Skip to content

Bump sinatra, rack, rails, rack-livereload, dotenv-rails, standard and selenium-webdriver #2809

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump sinatra, rack, rails, rack-livereload, dotenv-rails, standard and selenium-webdriver #2809

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 10, 2025
edited
Loading

Bumps sinatra, rack, rails, rack-livereload, dotenv-rails, standard and selenium-webdriver. These dependencies needed to be updated together.
Updates sinatra from 3.2.0 to 4.2.1

Changelog

Sourced from sinatra's changelog.

4.2.1 / 2025-10-10

4.2.0 / 2025-10-08

  • New: Add :static_headers setting for custom headers in static file responses (#2089)
  • Fix: Fix regex in etag_matches? to prevent ReDoS (#2121)
  • Fix: PATH_INFO can never be empty (#2114)
  • Fix: Fix malformed Content-Type headers (#2081)
  • Fix: Avoid crash for integer values in content_type parameters (#2078)

4.1.1 / 2024-11-20

  • Fix: Restore WEBrick support (#2067)

4.1.0 / 2024-11-18

  • New: Add host_authorization setting (#2053)
    • Defaults to .localhost, .test and any IP address in development mode.
    • Security: addresses CVE-2024-21510.
  • Fix: Return an instance of Sinatra::IndifferentHash when calling #except (#2044)
  • Fix: Address warning from URI for Ruby 3.4 (#2060)
  • Fix: rackup no longer depends on WEBrick, recommend Puma instead (4a558503)
  • Fix: Zeitwerk 2.7.0+ compatibility (#2050)
  • Fix: Address warning about Hash construction for Ruby 3.4 (#2028)
  • Fix: Declare missing dependencies for Ruby 3.5 (#2032)
  • Fix: Compatibility with --enable-frozen-string-literal (#2033)
  • Fix: Rack 3.1 compatibility (#2035)
    • Don't depend on Rack::Logger
    • Don't delete content-length header when Rack::Files is used

4.0.1 / 2025-05-24

  • Rack 3.1 compatibility (#2035)

  • Fix malformed Content-Type headers (#2081)

  • Avoid crash for integer values in content_type parameters (#2078)

  • Fix compatibility with --enable-frozen-string-literal (#2033)

  • Declare missing dependencies for Ruby 3.5 (#2032)

  • Fix warning about Hash construction. (#2028)

  • Support Zeitwerk 2.7.0+ (#2050)

  • Address URI depreciation (#2060)

... (truncated)

Commits

Updates rack from 2.2.17 to 3.1.18

Release notes

Sourced from rack's releases.

v3.0.9.1

What's Changed

Full Changelog: rack/rack@v3.0.9...v3.0.9.1

v3.0.9

What's Changed

  • Fix content-length calcuation in Rack:Response#write #2150

Full Changelog: rack/rack@v3.0.8...v3.0.9

v3.0.8

What's Changed

New Contributors

Full Changelog: rack/rack@v3.0.7...v3.0.8

v3.0.7

What's Changed

Full Changelog: rack/rack@v3.0.6.1...v3.0.7

v3.0.6.1

No release notes provided.

v3.0.4.1

Full Changelog: rack/rack@v3.0.4...v3.0.4.1

v3.0.4

Full Changelog: rack/rack@v3.0.3...v3.0.4

v3.0.3

What's Changed

Full Changelog: rack/rack@v3.0.2...v3.0.3

v3.0.2

Full Changelog: rack/rack@v3.0.1...v3.0.2

Changelog

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

Security

  • CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass.
  • CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion.

SPEC Changes

Added

  • Add Rack::Files#assign_headers to allow overriding how the configured file headers are set. (#2377, @​codergeek121)
  • Add support for rack.response_finished to Rack::TempfileReaper. (#2363, @​skipkayhil)
  • Add support for streaming bodies when using Rack::Events. (#2375, @​unflxw)

Changed

[3.2.2] - 2025-10-07

Security

  • CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
  • CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
  • CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

[3.2.1] -- 2025-09-02

Added

  • Add support for streaming bodies when using Rack::Events. (#2375, @​unflxw)

Fixed

  • Fix an issue where a NoMethodError would be raised when using Rack::Events with streaming bodies. (#2375, @​unflxw)

[3.2.0] - 2025-07-31

This release continues Rack's evolution toward a cleaner, more efficient foundation while maintaining backward compatibility for most applications. The breaking changes primarily affect deprecated functionality, so most users should experience a smooth upgrade with improved performance and standards compliance.

