Update rack-cors to 1.0.6
What does this MR do?
Updates rack-cors
to 1.0.6.
Information:
- Changelog: https://github.com/cyu/rack-cors/blob/master/CHANGELOG.md#106---2019-11-14
- Diff: https://github.com/cyu/rack-cors/compare/v1.0.2..v1.0.6
Closes #39143 (closed)
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Merge request reports
Activity
added security label
added maintenancedependency label
2 Warnings This merge request does not have any assignee yet. Setting an assignee clarifies who needs to take action on the merge request at any given time. This merge request does not refer to an existing milestone. Reviewer roulette
Changes that require review have been detected! A merge request is normally reviewed by both a reviewer and a maintainer in its primary category (e.g. frontend or backend), and by a maintainer in all other categories.
To spread load more evenly across eligible reviewers, Danger has randomly picked a candidate for each review slot. Feel free to override this selection if you think someone else would be better-suited, or the chosen person is unavailable.
Once you've decided who will review this merge request, mention them as you normally would! Danger does not (yet?) automatically notify them for you.
Category Reviewer Maintainer backend Doug Stull ( @dstull
)James Lopez ( @jameslopez
)Generated by
Dangerchanged milestone to %12.7
@joshlambert given these are security fixes, they should be backported to the previous two monthly releases, as per our release and maintenance policy
@stanhu - WDYT about this one?
@joshlambert Looks good to me. Did some basic tests and looked at the diff. I saw that
max_age
changed its default time, but it doesn't appear we are using that.Thanks @stanhu!
I did a bit of testing as well, but missed themax_age
bit. Thanks for reviewing.
mentioned in commit ee46dd70
The changelog suggests this is a security fix of some sort. If this is indeed the case the regular security workflow should be followed, and backports should be set up for all affected stable branches. Release managers do not have the capacity to handle certain merge requests differently when working on a security release.
mentioned in merge request !24152 (merged)
@joshlambert Any thoughts about !24152 (comment 282120059) ?
added typemaintenance label