Merge branch 'main' into jm-random-period-offset

Conflicts:
  lib/rack/attack/cache.rb
    Resolved (just a code comment)

Author: jamiemccarthy

lib/rack/attack/cache.rb

@@ -69,7 +69,7 @@ def key_and_expiry(unprefixed_key, period, use_offset = false)
         period_number, time_into_period = period_number_and_time_into(period, offset)
         period_remainder = period - time_into_period
         @last_retry_after_time = @last_epoch_time + period_remainder
-        # Add 1 to expires_in to avoid timing error: https://git.io/i1PHXA
+        # Add 1 to expires_in to avoid timing error: https://github.com/rack/rack-attack/pull/85
         expires_in = period_remainder + 1
         ["#{prefix}:#{period_number}:#{unprefixed_key}", expires_in]
       end

lib/rack/attack/path_normalizer.rb

@@ -4,7 +4,9 @@ module Rack
   class Attack
     # When using Rack::Attack with a Rails app, developers expect the request path
     # to be normalized. In particular, trailing slashes are stripped.
-    # (See https://git.io/v0rrR for implementation.)
+    # (See
+    # https://github.com/rails/rails/blob/f8edd20/actionpack/lib/action_dispatch/journey/router/utils.rb#L5-L22
+    # for implementation.)
     #
     # Look for an ActionDispatch utility class that Rails folks would expect
     # to normalize request paths. If unavailable, use a fallback class that