Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TRACKING] - Update to Rack 3 #742

Open
YOU54F opened this issue Dec 6, 2024 · 5 comments
Open

[TRACKING] - Update to Rack 3 #742

YOU54F opened this issue Dec 6, 2024 · 5 comments
Labels
smartbear-supported SmartBear engineering team will support this issue. See https://docs.pact.io/help/smartbear

Comments

@YOU54F
Copy link
Member

YOU54F commented Dec 6, 2024
edited
Loading

Scope

This ticket aims to documents the steps required to upgrade the Pact Broker Application to support Rack 3.

Rationale

The Ruby Rack gem has had a major bump to version 3.

https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md

The Pact Broker has dependencies on projects which use Rack, namely webmachine and Sinatra

pact_broker/pact_broker.gemspec

Line 58 in 476af02

gem.add_runtime_dependency "webmachine", ">= 2.0.0.beta", "< 3.0"

pact_broker/Gemfile

Line 11 in 476af02

gem "sinatra", "~> 3.0", require: false

Sinatra supports Rack 3, in version 4.x+ however Webmachine does not yet support Rack 3 which impedes our progress.

Affected Issues

  1. Sinatra CVE cve-2024-21510 present in 3.x

Work required

TBC
YOU54F added a commit to pact-foundation/pact-broker-docker that referenced this issue Dec 6, 2024
@YOU54F
fix(audit): skip cve-2024-21510
b7f69e7 
See pact-foundation/pact_broker#742 for detail

This allows the pact broker image to be updated with the latest updates outside of Sinatra, whilst work is required in pact_broker to resolve.
@YOU54F YOU54F mentioned this issue Dec 6, 2024
Merged
YOU54F added a commit to pact-foundation/pact-broker-docker that referenced this issue Dec 6, 2024
@YOU54F
fix(audit): skip cve-2024-21510 (#217)
596a7d4 
* fix(audit): skip cve-2024-21510

See pact-foundation/pact_broker#742 for detail

This allows the pact broker image to be updated with the latest updates outside of Sinatra, whilst work is required in pact_broker to resolve.
@mefellows mefellows added the smartbear-supported SmartBear engineering team will support this issue. See https://docs.pact.io/help/smartbear label Dec 10, 2024
@github-actions GitHub Actions
Copy link

🤖 Great news! We've labeled this issue as smartbear-supported and created a tracking ticket in PactFlow's Jira (PACT-2960). We'll keep work public and post updates here. Meanwhile, feel free to check out our docs. Thanks for your patience!

@rholshausen
Copy link
Contributor

Webmachine does not yet support Rack 3 which impedes our progress

Just a note, Webmachine is not a Rack application, it is an independent server framework. There is a Rack adapter that is used to allowing mounting Webmachine resources in a Rack app. All we need to do is create a Rack 3 adapter, which I don't think will be very hard as the adapter is only about 50 lines of code.

@rholshausen
Copy link
Contributor

Created branch chore/rack3

Image

This won't take long.

@rholshausen
Copy link
Contributor

Green build! https://github.com/pact-foundation/pact_broker/actions/runs/12921273536

@mefellows mefellows pinned this issue Feb 3, 2025
@YOU54F YOU54F mentioned this issue Feb 13, 2025
Open
1 task
@YOU54F
Copy link
Member Author

YOU54F commented Mar 4, 2025

This has now been released in https://github.com/pact-foundation/pact_broker/releases/tag/v2.113.1

However in trying to consume in the pact-broker-docker project, I am getting errors

pact-broker-1  | 2025-03-04 14:22:47 +0000 Rack app ("GET /diagnostic/status/heartbeat" - (172.18.0.4)): #<LoadError: cannot load such file -- webrick>

I also noted the example project was included in the repo fails when run, and invoked

https://github.com/pact-foundation/pact-broker-docker/actions/runs/13654993034/job/38171882397#step:9:779

it shows the same cannot load such file -- webrick error, if webrick (which has explicitly been added in the example project as part of the Rack 3 PR) is removed.

When the example project is run bundle exec rackup, it will return errors.

Rack::Lint::LintError: uppercase character in header name: Vary (Rack::Lint::LintError)

and for other headers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
smartbear-supported SmartBear engineering team will support this issue. See https://docs.pact.io/help/smartbear
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mefellows @YOU54F @rholshausen