chore(deps): update mix dependencies #552
No reviewers
Labels
No labels
bug
duplicate
enhancement
help wanted
high priority
invalid
L
low priority
M
medium priority
needs refinement
optional
question
S
technical improvement
UX Improvement
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: local-it/mitgliederverwaltung#552
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "renovate/mix-dependencies"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
3.27.7→3.29.34.13.7→4.14.12.16.0→2.17.12.3.22→2.3.232.9.1→2.10.01.11.1→1.12.01.7.18→1.7.193.13.5→3.14.07.3.0→7.4.00.8.1→0.8.21.0.0→1.0.11.8.7→1.8.8~> 1.1.0-rc.3→~> 1.2.0~> 0.5→~> 0.61.12.0→1.12.21.25.1→1.26.2~> 0.4→~> 0.5~> 0.5→~> 0.60.28.1→0.28.2Release Notes
ash-project/ash (ash)
v3.29.3Compare Source
Bug Fixes:
Fixes CVE-2026-55736
v3.29.2Compare Source
Bug Fixes:
properly retain override messages on list of errors by @zachdaniel
narrow input/2 spec to no_return for resources without actions (#2758) by diogomrts (#2758)
respect actor from scope: in bulk actions under require_actor? (#2757) by @emadshaaban92 (#2757)
support uuidv7 generation when Ecto isn't started by @zachdaniel
ensure calc context is added to m2m through query by @zachdaniel
Improvements:
v3.29.1Compare Source
Bug Fixes:
handle all hook types in update_many by @zachdaniel
require primary keys explicitly as update_many targets by @zachdaniel
v3.29.0Compare Source
Features:
Ash.update_many/4by Zach DanielBug Fixes:
look up field policies by calc_name when authorizing calculation sorts (#2754) by Jesse Williams (#2754)
ensure modules are loaded before optional callback checks (#2753) by Vasilis Spilka
relate_actor with field: raises BadMapError for belongs_to (#2751) by diogomrts (#2751)
Improvements:
set
upsert_actionmetadata in ETS and Mnesia by Zach Danielallow partial identity join sorting (#2746) by Jechol Lee (#2746)
Make attribute_in delegate to one_of (#1713) (#2748) by nashjar000 (#2748)
Prompt to add use Ash.Domain when module exists but is not a domain (#2744) by gixtrem (#2744)
v3.28.0Compare Source
Features:
Bug Fixes:
use proper embedded casting for fields in composite types by @zachdaniel
preserve changeset context in
generate_many/2(#2742) by @nallwhy (#2742)validate multitenancy attribute by @zachdaniel
pass the index to Ash.DataLayer.upsert so it is included in the sql statement. (#2740) by David Corwin (#2740)
Improvements:
v3.27.8Compare Source
Bug Fixes:
crash loading nested aggregate over a multi-hop inner aggregate (#2732) by @joshprice (#2732)
propagate include_source? from union to inner embedded type constraints (#2716) by @Munksgaard (#2716)
auto-detect argument vs attribute in validation (#2714) by @ThomaseLucas (#2714)
ensure lock is passed in read_one/read_first (#2711) by Alt-iOS (#2711)
propagate parent query's context.shared into aggregate authorization filters (#2730) by @nallwhy (#2730)
Error when passing in {:ok, []} to Ash.load (#2722) by @cheerfulstoic (#2722)
match
ci_stringjoin keys case-insensitively when loadingmany_to_manyrelationships (#2731) by sevenseacat (#2731)Improvements:
switch to uuidv7 ecto's generator (#2734) by Kenneth Kostrešević (#2734)
Include all constraints in
Ash.Type.Decimal.generator/1(#2717) by David Corwin (#2717)team-alembic/ash_authentication_phoenix (ash_authentication_phoenix)
v2.17.1Compare Source
v2.17.0Compare Source
ash-project/ash_phoenix (ash_phoenix)
v2.3.23Compare Source
Bug Fixes:
unwrap
NewTypein auto-formmap_type?check (#475) by sevenseacat (#475)Skip embed form standalone validation (#474) by sevenseacat (#474)
propagate shared context to nested forms in add_form and validate (#472) by @nallwhy (#472)
ash-project/ash_postgres (ash_postgres)
v2.10.0Compare Source
Features:
update_manycallback by Zach DanielBug Fixes:
Filter out empty snapshot directories (#765) by Rutgerdj
move table schema migrations (#758) by febarnett3
rewrite belongs_to reference indexes when multitenancy changes (#762) by Jinkyou Son
handle skipped references and delete constraint errors (#759) by ChivukulaVirinchi
ignore migrate false resources in drop detection (#757) by ChivukulaVirinchi
place atomics in binding
1, not0by Zach DanielImprovements:
Implement upserts with MERGE (17+) by Zach Daniel
Warning for reviewing operations (#777) by colenelson0
add more generic table renaming by Zach Daniel
Add migrate_extensions? callback to allow repos to opt out of extension migrations (#761) by gixtrem
allow specifying global vs private statements (#751) by CyanideDragon
ash_postgres.gen.resources: many-to-many, views, no-PK tables, and prompt UX (#748) by Johannes Welebil
