Bump github.com/rs/cors from 1.9.0 to 1.11.0 in /api#60
Conversation
Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.9.0 to 1.11.0. - [Commits](rs/cors@v1.9.0...v1.11.0) --- updated-dependencies: - dependency-name: github.com/rs/cors dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
|
[Severity: Major] [Confidence: High] Location: api/go.mod:10 Issue: This Dependabot PR is also upgrading Why it matters: Suggested fix: Either pin |
julsemaan
left a comment
julsemaan
left a comment
There was a problem hiding this comment.
Overall assessment: This PR looks low-risk for the github.com/rs/cors portion, but it also upgrades the direct github.com/rs/rest-layer dependency. That makes the effective change broader than the PR title/body suggest and raises API/runtime regression risk.
Risk level: Medium
Critical issues:
- None.
Major issues:
api/go.modalso movesgithub.com/rs/rest-layerfromv0.0.0-20160505213648-cb84bc79b5b8tov0.2.0. I left a location-specific comment because this dependency is used directly in the API handler/resource setup.- There are no successful PR checks attached here (
check_runs: 0, combined status stillpending), so this direct dependency change is not currently backed by automated validation.
Minor issues:
- None.
DRY improvement opportunities:
- None specific to this diff.
Suggested next steps:
- Re-pin
github.com/rs/rest-layerfor this PR, or split that upgrade into its own PR. - Run and attach
go test ./...results, plus a small API smoke/integration test around resource binding and insert hooks before merging therest-layerchange.
2 participants
Bumps github.com/rs/cors from 1.9.0 to 1.11.0.
Commits
4c32059Normalize allowed request headers and store them in a sorted set (fixes #170)...8d33ca4Complete documentation; deprecate AllowOriginRequestFunc in favour of AllowOr...af821aeMerge branch 'jub0bs-master'0bcf73fUpdate benchmarkeacc8e8Fix skewed middleware benchmarks (#165)9297f15Respect the documented precedence of options (#163)73f81b4Fix readme benchmark rendering (#161)e19471cPrevent empty Access-Control-Expose-Headers header (#160)20a76bdUpdate benchmark46855aeRemove travis build report from READMEDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.