SPEC Changes

... (truncated)

Commits
  • 96cf078 Bump patch version.
  • cbd541e Unbounded read in Rack::Request form parsing can lead to memory exhaustion.
  • 7e69f65 Improper handling of proxy headers in Rack::Sendfile may allow proxy bypass.
  • db6bc0f Normalize adivsories links.
  • ad81f80 Fix handling of Errno::EPIPE in multipart tests.
  • 8d141b3 Bump patch version.
  • f224f93 Limit amount of retained data when parsing multipart requests
  • e08f78c Fix denial of service vulnerbilties in multipart parsing
  • 02ffd94 Add changelog for v3.1.16
  • df2f3f2 Bump patch version.
  • Additional commits viewable in compare view

Updates rails from 7.0.8.7 to 8.0.3

Release notes

Sourced from rails's releases.

8.0.3

Active Support

  • ActiveSupport::FileUpdateChecker does not depend on Time.now to prevent unnecessary reloads with time travel test helpers

    Jan Grodowski

  • Fix ActiveSupport::BroadcastLogger from executing a block argument for each logger (tagged, info, etc.).

    Jared Armstrong

  • Make ActiveSupport::Logger #freeze-friendly.

    Joshua Young

  • Fix ActiveSupport::HashWithIndifferentAccess#transform_keys! removing defaults.

    Hartley McGuire

  • Fix ActiveSupport::HashWithIndifferentAccess#tranform_keys! to handle collisions.

    If the transformation would result in a key equal to another not yet transformed one, it would result in keys being lost.

    Before:

    >> {a: 1, b: 2}.with_indifferent_access.transform_keys!(&:succ)
=> {"c" => 1}

    After:

    >> {a: 1, b: 2}.with_indifferent_access.transform_keys!(&:succ)
=> {"c" => 1, "d" => 2}

    Jason T Johnson, Jean Boussier

  • Fix ActiveSupport::Cache::MemCacheStore#read_multi to handle network errors.

    This method specifically wasn't handling network errors like other codepaths.

    Alessandro Dal Grande

  • Fix configuring RedisCacheStore with raw: true.

    fatkodima

... (truncated)

Commits
  • 529f933 Preparing for 8.0.3 release
  • 6409b24 Merge pull request #55719 from skipkayhil/hm-fix-label-for-namespace
  • 030f68c Remove lock for rdoc gem in Gemfile
  • 0160f42 Sync CHANGELOGs
  • 6394bfb Merge pull request #55725 from byroot/js-include-type-module-sym
  • 0ff0d09 Merge pull request #55724 from fatkodima/preserve-locale-eml-preview
  • 74038d7 Merge pull request #55722 from kozy4324/fix-lease-sticky-flag-timing
  • 78fe965 Merge pull request #55710 from Shopify/grodowski/file-update-checker-time-tra...
  • 4fc9618 Merge pull request #55703 from byroot/hly-fix-query-cache-system-tests-2
  • 847072c Fix TransitionTable#as_json compatibility with json 2.14.0
  • Additional commits viewable in compare view

Updates rack-livereload from 0.5.2 to 0.6.1

Commits

Updates dotenv-rails from 3.1.7 to 3.1.8

Release notes

Sourced from dotenv-rails's releases.

v3.1.8

Thanks to Stoked Seagull Software for sponsoring this release of dotenv!
Need help with a software project but don't know where to begin? Stoked Seagull can help.

Interested in sponsoring dotenv?

What's Changed

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.7...v3.1.8

Commits

Updates standard from 1.43.0 to 1.51.1

Changelog

Sourced from standard's changelog.

1.51.1

  • Fixes Layout/EmptyLineAfterGuardClause back to false after #750

1.51.0

1.50.0

1.49.0

  • Updates standard performance to 1.8.0

1.48.0

1.47.0

  • Updates standard performance to 1.7.0

1.46.0

1.45.0

1.44.0

Commits
  • 04fd041 v1.51.1
  • 10a9bba Merge pull request #751 from standardrb/empty-line-guard-clause
  • 2e6ea9b Turns EmptyLineAfterGuardClause
  • 04ec853 Merge pull request #743 from standardrb/gemfile-specs
  • 9561268 Merge branch 'main' into gemfile-specs
  • 4e46a7d 🧸 v1.51.0
  • b7e15cf Merge pull request #748 from standardrb/dependabot/bundler/rubocop-1.80.2
  • 2976e77 Whoops my gemfile
  • 57e6849 Updates configuration for rubocop up to 1.81.0
  • ced68cb Update rubocop requirement from ~> 1.75.5 to >= 1.75.5, < 1.81.0
  • Additional commits viewable in compare view

Updates selenium-webdriver from 4.29.1 to 4.36.0

Release notes

Sourced from selenium-webdriver's releases.

