build(deps): bump sinatra from 2.2.4 to 4.0.0 in /pkgs/applications/misc/gollum #4

dependabot · 2024-07-16T23:52:56Z

Bumps sinatra from 2.2.4 to 4.0.0.

Changelog

4.0.0. / 2024-01-19

New: Add support for Rack 3 (#1857)

Note: you may want to read the [Rack 3 Upgrade Guide]

Require Ruby 2.7.8 as minimum Ruby version (#1993)

Breaking change: Drop support for Rack 2 (#1857)

Note: when using Sinatra to start the web server, you now need the rackup gem installed

Breaking change: Remove the IndifferentHash initializer (#1982)

Breaking change: Disable session_hijacking protection by default (#1984)

Breaking change: Remove Rack::Protection::EncryptedCookie (#1989)

Note: cookies are still encrypted (by [Rack::Session::Cookie])

#1857: sinatra/sinatra#1857 #1993: sinatra/sinatra#1993 #1982: sinatra/sinatra#1982 #1984: sinatra/sinatra#1984 #1989: sinatra/sinatra#1989 [Rack::Session::Cookie]: https://github.com/rack/rack-session [Rack 3 Upgrade Guide]: https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md

3.2.0 / 2023-12-29

New: Add #except method to Sinatra::IndifferentHash (#1940)

New: Use Exception#detailed_message to show backtrace (#1952)

New: Add Sinatra::HamlHelpers to sinatra-contrib (#1960)

Fix: Add base64 to rack-protection runtime dependencies (#1946)

Fix: Avoid open-ended dependencies for sinatra-contrib and rack-protection (#1949)

Fix: Helpful message when Sinatra::Runner times out (#1975)

Fix: Ruby 3.3 + Bundler 2.5 compatibility (#1975)

#1940: sinatra/sinatra#1940 #1946: sinatra/sinatra#1946 #1949: sinatra/sinatra#1949 #1952: sinatra/sinatra#1952 #1960: sinatra/sinatra#1960 #1975: sinatra/sinatra#1975

3.1.0 / 2023-08-07

... (truncated)

Commits

b626e2d 4.0.0 release (#1996)
e56f657 Require Ruby 2.7.8 as minimum Ruby version (#1993)
9993829 CI: remove rack monkey patches
09f1c2b CI: rdiscount 2.2.7.3 resolved the TruffleRuby issue
c43e097 CI: use the released version of childprocess
739eaa0 CI: no need to set RUBY_ENGINE
d872057 CI: no need to set Encoding.default_external
9c14764 Remove Rack::Protection::EncryptedCookie (#1989)
667056c CI: allow ruby-head to fail
393bb7c Avoid using deprecated Rack::Response#header
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [sinatra](https://github.com/sinatra/sinatra) from 2.2.4 to 4.0.0. - [Changelog](https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md) - [Commits](sinatra/sinatra@v2.2.4...v4.0.0) --- updated-dependencies: - dependency-name: sinatra dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

This adds some extremely helpful and popular encoders in by default: * openjpeg * celt * libwebp * libaom On the `master` branch, closure size for ffmpeg-headless went up 18.5 MiB. ``` $ nix store diff-closures nixpkgs#ffmpeg-headless^bin .#ffmpeg-headless^bin celt: ∅ → 0.11.3, +168.4 KiB ffmpeg-headless: +70.0 KiB giflib: ∅ → 5.2.2, +398.7 KiB lcms2: ∅ → 2.16, +466.2 KiB lerc: ∅ → 4.0.0, +840.2 KiB libaom: ∅ → 3.9.0, +8047.8 KiB libdeflate: ∅ → 1.20, +427.0 KiB libtiff: ∅ → 4.6.0, +655.9 KiB libvmaf: ∅ → 3.0.0, +2665.0 KiB libwebp: ∅ → 1.4.0, +2559.7 KiB openjpeg: ∅ → 2.5.2, +1525.1 KiB zstd: ∅ → 1.5.6, +1158.0 KiB $ nvd diff $(nix build nixpkgs#ffmpeg-headless^bin --print-out-paths --no-link) $(nix build .#ffmpeg-headless^bin --print-out-paths --no-link) <<< /nix/store/4n60lnj3zkjpasd4c56bzhpx2m8lc1sx-ffmpeg-headless-6.1.1-bin >>> /nix/store/884f487w5hac6rs94jq6hq5zqkxdv666-ffmpeg-headless-6.1.1-bin Added packages: [A.] #1 celt 0.11.3 [A.] #2 giflib 5.2.2 [A.] #3 lcms2 2.16 [A.] #4 lerc 4.0.0 [A.] #5 libaom 3.9.0 [A.] NixOS#6 libdeflate 1.20 [A.] NixOS#7 libtiff 4.6.0 [A.] NixOS#8 libvmaf 3.0.0 [A.] NixOS#9 libwebp 1.4.0 x2 [A.] NixOS#10 openjpeg 2.5.2 [A.] NixOS#11 zstd 1.5.6 Closure size: 66 -> 78 (15 paths added, 3 paths removed, delta +12, disk usage +18.5MiB). ```

