        git push --tags && (git push origin --tags || true)
+        git commit --allow-empty --all --message '#{source_version} release'
+      SH
+    end
+
+    desc 'Tags the version in git (no push)'
+    task :tag_version do
+      sh <<-SH
+        git tag --sign v#{source_version} --message '#{source_version} release'
+      SH
+    end
+
+    desc 'Watch the release workflow run'
+    task :watch do
+      sh <<-SH
+        runId=$(gh run list --workflow=release.yml --limit 1 --json databaseId --jq '.[].databaseId')
+        gh run watch --interval 1 --exit-status $runId
       SH
     end
 

data/SECURITY.md

@@ -6,7 +6,7 @@ After the initial reply to your report the security team will endeavor to keep y
 
 If you have not received a reply to your email within 48 hours, or have not heard from the security team for the past five days there are a few steps you can take:
 
-* Contact the current security coordinator [Zachary Scott](mailto:zzak@ruby-lang.org) directly
+* Reach out to us on [discord](https://discord.gg/ncjsfsNHh7)
 
 ## Disclosure Policy
 

data/VERSION

@@ -1 +1 @@
-3.1.0
+4.0.0

data/examples/stream.ru

@@ -6,7 +6,6 @@
 #
 #   unicorn stream.ru                   # gem install unicorn
 #   puma stream.ru                      # gem install puma
-#   rainbows -c rainbows.conf stream.ru # gem install rainbows eventmachine
 
 require 'sinatra/base'
 

data/lib/sinatra/base.rb

@@ -2,8 +2,13 @@
 
 # external dependencies
 require 'rack'
+begin
+  require 'rackup'
+rescue LoadError
+end
 require 'tilt'
 require 'rack/protection'
+require 'rack/session'
 require 'mustermann'
 require 'mustermann/sinatra'
 require 'mustermann/regular'
@@ -176,8 +181,8 @@ module Sinatra
       result = body
 
       if drop_content_info?
-        headers.delete 'Content-Length'
-        headers.delete 'Content-Type'
+        headers.delete 'content-length'
+        headers.delete 'content-type'
       end
 
       if drop_body?
@@ -186,9 +191,9 @@ module Sinatra
       end
 
       if calculate_content_length?
-        # if some other code has already set Content-Length, don't muck with it
+        # if some other code has already set content-length, don't muck with it
         # currently, this would be the static file-handler
-        headers['Content-Length'] = body.map(&:bytesize).reduce(0, :+).to_s
+        headers['content-length'] = body.map(&:bytesize).reduce(0, :+).to_s
       end
 
       [status, headers, result]
@@ -197,7 +202,7 @@ module Sinatra
     private
 
     def calculate_content_length?
-      headers['Content-Type'] && !headers['Content-Length'] && (Array === body)
+      headers['content-type'] && !headers['content-length'] && (Array === body)
     end
 
     def drop_content_info?
@@ -209,7 +214,7 @@ module Sinatra
     end
   end
 
-  # Some Rack handlers (Rainbows!) implement an extended body object protocol, however,
+  # Some Rack handlers implement an extended body object protocol, however,
   # some middleware (namely Rack::Lint) will break it by not mirroring the methods in question.
   # This middleware will detect an extended body object and will make sure it reaches the
   # handler directly. We do this here, so our middleware and middleware set up by the app will
@@ -289,10 +294,8 @@ module Sinatra
         def block.each; yield(call) end
         response.body = block
       elsif value
-        # Rack 2.0 returns a Rack::File::Iterator here instead of
-        # Rack::File as it was in the previous API.
         unless request.head? || value.is_a?(Rack::Files::Iterator) || value.is_a?(Stream)
-          headers.delete 'Content-Length'
+          headers.delete 'content-length'
         end
         response.body = value
       else
@@ -302,7 +305,10 @@ module Sinatra
 
     # Halt processing and redirect to the URI provided.
     def redirect(uri, *args)
-      if (env['HTTP_VERSION'] == 'HTTP/1.1') && (env['REQUEST_METHOD'] != 'GET')
+      # SERVER_PROTOCOL is required in Rack 3, fall back to HTTP_VERSION
+      # for servers not updated for Rack 3 (like Puma 5)
+      http_version = env['SERVER_PROTOCOL'] || env['HTTP_VERSION']
+      if (http_version == 'HTTP/1.1') && (env['REQUEST_METHOD'] != 'GET')
         status 303
       else
         status 302
@@ -372,10 +378,10 @@ module Sinatra
       Base.mime_type(type)
     end
 
