Merge pull request Homebrew#14875 from Homebrew/dependabot/bundler/Li…

…brary/Homebrew/rack-3.0.4.2

build(deps): bump rack from 3.0.4.1 to 3.0.4.2 in /Library/Homebrew

Library/Homebrew/Gemfile.lock

@@ -92,7 +92,7 @@ GEM
       method_source (~> 1.0)
     public_suffix (5.0.1)
     racc (1.6.2)
-    rack (3.0.4.1)
+    rack (3.0.4.2)
     rainbow (3.1.1)
     rbi (0.0.14)
       ast

Library/Homebrew/vendor/bundle/bundler/setup.rb

@@ -83,7 +83,7 @@ def self.extension_api_version
 $:.unshift File.expand_path("#{__dir__}/../#{RUBY_ENGINE}/#{Gem.ruby_api_version}/gems/patchelf-1.4.0/lib")
 $:.unshift File.expand_path("#{__dir__}/../#{RUBY_ENGINE}/#{Gem.ruby_api_version}/gems/plist-3.7.0/lib")
 $:.unshift File.expand_path("#{__dir__}/../#{RUBY_ENGINE}/#{Gem.ruby_api_version}/gems/pry-0.14.2/lib")
-$:.unshift File.expand_path("#{__dir__}/../#{RUBY_ENGINE}/#{Gem.ruby_api_version}/gems/rack-3.0.4.1/lib")
+$:.unshift File.expand_path("#{__dir__}/../#{RUBY_ENGINE}/#{Gem.ruby_api_version}/gems/rack-3.0.4.2/lib")
 $:.unshift File.expand_path("#{__dir__}/../#{RUBY_ENGINE}/#{Gem.ruby_api_version}/gems/unparser-0.6.4/lib")
 $:.unshift File.expand_path("#{__dir__}/../#{RUBY_ENGINE}/#{Gem.ruby_api_version}/gems/rbi-0.0.14/lib")
 $:.unshift File.expand_path("#{__dir__}/../#{RUBY_ENGINE}/#{Gem.ruby_api_version}/extensions/universal-darwin-21/#{Gem.extension_api_version}/rdiscount-2.2.7")

Library/Homebrew/vendor/bundle/ruby/2.6.0/gems/rack-3.0.4.1/lib/rack/multipart/parser.rb → Library/Homebrew/vendor/bundle/ruby/2.6.0/gems/rack-3.0.4.2/lib/rack/multipart/parser.rb

@@ -8,6 +8,8 @@ module Rack
   module Multipart
     class MultipartPartLimitError < Errno::EMFILE; end
 
+    class MultipartTotalPartLimitError < StandardError; end
+
     # Use specific error class when parsing multipart request
     # that ends early.
     class EmptyContentError < ::EOFError; end
@@ -166,7 +168,7 @@ def on_mime_head(mime_index, head, filename, content_type, name)
 
           @mime_parts[mime_index] = klass.new(body, head, filename, content_type, name)
 
-          check_open_files
+          check_part_limits
         end
 
         def on_mime_body(mime_index, content)
@@ -178,13 +180,23 @@ def on_mime_finish(mime_index)
 
         private
 
-        def check_open_files
-          if Utils.multipart_part_limit > 0
-            if @open_files >= Utils.multipart_part_limit
+        def check_part_limits
+          file_limit = Utils.multipart_file_limit
+          part_limit = Utils.multipart_total_part_limit
+
+          if file_limit && file_limit > 0
+            if @open_files >= file_limit
               @mime_parts.each(&:close)
               raise MultipartPartLimitError, 'Maximum file multiparts in content reached'
             end
           end
+
+          if part_limit && part_limit > 0
+            if @mime_parts.size >= part_limit
+              @mime_parts.each(&:close)
+              raise MultipartTotalPartLimitError, 'Maximum total multiparts in content reached'
+            end
+          end
         end
       end
 

Library/Homebrew/vendor/bundle/ruby/2.6.0/gems/rack-3.0.4.1/lib/rack/utils.rb → Library/Homebrew/vendor/bundle/ruby/2.6.0/gems/rack-3.0.4.2/lib/rack/utils.rb

@@ -58,13 +58,24 @@ def unescape(s, encoding = Encoding::UTF_8)
     end
 
     class << self
-      attr_accessor :multipart_part_limit
+      attr_accessor :multipart_total_part_limit
+
+      attr_accessor :multipart_file_limit
+
+      # multipart_part_limit is the original name of multipart_file_limit, but
+      # the limit only counts parts with filenames.
+      alias multipart_part_limit multipart_file_limit
+      alias multipart_part_limit= multipart_file_limit=
     end
 
-    # The maximum number of parts a request can contain. Accepting too many part
-    # can lead to the server running out of file handles.
+    # The maximum number of file parts a request can contain. Accepting too
+    # many parts can lead to the server running out of file handles.
     # Set to `0` for no limit.
-    self.multipart_part_limit = (ENV['RACK_MULTIPART_PART_LIMIT'] || 128).to_i
+    self.multipart_file_limit = (ENV['RACK_MULTIPART_PART_LIMIT'] || ENV['RACK_MULTIPART_FILE_LIMIT'] || 128).to_i
+
+    # The maximum total number of parts a request can contain. Accepting too
+    # many can lead to excessive memory use and parsing time.
+    self.multipart_total_part_limit = (ENV['RACK_MULTIPART_TOTAL_PART_LIMIT'] || 4096).to_i
 
     def self.param_depth_limit
       default_query_parser.param_depth_limit

Library/Homebrew/vendor/bundle/ruby/2.6.0/gems/rack-3.0.4.1/lib/rack/version.rb → Library/Homebrew/vendor/bundle/ruby/2.6.0/gems/rack-3.0.4.2/lib/rack/version.rb

@@ -25,7 +25,7 @@ def self.version
     VERSION
   end
 
-  RELEASE = "3.0.4.1"
+  RELEASE = "3.0.4.2"
 
   # Return the Rack release as a dotted string.
   def self.release