Strongly inspired by the forgejo counterpart[1], for the following reasons: * The feature is broken with the current module and crashes on authentication with the following stacktrace (with a PAM service `gitea` added): server # Stack trace of thread 1008: server # #0 0x00007f3116917dfb __nptl_setxid (libc.so.6 + 0x8ddfb) server # #1 0x00007f3116980ae6 setuid (libc.so.6 + 0xf6ae6) server # #2 0x00007f30cc80f420 _unix_run_helper_binary (pam_unix.so + 0x5420) server # #3 0x00007f30cc8108c9 _unix_verify_password (pam_unix.so + 0x68c9) server # #4 0x00007f30cc80e1b5 pam_sm_authenticate (pam_unix.so + 0x41b5) server # #5 0x00007f3116a84e5b _pam_dispatch (libpam.so.0 + 0x3e5b) server # NixOS#6 0x00007f3116a846a3 pam_authenticate (libpam.so.0 + 0x36a3) server # NixOS#7 0x00000000029b1e7a n/a (.gitea-wrapped + 0x25b1e7a) server # NixOS#8 0x000000000047c7e4 n/a (.gitea-wrapped + 0x7c7e4) server # ELF object binary architecture: AMD x86-64 server # server # [ 42.420827] gitea[897]: pam_unix(gitea:auth): unix_chkpwd abnormal exit: 159 server # [ 42.423142] gitea[897]: pam_unix(gitea:auth): authentication failure; logname= uid=998 euid=998 tty= ruser= rhost= user=snenskek It only worked after turning off multiple sandbox settings and adding `shadow` as supplementary group to `gitea.service`. I'm not willing to maintain additional multiple sandbox settings for different features, especially given that it was probably not used for quite a long time: * There was no PR or bugreport about sandboxing issues related to PAM. * Ever since the module exists, it used the user `gitea`, i.e. it had never read-access to `/etc/shadow`. * Upstream has it disabled by default[2]. If somebody really needs it, it can still be brought back by an overlay updating `tags` accordingly and modifying the systemd service config. [1] 07641a9 [2] https://docs.gitea.com/usage/authentication#pam-pluggable-authentication-module

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jul 16, 2024

Guanran928 force-pushed the master branch 3 times, most recently from e130eea to b13ff4f Compare November 8, 2024 05:09

Guanran928 force-pushed the master branch 8 times, most recently from eab3007 to ca9b66d Compare November 22, 2024 08:22

Guanran928 force-pushed the master branch 6 times, most recently from 1542c5f to 1b047ef Compare November 28, 2024 09:07

Guanran928 force-pushed the master branch 4 times, most recently from 23c75eb to 78bad0f Compare December 6, 2024 05:04

Guanran928 force-pushed the master branch 3 times, most recently from a322c03 to 1b13e1d Compare December 13, 2024 08:35

Guanran928 force-pushed the master branch from c223d9e to 18c5a6e Compare December 19, 2024 12:00

Guanran928 force-pushed the master branch 3 times, most recently from 2bd2c5e to 0e97a6f Compare December 30, 2024 12:40

Guanran928 force-pushed the master branch 2 times, most recently from 006038c to 1f02806 Compare January 4, 2025 03:05

Guanran928 force-pushed the master branch 5 times, most recently from 7fc1893 to d722f69 Compare January 17, 2025 01:24

Guanran928 force-pushed the master branch 5 times, most recently from f5885eb to 796b363 Compare January 26, 2025 17:59

Guanran928 force-pushed the master branch 3 times, most recently from f46210c to db4d672 Compare February 1, 2025 01:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump sinatra from 2.2.4 to 4.0.0 in /pkgs/applications/misc/gollum #4

build(deps): bump sinatra from 2.2.4 to 4.0.0 in /pkgs/applications/misc/gollum #4

dependabot bot commented on behalf of github Jul 16, 2024

build(deps): bump sinatra from 2.2.4 to 4.0.0 in /pkgs/applications/misc/gollum #4

Are you sure you want to change the base?

build(deps): bump sinatra from 2.2.4 to 4.0.0 in /pkgs/applications/misc/gollum #4

Conversation

dependabot bot commented on behalf of github Jul 16, 2024

4.0.0. / 2024-01-19

3.2.0 / 2023-12-29

3.1.0 / 2023-08-07