coveralls
commented
7 months ago coverage: 75.316%. remained the same when pulling 0ad7cb938697b6f707aa182be3b43e53e2123279 on renovate/phoenix-1.x-lockfile into f58306ce1eb3bcb481235070be4d91f104e8015b on main.
This PR contains the following updates:
1.7.11->1.7.12Release Notes
phoenixframework/phoenix (phoenix)
### [`v1.7.12`](https://togithub.com/phoenixframework/phoenix/blob/HEAD/CHANGELOG.md#1712-2024-04-11) [Compare Source](https://togithub.com/phoenixframework/phoenix/compare/v1.7.11...v1.7.12) ##### JavaScript Client Bug Fixes - Fix all unjoined channels from being removed from the socket when channel leave is called on any single unjoined channel instance ##### Enhancements - \[phx.gen.auth] Add enhanced session fixation protection. For applications whichs previously used `phx.gen.auth`, the following line can be added to the `renew_session` function in the auth module: ```diff defp renew_session(conn) do + delete_csrf_token() conn |> configure_session(renew: true) |> clear_session() ``` *Note*: because the session id is in a http-only cookie by default, the only way to perform this attack prior to this change is if your application was already vulnerable to an XSS attack, which itself grants more escalated "privileges” than the CSRF fixation.Configuration
📅 Schedule: Branch creation - "before 9am on monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.