Skip to content

Bump rack from 3.0.10 to 3.0.16#1

Merged
jkebinger merged 1 commit into
mainfrom
dependabot/bundler/rack-3.0.16
Sep 22, 2025
Merged

Bump rack from 3.0.10 to 3.0.16#1
jkebinger merged 1 commit into
mainfrom
dependabot/bundler/rack-3.0.16

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Sep 18, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps rack from 3.0.10 to 3.0.16.

Changelog

Sourced from rack's changelog.

[3.0.16] - 2025-05-06

⚠️ This release includes a security fix that may cause certain routes in previously working applications to fail if query parameters exceed 4,096 in count or 4 MB in total size. See rack/rack#2356 for more details.

Security

  • CVE-2025-46727 Unbounded parameter parsing in Rack::QueryParser can lead to memory exhaustion.

[3.0.15] - 2025-04-13

[3.0.14] - 2025-03-11

Security

[3.0.13] - 2025-03-04

Security

Fixed

  • Remove autoloads for constants no longer shipped with Rack. (#2269, @​ccutrer)

[3.0.12] - 2025-02-12

Security

[3.0.11] - 2024-05-10

  • Backport #2062 to 3-0-stable: Do not allow BodyProxy to respond to to_str, make to_ary call close . (#2062, @​jeremyevans)
Commits
  • 5a15919 Bump patch version.
  • 65ceccb Update external tests.
  • 2bb5263 Merge commit from fork
  • 9413a87 Bump patch version.
  • f95555a Ensure Rack::ETag correctly updates response body. (#2324)
  • 340cd1f Bump patch version.
  • 9b29d6e Update changelog.
  • 61f83f6 Use a fully resolved file path when confirming if a file can be served by `Ra...
  • ef96f4a Bump patch version.
  • 697a97e Add changelog for previous merged PR.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Sep 18, 2025
jdwyah
jdwyah approved these changes Sep 19, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@jdwyah jdwyah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks

@jkebinger
Copy link
Copy Markdown
Contributor

jkebinger commented Sep 19, 2025

@dependabot rebase

@dependabot
Bump rack from 3.0.10 to 3.0.16
92ac855 
Bumps [rack](https://github.com/rack/rack) from 3.0.10 to 3.0.16.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@v3.0.10...v3.0.16)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 3.0.16
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/rack-3.0.16 branch from d5c33e1 to 92ac855 Compare September 19, 2025 14:12
@jkebinger
Copy link
Copy Markdown
Contributor

jkebinger commented Sep 19, 2025

@dependabot rebase

@jkebinger jkebinger merged commit 7dcbf00 into main Sep 22, 2025
0 of 4 checks passed
@dependabot dependabot Bot deleted the dependabot/bundler/rack-3.0.16 branch September 22, 2025 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jdwyah jdwyah jdwyah approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jkebinger @jdwyah