Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support rack 3 #1797

Open
dentarg opened this issue Jul 19, 2022 · 15 comments · May be fixed by #1857
Open

Support rack 3 #1797

dentarg opened this issue Jul 19, 2022 · 15 comments · May be fixed by #1857

Comments

@dentarg
Copy link
Contributor

dentarg commented Jul 19, 2022

See https://github.com/rack/rack/blob/main/CHANGELOG.md

Example test run with rack main branch: https://github.com/sinatra/sinatra/runs/7418697522

@epergo
Copy link
Member

epergo commented Jul 26, 2022

Just found out that Rainbows needs its Rack dependency to not be greater than 3.0 https://rubygems.org/gems/rainbows/versions/5.2.1 What should we do about it?

@dentarg
Copy link
Contributor Author

dentarg commented Jul 26, 2022

Maybe Sinatra 3 can't support Rainbows? I haven't really looked at what kind of integration we have

@jkowens
Copy link
Member

jkowens commented Jul 26, 2022

I'm thinking we probably won't get Rack 3 support until Sinatra 4. I wonder if Rainbows will get an update to support Rack 3 once it is released?

@DannyBen
Copy link

DannyBen commented Nov 8, 2022

I'm thinking we probably won't get Rack 3 support until Sinatra 4. I wonder if Rainbows will get an update to support Rack 3 once it is released?

Rack < 3.0 already has known vulnerabilities, I hope this can be expedited.

@dentarg
Copy link
Contributor Author

dentarg commented Nov 8, 2022

Feel free to do the work if you want it :)

@dentarg
Copy link
Contributor Author

dentarg commented Nov 8, 2022

For reference, the vulnerability referenced above was mentioned in #1770

@marlinpierce
Copy link

Pardon me please but this post is a summary of the current status.

The gem for sinatra itself has a dependency on rack ~> 2.2, even as late as the sinatra 3.0.4 version. The rainbows rack web server has a rack dependency < 3.0, and also a dependency on unicorn which has a dependency on the raindrops gem which has a rack dependency < 3.0. Looking at several rack web servers the only other problem I found was thin which has a rack dependency < 3.0.

The mention from DannyBen is a change being worked on in a fork to replace the rack dependency in sinatra to a dependency on rack-contrib which has a rack dependency ~> 2.0.

So the latest sinatra version still required rack less than 3.x, the work being done would need rack-contrib to be updated, and that work is on a fork not merged into the sinatra repo.

@dentarg
Copy link
Contributor Author

dentarg commented Dec 24, 2022

Re: rainbows, when Rack 3 is used, bundler will try to install https://rubygems.org/gems/rainbows/versions/0.94.0 as that is the latest version didn't specify the Rack < 3 requirement. Can't see any activity at https://yhbt.net/rainbows-public/ indicating a release with Rack 3 support.

@epergo
Copy link
Member

epergo commented Dec 25, 2022

Can't see any activity at https://yhbt.net/rainbows-public/ indicating a release with Rack 3 support.

I don't think it will get support for Rack 3 soon. Having a look at the last announcement the author doesn't recommend it for new projects

And I'm not sure if it used much by the community. Here you have rubygems stats for downloads of the main servers, for what is worth:

  • puma: 252,472,210
  • thin: 110,548,405
  • unicorn: 87,643,880
  • rainbows: 599,550
  • falcon: 387,851

@DannyBen
Copy link

Rainbows seems pretty abandoned. It should not be the reason that delays progress.

@dentarg
Copy link
Contributor Author

dentarg commented Dec 25, 2022

It is not. It is a question of who wants to give away their time for free.

dentarg added a commit to dentarg/sinatra that referenced this issue Dec 28, 2022
No support for Rack 3 (that is "stable" Rack now)
sinatra#1797
@dentarg dentarg linked a pull request Dec 30, 2022 that will close this issue
5 tasks
@zzak
Copy link
Member

zzak commented Jan 7, 2023

👍 to dropping support of Rainbows if that is blocking us from adopting Rack 3, maybe we can split it out into a separate gem or something for people who really need it

@joshka
Copy link

joshka commented Jan 31, 2023

Not sure if this is the right place to add some extra or if it's better to cut a new issue for this (happy to do so if more appropriate).

I have a repo that's getting a dependabot PR (joshka/xkcd-with-alt-text#16) that bumps rackup from 1.0.0 to 2.1.0 and rack from 2 to 3. Because sinatra doesn't support rack 3, the PR downgrades sinatra to 1.0 (which has rack (>= 1.0) as its dependency). This seems a little odd to me. Would it be a good idea to ensure that sinatra 1.0 doesn't support rack >2 ?

@dentarg
Copy link
Contributor Author

dentarg commented Jan 31, 2023

It's too late for that, we can't change requirements for older releases

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants