Skip to content

Bump the mix-minor-and-patch group with 5 updates#26

Merged
andreogle merged 1 commit into
mainfrom
dependabot/hex/mix-minor-and-patch-384073b45d
Jul 9, 2026
Merged

Bump the mix-minor-and-patch group with 5 updates#26
andreogle merged 1 commit into
mainfrom
dependabot/hex/mix-minor-and-patch-384073b45d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the mix-minor-and-patch group with 5 updates:

Package From To
phoenix 1.8.8 1.8.9
phoenix_live_view 1.2.5 1.2.6
postgrex 0.22.2 0.22.3
sentry 13.2.0 13.3.0
swoosh 1.26.2 1.26.3

Updates phoenix from 1.8.8 to 1.8.9

Changelog

Sourced from phoenix's changelog.

1.8.9 (2026-07-07)

Security fixes

  • CVE-2026-56811: Add a max_channels_per_transport option (defaulting to 100) to prevent a single client from spawning an unbounded number of channels (processes), eventually exhausting the server's memory or process limit.
  • CVE-2026-56812: Prevent presence keys from colliding with Object.prototype properties members, crashing the JS Presence client
  • Enforce longpoll batch size introduced in 1.8.6. This is additional hardening against CVE-2026-32689. If your application sends events with a very high frequency and uses long polling, such that a single longpoll request would exceed 100 events, you should update to 1.8.7 first.
Commits
  • 734c8d1 Release v1.8.9
  • beffc4d fix presence keys colliding with object prototype chain
  • 16e295d Limit the number of channels a single transport process can join
  • 211ff62 Allow authToken to be a function (#6751)
  • 6cb2a83 Enforce longpoll batch size
  • 5bf1ce6 Add missing test file
  • 046accc Normalize route verb while grouping
  • 21d1462 Group routes by verb during compilation (#6739)
  • 9d3f1f6 phx.gen.release: Document new Bob Web UI (#6721)
  • afcac09 Bump undici from 7.25.0 to 7.28.0 (#6736)
  • Additional commits viewable in compare view

Updates phoenix_live_view from 1.2.5 to 1.2.6

Release notes

Sourced from phoenix_live_view's releases.

v1.2.6

Bug fixes

  • Fix HTMLFormatter inserting extra characters in template with multi-codepoint emojis (#4321)
Changelog

Sourced from phoenix_live_view's changelog.

v1.2.6 (2026-07-07)

Bug fixes

  • Fix HTMLFormatter inserting extra characters in template with multi-codepoint emojis (#4321)
Commits
  • 521b4ef Release v1.2.6
  • f820721 Fix HTMLFormatter inserting extra characters in templates with multi-codepoin...
  • See full diff in compare view

Updates postgrex from 0.22.2 to 0.22.3

Changelog

Sourced from postgrex's changelog.

v0.22.3 (2026-07-09)

  • Security
    • Escape dollar signs in channel names in Postgrex.Notifications.listen/3 (CVE-2026-58225)
Commits

Updates sentry from 13.2.0 to 13.3.0

Release notes

Sourced from sentry's releases.

13.3.0

New Features ✨

Other

Internal Changes 🔧

CI

Deps

Other

Changelog

Sourced from sentry's changelog.

13.3.0

New Features ✨

Other

Internal Changes 🔧

CI

Deps

Other

Commits
  • 4721bb0 fix(deps): drop 'optional: true' from rewrite as it breaks packaging
  • b68e406 Update CHANGELOG for 13.3.0
  • 53b561d release: 13.3.0
  • 2043cad fix(deps): cap various deps depending on Elixir version (#1109)
  • e793721 chore(docs): properly mark availability for 13.3.0 (#1108)
  • 06ed0d4 fix(logs): default to Config.enable_logs? if handler config does not specify ...
  • 6f8f2a0 chore(deps): bump locks (#1106)
  • 051e9e2 fix(logs): stop reading logs config at runtime (#1103)
  • 4e00cd6 chore: add spans to client reports (#1104)
  • 676e43c chore(config): remove bandit from capture_excluded_domains (#1102)
  • Additional commits viewable in compare view

Updates swoosh from 1.26.2 to 1.26.3

Release notes

Sourced from swoosh's releases.

v1.26.3

🔒 Security

  • Fix URL path injection via unencoded sender address in MsGraph adapter (GHSA-754j-98wh-57rf / CVE-2026-54893)
Changelog

Sourced from swoosh's changelog.

1.26.3

🔒 Security

  • Fix URL path injection via unencoded sender address in MsGraph adapter (GHSA-754j-98wh-57rf / CVE-2026-54893)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the mix-minor-and-patch group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [phoenix](https://github.com/phoenixframework/phoenix) | `1.8.8` | `1.8.9` |
| [phoenix_live_view](https://github.com/phoenixframework/phoenix_live_view) | `1.2.5` | `1.2.6` |
| [postgrex](https://github.com/elixir-ecto/postgrex) | `0.22.2` | `0.22.3` |
| [sentry](https://github.com/getsentry/sentry-elixir) | `13.2.0` | `13.3.0` |
| [swoosh](https://github.com/swoosh/swoosh) | `1.26.2` | `1.26.3` |


Updates `phoenix` from 1.8.8 to 1.8.9
- [Release notes](https://github.com/phoenixframework/phoenix/releases)
- [Changelog](https://github.com/phoenixframework/phoenix/blob/v1.8.9/CHANGELOG.md)
- [Commits](phoenixframework/phoenix@v1.8.8...v1.8.9)

Updates `phoenix_live_view` from 1.2.5 to 1.2.6
- [Release notes](https://github.com/phoenixframework/phoenix_live_view/releases)
- [Changelog](https://github.com/phoenixframework/phoenix_live_view/blob/main/CHANGELOG.md)
- [Commits](phoenixframework/phoenix_live_view@v1.2.5...v1.2.6)

Updates `postgrex` from 0.22.2 to 0.22.3
- [Release notes](https://github.com/elixir-ecto/postgrex/releases)
- [Changelog](https://github.com/elixir-ecto/postgrex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/elixir-ecto/postgrex/commits)

Updates `sentry` from 13.2.0 to 13.3.0
- [Release notes](https://github.com/getsentry/sentry-elixir/releases)
- [Changelog](https://github.com/getsentry/sentry-elixir/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-elixir@13.2.0...13.3.0)

Updates `swoosh` from 1.26.2 to 1.26.3
- [Release notes](https://github.com/swoosh/swoosh/releases)
- [Changelog](https://github.com/swoosh/swoosh/blob/main/CHANGELOG.md)
- [Commits](swoosh/swoosh@1.26.2...v1.26.3)

---
updated-dependencies:
- dependency-name: phoenix
  dependency-version: 1.8.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mix-minor-and-patch
- dependency-name: phoenix_live_view
  dependency-version: 1.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mix-minor-and-patch
- dependency-name: postgrex
  dependency-version: 0.22.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mix-minor-and-patch
- dependency-name: sentry
  dependency-version: 13.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mix-minor-and-patch
- dependency-name: swoosh
  dependency-version: 1.26.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mix-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code labels Jul 9, 2026
@dependabot dependabot Bot requested a review from andreogle as a code owner July 9, 2026 11:55
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code labels Jul 9, 2026
@andreogle andreogle merged commit 1aab669 into main Jul 9, 2026
2 checks passed
@dependabot dependabot Bot deleted the dependabot/hex/mix-minor-and-patch-384073b45d branch July 9, 2026 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant