-
Stan Hu authored
This is needed to address a few outstanding CVEs and fix cookie timestamp formats. Full list of changes: https://github.com/rack/rack/compare/2.0.9..2.1.4 Relates to: * https://gitlab.com/gitlab-org/gitlab/-/issues/36362 * https://gitlab.com/gitlab-org/gitlab/-/issues/228622 Rack v2.1.x no longer coerces the body to a string. The Rack spec (https://github.com/rack/rack/blob/master/SPEC.rdoc#the-body-) says: The Body must respond to `each` and must only yield String values Previously in a few places the Grape API was returning the status code as an integer, which Grape used as the response body. To preserve the legacy behavior, we explicitly set the body to the stringified integer. In https://gitlab.com/gitlab-org/gitlab/-/issues/267598, we saw Maven packages report 500 errors because a `nil` body was being returned. This has been fixed in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/45271. Because it's easy to mistakenly return the wrong type in the Grape body, this commit also adds a new Grape middleware that will automatically coerce values to strings but raise an exception in development and test. This reverts https://gitlab.com/gitlab-org/gitlab/-/merge_requests/45246 and brings back https://gitlab.com/gitlab-org/gitlab/-/merge_requests/44518.
2adfb1a1