-    # Set the Content-Type of the response body given a media type or file
+    # Set the content-type of the response body given a media type or file
     # extension.
     def content_type(type = nil, params = {})
-      return response['Content-Type'] unless type
+      return response['content-type'] unless type
 
       default = params.delete :default
       mime_type = mime_type(type) || default
@@ -393,7 +399,7 @@ module Sinatra
           "#{key}=#{val}"
         end.join(', ')
       end
-      response['Content-Type'] = mime_type
+      response['content-type'] = mime_type
     end
 
     # https://html.spec.whatwg.org/#multipart-form-data
@@ -412,12 +418,12 @@ module Sinatra
       params = format('; filename="%s"', File.basename(filename).gsub(/["\r\n]/, MULTIPART_FORM_DATA_REPLACEMENT_TABLE))
       response['Content-Disposition'] << params
       ext = File.extname(filename)
-      content_type(ext) unless response['Content-Type'] || ext.empty?
+      content_type(ext) unless response['content-type'] || ext.empty?
     end
 
     # Use the contents of the file at +path+ as the response body.
     def send_file(path, opts = {})
-      if opts[:type] || !response['Content-Type']
+      if opts[:type] || !response['content-type']
         content_type opts[:type] || File.extname(path), default: 'application/octet-stream'
       end
 
@@ -433,7 +439,7 @@ module Sinatra
       result = file.serving(request, path)
 
       result[1].each { |k, v| headers[k] ||= v }
-      headers['Content-Length'] = result[1]['Content-Length']
+      headers['content-length'] = result[1]['content-length']
       opts[:status] &&= Integer(opts[:status])
       halt (opts[:status] || result[0]), result[2]
     rescue Errno::ENOENT
@@ -502,8 +508,7 @@ module Sinatra
     # the response body have not yet been generated.
     #
     # The close parameter specifies whether Stream#close should be called
-    # after the block has been executed. This is only relevant for evented
-    # servers like Rainbows.
+    # after the block has been executed.
     def stream(keep_open = false)
       scheduler = env['async.callback'] ? EventMachine : Stream
       current   = @params.dup
@@ -996,7 +1001,7 @@ module Sinatra
       invoke { dispatch! }
       invoke { error_block!(response.status) } unless @env['sinatra.error']
 
-      unless @response['Content-Type']
+      unless @response['content-type']
         if Array === body && body[0].respond_to?(:content_type)
           content_type body[0].content_type
         elsif (default = settings.default_content_type)
@@ -1059,7 +1064,7 @@ module Sinatra
       routes = base.routes[@request.request_method]
 
       routes&.each do |pattern, conditions, block|
-        response.delete_header('Content-Type') unless @pinned_response
+        response.delete_header('content-type') unless @pinned_response
 
         returned_pass_block = process_route(pattern, conditions) do |*args|
           env['sinatra.route'] = "#{@request.request_method} #{pattern}"
@@ -1180,7 +1185,7 @@ module Sinatra
       invoke do
         static! if settings.static? && (request.get? || request.head?)
         filter! :before do
-          @pinned_response = !response['Content-Type'].nil?
+          @pinned_response = !response['content-type'].nil?
         end
         route!
       end
@@ -1261,7 +1266,19 @@ module Sinatra
     end
 
     def dump_errors!(boom)
-      msg = ["#{Time.now.strftime('%Y-%m-%d %H:%M:%S')} - #{boom.class} - #{boom.message}:", *boom.backtrace].join("\n\t")
+      if boom.respond_to?(:detailed_message)
+        msg = boom.detailed_message(highlight: false)
+        if msg =~ /\A(.*?)(?: \(#{ Regexp.quote(boom.class.to_s) }\))?\n/
+          msg = $1
+          additional_msg = $'.lines(chomp: true)
+        else
+          additional_msg = []
+        end
+      else
+        msg = boom.message
+        additional_msg = []
+      end
+      msg = ["#{Time.now.strftime('%Y-%m-%d %H:%M:%S')} - #{boom.class} - #{msg}:", *additional_msg, *boom.backtrace].join("\n\t")
       @env['rack.errors'].puts(msg)
     end
 