Selenium 4.36.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

What's Changed

... (truncated)

Changelog

Sourced from selenium-webdriver's changelog.

4.36.0 (2025-09-18)

  • Add CDP for Chrome 140 and remove 137
  • [BiDi] Create browser module, added user context related methods (#15371)
  • BiDi get client windows (#16211)
  • Fix links to exception documentation on website (#16305)
  • Update unhandled_prompt_behavior capability to support hash syntax (#16289)

4.35.0 (2025-08-12)

  • Add CDP for Chrome 139 and remove 136
  • Fix typos in javascript & rb (#16019)
  • Allow to use rubyzip v3 (#16108)

4.34.0 (2025-06-29)

  • Add CDP for Chrome 138 and remove 135
  • Fix child process terminate method when a process is already terminated (#15789)
  • Deprecate ftp proxy (#15926)
  • Add macOS key mappings for Options and Function keys (#15959)

4.33.0 (2025-05-23)

  • Add CDP for Chrome 137 and remove 134
  • Let firefox choose the bidi port by default (#15727)
  • Upgrade to Ruby 3.2

4.32.0 (2025-05-02)

  • Add CDP for Chrome 136 and remove 133
  • log at info level with names and values when Guards#add_condition used
  • Add PrintOptions Implementation for Ruby WebDriver (#15158)
  • [ruby] fix lint for print_options.rb (#15608)
  • add enable_downloads to attr_accessor for all options classes
  • make logging of test guards debug level not info
  • Set remote active protocol in Firefox to BiDi only
  • handle issue with selenium manager exit status being nil (#15676)
  • Add websocket-port parameter to firefox service (#15458)

4.31.0 (2025-04-04)

  • Add support for 135 and remove 132
  • Remove the pre-compiled atoms from trunk
  • Allow symbols again to be passed on delete_cookie (#15519)

4.30.1 (2025-03-22)

  • put back the driver#script method that was inadvertently deleted

4.30.0 (2025-03-20)

... (truncated)

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump sinatra, rack, rails, rack-livereload, dotenv-rails, standard an…
76c1238 
…d selenium-webdriver

Bumps [sinatra](https://github.com/sinatra/sinatra), [rack](https://github.com/rack/rack), [rails](https://github.com/rails/rails), [rack-livereload](https://github.com/onesupercoder/rack-livereload), [dotenv-rails](https://github.com/bkeepers/dotenv), [standard](https://github.com/standardrb/standard) and [selenium-webdriver](https://github.com/SeleniumHQ/selenium). These dependencies needed to be updated together.

Updates `sinatra` from 3.2.0 to 4.2.1
- [Changelog](https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md)
- [Commits](sinatra/sinatra@v3.2.0...v4.2.1)

Updates `rack` from 2.2.17 to 3.1.18
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@v2.2.17...v3.1.18)

Updates `rails` from 7.0.8.7 to 8.0.3
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](rails/rails@v7.0.8.7...v8.0.3)

Updates `rack-livereload` from 0.5.2 to 0.6.1
- [Commits](https://github.com/onesupercoder/rack-livereload/commits)

Updates `dotenv-rails` from 3.1.7 to 3.1.8
- [Release notes](https://github.com/bkeepers/dotenv/releases)
- [Changelog](https://github.com/bkeepers/dotenv/blob/main/Changelog.md)
- [Commits](bkeepers/dotenv@v3.1.7...v3.1.8)

Updates `standard` from 1.43.0 to 1.51.1
- [Release notes](https://github.com/standardrb/standard/releases)
- [Changelog](https://github.com/standardrb/standard/blob/main/CHANGELOG.md)
- [Commits](standardrb/standard@v1.43.0...v1.51.1)

Updates `selenium-webdriver` from 4.29.1 to 4.36.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/commits/selenium-4.36.0)

---
updated-dependencies:
- dependency-name: sinatra
  dependency-version: 4.2.1
  dependency-type: direct:development
- dependency-name: rack
  dependency-version: 3.1.18
  dependency-type: direct:production
- dependency-name: rails
  dependency-version: 8.0.3
  dependency-type: direct:production
- dependency-name: rack-livereload
  dependency-version: 0.6.1
  dependency-type: direct:development
- dependency-name: dotenv-rails
  dependency-version: 3.1.8
  dependency-type: direct:development
- dependency-name: standard
  dependency-version: 1.51.1
  dependency-type: direct:development
- dependency-name: selenium-webdriver
  dependency-version: 4.36.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Oct 10, 2025
@dependabot dependabot bot mentioned this pull request Oct 10, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant