Bump rack, rails and govuk_sidekiq

[dependabot]

Bumps rack, rails and govuk_sidekiq. These dependencies needed to be updated together.
Updates rack from 2.2.8 to 3.0.8

Release notes

Sourced from rack's releases.

v3.0.8

What's Changed

• Backport "Fix some unused variable verbose warnings" by @​skipkayhil in rack/rack#2084

New Contributors

• @​skipkayhil made their first contribution in rack/rack#2084

Full Changelog: rack/rack@v3.0.7...v3.0.8

v3.0.7

What's Changed

• Backport "Make query parameters without = have nil values". by @​jeremyevans in rack/rack#2060

Full Changelog: rack/rack@v3.0.6.1...v3.0.7

v3.0.6.1

No release notes provided.

v3.0.4.1

Full Changelog: rack/rack@v3.0.4...v3.0.4.1

v3.0.4

Full Changelog: rack/rack@v3.0.3...v3.0.4

v3.0.3

What's Changed

• Release v3.0.3 by @​ioquatix in rack/rack#2000

Full Changelog: rack/rack@v3.0.2...v3.0.3

v3.0.2

Full Changelog: rack/rack@v3.0.1...v3.0.2

Changelog

Sourced from rack's changelog.

[3.0.8] - 2023-06-14

• Fix some unused variable verbose warnings. (#2084, [@​jeremyevans], @​skipkayhil)

[3.0.7] - 2023-03-16

• Make query parameters without = have nil values. (#2059, [@​jeremyevans])

[3.0.6.1] - 2023-03-13

• [CVE-2023-27539] Avoid ReDoS in header parsing

[3.0.6] - 2023-03-13

• Add QueryParser#missing_value for handling missing values + tests. (#2052, [@​ioquatix])

[3.0.5] - 2023-03-13

• Split form/query parsing into two steps. (#2038, @​matthewd)

[3.0.4.2] - 2023-03-02

• [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts

[3.0.4.1] - 2023-01-17

• [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
• [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
• [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)

[3.0.4] - 2023-01-17

• Rack::Request#POST should consistently raise errors. Cache errors that occur when invoking Rack::Request#POST so they can be raised again later. (#2010, [@​ioquatix])
• Fix Rack::Lint error message for HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH. (#2007, @​byroot)
• Extend Rack::MethodOverride to handle QueryParser::ParamsTooDeepError error. (#2006, @​byroot)

[3.0.3] - 2022-12-27

Fixed

• Rack::URLMap uses non-deprecated form of Regexp.new. (#1998, @​weizheheng)

[3.0.2] -2022-12-05

Fixed

• Utils.build_nested_query URL-encodes nested field names including the square brackets.
• Allow Rack::Response to pass through streaming bodies. (#1993, [@​ioquatix])

[3.0.1] - 2022-11-18

... (truncated)

Commits

• d28c464 Bump patch verison.
• 32736d2 Fix some unused variable verbose warnings (#2084)
• 2429b7b Bump patch version.
• 94dd78b Update changelog.
• d38b456 Make query parameters without = have nil values (#2059) (#2060)
• 51e7a0f Merge branch '3-0-sec' into 3-0-stable
• 098d8e1 bump version
• 231ef36 Avoid ReDoS problem
• 54a9ed2 Update changelog.
• e9e9ae6 Bump patch version.
• Additional commits viewable in compare view

Updates rails from 7.0.8 to 7.1.1

Release notes

Sourced from rails's releases.

7.1.1

Active Support

• Add support for keyword arguments when delegating calls to custom loggers from ActiveSupport::BroadcastLogger.

  Jenny Shen

• NumberHelper: handle objects responding to_d.

  fatkodima

• Fix RedisCacheStore to properly set the TTL when incrementing or decrementing.

  This bug was only impacting Redis server older than 7.0.

  Thomas Countz

• Fix MemoryStore to prevent race conditions when incrementing or decrementing.

  Pierre Jambet

Active Model

• No changes.

Active Record

• Fix auto populating IDENTITY columns for PostgreSQL.

  fatkodima

• Fix "ArgumentError: wrong number of arguments (given 3, expected 2)" when down migrating rename_table in older migrations.

  fatkodima

• Do not require the Action Text, Active Storage and Action Mailbox tables to be present when running when running test on CI.

  Rafael Mendonça França

Action View

... (truncated)

Commits

• 2393805 Preparing for 7.1.1 release
• b280d7f Sync CHANGELOG
• 314220e Merge pull request #49525 from abhaynikam/fix-app-generated-dockerfile-to-use...
• 1f1710d Merge pull request #49589 from fatkodima/fix-flaky-fixtures-test
• 4921df0 Merge pull request #49565 from hachi8833/add_missing_doc_43487
• 57d626e Merge pull request #49562 from akhilgkrishnan/update-postgres-naming-to-postg...
• 63f204d Merge pull request #49553 from tricknotes/update-rails-ujs-build
• 8a6118a Use released version of Sdoc
• 3199a45 Merge pull request #49581 from hachi8833/update_doc_npm
• a5534b9 Merge pull request #49515 from dustinbrownman/main
• Additional commits viewable in compare view

Updates govuk_sidekiq from 7.1.3 to 7.1.2

Changelog

Sourced from govuk_sidekiq's changelog.

7.1.3

• Fix Sidekiq requirement to ~> 6.5 so that Bundler won't install v7.0.0.beta1

7.1.2

• Allow newer non-major versions of Sidekiq

7.1.1

• Remove context adding logic from sidekiq client middleware

7.1.0

• Add govuk_request_id to Sidekiq::Context so it will be included in logging
• Introduce a GOV.UK Logging format which has a field structure similar to GOV.UK's Rails logstasher for consistent field names

7.0.0

• BREAKING: Drop support for Ruby 2.7
• BREAKING: Remove support for Statsd, as this is being deprecated from govuk_app_config in a later release

6.0.0

• BREAKING: Upgrades the underlying version of Sidekiq to version 6. Will require changes to logging strategy;

• Sidekiq arguments need to serialize safely to JSON otherwise a warning is shown

• Logging to a file no longer supported, must use STDOUT or STDERR

5.0.0

• BREAKING: Redis is configured with REDIS_URL environment, the previous approach (REDIS_HOST and REDIS_PORT) is no longer supported.

4.0.0

• BREAKING: Set the required Ruby version to >= 2.6

3.0.5

• Pin sidekiq-statsd above 2.1.0 (so we get new metrics).

3.0.4

• Allow for newer versions of sidekiq-statsd (trial period).

3.0.3

• Only use JSON logging when a log file is specified

3.0.2

... (truncated)

Commits

• f4561db Merge pull request #71 from alphagov/update-pr-template
• 3fac8df Drop Ruby 2.7 support
• 0b98ca0 Update PR template to request we get notified when PRs have been raised
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.