dependabot-preview[bot]
commented
4 years ago OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.
Bumps cors_plug from 1.5.2 to 2.0.0.
Release notes
*Sourced from [cors_plug's releases](https://github.com/mschae/cors_plug/releases).* > ## v2.0.0 > > * Enhancements > * Instead of sending `"null"` we don't set the headers at all if the origin doesn't match, as suggested by the [CORS draft 7.2](https://w3c.github.io/webappsec-cors-for-developers/#avoid-returning-access-control-allow-origin-null). Thanks to [@YuLeven](https://github.com/YuLeven) for initiating the discussion and [@slashmili](https://github.com/slashmili) for fixing it. Since we change the return values I consider this a breaking change and released a new major version. > * You can now set the option `send_preflight_response?` to `false` (it's `true` by default) to stop `CorsPlug` sending a response to the frelight request. That way the correct headers are set but it's up to you to respond to the request downstream.Changelog
*Sourced from [cors_plug's changelog](https://github.com/mschae/cors_plug/blob/master/CHANGELOG.md).* > # Changelog > > ## v.2.0.0 > > * Enhancements > * Instead of sending `"null"` we don't set the headers at all if the origin doesn't match, as suggested by the [CORS draft 7.2](https://w3c.github.io/webappsec-cors-for-developers/#avoid-returning-access-control-allow-origin-null). Thanks to [@YuLeven](https://github.com/YuLeven) for initiating the discussion and [@slashmili](https://github.com/slashmili) for fixing it. Since we change the return values I consider this a breaking change and released a new major version. > * You can now set the option `send_preflight_response?` to `false` (it's `true` by default) to stop `CorsPlug` sending a response to the preflight request. That way the correct headers are set but it's up to you to respond to the request downstream. > > ## v.1.5.2 > > * Fixes > * Relax version requirements > > ## v.1.5.1 > > * Fixes > * Send proper return value if `Access-Control-Request-Headers` is not present. > (thanks [@shivamMg](https://github.com/shivamMg)) > > ## v.1.5.0 > > * Enhancements > * Allow configuration of origin via function (thanks [@mauricioszabo](https://github.com/mauricioszabo)). > > ## v.1.4.0 > > * Enhancements > * Allows both `*` as well as specific domains in the `origins` config, returns > the corresponding value (thanks [@mustafaturan](https://github.com/mustafaturan)) > * Fixes > * Don't overwrite `vary` header values with `"Origin"`, instead append it. > * Don't set `vary` header to empty string if not needed. > * Use `Plug.Conn.merge_resp_headers/2` > > New major release because of the `vary` header changes, I don't expect this > to break anything. > > ## v.1.3.0 > > * Enhancements > * Allows configuration via app config (see [https://github.com/mschae/cors_plug/blob/master/README.md](https://github.com/mschae/cors_plug/blob/master/README.md), thanks > [@TokiTori](https://github.com/TokiTori)). > > ## v.1.2.1 > > * Fixes > * Match for exact origin only (thanks [@somlor](https://github.com/somlor) and [@JordanAdams](https://github.com/JordanAdams)). > * Add Vary to response header (thanks [@linjunpop](https://github.com/linjunpop)). > > ## v.1.2.0 > ... (truncated)Commits
- [`f5c5c4c`](https://github.com/mschae/cors_plug/commit/f5c5c4c212248b2c27aaa07e60c7c9334c2a4183) Fix README - [`1ca97ed`](https://github.com/mschae/cors_plug/commit/1ca97ed844b200f97bc54df83426815854d1235d) Add [@doc](https://github.com/doc) false and move public before private functions - [`d4da794`](https://github.com/mschae/cors_plug/commit/d4da794757e06745be63583518188185678aa0d2) Release v.2.0.0 - [`dbecadf`](https://github.com/mschae/cors_plug/commit/dbecadf9f749fc3b1e222b8b02f16bc9da319eb9) Add send_preflight_response? opt. ([#55](https://github-redirect.dependabot.com/mschae/cors_plug/issues/55)) - [`fb12d5d`](https://github.com/mschae/cors_plug/commit/fb12d5da7354762128053d0a5faf4870bcfb1334) Avoid setting null header when origin doesn't match ([#57](https://github-redirect.dependabot.com/mschae/cors_plug/issues/57)) - [`3752ed9`](https://github.com/mschae/cors_plug/commit/3752ed9698c494d40c212aa35b034d06e14c0dd7) Add send_preflight_response? opt. - [`5dfdbb7`](https://github.com/mschae/cors_plug/commit/5dfdbb77be6a0b0eabed376a58ff88f9ee51dace) Format and update dependencies - [`62e32b1`](https://github.com/mschae/cors_plug/commit/62e32b15c899e3afc10c609283118adaef7e663e) Stop testing outdated version - See full diff in [compare view](https://github.com/mschae/cors_plug/compare/v1.5.2...v2.0.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.