Bump rack-contrib from 2.0.1 to 2.3.0

[dependabot-preview]

Bumps rack-contrib from 2.0.1 to 2.3.0.

Release notes

Sourced from rack-contrib's releases.

Omnibus release of dooooooooom

The list of changes in this release is long, and should serve as a warning to me to make releases more often, as it cuts down on typing. Thanks to everyone who made PRs, checked PRs, merged PRs, and... renewed PRs. Special thanks to Andrew Konchin (@andrykonchin) who is responsible for over half the changes in this monster release, and who has come on board as a maintainer.

This release removes the Rack::Runtime and Rack::Config middleware. This may seem like a foolhardy thing to do in a minor release, but rack itself ships with functionally identical versions. Compatibility has been maintained by having require "rack/contrib/<thing>" still work, but that should be changed to require "rack/<thing>" instead.

• A #close method was added to the body that is returned by Rack::Signals.

• A stub CHANGELOG.md, pointing to the canonical source of release notes, has been added.

• Thread safety issues in Rack::Access, Rack::CommonCookies, and Rack::Deflect have been fixed. Additionally, the need for a thread-safe external cache object in Rack::LazyConditionalGet has been documented.

• A SPEC violation in Rack::CSSHTTPRequest has been fixed.

• Case-sensitive header problems in a whole bunch of middlewares have been fixed.

• Rack::JSONBodyParser now only rescues JSON::ParserError if it is raised within the middleware's own code. Exceptions raised by the application itself will now be left alone to be handled elsewhere.

• All string literals are now frozen.

• Residual ye olde Ruby compatibility checks were removed from Rack::Backstage, Rack::MailExceptions and Rack::NestedParams.

• The length calculation in Rack::JSONP has been made simpler.

Stuck at home? Why not release your favourite collection of Rack contributions!

A healthy crop of fixes and new features in this release. Thanks to everyone who contributed, and welcome to Andrew Konchin, as the newest recipient of a commit bit.

• New middleware Rack::JSONBodyParser: a better-designed replacement for Rack::PostBodyContentTypeParser, with a more appropriate name (given that they both only handle JSON natively, having JSON in the name seems like a good idea), and with a better set of default behaviours and knobs. It is also significantly faster than PostBodyContentTypeParser.

• Rack::PostBodyContentTypeParser: this middleware's interface is a bit of a mess, which makes it nearly impossible to improve in a backwards-compatible manner. As a result, its use has been deprecated, in favour of Rack::JSONBodyParser.

• Several middlewares that set Content-Length headers were fixed to use

Commits

• 095edc9 Merge pull request #181 from Juanmcuello/json-body-parser-fix
• ecc8a47 Rack::JSONBodyParser. Do not rescue JSON:ParserError
• 0a2e085 Merge pull request #180 from magni-/patch-1
• 95ac921 Add CHANGELOG.md
• bee849e Merge pull request #178 from andrykonchin/minor-fixes
• 9fb9e3f Rack::Signals. Close original body
• d638d0e Rack::MailExcpetion, Rack::NestedParams. Make rewind method call unconditional .
• 537b7cd Rack::JSONP. Remove excessive to_ary method call and refactor a little
• 8271d80 Rack::Backstage. Remove unnecessary contition
• c1a6025 Merge pull request #173 from andrykonchin/wrap-headers-with-headerhash
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)