Up to [cvs.NetBSD.org] / pkgsrc / www / ruby-rack-protection
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
www/ruby-rack-protection: update to 3.1.0 pkgsrc change: * change rack-protection's dependency to www/ruby-rack2 instead of www/ruby-rack. 3.1.0 (2023-08-07) * New: Add sass support via sass-embedded #1911 by なつき * New: Add start and stop callbacks #1913 by Jevin Sew * New: Warn on dropping sessions #1900 by Jonathan del Strother * New: Make Puma the default server #1924 by Patrik Ragnarsson * Fix: Remove use of Tilt::Cache #1922 by Jeremy Evans (allows use of Tilt 2.2.0 without deprecation warning) * Fix: rack-protection: specify rack version requirement #1932 by Patrik Ragnarsson
www/ruby-sinatra: update to 3.0.6 ruby-sinatra-contrib and ruby-rack-protection are the same source. 3.0.6 (2023-04-11) * Fix: Add support to keep open streaming connections with Puma #1858 by Jordan Owens * Fix: Avoid crash in uri helper on Integer input #1890 by Patrik Ragnarsson * Fix: Rescue RuntimeError when trying to use SecureRandom #1888 by Stefan Sundin
www/ruby-sinatra: update to 3.0.5 It also update rack-protection and sinatra-contrib. 3.0.5 (2022-12-16) * Fix: Add Zeitwerk compatibility. #1831 by Dawid Janczak * Fix: Allow CALLERS_TO_IGNORE to be overridden 3.0.4 (2022-11-25) * Fix: Escape filename in the Content-Disposition header. #1841 by Kunpei Sakai 3.0.3 (2022-11-11) * Fix: fixed ReDoS for Rack::Protection::IPSpoofing. #1823 by @ooooooo-q 3.0.2 (2022-10-01) * New: Add Haml 6 support. #1820 by Jordan Owens 3.0.1 (2022-09-26) * Fix: Revert removal of rack-protection.rb. #1814 by Olle Jonsson * Fix: Revert change to server start and stop messaging by using Kernel#warn. Renamed internal warn method warn_for_deprecation. #1818 by Jordan Owens 3.0.0 (2022-09-26) * New: Add Falcon support. #1794 by Samuel Williams and @horaciob * New: Add AES GCM encryption support for session cookies. [#1324] (#1324) by Michael Coyne * Deprecated: Sinatra Reloader will be removed in the next major release. * Fix: Internal Sinatra errors now extend Sinatra::Error. This fixes #1204 and #1518. bda8c29d by Jordan Owens * Fix: Preserve query param value if named route param nil. #1676 by Jordan Owens * Require Ruby 2.6 as minimum Ruby version. #1699 by Eloy Pérez * Breaking change: Remove support for the Stylus template engine. #1697 by Eloy Pérez * Breaking change: Remove support for the erubis template engine. #1761 by Eloy Pérez * Breaking change: Remove support for the textile template engine. #1766 by Eloy Pérez * Breaking change: Remove support for SASS as a template engine. #1768 by Eloy Pérez * Breaking change: Remove support for Wlang as a template engine. #1780 by Eloy Pérez * Breaking change: Remove support for CoffeeScript as a template engine. #1790 by Eloy Pérez * Breaking change: Remove support for Mediawiki as a template engine. #1791 by Eloy Pérez * Breaking change: Remove support for Creole as a template engine. #1792 by Eloy Pérez * Breaking change: Remove support for Radius as a template engine. #1793 by Eloy Pérez * Breaking change: Remove support for the defunct Less templating library. See #1716, #1715 for more discussion and background. d1af2f1e by Olle Jonsson * Breaking change: Remove Reel integration. 54597502 by Olle Jonsson * CI: Start testing on Ruby 3.1. 60e221940 and b0fa4bef by Johannes Würbach * Use Kernel#caller_locations. #1491 by Julik Tarkhanov * Docs: Japanese documentation: Add notes about the default_content_type setting. #1650 by Akifumi Tominaga * Docs: Polish documentation: Add section about Multithreaded modes and Routes. #1708 by Patrick Gramatowski * Docs: Japanese documentation: Make Session section reflect changes done to README.md. #1731 by @shu-i-chi
www/ruby-rack-protection: update to 2.2.2 2.2.0 (2022-02-15) * Fix broken origin_whitelist option. Fixes #1641 #1642 by Takeshi YASHIRO. 2.2.1 (2022-07-15) No change. 2.2.2 (2022-07-23) No change.
