datacite / volpino

The DataCite Profiles service
https://profiles.datacite.org
MIT License
2 stars 0 forks source link

Bump rack-cors from 1.0.3 to 1.0.5 #84

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 5 years ago

Bumps rack-cors from 1.0.3 to 1.0.5.

Changelog *Sourced from [rack-cors's changelog](https://github.com/cyu/rack-cors/blob/master/CHANGELOG.md).* > ## 1.0.5 - 2019-11-14 > ### Changed > - Update Gem spec to require rack >= 1.6.0 > > ## 1.0.4 - 2019-11-13 > ### Security > - Escape and resolve path before evaluating resource rules (thanks to Colby Morgan)
Commits - [`b704fda`](https://github.com/cyu/rack-cors/commit/b704fda88298b311218b20452c7004506e800a29) Up rack requirement - [`baa02d2`](https://github.com/cyu/rack-cors/commit/baa02d22c2d69808fe56e249faa6455a04f01193) Updating Gems to hopefully get rid of alerts in GH - [`a5e8546`](https://github.com/cyu/rack-cors/commit/a5e854611254efd214f063895384f73aefc06f46) Reduce default max_age to a more sensible value - [`e4d4fc3`](https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d) Unescape and resolve paths before resource checks - [`145a5df`](https://github.com/cyu/rack-cors/commit/145a5df2f1a02bcddfaaf7cf61690e330a1d2a84) [CI] Test against Ruby 2.6 - See full diff in [compare view](https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.5)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/datacite/volpino/network/alerts).

This change is Reviewable