Bump sinatra, rack and mongo

[dependabot]

Bumps sinatra, rack and mongo. These dependencies needed to be updated together.
Updates sinatra from 1.3.2 to 4.0.0

Changelog

Sourced from sinatra's changelog.

4.0.0. / 2024-01-19

• New: Add support for Rack 3 (#1857)

  • Note: you may want to read the [Rack 3 Upgrade Guide]

• Require Ruby 2.7.8 as minimum Ruby version (#1993)

• Breaking change: Drop support for Rack 2 (#1857)

  • Note: when using Sinatra to start the web server, you now need the rackup gem installed

• Breaking change: Remove the IndifferentHash initializer (#1982)

• Breaking change: Disable session_hijacking protection by default (#1984)

• Breaking change: Remove Rack::Protection::EncryptedCookie (#1989)

  • Note: cookies are still encrypted (by [Rack::Session::Cookie])

#1857: sinatra/sinatra#1857 #1993: sinatra/sinatra#1993 #1982: sinatra/sinatra#1982 #1984: sinatra/sinatra#1984 #1989: sinatra/sinatra#1989 [Rack::Session::Cookie]: https://github.com/rack/rack-session [Rack 3 Upgrade Guide]: https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md

3.2.0 / 2023-12-29

• New: Add #except method to Sinatra::IndifferentHash (#1940)

• New: Use Exception#detailed_message to show backtrace (#1952)

• New: Add Sinatra::HamlHelpers to sinatra-contrib (#1960)

• Fix: Add base64 to rack-protection runtime dependencies (#1946)

• Fix: Avoid open-ended dependencies for sinatra-contrib and rack-protection (#1949)

• Fix: Helpful message when Sinatra::Runner times out (#1975)

• Fix: Ruby 3.3 + Bundler 2.5 compatibility (#1975)

#1940: sinatra/sinatra#1940 #1946: sinatra/sinatra#1946 #1949: sinatra/sinatra#1949 #1952: sinatra/sinatra#1952 #1960: sinatra/sinatra#1960 #1975: sinatra/sinatra#1975

3.1.0 / 2023-08-07

... (truncated)

Commits

• b626e2d 4.0.0 release (#1996)
• e56f657 Require Ruby 2.7.8 as minimum Ruby version (#1993)
• 9993829 CI: remove rack monkey patches
• 09f1c2b CI: rdiscount 2.2.7.3 resolved the TruffleRuby issue
• c43e097 CI: use the released version of childprocess
• 739eaa0 CI: no need to set RUBY_ENGINE
• d872057 CI: no need to set Encoding.default_external
• 9c14764 Remove Rack::Protection::EncryptedCookie (#1989)
• 667056c CI: allow ruby-head to fail
• 393bb7c Avoid using deprecated Rack::Response#header
• Additional commits viewable in compare view

Updates rack from 1.4.1 to 3.1.8

Release notes

Sourced from rack's releases.

v3.0.9.1

What's Changed

• Fixed ReDoS in Accept header parsing [CVE-2024-26146]
• Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
• Reject Range headers which are too large [CVE-2024-26141]

Full Changelog: rack/rack@v3.0.9...v3.0.9.1

v3.0.9

What's Changed

• Fix content-length calcuation in Rack:Response#write #2150

Full Changelog: rack/rack@v3.0.8...v3.0.9

v3.0.8

What's Changed

• Backport "Fix some unused variable verbose warnings" by @​skipkayhil in rack/rack#2084

New Contributors

• @​skipkayhil made their first contribution in rack/rack#2084

Full Changelog: rack/rack@v3.0.7...v3.0.8

v3.0.7

What's Changed

• Backport "Make query parameters without = have nil values". by @​jeremyevans in rack/rack#2060

Full Changelog: rack/rack@v3.0.6.1...v3.0.7

v3.0.6.1

No release notes provided.

v3.0.4.1

Full Changelog: rack/rack@v3.0.4...v3.0.4.1

v3.0.4

Full Changelog: rack/rack@v3.0.3...v3.0.4

v3.0.3

What's Changed

• Release v3.0.3 by @​ioquatix in rack/rack#2000

Full Changelog: rack/rack@v3.0.2...v3.0.3

v3.0.2

Full Changelog: rack/rack@v3.0.1...v3.0.2

... (truncated)

Changelog

Sourced from rack's changelog.

[3.1.8] - 2024-10-14

Fixed

• Resolve deprecation warnings about uri DEFAULT_PARSER. (#2249, [@​earlopain])

[3.1.7] - 2024-07-11

Fixed

• Do not remove escaped opening/closing quotes for content-disposition filenames. (#2229, [@​jeremyevans])
• Fix encoding setting for non-binary IO-like objects in MockRequest#env_for. (#2227, [@​jeremyevans])
• Rack::Response should not generate invalid content-length header. (#2219, [@​ioquatix])
• Allow empty PATH_INFO. (#2214, [@​ioquatix])

[3.1.6] - 2024-07-03

Fixed

• Fix several edge cases in Rack::Request#parse_http_accept_header's implementation. (#2226, [@​ioquatix])

