Skip to content

chore: Bump corsica from 1.3.0 to 2.1.3 #794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

chore: Bump corsica from 1.3.0 to 2.1.3 #794

wants to merge 3 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 26, 2024
edited
Loading

Bumps corsica from 1.3.0 to 2.1.3.

Changelog

Sourced from corsica's changelog.

v2.1.3

  • Remove Dialyzer PLTs from the Hex package. This has no functional impact whatsoever on the library. The PLTs were accidentally published together with the Hex package, which just results in an unnecessarily large Hex package.

v2.1.2

  • Fix a bug with typespecs and Dialyzer.

v2.1.1

Bug fixes

  • Fix a small issue with preflight requests and the :passthrough_non_cors_requests option.
  • Add the Corsica.options/0 type.

v2.1.0

Improvements

  • Add the :passthrough_non_cors_requests option.
  • Add the Corsica.sanitized_options/0 and Corsica.options/0 types.

v2.0.0

Breaking changes

  • The :origins option is now required. Not having this option used to warn before this version.
  • The :log option was removed in favor of Corsica.Telemetry.

Improvements

  • Start emitting Telemetry events (see Corsica.Telemetry).
  • Bump Elixir requirement to 1.11+.
  • Response headers that contain lists (such as access-control-expose-headers) are now joined without spaces, so what could be GET, POST, DELETE before is now GET,POST,DELETE. Every byte's important.

Upgrading from 1.x to 2.0.0 is a matter of these things:

  • If you're not specifying the :origins options when using Corsica, add origins: "*" to all the places you're using Corsica (as a plug, through Corsica.Router, or through the functions in the Corsica module).

  • If you were using the :log option, remove it and call this in your application's start/2 callback:

    log_levels = # what you were using before as the :log option
Corsica.Telemetry.attach_default_handler(log_levels: log_levels)
Supervisor.start_link(...)

Commits
  • 4267102 Release v2.1.3
  • 98c7e77 Remove PLTs from Hex package (#69)
  • 3f8f975 Update excoveralls to remove transitive dependencies
  • 432443d Add GitHub action to publish to Hex
  • 6eca50d Change version to 2.0 on README installation section (#67)
  • 8f555a6 Release v2.1.2
  • 1560dcc Remove opaque Corsica.sanitized_options/0 type
  • 1857c34 Release v2.1.1
  • c3e17ef Fix small bug with :passthrough_non_cors_requests
  • 2bce890 Update missing info in CHANGELOG
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file elixir Pull requests that update Elixir code labels Apr 26, 2024
@github-actions
Copy link

Coverage of commit 474cd5e

Summary coverage rate:
  lines......: 89.1% (4203 of 4715 lines)
  functions..: 71.1% (2258 of 3178 functions)
  branches...: no data found

Files changed coverage rate: n/a

Download coverage report

@dependabot dependabot bot force-pushed the dependabot/hex/corsica-2.1.3 branch from 474cd5e to 96dc457 Compare May 21, 2024 23:02
@github-actions
Copy link

Coverage of commit 96dc457

Summary coverage rate:
  lines......: 89.1% (4204 of 4716 lines)
  functions..: 71.0% (2257 of 3177 functions)
  branches...: no data found

Files changed coverage rate: n/a

Download coverage report

@firestack firestack self-assigned this Oct 3, 2025
@firestack
Copy link
Member

@dependabot recreate

@firestack firestack self-requested a review October 8, 2025 16:14
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 8, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

@rudiejd rudiejd mentioned this pull request Oct 15, 2025
Closed
@firestack
Copy link
Member

@dependabot recreate

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 21, 2025

Dependabot can't resolve your Elixir dependency files. Because of this, Dependabot cannot update this pull request.

@firestack firestack force-pushed the dependabot/hex/corsica-2.1.3 branch from 96dc457 to 6238b98 Compare October 21, 2025 16:01
@firestack firestack requested a review from a team as a code owner October 21, 2025 16:01
@firestack
Copy link
Member

firestack commented Oct 21, 2025
edited
Loading

@jzimbel-mbta I made a change here, could you check me here that I'm good?

When I checked the deployed environment I confirmed that the behavior in dev-blue matches prod with regard to origin

@firestack firestack removed request for a team and firestack October 21, 2025 19:34
dependabot bot and others added 3 commits October 22, 2025 10:50
@dependabot @firestack
chore: Bump corsica from 1.3.0 to 2.1.3
efe48a0 
Bumps [corsica](https://github.com/whatyouhide/corsica) from 1.3.0 to 2.1.3.
- [Release notes](https://github.com/whatyouhide/corsica/releases)
- [Changelog](https://github.com/whatyouhide/corsica/blob/main/CHANGELOG.md)
- [Commits](whatyouhide/corsica@v1.3.0...v2.1.3)

---
updated-dependencies:
- dependency-name: corsica
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@firestack
chore: mix deps.update corsica
0d03947
@firestack
fix: convert import Corsica to alias
f4e0ef1 
makes external calls more visible for tracking changes to upstream code and future deprecations and breaking changes.
@firestack firestack force-pushed the dependabot/hex/corsica-2.1.3 branch from 6238b98 to f4e0ef1 Compare October 22, 2025 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jzimbel-mbta jzimbel-mbta Awaiting requested review from jzimbel-mbta

At least 1 approving review is required to merge this pull request.

Assignees

@firestack firestack

Labels

dependencies Pull requests that update a dependency file elixir Pull requests that update Elixir code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@firestack