@@ -1270,6 +1287,7 @@ module Sinatra
         %r{/sinatra(/(base|main|show_exceptions))?\.rb$},   # all sinatra code
         %r{lib/tilt.*\.rb$},                                # all tilt code
         /^\(.*\)$/,                                         # generated code
+        /\/bundled_gems.rb$/,                               # ruby >= 3.3 with bundler >= 2.5
         %r{rubygems/(custom|core_ext/kernel)_require\.rb$}, # rubygems require hacks
         /active_support/,                                   # active_support require hacks
         %r{bundler(/(?:runtime|inline))?\.rb},              # bundler require hacks
@@ -1448,7 +1466,13 @@ module Sinatra
       #   mime_types :js   # => ['application/javascript', 'text/javascript']
       def mime_types(type)
         type = mime_type type
-        type =~ %r{^application/(xml|javascript)$} ? [type, "text/#{$1}"] : [type]
+        if type =~ %r{^application/(xml|javascript)$}
+          [type, "text/#{$1}"]
+        elsif type =~ %r{^text/(xml|javascript)$}
+          [type, "application/#{$1}"]
+        else
+          [type]
+        end
       end
 
       # Define a before filter; runs before all requests within the same
@@ -1577,10 +1601,27 @@ module Sinatra
       # Puma, Falcon, or WEBrick (in that order). If given a block, will call
       # with the constructed handler once we have taken the stage.
       def run!(options = {}, &block)
+        unless defined?(Rackup::Handler)
+          rackup_warning = <<~MISSING_RACKUP
+            Sinatra could not start, the "rackup" gem was not found!
+
+            Add it to your bundle with:
+
+                bundle add rackup
+
+            or install it with:
+
+                gem install rackup
+
+          MISSING_RACKUP
+          warn rackup_warning
+          exit 1
+        end
+
         return if running?
 
         set options
-        handler         = Rack::Handler.pick(server)
+        handler         = Rackup::Handler.pick(server)
         handler_name    = handler.name.gsub(/.*::/, '')
         server_settings = settings.respond_to?(:server_settings) ? settings.server_settings : {}
         server_settings.merge!(Port: port, Host: bind)
@@ -1712,7 +1753,7 @@ module Sinatra
         types.map! { |t| mime_types(t) }
         types.flatten!
         condition do
-          response_content_type = response['Content-Type']
+          response_content_type = response['content-type']
           preferred_type = request.preferred_type(types)
 
           if response_content_type
@@ -1889,7 +1930,7 @@ module Sinatra
     set :dump_errors, proc { !test? }
     set :show_exceptions, proc { development? }
     set :sessions, false
-    set :session_store, Rack::Protection::EncryptedCookie
+    set :session_store, Rack::Session::Cookie
     set :logging, false
     set :protection, true
     set :method_override, false
@@ -1995,7 +2036,7 @@ module Sinatra
           </head>
           <body>
             <h2>Sinatra doesn’t know this ditty.</h2>
-            <img src='#{uri '/__sinatra__/404.png'}'>
+            <img src='#{request.script_name}/__sinatra__/404.png'>
             <div id="c">
               Try this:
               <pre>#{Rack::Utils.escape_html(code)}</pre>

data/lib/sinatra/indifferent_hash.rb

@@ -21,7 +21,8 @@ module Sinatra
   # writing interface (calling e.g. <tt>[]=</tt>, <tt>merge</tt>). This mapping
   # belongs to the public interface. For example, given:
   #
-  #   hash = Sinatra::IndifferentHash.new(:a=>1)
+  #   hash = Sinatra::IndifferentHash.new
+  #   hash[:a] = 1
   #
   # You are guaranteed that the key is returned as a string:
   #
@@ -29,7 +30,8 @@ module Sinatra
   #
   # Technically other types of keys are accepted:
   #
-  #   hash = Sinatra::IndifferentHash.new(:a=>1)
+  #   hash = Sinatra::IndifferentHash
+  #   hash[:a] = 1
   #   hash[0] = 0
   #   hash # => { "a"=>1, 0=>0 }
   #
@@ -41,12 +43,6 @@ module Sinatra
       new.merge!(Hash[*args])
     end
 
