Skip to content

ui: bump the rack group in /server/src/main/webapp/WEB-INF/rails with 3 updates#3916

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/bundler/server/src/main/webapp/WEB-INF/rails/rack-bc1892fb5a
Open

ui: bump the rack group in /server/src/main/webapp/WEB-INF/rails with 3 updates#3916
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/bundler/server/src/main/webapp/WEB-INF/rails/rack-bc1892fb5a

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 18, 2026

Bumps the rack group in /server/src/main/webapp/WEB-INF/rails with 3 updates: rack, rack-session and rackup.

Updates rack from 2.2.22 to 3.2.5

Release notes

Sourced from rack's releases.

v3.2.4

No release notes provided.

v3.0.9.1

What's Changed

Full Changelog: rack/rack@v3.0.9...v3.0.9.1

v3.0.9

What's Changed

  • Fix content-length calcuation in Rack:Response#write #2150

Full Changelog: rack/rack@v3.0.8...v3.0.9

v3.0.8

What's Changed

New Contributors

Full Changelog: rack/rack@v3.0.7...v3.0.8

v3.0.7

What's Changed

Full Changelog: rack/rack@v3.0.6.1...v3.0.7

v3.0.6.1

No release notes provided.

v3.0.4.1

Full Changelog: rack/rack@v3.0.4...v3.0.4.1

v3.0.4

Full Changelog: rack/rack@v3.0.3...v3.0.4

v3.0.3

What's Changed

Full Changelog: rack/rack@v3.0.2...v3.0.3

... (truncated)

Commits
  • bb5f355 Bump patch version.
  • f9bde3b Prevent directory traversal via root prefix bypass.
  • 93a68f5 XSS injection via malicious filename in Rack::Directory.
  • 3b8b0d2 Fix MockResponse#body when the body is a Proc (#2420)
  • 4c24539 Bump patch version.
  • 3ba5e4f Allow Multipart head to span read boundary. (#2392)
  • 32bf888 Bump patch version.
  • e179614 Unbounded read in Rack::Request form parsing can lead to memory exhaustion.
  • 57277b7 Improper handling of proxy headers in Rack::Sendfile may allow proxy bypass.
  • 403b74b Normalize adivsories links.
  • Additional commits viewable in compare view

Updates rack-session from 1.0.2 to 2.1.1

Release notes

Sourced from rack-session's releases.

v2.1.1

Full Changelog: rack/rack-session@v2.1.0...v2.1.1

v2.1.0

Full Changelog: rack/rack-session@v2.0.0...v2.1.0

v2.0.0

What's Changed

Full Changelog: rack/rack-session@v1.0.0...v2.0.0

Changelog

Sourced from rack-session's changelog.

v2.1.1

  • Prevent Rack::Session::Pool from recreating deleted sessions CVE-2025-46336.

v2.1.0

  • Improved compatibility with Ruby 3.3+ and Rack 3+.
  • Add support for cookie option partitioned.
  • Introduce assume_ssl option to allow secure session cookies through insecure proxy.

v2.0.0

  • Initial migration of code from Rack 2, for Rack 3 release.
Commits
  • 96663ec Bump patch version.
  • c58ad79 Don't allow session to be recreated accidentally.
  • 8a02143 Bump minor version.
  • 67c1237 Add release notes.
  • 77c56db Rack 3 compatibility.
  • 1a10ce8 Test on Ruby v3.4.
  • 06b63f5 Bump actions/checkout from 3 to 4 (#47)
  • 9818179 Opt-in for MFA requirement (#45)
  • 9ad38c0 Test and set Ruby v2.5 as minimum. (#46)
  • 4af6114 Add cookie option "partitioned" to DEFAULT_OPTIONS and documentation of class...
  • Additional commits viewable in compare view

Updates rackup from 1.0.1 to 2.3.1

Changelog

Sourced from rackup's changelog.

Releases

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

v2.2.1

  • Try to require webrick and rackup/handler/webrick by default, for compatibility with code that expects them to be available.

v2.2.0

  • Remove old rack shims.
  • Remove webrick dependency.

v2.1.0

  • Correctly support streaming responses with webrick.

v2.0.0

  • Initial release and migration of code from rack.
Commits
  • f3fa1d6 Bump patch version.
  • 583c7dc Fix WEBrick SERVER_PORT handling.
  • adc9596 Bump minor version.
  • 8e538be Update the webrick handler to support OPTIONS * requests. (#40)
  • 7a3e190 Update workflows.
  • 5d18f5a Update spec_server.rb
  • c6cdd47 Fix references from Rack::Server to Rackup::Server in comments
  • e3df7cb Provide a 'Changelog' link on rubygems.org/gems/rackup
  • 39d5226 Documentation for how to access handlers programatically.
  • 301b6dd Update releases.md - fixes #29.
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
ui: bump the rack group
cb90fa1 
Bumps the rack group in /server/src/main/webapp/WEB-INF/rails with 3 updates: [rack](https://github.com/rack/rack), [rack-session](https://github.com/rack/rack-session) and [rackup](https://github.com/rack/rackup).


Updates `rack` from 2.2.22 to 3.2.5
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@v2.2.22...v3.2.5)

Updates `rack-session` from 1.0.2 to 2.1.1
- [Release notes](https://github.com/rack/rack-session/releases)
- [Changelog](https://github.com/rack/rack-session/blob/main/releases.md)
- [Commits](rack/rack-session@v1.0.2...v2.1.1)

Updates `rackup` from 1.0.1 to 2.3.1
- [Release notes](https://github.com/rack/rackup/releases)
- [Changelog](https://github.com/rack/rackup/blob/main/releases.md)
- [Commits](rack/rackup@v1.0.1...v2.3.1)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 3.2.5
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: rack
- dependency-name: rack-session
  dependency-version: 2.1.1
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: rack
- dependency-name: rackup
  dependency-version: 2.3.1
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: rack
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Mar 18, 2026
@dependabot dependabot bot mentioned this pull request Mar 18, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants