Reintroduce Rack v2.1.4
This is needed to address a few outstanding CVEs and fix cookie timestamp formats.
Full list of changes: https://github.com/rack/rack/compare/2.0.9..2.1.4
Relates to:
Rack v2.1.x no longer coerces the body to a string. The Rack spec (https://github.com/rack/rack/blob/master/SPEC.rdoc#the-body-) says:
The Body must respond to each
and must only yield String values
Previously in a few places the Grape API was returning the status code as an integer, which Grape used as the response body. To preserve the legacy behavior, we explicitly set the body to the stringified integer.
In #267598 (closed), we saw Maven
packages report 500 errors because a nil
body was being returned. This
has been fixed in
!45271 (merged).
Because it's easy to mistakenly return the wrong type in the Grape body, this commit also adds a new Grape middleware that will automatically coerce values to strings but raise an exception in development and test.
This reverts !45246 (merged) and brings back !44518 (merged).