Changelog
*Sourced from [plug's changelog](https://github.com/elixir-plug/plug/blob/master/CHANGELOG.md).*
> ## v1.8.2 (2019-06-01)
>
> ### Enhancements
>
> * [Plug.CSRFProtection] Increase entropy and ensure forwards compatibility with future URL-safe CSRF tokens
>
> ## v1.8.1 (2019-06-01)
>
> ### Enhancements
>
> * [Plug.CSRFProtection] Allow state to be dumped from the session and provide an API to validate both state and tokens
> * [Plug.Session.Store] Add `get/1` to retrieve the store from a module/atom
> * [Plug.Static] Support Nginx range requests
> * [Plug.Telemetry] Allow extra options in `Plug.Telemetry` metadata
Commits
- [`bd64f01`](https://github.com/elixir-plug/plug/commit/bd64f0196d3a22f7a1ba25ff10b2c0bbbdb4f200) Release v1.8.2
- [`855c1ed`](https://github.com/elixir-plug/plug/commit/855c1ed2325eb065ddf1523ba9b9c0e517e361d7) Add more entropy to CSRF Tokens and ensure no padding with forwards compatibi...
- [`cdcd549`](https://github.com/elixir-plug/plug/commit/cdcd549830d87667cfe694e23a40245257602a1c) Release v1.8.1
- [`c3bc5cd`](https://github.com/elixir-plug/plug/commit/c3bc5cd0ee56242ac0dad8ebcd25bf8ed2fe5008) Dump state from session rather than conn
- [`41aaf36`](https://github.com/elixir-plug/plug/commit/41aaf361f534de076ae518309d576d721c8e1809) Bump travis version
- [`45a7bf1`](https://github.com/elixir-plug/plug/commit/45a7bf1d4a4a642190aba5bd97c2f11820568fd9) Provide convenience function for getting a session store
- [`e9beb8c`](https://github.com/elixir-plug/plug/commit/e9beb8c0c78c665333d4284557a0be1e0d559b7e) Allow CSRF state to be dumped from conn
- [`8269828`](https://github.com/elixir-plug/plug/commit/8269828fc279c3a34bcf24a94fd078bdf7d9b3db) Add a note on string keys in get_session/1
- [`cca5de7`](https://github.com/elixir-plug/plug/commit/cca5de75efcc4dc6878880d13c173a7d3622e589) Fix typo
- [`f391ac8`](https://github.com/elixir-plug/plug/commit/f391ac84559321787c184fc92e5dfce1c9de8cc6) Use monotonic time consistently and update docs
- Additional commits viewable in [compare view](https://github.com/elixir-plug/plug/compare/v1.8.0...v1.8.2)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps plug from 1.8.0 to 1.8.2.
Changelog
*Sourced from [plug's changelog](https://github.com/elixir-plug/plug/blob/master/CHANGELOG.md).* > ## v1.8.2 (2019-06-01) > > ### Enhancements > > * [Plug.CSRFProtection] Increase entropy and ensure forwards compatibility with future URL-safe CSRF tokens > > ## v1.8.1 (2019-06-01) > > ### Enhancements > > * [Plug.CSRFProtection] Allow state to be dumped from the session and provide an API to validate both state and tokens > * [Plug.Session.Store] Add `get/1` to retrieve the store from a module/atom > * [Plug.Static] Support Nginx range requests > * [Plug.Telemetry] Allow extra options in `Plug.Telemetry` metadataCommits
- [`bd64f01`](https://github.com/elixir-plug/plug/commit/bd64f0196d3a22f7a1ba25ff10b2c0bbbdb4f200) Release v1.8.2 - [`855c1ed`](https://github.com/elixir-plug/plug/commit/855c1ed2325eb065ddf1523ba9b9c0e517e361d7) Add more entropy to CSRF Tokens and ensure no padding with forwards compatibi... - [`cdcd549`](https://github.com/elixir-plug/plug/commit/cdcd549830d87667cfe694e23a40245257602a1c) Release v1.8.1 - [`c3bc5cd`](https://github.com/elixir-plug/plug/commit/c3bc5cd0ee56242ac0dad8ebcd25bf8ed2fe5008) Dump state from session rather than conn - [`41aaf36`](https://github.com/elixir-plug/plug/commit/41aaf361f534de076ae518309d576d721c8e1809) Bump travis version - [`45a7bf1`](https://github.com/elixir-plug/plug/commit/45a7bf1d4a4a642190aba5bd97c2f11820568fd9) Provide convenience function for getting a session store - [`e9beb8c`](https://github.com/elixir-plug/plug/commit/e9beb8c0c78c665333d4284557a0be1e0d559b7e) Allow CSRF state to be dumped from conn - [`8269828`](https://github.com/elixir-plug/plug/commit/8269828fc279c3a34bcf24a94fd078bdf7d9b3db) Add a note on string keys in get_session/1 - [`cca5de7`](https://github.com/elixir-plug/plug/commit/cca5de75efcc4dc6878880d13c173a7d3622e589) Fix typo - [`f391ac8`](https://github.com/elixir-plug/plug/commit/f391ac84559321787c184fc92e5dfce1c9de8cc6) Use monotonic time consistently and update docs - Additional commits viewable in [compare view](https://github.com/elixir-plug/plug/compare/v1.8.0...v1.8.2)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.