Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[TRACKING] - Update to Rack 3 #742

Open
YOU54F opened this issue Dec 6, 2024 · 1 comment
Open

[TRACKING] - Update to Rack 3 #742

YOU54F opened this issue Dec 6, 2024 · 1 comment
Labels
smartbear-supported SmartBear engineering team will support this issue. See https://docs.pact.io/help/smartbear

Comments

@YOU54F
Copy link
Member

YOU54F commented Dec 6, 2024

Scope

This ticket aims to documents the steps required to upgrade the Pact Broker Application to support Rack 3.

Rationale

The Ruby Rack gem has had a major bump to version 3.

https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md

The Pact Broker has dependencies on projects which use Rack, namely webmachine and Sinatra

gem.add_runtime_dependency "webmachine", ">= 2.0.0.beta", "< 3.0"

gem "sinatra", "~> 3.0", require: false

Sinatra supports Rack 3, in version 4.x+ however Webmachine does not yet support Rack 3 which impedes our progress.

Affected Issues

  1. Sinatra CVE cve-2024-21510 present in 3.x

Work required

TBC

YOU54F added a commit to pact-foundation/pact-broker-docker that referenced this issue Dec 6, 2024
See pact-foundation/pact_broker#742 for detail

This allows the pact broker image to be updated with the latest updates outside of Sinatra, whilst work is required in pact_broker to resolve.
YOU54F added a commit to pact-foundation/pact-broker-docker that referenced this issue Dec 6, 2024
* fix(audit): skip cve-2024-21510

See pact-foundation/pact_broker#742 for detail

This allows the pact broker image to be updated with the latest updates outside of Sinatra, whilst work is required in pact_broker to resolve.
@mefellows mefellows added the smartbear-supported SmartBear engineering team will support this issue. See https://docs.pact.io/help/smartbear label Dec 10, 2024
Copy link

🤖 Great news! We've labeled this issue as smartbear-supported and created a tracking ticket in PactFlow's Jira (PACT-2960). We'll keep work public and post updates here. Meanwhile, feel free to check out our docs. Thanks for your patience!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
smartbear-supported SmartBear engineering team will support this issue. See https://docs.pact.io/help/smartbear
Projects
None yet
Development

No branches or pull requests

2 participants