Update phoenix: 1.4.17 → 1.4.18 (patch)

[depfu[bot]]

---

Welcome to Depfu 👋

This is one of the first three pull requests with dependency updates we've sent your way. We tried to start with a few easy patch-level updates. Hopefully your tests will pass and you can merge this pull request without too much risk. This should give you an idea how Depfu works in general.

After you merge your first pull request, we'll send you a few more. We'll never open more than seven PRs at the same time so you're not getting overwhelmed with updates.

Let us know if you have any questions. Thanks so much for giving Depfu a try!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ phoenix (1.4.17 → 1.4.18) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 3 commits:

• Release 1.4.18
• Fix wildcard check_origin vulnerability.
• Improve CHANGELOG.md (#3848)

✳️ jason (1.2.2 → 1.4.0) · Repo · Changelog

Release Notes

1.4.0

Enhancements

• Use the :erlang.float_to_binary(_, [:short]) function, instead of io_lib_format.fwrite_g/1
  where available (OTP 24.1+). This provides equivalent output with much less memory used
  and significantly improved performance.

1.3.0

Enhancements

• Add the Jason.OrderedObject struct
• Support decoding objects preserving all the keys with objects: :ordered_objects option
• Support decoding floats to Decimal with floats: :decimals option
• Add ~j and ~J sigils in module Jason.Sigil to support writing JSON literals in code

Fixes

• Fix error reporting when decoding strings (it was possible to mis-attribute the offending byte)
• Verify fields given to @derive

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 36 commits:

• Release 1.4.0
• Bump bench deps
• Bump CI versions
• Bump deps
• Use float_to_binary [:short] if available
• Bump OTP version in GitHub Actions (#153)
• Update README.md (#152)
• fix release year (#146)
• Release v1.3.0
• Add an option to decode JSON objects preserving order
• Adds float to decimal decoding option
• Abstract over decoders in Jason.Decode
• Save benchee data between runs
• Continue using older Ubuntu for older Elixir releases
• Separate dialyzer job
• Add Elixir 1.13 to CI
• Fix dialyzer
• Update bench dependencies
• Fix typo (#140)
• Update some dev dependencies (#139)
• Add Elixir 1.12 and OTP 24 to CI
• Fix tests
• Fix error reporting when decoding strings
• Fix CI (#136)
• Remove unecessary escape for quotes (#135)
• add canada as a benchmark, float heavy (#127)
• Misc doc changes (#126)
• Verify fields given to @derive (#123)
• Update deps
• Drop workaround for 1.10 --warnings-as-errors bug
• Update CI elixir & OTP versions
• Add decimal to dialyzer plt
• Make ex_doc regular dev dependency
• Run doctests from Jason.Sigil
• Convert sigils in Jason.Sigil to macros
• Support ~j and ~J sigils. (#121)

✳️ plug_cowboy (2.3.0 → 2.5.2) · Repo · Changelog

Release Notes

2.5.1 (from changelog)

Enhancements

• Allow to configure which errors should be logged
• Support telemetry 0.4.x or 1.x

2.5.0 (from changelog)

Enhancements

• Return :conn as Logger metadata on translator
• Support Ranch 2.0
• Support the :net option so developers can work with keyword lists
• Remove previously deprecated options

2.4.1 (from changelog)

Bug fixes

• Properly format linked exits

2.4.0 (from changelog)

Bug fixes

• Add cowboy_telemetry as a dependency and enable it by default

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 36 commits:

• Release v2.5.2
• Update cowboy.ex
• Optimize Telemetry to silence a logging message. (#73)
• Depend on telemetry via cowboy_telemetry
• typo: follow -> following (#72)
• Update ex_doc
• Release v2.5.1
• Add support telemetry v1.0 (#69)
• Allow to configure whether all errors should be logged (#68)
• Fix wrong docs link
• Release v2.5.0
• Add safety limits
• Update CI config (#65)
• Fix compatibility with ranch 2.x (#64)
• Move TCP specific config to the bottom
• Document using loopback vs public IP addresses (#61)
• Misc doc changes (#62)
• Fix links in README (#60)
• Minor fixes (#59)
• Plug.Cowboy.Translator - add conn to log metadata (#57)
• Refactor CI file, format, and test on Elixir 1.11 (#56)
• Update CHANGELOG and ex_doc
• Properly format linked exits
• More docs
• Clarify docs
• Improve docs, add net option
• Release v2.4.0
• Longer 'slow' process (#53)
• Run tests on latest Elixir
• Extend receive to fix flaky drainer test (#51)
• swap banner to gh actions (#52)
• Documentation tweaks (#50)
• Note how to opt-out of cowboy_telemetry instrumentation (#49)
• Bump cowboy_telemetry to 0.3.0 (#48)
• Instrumentation via cowboy_telemetry (#43)
• Add recommended Elixir and Erlang/OTP combinations to CI and migrate it from Travis to GitHub Actions (#45)

↗️ cowboy (indirect, 2.8.0 → 2.9.0) · Repo

Commits

See the full diff on Github. The new version differs by 14 commits:

• Cowboy 2.9.0
• Two more HTTP specs
• Cowlib 2.11.0 and Ranch 1.8.0
• AcceptCallback may now return created/see_other tuples for POST
• Also include trace messages when timestamp flag isn't used
• Use functions for inititalizing rate limiting
• Graceful shutdown
• Use gun:ws_send/3 in tests
• Don't produce an error report for normal stream process exits
• Update Erlang.mk
• Minor grammar corrections
• Fix concurrent body streaming getting stuck with HTTP/2
• Tweak a sentence in the guide
• Fix the cowboy_req:inform/3 example in the manual

↗️ cowlib (indirect, 2.9.1 → 2.11.0) · Repo

Sorry, we couldn't find anything useful about this release.

↗️ mime (indirect, 1.4.0 → 2.0.3) · Repo · Changelog

Release Notes

2.0.3 (from changelog)

• Support Markdown, JPEG XL, and PSD formats

2.0.2 (from changelog)

• Support Associated Signature Containers (ASiC) files
• Support .atom and .rss files

2.0.1 (from changelog)

• Add text extension to text/plain

2.0.0 (from changelog)

Upgrade note: mime v2 no longer ships with a complete database of mime.types, instead it lists the most common mime types used by web applications. When upgrading, check carefully if all mime types used by your app are supported.

• Ship with our own minimal types database

1.6.0 (from changelog)

• Deprecate MIME.valid?
• Ignore media type params
• Detect subtype suffix according to the spec

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 34 commits:

• Release v2.0.3
• psd extensions added (#71)
• Simplify extensions for heif/heic
• Support HEIC and HEIF images (#70)
• Fix failing CI by using latest ubuntu runner (#68)
• Add MIME type for markdown files (#67)
• Add MIME type for JPEG XL images (#65)
• Release v2.0.2
• Support Associated Signature Containers (ASiC) files (#64)
• Fix wrong comma (#63)
• ft: add MIME type for RSS feeds (#62)
• ft: add MIME type for Atom feeds (#61)
• Update package version in README file (#59)
• require Application
• Release v2.0.1
• Add text extension
• Release v2.0.0
• Add the `svgz` extension to the `svg` mimetype (#57)
• Make text/javascript MIME type prevail over application/javascript (#56)
• Add support for the following commonly used formats: (#54)
• Update mime.ex (#53)
• Add postscript and wasm
• Update CI
• Start v2 with a DB from scratch
• Update mime.types: Sync with IANA as of 2021-02-27 (#48)
• Update README status badge (#47)
• Release v1.6.0
• Ignore params and detect subtype suffix in extensions/1 (#45)
• Update CI config (#44)
• Release v1.5.0
• Release v1.4.1
• Add CI on GitHub Actions and stop using Travis CI (#41)
• Update (#40)
• Downcase extensions and mime types in extensions (#39)

↗️ plug (indirect, 1.10.4 → 1.13.6) · Repo · Changelog

Release Notes

1.13.6 (from changelog)

Bug fixes

• Fix compile-time dependencies in Plug.Builder

1.13.5 (from changelog)

Enhancements

• Support :via in Plug.Router.forward/2

Bug fixes

• Fix compile-time deps in Plug.Builder
• Do not require routes to be compile-time binaries in Plug.Router.forward/2

1.13.4 (from changelog)

Bug fixes

• Improve deprecation warnings

1.13.3 (from changelog)

Enhancements

• [Plug.Builder] Introduce :copy_opts_to_assign instead of builder_opts/0
• [Plug.Router] Do not introduce compile-time dependencies in Plug.Router

1.13.2 (from changelog)

Bug fixes

• [Plug.Router] Properly fix regression on Plug.Router helper function accidentally renamed

1.13.1 (from changelog)

Bug fixes

• [Plug.Router] Fix regression on Plug.Router helper function accidentally renamed

1.13.0 (from changelog)

Enhancements

• [Plug.Builder] Do not add compile-time deps to literal options in function plugs
• [Plug.Parsers.MULTIPART] Allow custom conversion of multipart to parameters
• [Plug.Router] Allow suffix matches in the router (such as /feeds/:name.atom)
• [Plug.Session] Allow a list of :rotating_options for rotating session cookies
• [Plug.Static] Allow a list of :encodings to be given for handling static assets
• [Plug.Test] Raise an error when providing path not starting with "/"

Bug fixes

• [Plug.Upload] Normalize paths coming from environment variables

Deprecations

• [Plug.Router] Mixing prefix matches with globs is deprecated
• [Plug.Parsers.MULTIPART] Deprecate :include_unnamed_parts_at

1.12.1 (from changelog)

Bug fixes

• [Plug] Make sure module plugs are compile time dependencies if init mode is compile-time

1.12.0 (from changelog)

Enhancements

• [Plug] Accept mime v2.0
• [Plug] Accept telemetry v1.0
• [Plug.Conn] Improve performance of UTF-8 validation
• [Plug.Conn.Adapter] Add API for creating a connection
• [Plug.Static] Allow MFA in :from

1.11.1 (from changelog)

Enhancements

• [Plug.Upload] Allow transfer of ownership in Plug.Upload

Bug fixes

• [Plug.Debugger] Drop CSP Header when showing error via Plug.Debugger
• [Plug.Test] Populate query_params from Plug.Test.conn/3

1.11.0 (from changelog)

Enhancements

• [Plug.RewriteOn] Add a new public to handle x-forwarded headers
• [Plug.Router] Add macro for head requests

Bug fixes

• [Plug.CSRFProtection] Do not crash if request body params are not available
• [Plug.Conn.Query] Conform www-url-encoded parsing to whatwg spec

Deprecations

• [Plug.Parsers.MULTIPART] Deprecate passing MFA to MULTIPART in favor of a more composable approach

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ plug_crypto (indirect, 1.1.2 → 1.2.3) · Repo · Changelog

Release Notes

1.2.3 (from changelog)

• Remove warnings on Elixir v1.14

1.2.1 (from changelog)

• Add support for Erlang/OTP 24

1.2.0 (from changelog)

• Update Elixir requirement to Elixir 1.7+.
• Fixed a bug that allowed to sign and encrypt stuff with nil secret key base and salt.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 25 commits:

• Release v1.2.3
• Fix Elixir 1.14 warnings (#30)
• Update ci.yml
• Use `import Bitwise` instead of `use Bitwise` (#29)
• Update plug link (#26)
• Update crypto.ex
• Rename arg for clarity in Plug.Crypto.encrypt/4 (#25)
• Run formatter
• Release v1.2.2
• Remove warnings on Elixir v1.12
• Update CI config (#24)
• Fix latest version in CHANGELOG.md (#23)
• Release v1.2.1
• Improve check for new crypto API (#22)
• Misc doc changes (#21)
• Use crypto new API (#20)
• Minor fixes - CI and README (#19)
• Minor fixes (#18)
• Move from Travis CI to GitHub actions (#17)
• Release v1.2.0
• Replace obsolete stacktraces and bump requirements (#15)
• Include LICENSE file when publishing to hex (#14)
• Run formatter
• Ensure non-empty secrets, closes #13
• Update comments on CEK (#12)

↗️ ranch (indirect, 1.7.1 → 1.8.0) · Repo

Commits

See the full diff on Github. The new version differs by 4 commits:

• Ranch 1.8.0
• Unconditionally run tests that use tracing
• Unconditionally run SNI/getstat tests
• Use ssl:handshake instead of ssl:ssl_accept

↗️ telemetry (indirect, 0.4.2 → 0.4.3) · Repo · Changelog

Release Notes

0.4.3 (from changelog)

This release improves the telemetry:span/3 function by adding the telemetry_span_context metadata to all span events. The new metadata enables correlating span events that belong to the same span.

Added

• Added telemetry_span_context metadata to all events emitted by telemetry:span/3.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 7 commits:

• Release 0.4.3 (#76)
• Add support for span context (#75)
• Migrate to main branch (#73)
• Switch to GitHub actions (#72)
• Fix typo in telemetry module documentation (#70)
• Merge pull request #67 from ericsullivan/note_about_convert_time_unit
• add a note about using convert_time_unit

🆕 cowboy_telemetry (added, 0.3.1)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)