mtrudel/bandit (bandit)
v1.12.0Compare Source
Changes
local GenServer timeouts and network facing timeouts (#597 &
https://thousand-island.hexdocs.pm/changelog.html#1-5-0-1-jun-2026)
Fixes
Enhancements
rrrene/credo (credo)
v1.7.19Compare Source
elixir-ecto/ecto_sql (ecto_sql)
v3.14.0Compare Source
Enhancements
insert_mode: :ignoremix ecto.createto_sql/4{:unsafe_fragment, ...}support to RETURNING clauseExHammer/hammer (hammer)
v7.4.0Compare Source
:fix_window_per_keyalgorithm for ETS and Atomic backends — a fixed-window variant whose window is anchored to first hit per key instead of a globally-aligned wall-clock epoch. Same one-entry-per-key memory profile as:fix_window. The 2x boundary burst is still possible per key, but boundaries are no longer globally synchronized. (#181)ash-project/igniter (igniter)
v0.8.2Compare Source
Bug Fixes:
configures_keyby Zach DanielImprovements:
Add scoped configure/6 options for runtime env blocks (#385) by RhettPoole
Send issue output to stderr (#384) by daphnerosepurcell
allow remapping modules to their file locations w/ regexes (#378) by aheiner2001
add --except to igniter.upgrade --all (#383) by febarnett3
intercept --help for igniter.new and other tasks. (#382) by CaydenLords
software-mansion/live-debugger (live_debugger)
v1.0.1Compare Source
Enhancements
Bug fixes
phoenixframework/phoenix (phoenix)
v1.8.8Compare Source
phoenixframework/phoenix_live_view (phoenix_live_view)
v1.2.5Compare Source
Enhancements
Phoenix.LiveView.TagEngine'sEEx.Enginedeprecation warning includes file and line informationv1.2.4Compare Source
Bug fixes
live_img_preview/1that were missing after cleaning the global attribute list in 1.2.0 (#4316)v1.2.3Compare Source
This is a followup release to v1.2.2 that fixes the TypeScript declaration files being in the wrong subfolder.
Again, it does not contain any changes to the Elixir or JavaScript code itself.
v1.2.2Compare Source
This release fixes the npm package missing the TypeScript declaration files.
It does not contain any changes to the Elixir or JavaScript code itself, except small documentation improvements.
v1.2.1Compare Source
Bug fixes
v1.2.0Compare Source
Bug fixes
live_img_preview/1that were missing after cleaning the global attribute list in 1.2.0 (#4316)v1.1.32Compare Source
Bug fixes
wojtekmach/req (req)
v0.6.2Compare Source
v0.6.1Compare Source
[
compressed], [decompress_body]: Disable automatic decompressionDecompression is now opt-in by setting
compressed: true.v0.6.0Compare Source
[
encode_body]: Security fix for:form_multipartheader injection(GHSA-px9f-whj3-246m).
The multipart encoder interpolated the per-part
name,filename, andcontent_typeinto the part headers without escaping, so anattacker-controlled value could inject extra headers or smuggle additional
parts into the request. These values are now escaped per RFC 7578 / WHATWG
form-data (
", CR, and LF are percent-encoded).Thanks to @PJUllrich for reporting it.
[
decode_body]: Drop automatic zip/tar/tgz/gz/zst/csv decoding,(GHSA-655f-mp8p-96gv).
Req previously auto-decoded archive and compressed response bodies (
zip,tar,tgz,gz,zst, andcsv) based on the server-suppliedcontent-type, materialising the full decompressed contents in memory withno size cap. An attacker-controlled (or redirect-reachable) endpoint could
return a tiny "decompression bomb" that expanded to gigabytes and exhausted
the node's memory.
Now only JSON is decoded by default. Other formats are opt-in via the new
:decodersoption, which defaults to[:json, :json_api]. Setting itreplaces the default (include
:jsonto keep JSON decoding), andfalsedisables all decoding:
opt into archives (only for endpoints you trust):
doorgan/sourceror (sourceror)
v1.12.2Compare Source
Bug Fixes
v1.12.1Compare Source
Bug Fixes
Performance Improvements
swoosh/swoosh (swoosh)
v1.26.2Compare Source
🐛 Bug Fixes
v1.26.1Compare Source
🐛 Bug Fixes
cidhandling for Mailpit adapter @waseigo (#1155)v1.26.0Compare Source
✨ Features
📝 Documentation
v1.25.3Compare Source
📝 Documentation
🧰 Maintenance
v1.25.2Compare Source
🐛 Bug Fixes
phoenixframework/tailwind (tailwind)
v0.5.1Compare Source
v0.5.0Compare Source
:versionper profileenvvalues to be lists, joined by the OS path separatortidewave-ai/tidewave_phoenix (tidewave)
v0.6.1v0.6.0Compare Source
search_package_docstool has been moved to the Hex CLImathieuprog/tz (tz)
v0.28.2Compare Source
Configuration
📅 Schedule: (UTC)
* * 1-7 * *)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate.
⚠️ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
File name: mix.lock
View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.