Skip to content

deps: Upgrade plug to 1.20.1#3292

Merged
joshlarson merged 1 commit into
mainfrom
jdl/fix/upgrade-plug-to-1.20.1
Jun 26, 2026
Merged

deps: Upgrade plug to 1.20.1#3292
joshlarson merged 1 commit into
mainfrom
jdl/fix/upgrade-plug-to-1.20.1

Conversation

@joshlarson

@joshlarson joshlarson commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Scope

No ticket. Broken smoke tests.

Follow-up to #3285 - turns out Bandit passes headers to Plug.Conn.inform/3 that have atoms as their keys, but plug was updated between versions 1.19.2 and 1.19.3 to validate headers in a way that assumed they were strings. This was fixed in plug version 1.20.1, but that fix hasn't (yet? 🤞) been applied to the 15 thru 19 minor versions, hence the out-of-band minor version update!

How to test

Load any page and see it not enter an infinite refresh loop.

@joshlarson joshlarson requested a review from a team as a code owner June 25, 2026 21:41
@joshlarson joshlarson requested a review from jlucytan June 25, 2026 21:41
@joshlarson joshlarson added the dev-blue Deploy to dev-blue label Jun 25, 2026
@joshlarson joshlarson merged commit 0179d97 into main Jun 26, 2026
35 checks passed
@joshlarson joshlarson deleted the jdl/fix/upgrade-plug-to-1.20.1 branch June 26, 2026 12:53
@github-actions github-actions Bot removed the dev-blue Deploy to dev-blue label Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants