search

dwyl / hits

:chart_with_upwards_trend: General purpose hits (page views) counter
http://hits.dwyl.com
GNU General Public License v2.0
422 stars 63 forks source link

build(deps): Bump plug_crypto from 1.2.5 to 2.0.0 #249

Closed dependabot[bot] closed 9 months ago

dependabot[bot] commented 9 months ago

Bumps plug_crypto from 1.2.5 to 2.0.0.

Changelog

Sourced from plug_crypto's changelog.

v2.0.0 (2023-10-06)

  • Update Elixir requirement to v1.11+ and require Erlang/OTP 23.
  • Encryption now uses XChaCha20-Poly1305, which is safer, faster, and generates smaller payloads. This means data encrypted with Plug.Crypto v2.0 cannot be decrypted on Plug.Crypto v1.x. However, Plug.Crypto v2.0 can still decrypt data from Plug.Crypto v1.0.
  • Optimize secure_compare, masked_compare, and key generator algorithms by relying on :crypto code when using more recent Erlang/OTP versions.
Commits
  • 94373d1 Release v2.0.0
  • 92a9885 Also optimize signing
  • 8bd5997 Update CHANGELOG
  • ff0b4d0 Rely on CI to test static across versions
  • 2e4559c Use builtin :crypto functions (when available) for PBKDF2 and secure constant...
  • ae684cd Use XChaCha20 Poly1305 in message encryptor and ignore sign_secret (#36)
  • a3df6d4 Remove deprecated or private APIs
  • 1245751 Drop earlier Erlang/OTP versions
  • See full diff in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov[bot] commented 9 months ago

Codecov Report

Merging #249 (857451d) into main (34a68d7) will not change coverage. The diff coverage is n/a.

@@            Coverage Diff            @@
##              main      #249   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           11        11           
  Lines           98        98           
=========================================
  Hits            98        98

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more