Fix security vulnerability in wildcard check_origin configurations
1.5.13 (2021-09-22)
Bug Fixes
[Router] Do not generate conflicting helpers in router
JavaScript Client Bug Fixes
Fix messages for duplicate topic being dispatched to old channels
1.5.12 (2021-08-24)
Bug Fixes
Support __mix_recompile__? as a more efficient recompilation technique. This will be required on Elixir v1.13+.
1.5.11 (2021-08-20)
Bug Fixes
Relax phoenix_ecto version for installer to fix version conflicts
1.5.10 (2021-08-06)
Bug Fixes
[Channel] Push proper close event to client on duplicate topic shutdown
[Router] Ensure we properly track all Plug compile-time dependencies. This may increase compilation times during test, to address it, you may set config :phoenix, :plug_init_mode, :runtime in your config/test.exs
[View] Do not render root layout outside of layout formats
JavaScript Client Enhancements
Schedule heartbeat on reply to avoid intensive throttling
Fire each event in a separate task for the LongPoll transport to fix ordering
1.5.9 (2021-05-10)
JavaScript client
Bind to beforeunload instead of unload to solve Firefox connection issues
1.5.8 (2021-02-23)
Enhancements
[Endpoint] - Add :log_access_url config to endpoint start
[Router] - Include route information in router_dispatch exception for telemetry events
[Router] - Optimize router code generation to reduce compilation dependencies
[phx.new] - Use topbar in new apps with the --live flag
JavaScript client
Default channel push payload to empty object for backwards compatibility
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps phoenix from 1.5.7 to 1.5.14.
Changelog
Sourced from phoenix's changelog.
Commits
3941eae
Release 1.5.1474f13fd
Fix wildcard check_origin vulnerability.001fb43
Release 1.5.13f2bd7fd
Fix bug causing outdated messages to be delivered to same topic9da4ca0
Do not generate conflicting helpers in router95d4c8a
Update CHANGELOG.mde96b83d
Support more recent telemetryc8a2c0c
Release 1.5.128c1ef6c
Generate mix_recompile? instead of phoenix_recompile?2928f9f
Update CHANGELOGDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)