chore(deps): update dependency sinatra to v4 (master)

[mend-for-github-com]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sinatra (source, changelog)	'2.1.0' → '4.2.0'

By merging this PR, the issue #86 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability	Reachability
High	8.8	CVE-2022-36359
High	8.8	CVE-2022-45442
High	7.5	CVE-2022-29970
Medium	5.4	CVE-2024-21510
Medium	5.3	CVE-2025-61921

---

Release Notes

sinatra/sinatra (sinatra)

v4.2.0

Compare Source

• New: Add :static_headers setting for custom headers in static file responses (#​2089)
• Fix: Fix regex in etag_matches? to prevent ReDoS (#​2121)
• Fix: PATH_INFO can never be empty (#​2114)
• Fix: Fix malformed Content-Type headers (#​2081)
• Fix: Avoid crash for integer values in content_type parameters (#​2078)

v4.1.1

Compare Source

• Fix: Restore WEBrick support (#​2067)

v4.1.0

Compare Source

• New: Add host_authorization setting (#​2053)
  • Defaults to .localhost, .test and any IP address in development mode.
  • Security: addresses CVE-2024-21510.
• Fix: Return an instance of Sinatra::IndifferentHash when calling #except (#​2044)
• Fix: Address warning from URI for Ruby 3.4 (#​2060)
• Fix: rackup no longer depends on WEBrick, recommend Puma instead (4a558503)
• Fix: Zeitwerk 2.7.0+ compatibility (#​2050)
• Fix: Address warning about Hash construction for Ruby 3.4 (#​2028)
• Fix: Declare missing dependencies for Ruby 3.5 (#​2032)
• Fix: Compatibility with --enable-frozen-string-literal (#​2033)
• Fix: Rack 3.1 compatibility (#​2035)
  • Don't depend on Rack::Logger
  • Don't delete content-length header when Rack::Files is used

v4.0.1

Compare Source

• Rack 3.1 compatibility (#​2035)

• Fix malformed Content-Type headers (#​2081)

• Avoid crash for integer values in content_type parameters (#​2078)

• Fix compatibility with --enable-frozen-string-literal (#​2033)

• Declare missing dependencies for Ruby 3.5 (#​2032)

• Fix warning about Hash construction. (#​2028)

• Support Zeitwerk 2.7.0+ (#​2050)

• Address URI depreciation (#​2060)

v4.0.0

Compare Source

• New: Add support for Rack 3 (#​1857)

  • Note: you may want to read the Rack 3 Upgrade Guide

• Require Ruby 2.7.8 as minimum Ruby version (#​1993)

• Breaking change: Drop support for Rack 2 (#​1857)

  • Note: when using Sinatra to start the web server, you now need the rackup gem installed

• Breaking change: Remove the IndifferentHash initializer (#​1982)

• Breaking change: Disable session_hijacking protection by default (#​1984)

• Breaking change: Remove Rack::Protection::EncryptedCookie (#​1989)

  • Note: cookies are still encrypted (by Rack::Session::Cookie)

v3.2.0

Compare Source

• New: Add #except method to Sinatra::IndifferentHash (#​1940)

• New: Use Exception#detailed_message to show backtrace (#​1952)

• New: Add Sinatra::HamlHelpers to sinatra-contrib (#​1960)

• Fix: Add base64 to rack-protection runtime dependencies (#​1946)

• Fix: Avoid open-ended dependencies for sinatra-contrib and rack-protection (#​1949)

• Fix: Helpful message when Sinatra::Runner times out (#​1975)

• Fix: Ruby 3.3 + Bundler 2.5 compatibility (#​1975)

v3.1.0

Compare Source

• New: Add sass support via sass-embedded #​1911 by なつき

• New: Add start and stop callbacks #​1913 by Jevin Sew

• New: Warn on dropping sessions #​1900 by Jonathan del Strother

• New: Make Puma the default server #​1924 by Patrik Ragnarsson

• Fix: Remove use of Tilt::Cache #​1922 by Jeremy Evans (allows use of Tilt 2.2.0 without deprecation warning)

• Fix: rack-protection: specify rack version requirement #​1932 by Patrik Ragnarsson

v3.0.6

Compare Source

• Fix: Add support to keep open streaming connections with Puma #​1858 by Jordan Owens

• Fix: Avoid crash in uri helper on Integer input #​1890 by Patrik Ragnarsson

• Fix: Rescue RuntimeError when trying to use SecureRandom #​1888 by Stefan Sundin

v3.0.5

Compare Source

• Fix: Add Zeitwerk compatibility. #​1831 by Dawid Janczak

• Fix: Allow CALLERS_TO_IGNORE to be overridden

v3.0.4

Compare Source

• Fix: Escape filename in the Content-Disposition header. #​1841 by Kunpei Sakai

v3.0.3

Compare Source

• Fix: fixed ReDoS for Rack::Protection::IPSpoofing. #​1823 by @​ooooooo-q

v3.0.2

Compare Source

• New: Add Haml 6 support. #​1820 by Jordan Owens

v3.0.1

Compare Source

• Fix: Revert removal of rack-protection.rb. #​1814 by Olle Jonsson

• Fix: Revert change to server start and stop messaging by using Kernel#warn. Renamed internal warn method warn_for_deprecation. #​1818 by Jordan Owens

v3.0.0

Compare Source

• New: Add Falcon support. #​1794 by Samuel Williams and @​horaciob

• New: Add AES GCM encryption support for session cookies. [#​1324] (#​1324) by Michael Coyne

• Deprecated: Sinatra Reloader will be removed in the next major release.