www/ruby-rack-protection: update to 2.1.0 Update ruby-rack-protection package to 2.1.0. 2.1.0 (2020-09-05) * Add Rack::Protection::ReferrerPolicy #1291 by Stefan Sundin
www/ruby-rack-protection: update to 2.0.8.1 Update ruby-rack-protection to 2.0.8.1. ### rack-protection * Don't track the Accept-Language header by default [#1504](https://github.com/sinatra/sinatra/pull/1504) by Artem Chistyakov
www/ruby-rack-protection: update to 2.0.4 2.0.4 / 2018-09-15 * Don't blow up when passing frozen string to send_file disposition #1137 by Andrew Selder * Fix ubygems LoadError #1436 by Pavel Rosický * Unescape regex captures #1446 by Jordan Owens * Slight performance improvements for IndifferentHash #1427 by Mike Pastore * Improve development support and documentation and source code by Will Yang, Jake Craige, Grey Baker and Guilherme Goettems Schneider 2.0.3 / 2018-06-09 * Fix the backports gem regression #1442 by Marc-André Lafortune 2.0.2 / 2018-06-05 * Escape invalid query parameters #1432 by Kunpei Sakai o The patch fixes CVE-2018-11627. * Fix undefined method error for Sinatra::RequiredParams with hash key #1431 by Arpit Chauhan * Add xml content-types to valid html_types for Rack::Protection #1413 by Reenan Arbitrario * Encode route parameters using :default_encoding setting #1412 by Brian m. Carlson * Fix unpredictable behaviour from Sinatra::ConfigFile #1244 by John Hope * Add Sinatra::IndifferentHash#slice #1405 by Shota Iguchi * Remove status code 205 from drop body response #1398 by Shota Iguchi * Ignore empty captures from params #1390 by Shota Iguchi * Improve development support and documentation and source code by Zp Yuan, Andreas Finger, Olle Jonsson, Shota Iguchi, Nikita Bulai and Joshua O'Brien
www/ruby-rack-protection: update to 2.0.1 0.2.1 2018/02/16 * enhanced path validation in Windows
www: allow use of ruby25
Switch github HOMEPAGEs to https.
Add 24 to RUBY_VERSIONS_ACCEPTED.
Restrict ruby's version to 22 and 23.
Update ruby-rack-protection to 2.0.0. No its own changes but here is related changes from Sinatra's changes. * Modernize Rack::Protection::ContentSecurityPolicy with CSP Level 2 and 3 Directives #1202 by Glenn Rempe * Adds preload option to Rack:Protection:StrictTransport #1209 by Ed Robinson * rack-protection: Bundle StrictTransport, CookieTossing, and CSP #1267 by Mike Pastore
Update ruby-rack-protection to 1.5.3. * Discard invalid Referer header. If an invalid Referer header such as "http://example.com/bad|uri" is provided, ignore the value of it and skip using the Host header fallback. * refactor instantiation. * fix typoed header name. * clarify reaction warning, test it.
Update ruby-rack-protection to 1.5.2. Changes are not available, please refer commit log: <https://github.com/rkh/rack-protection/commits/master>.
Update ruby-rack-protection to 1.5.0. * Add a `report` reaction. This reaction does not halt the request, but leaves it up to the app to react on this information. This allows e.g. frameworks to ignore failures in certain conditions.
Update ruby-rack-protection to 1.4.0. * fix docs * Introducing :use * remove note about NoReferrer * xhr requests cannot be used for the json attack, fixes #39
Update ruby-rack-protection to 1.3.2. No changes are available, Various bug fixes and improvement.
Update ruby-rack-protection to 1.2.0. Changes: * Show warnings for JsonCsrtf attacks. * do not enable parameter escaping by default, fixes #8. * Use more specific namespace declaration in Rack::Builder configuration. * NotimpelentedError typo fix * add test that makes sure passingin on :track option works. related to #6. * deal with PATH_INFO being nil, fixes #7. * do not track HTTP_VERSION, fixes #6.
Importing www/ruby-rack-protection pacakge version 1.1.4. Rack::Protection You should use protection! This gem protects against typical web attacks. Should work for all Rack apps, including Rails.
Initial revision