Update rack requirement from ~> 2.0 to ~> 3.0

[dependabot]

Updates the requirements on rack to permit the latest version.

Changelog

Sourced from rack's changelog.

[3.0.0] - 2022-09-06

• No changes

[3.0.0.rc1] - 2022-09-04

SPEC Changes

• Stream argument must implement << rack/rack#1959
• close may be called on rack.input rack/rack#1956
• rack.response_finished may be used for executing code after the response has been finished rack/rack#1952

[3.0.0.beta1] - 2022-08-08

Security

• Do not use semicolon as GET parameter separator. (#1733, [@​jeremyevans])

SPEC Changes

• Response array must now be non-frozen.
• Response status must now be an integer greater than or equal to 100.
• Response headers must now be an unfrozen hash.
• Response header keys can no longer include uppercase characters.
• Response header values can be an Array to handle multiple values (and no longer supports \n encoded headers).
• Response body can now respond to #call (streaming body) instead of #each (enumerable body), for the equivalent of response hijacking in previous versions.
• Middleware must no longer call #each on the body, but they can call #to_ary on the body if it responds to #to_ary.
• rack.input is no longer required to be rewindable.
• rack.multithread/rack.multiprocess/rack.run_once/rack.version are no longer required environment keys.
• SERVER_PROTOCOL is now a required environment key, matching the HTTP protocol used in the request.
• rack.hijack? (partial hijack) and rack.hijack (full hijack) are now independently optional.
• rack.hijack_io has been removed completely.
• rack.response_finished is an optional environment key which contains an array of callable objects that must accept #call(env, status, headers, error) and are invoked after the response is finished (either successfully or unsucessfully).
• It is okay to call #close on rack.input to indicate that you no longer need or care about the input.
• The stream argument supplied to the streaming body and hijack must support #<< for writing output.

Removed

• Remove rack.multithread/rack.multiprocess/rack.run_once. These variables generally come too late to be useful. (#1720, [@​ioquatix], [@​jeremyevans]))
• Remove deprecated Rack::Request::SCHEME_WHITELIST. ([@​jeremyevans])
• Remove internal cookie deletion using pattern matching, there are very few practical cases where it would be useful and browsers handle it correctly without us doing anything special. (#1844, [@​ioquatix])
• Remove rack.version as it comes too late to be useful. (#1938, [@​ioquatix])
• Extract rackup command, Rack::Server, Rack::Handler and related code into a separate gem. (#1937, [@​ioquatix])

Added

• Rack::Headers added to support lower-case header keys. ([@​jeremyevans])
• Rack::Utils#set_cookie_header now supports escape_key: false to avoid key escaping. ([@​jeremyevans])
• Rack::RewindableInput supports size. (@​ahorek)
• Rack::RewindableInput::Middleware added for making rack.input rewindable. ([@​jeremyevans])

... (truncated)

Commits

• 52901ca bump version, update changelog
• e58e2eb Fix unclosed strings in UPGRADE-GUIDE.md (#1960)
• 12742a0 bump version, update changelog
• 6aad539 The stream argument must implement #<<. (#1959)
• ffee3c5 Allow calling close on rack.input. (#1956)
• 6fc4a32 Make MockResponse#body work if body.each reuses strings for performance
• 1a9b98d For some reason, the recently released version breaks Ruby v2.5.
• 856c4f9 Add rack.response_finished to Rack::Lint. (#1952)
• 1a37044 Refactor tests. (#1953)
• 293b8e7 Do not add lib to load path when running separate tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.