• Fix: Internal Sinatra errors now extend Sinatra::Error. This fixes #​1204 and #​1518. bda8c29d by Jordan Owens

• Fix: Preserve query param value if named route param nil. #​1676 by Jordan Owens

• Require Ruby 2.6 as minimum Ruby version. #​1699 by Eloy Pérez

• Breaking change: Remove support for the Stylus template engine. #​1697 by Eloy Pérez

• Breaking change: Remove support for the erubis template engine. #​1761 by Eloy Pérez

• Breaking change: Remove support for the textile template engine. #​1766 by Eloy Pérez

• Breaking change: Remove support for SASS as a template engine. #​1768 by Eloy Pérez

• Breaking change: Remove support for Wlang as a template engine. #​1780 by Eloy Pérez

• Breaking change: Remove support for CoffeeScript as a template engine. #​1790 by Eloy Pérez

• Breaking change: Remove support for Mediawiki as a template engine. #​1791 by Eloy Pérez

• Breaking change: Remove support for Creole as a template engine. #​1792 by Eloy Pérez

• Breaking change: Remove support for Radius as a template engine. #​1793 by Eloy Pérez

• Breaking change: Remove support for the defunct Less templating library. See #​1716, #​1715 for more discussion and background. d1af2f1e by Olle Jonsson

• Breaking change: Remove Reel integration. 54597502 by Olle Jonsson

• CI: Start testing on Ruby 3.1. 60e221940 and b0fa4bef by Johannes Würbach

• Use Kernel#caller_locations. #​1491 by Julik Tarkhanov

• Docs: Japanese documentation: Add notes about the default_content_type setting. #​1650 by Akifumi Tominaga

• Docs: Polish documentation: Add section about Multithreaded modes and Routes. #​1708 by Patrick Gramatowski

• Docs: Japanese documentation: Make Session section reflect changes done to README.md. #​1731 by @​shu-i-chi

v2.2.4

Compare Source

v2.2.3

Compare Source

• Fix: Escape filename in the Content-Disposition header. #​1841 by Kunpei Sakai

• Fix: fixed ReDoS for Rack::Protection::IPSpoofing. #​1823 by @​ooooooo-q

v2.2.2

Compare Source

• Update mustermann dependency to version 2.

v2.2.1

Compare Source

• Fix JRuby regression by using ruby2_keywords for delegation. #​1750 by Patrik Ragnarsson

• Add JRuby to CI. #​1755 by Karol Bucek

v2.2.0

Compare Source

• Breaking change: Add #select, #reject and #compact methods to Sinatra::IndifferentHash. If hash keys need to be converted to symbols, call #to_h to get a Hash instance first. #​1711 by Olivier Bellone

• Handle EOFError raised by Rack and return Bad Request 400 status. #​1743 by tamazon

• Minor refactors in base.rb. #​1640 by ceclinux

• Add escaping to the static 404 page. #​1645 by Chris Gavin

• Remove detect_rack_handler method. #​1652 by ceclinux

• Respect content type set in superclass before filter. Fixes #​1647 #​1649 by Jordan Owens

• Revert "Use prepend instead of include for helpers. #​1662 by namusyaka

• Fix usage of inherited Sinatra::Base classes keyword arguments. Fixes #​1669 #​1670 by Cadu Ribeiro

• Reduce RDoc generation time by not including every README. Fixes #​1578 #​1671 by Eloy Pérez

• Add support for per form csrf tokens. Fixes #​1616 #​1653 by Jordan Owens

• Update MAINTENANCE.md with the stable branch status. #​1681 by Fredrik Rubensson

• Validate expanded path matches public_dir when serving static files. #​1683 by cji-stripe

• Fix Delegator to pass keyword arguments for Ruby 3.0. #​1684 by andrewtblake

• Fix use with keyword arguments for Ruby 3.0. #​1701 by Robin Wallin

• Fix memory leaks for proc template. Fixes #​1704 #​1719 by Slevin

• Remove unnecessary test_files from the gemspec. #​1712 by Masataka Pocke Kuwabara

• Docs: Spanish documentation: Update README.es.md with removal of Thin. #​1630 by Espartaco Palma

• Docs: German documentation: Fixed typos in German README.md. #​1648 by Juri

• Docs: Japanese documentation: Update README.ja.md with removal of Thin. #​1629 by Ryuichi KAWAMATA

• Docs: English documentation: Various minor fixes to README.md. #​1663 by Yanis Zafirópulos

• Docs: English documentation: Document when dump_errors is enabled. Fixes #​1664 #​1665 by Patrik Ragnarsson

• Docs: Brazilian Portuguese documentation: Update README.pt-br.md with translation fixes. #​1668 by Vitor Oliveira

CI

• Use latest JRuby 9.2.16.0 on CI. #​1682 by Olle Jonsson

• Switch CI from travis to GitHub Actions. #​1691 by namusyaka

• Skip the Slack action if secrets.SLACK_WEBHOOK is not set. #​1705 by Robin Wallin

• Small CI improvements. #​1703 by Robin Wallin

• Drop auto-generated boilerplate comments from CI configuration file. #​1728 by Olle Jonsson

sinatra-contrib

• Do not raise when key is an enumerable. #​1619 by Ulysse Buonomo

Rack protection

• Fix broken origin_whitelist option. Fixes #​1641 #​1642 by Takeshi YASHIRO

---

• If you want to rebase/retry this PR, check this box

[mend-for-github-com]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Gemfile.lock

Could not find gem 'sinatra'.