[3.1.5] - 2024-07-02

Security

• Fix potential ReDoS attack in Rack::Request#parse_http_accept_header. (GHSA-cj83-2ww7-mvq7, @​dwisiswant0)

[3.1.4] - 2024-06-22

Fixed

• Fix Rack::Lint matching some paths incorrectly as authority form. (#2220, [@​ioquatix])

[3.1.3] - 2024-06-12

Fixed

• Fix passing non-strings to Rack::Utils.escape_html. (#2202, [@​earlopain])
• Rack::MockResponse gracefully handles empty cookies (#2203 [@​wynksaiddestroy])

[3.1.2] - 2024-06-11

• Rack::Response will take in to consideration chunked encoding responses (#2204, [@​tenderlove])

[3.1.1] - 2024-06-11

• Oops! I shouldn't have shipped that

[3.1.0] - 2024-06-11

... (truncated)

Commits

• 0eabeb7 Bump patch version.
• f4f7103 Resolve deprecation warnings about uri DEFAULT_PARSER (#2242) (#2249)
• 4bb2f72 Bump patch version.
• 1c1e413 Ignore external tests directory.
• b4a1036 Prepare for 3.1.7 release.
• d0da91b Add more external tests.
• f6f1510 Improve Rack::Response content-length header generation. (#2219)
• fb339e0 Fix encoding setting for non-binary IO-like objects in MockRequest#env_for
• e21872d Do not remove escaped opening/closing quotes for content-disposition filenames
• 5c3d79f Synchronize changelog with HEAD.
• Additional commits viewable in compare view

Updates mongo from 1.5.2 to 2.21.0

Release notes

Sourced from mongo's releases.

2.21.0

Version 2.21.0 of the MongoDB Ruby Driver is now available.

Release Highlights

• RUBY-2523: Introducing "Client-Side Operations Timeout" (CSOT). Most timeout-related options have been deprecated and unified under a single, new timeout_ms option. Deprecated options include socket_timeout, wait_queue_timeout, wtimeout, max_time_ms, and max_commit_time_ms.
• RUBY-3503: Bump maxWireVersion for server 8.0 support.
• RUBY-3392 and RUBY-3457: Support for range v2 queries with queryable encryption, including a new trim_factor parameter.
• RUBY-3463: Fixed connection issues in load-balanced topologies caused by cursors incorrectly releasing the connection between operations.

Documentation

Documentation is available at MongoDB.com.

Installation

You may install this version via RubyGems, with:

gem install --version 2.21.0 mongo

What's Changed

• RUBY-3414 Re-enable serverless by @​comandeo-mongo in mongodb/mongo-ruby-driver#2885
• DOP-4704: Remove docs/ directory that has been moved to docs-ruby by @​i80and in mongodb/mongo-ruby-driver#2883
• RUBY-3514 pointer to docs by @​adviti-mishra in mongodb/mongo-ruby-driver#2888
• RUBY-3503 Bump the max wire version from 21 to 25 for server 8.0 compatibility by @​adviti-mishra in mongodb/mongo-ruby-driver#2887
• RUBY-2523 Client Side Operations Timeout by @​comandeo-mongo in mongodb/mongo-ruby-driver#2882
• RUBY-3463 Fix cursor behaviour on load balanced by @​comandeo-mongo in mongodb/mongo-ruby-driver#2893
• RUBY-3392 Support QE Range v2 by @​comandeo-mongo in mongodb/mongo-ruby-driver#2894
• RUBY-3544 prepare for 2.21.0 by @​jamis in mongodb/mongo-ruby-driver#2895

New Contributors

• @​i80and made their first contribution in mongodb/mongo-ruby-driver#2883
• @​adviti-mishra made their first contribution in mongodb/mongo-ruby-driver#2888

Full Changelog: mongodb/mongo-ruby-driver@v2.20.1...v2.21.0

2.20.1

Version 2.20.1 of the MongoDB Ruby Driver is now available.

Release Highlights

This patch release includes one bug fix, and one documentation update:

• RUBY-3496 Certain retryable errors were not being retried when legacy retries were enabled. Thank you to Joe Lim for the PR!
• RUBY-3434 Documentation was added/improved to suggest how to configure Mongoid for use with forking web servers. Thank you to Johnny Shields for the PR!

Documentation

... (truncated)

Commits

• 6c26542 RUBY-3544 prepare for 2.21.0 (#2895)
• 9046817 RUBY-3392 Support QE Range v2 (#2894)
• 2d8a249 RUBY-3463 Fix cursor behaviour on load balanced (#2893)
• 56100d6 RUBY-2523 Client Side Operations Timeout (#2882)
• c7b5736 Bump the max wire version from 21 to 25 for server 8.0 compatibility (#2887)
• 5d1c271 RUBY-3514 pointer to docs (#2888)
• 0fae577 DOP-4704: Remove docs/ directory that has been moved to docs-ruby (#2883)
• 8aa9b65 RUBY-3414 Re-enable serverless (#2885)
• 8f16460 bump version (#2886)
• 3c5dc93 [RUBY-3496] Fix legacy read pool retry error (#2878)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.