Skip to content

chore(deps-dev): bump plug from 1.19.2 to 1.20.1#51

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/hex/plug-1.20.1
Closed

chore(deps-dev): bump plug from 1.19.2 to 1.20.1#51
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/hex/plug-1.20.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor

Bumps plug from 1.19.2 to 1.20.1.

Changelog

Sourced from plug's changelog.

v1.20.1 (2026-06-23)

Bug fixes

  • [Plug.Conn] Fix inform/inform! when atoms are given as header keys

v1.20.0 (2026-06-23)

This release requires Elixir v1.15+.

Enhancements

  • [Plug.RequestId] Make request ID generation configurable
  • [Plug.Test] Support :sign and :encrypt options in put_req_cookie/4

Bug fixes

  • [Plug.Conn] Run before_send callbacks before upgrade_adapter/3
  • [Plug.Debugger] Raise if Elixir is compiled without source information
  • [Plug.RewriteOn] Rewrite the protocol to HTTPS when x-forwarded-proto is wss
  • [Plug.Static] Return 416 for invalid range requests
  • [Plug.Static] Fix :raise_on_missing_only raising on non-matching paths with colons

Optimizations

  • [Plug.Conn.Cookies] Optimize cookie parsing
  • [Plug.Conn.Cookies] Optimize cookie encoding
  • [Plug.Conn.Utils] Optimize validate_utf8!/3
  • [Plug.Conn.Utils] Optimize splitting by semicolons
  • [Plug.Router] Optimize host matching

v1.19.3 (2026-06-23)

Security

  • [Plug.Conn.Query] Force a maximum depth when decoding queries (CVE-2026-54892)

Bug fixes

  • [Plug.Conn] Validate headers on inform
  • [Plug.Static] Enforce size on range requests
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [plug](https://github.com/elixir-plug/plug) from 1.19.2 to 1.20.1.
- [Changelog](https://github.com/elixir-plug/plug/blob/main/CHANGELOG.md)
- [Commits](elixir-plug/plug@v1.19.2...v1.20.1)

---
updated-dependencies:
- dependency-name: plug
  dependency-version: 1.20.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code labels Jun 26, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #53.

@dependabot dependabot Bot closed this Jul 3, 2026
@dependabot dependabot Bot deleted the dependabot/hex/plug-1.20.1 branch July 3, 2026 18:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants