New version of rack (3.2.0) produced dependency conflicts

[depfu]

We've tried to upgrade a dependency and got errors running Bundler. It looks like there is a version conflict between two or more dependencies. Depfu doesn't try to solve these, as this would mean to update more than one dependency at a time.

Please take a look at the exact failure to figure out if this is something you need to work on.

The bundler error message was:

Bundler could not find compatible versions for gem "rack":
  In Gemfile:
    rack (~> 3.2)

    hanami-router was resolved to 2.2.0, which depends on
      rack (~> 2.0)

What changed?

✳️ rack (~> 2.0 → ~> 3.2) · Repo · Changelog

Release Notes

3.2.0 (from changelog)

This release continues Rack's evolution toward a cleaner, more efficient foundation while maintaining backward compatibility for most applications. The breaking changes primarily affect deprecated functionality, so most users should experience a smooth upgrade with improved performance and standards compliance.

SPEC Changes

• Request environment keys must now be strings. (#2310, @jeremyevans)
• Add nil as a valid return from a Response body.to_path (#2318, [@MSP-Greg])
• Rack::Lint#check_header_value is relaxed, only disallowing CR/LF/NUL characters. (#2354, @ioquatix)

Added

• Introduce Rack::VERSION constant. (#2199, @ioquatix)
• ISO-2022-JP encoded parts within MIME Multipart sections of an HTTP request body will now be converted to UTF-8. (#2245, @nappa)
• Add Rack::Request#query_parser= to allow setting the query parser to use. (#2349, @jeremyevans)
• Add Rack::Request#form_pairs to access form data as raw key-value pairs, preserving duplicate keys. (#2351, @matthewd)

Changed

• Invalid cookie keys will now raise an error. (#2193, @ioquatix)
• Rack::MediaType#params now handles empty strings. (#2229, @jeremyevans)
• Avoid unnecessary calls to the ip_filter lambda to evaluate Request#ip (#2287, [@willbryant])
• Only calculate Request#ip once per request (#2292, [@willbryant])
• Rack::Builder #use, #map, and #run methods now return nil. (#2355, @ioquatix)
• Directly close the body in Rack::ConditionalGet when the response is 304 Not Modified. (#2353, @ioquatix)
• Directly close the body in Rack::Head when the request method is HEAD(#2360, @skipkayhil)

Deprecated

• Rack::Auth::AbstractRequest#request is deprecated without replacement. (#2229, @jeremyevans)
• Rack::Request#parse_multipart (private method designed to be overridden in subclasses) is deprecated without replacement. (#2229, @jeremyevans)

Removed

• Rack::Request#values_at is removed. (#2200, @ioquatix)
• Rack::Logger is removed with no replacement. (#2196, @ioquatix)
• Automatic cache invalidation in Rack::Request#{GET,POST} has been removed. (#2230, @jeremyevans)
• Support for CGI::Cookie has been removed. (#2332, @ioquatix)

Fixed

• Rack::RewindableInput::Middleware no longer wraps a nil input. (#2259, @tt)
• Fix NoMethodError in Rack::Request#wrap_ipv6 when x-forwarded-host is empty. (#2270, @oieioi)
• Fix the specification for SERVER_PORT which was incorrectly documented as required to be an Integer if present - it must be a String containing digits only. (#2296, @ioquatix)
• SERVER_NAME and HTTP_HOST are now more strictly validated according to the relevant specifications. (#2298, @ioquatix)
• Rack::Lint now disallows PATH_INFO="" SCRIPT_NAME="". (#2298, @jeremyevans)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)