-    def initialize(*args)
-      args.map!(&method(:convert_value))
-
-      super(*args)
-    end
-
     def default(*args)
       args.map!(&method(:convert_key))
 
@@ -186,6 +182,12 @@ module Sinatra
       dup.tap(&:compact!)
     end
 
+    def except(*keys)
+      keys.map!(&method(:convert_key))
+
+      super(*keys)
+    end if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new("3.0")
+
     private
 
     def convert_key(key)

data/lib/sinatra/show_exceptions.rb

@@ -38,8 +38,8 @@ module Sinatra
       [
         500,
         {
-          'Content-Type' => content_type,
-          'Content-Length' => body.bytesize.to_s
+          'content-type' => content_type,
+          'content-length' => body.bytesize.to_s
         },
         [body]
       ]

data/lib/sinatra/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sinatra
-  VERSION = '3.1.0'
+  VERSION = '4.0.0'
 end

data/sinatra.gemspec

@@ -43,12 +43,11 @@ RubyGems 2.0 or newer is required to protect against public gem pushes. You can
     'documentation_uri' => 'https://www.rubydoc.info/gems/sinatra'
   }
 
-  s.required_ruby_version = '>= 2.6.0'
+  s.required_ruby_version = '>= 2.7.8'
 
   s.add_dependency 'mustermann', '~> 3.0'
-  s.add_dependency 'rack', '~> 2.2', '>= 2.2.4'
+  s.add_dependency 'rack', '>= 3.0.0', '< 4'
+  s.add_dependency 'rack-session', '>= 2.0.0', '< 3'
   s.add_dependency 'rack-protection', version
   s.add_dependency 'tilt', '~> 2.0'
-
-  s.add_development_dependency 'rack-test', '~> 2'
 end

metadata

@@ -1,17 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: sinatra
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 4.0.0
 platform: ruby
 authors:
 - Blake Mizerany
 - Ryan Tomayko
 - Simon Rozet
 - Konstantin Haase
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-08-07 00:00:00.000000000 Z
+date: 2024-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mustermann
@@ -31,64 +31,70 @@ dependencies:
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.4
+        version: 3.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.4
+        version: 3.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4'
 - !ruby/object:Gem::Dependency
-  name: rack-protection
+  name: rack-session
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: '3'
 - !ruby/object:Gem::Dependency
-  name: tilt
+  name: rack-protection
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
-  name: rack-test
+  name: tilt
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
-  type: :development
+        version: '2.0'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '2.0'
 description: Sinatra is a DSL for quickly creating web applications in Ruby with minimal
   effort.
 email: sinatrarb@googlegroups.com
@@ -111,8 +117,6 @@ files:
 - VERSION
 - examples/chat.rb
 - examples/lifecycle_events.rb
-- examples/rainbows.conf
-- examples/rainbows.rb
 - examples/simple.rb
 - examples/stream.ru
 - lib/sinatra.rb
@@ -134,7 +138,7 @@ metadata:
   bug_tracker_uri: https://github.com/sinatra/sinatra/issues
   mailing_list_uri: http://groups.google.com/group/sinatrarb
   documentation_uri: https://www.rubydoc.info/gems/sinatra
-post_install_message:
+post_install_message: 
 rdoc_options:
 - "--line-numbers"
 - "--title"
@@ -148,15 +152,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.6.0
+      version: 2.7.8
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.18
-signing_key:
+rubygems_version: 3.5.3
+signing_key: 
 specification_version: 4
 summary: Classy web-development dressed in a DSL
 test_files: []

data/examples/rainbows.conf

@@ -1,3 +0,0 @@
-Rainbows! do
-  use :EventMachine
-end

data/examples/rainbows.rb

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-require 'rainbows'
-
-module Rack
-  module Handler
-    class Rainbows
-      def self.run(app, **options)
-        rainbows_options = {
-          listeners: ["#{options[:Host]}:#{options[:Port]}"],
-          worker_processes: 1,
-          timeout: 30,
-          config_file: ::File.expand_path('rainbows.conf', __dir__)
-        }
-
-        ::Rainbows::HttpServer.new(app, rainbows_options).start.join
-      end
-    end
-
-    register :rainbows, ::Rack::Handler::Rainbows
-  end
-end