Skip to content

deps(elixir): bump the elixir-query-service group across 1 directory with 11 updates#220

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/hex/apps/query-service/elixir-query-service-3eda3d4c8d
Open

deps(elixir): bump the elixir-query-service group across 1 directory with 11 updates#220
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/hex/apps/query-service/elixir-query-service-3eda3d4c8d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the elixir-query-service group with 11 updates in the /apps/query-service directory:

Package From To
bandit 1.11.1 1.12.0
broadway 1.2.1 1.3.0
castore 1.0.18 1.0.19
credo 1.7.18 1.7.19
ex_doc 0.40.1 0.40.3
mint 1.7.1 1.9.1
open_api_spex 3.22.2 3.22.3
phoenix 1.8.7 1.8.8
redix 1.5.3 1.6.0
req 0.5.17 0.6.2
tesla 1.16.0 1.20.0

Updates bandit from 1.11.1 to 1.12.0

Changelog

Sourced from bandit's changelog.

1.12.0 (5 June 2026)

Changes

Fixes

  • Properly handle mixed-case Transfer-Encoding headers (#590, thanks @​mize85!)

Enhancements

  • Internal improvements to HTTP/1 body read functions (#588)
Commits

Updates broadway from 1.2.1 to 1.3.0

Changelog

Sourced from broadway's changelog.

v1.3.0 (2026-04-17)

  • Add telemetry events around handle_failed
  • Include producer metadata in telemetry events
  • Add labels to Broadway stages
  • Fix race condition during graceful shutdown
Commits
  • d3a668c Release v1.3.0
  • dd2f405 Include producer metadata in per-message events (#370)
  • 966c59a Add :telemetry.span for handle_failed/2 callback (#369)
  • 370f180 Clarify some docs related to GenStage demand (#368)
  • 69d9052 Bump Elixir/Erlang CI matrix and GitHub actions (#365)
  • 8c66164 Add Process.set_label/1 to Broadway stages (#363)
  • d32d30d Catch exits if already down when trapping exits
  • f52f2f7 Fix graceful shutdown race condition (#362)
  • 136bea6 Add batch_size/0 and batch_size_fun/0 types (#361)
  • 7977502 Add new unofficial producer off_broadway_emqtt (#360)
  • Additional commits viewable in compare view

Updates castore from 1.0.18 to 1.0.19

Commits

Updates credo from 1.7.18 to 1.7.19

Release notes

Sourced from credo's releases.

v1.17.19

Check it out on Hex: https://hex.pm/packages/credo/1.7.19

  • Fix compatibility & compiler warnings with Elixir 1.20.0
Changelog

Sourced from credo's changelog.

1.7.19

  • Fix compatibility & compiler warnings with Elixir 1.20.0
Commits

Updates ex_doc from 0.40.1 to 0.40.3

Changelog

Sourced from ex_doc's changelog.

v0.40.3 (2026-05-21)

  • Enhancements
    • Add autolinking for Erlang/OTP 29 native records

v0.40.2 (2026-05-08)

  • Bug fixes
    • Add rel="nofollow" to external links in HTML output
    • Use blockquote in llms.txt description
    • Void elements in epub, such wbr, must be terminated by the matching end-tag
    • Fix content container scrolling in older versions of Safari
    • Skip HTML comments when computing synopsis
    • Fix markdown backend code fence language and opaque type display
    • Fix false positive warning when linking to asset files
    • Prevent #search selector from impacting user content
    • Raise on extras that conflict with reserved filenames
    • Fix styling of admonition blocks
Commits

Updates mint from 1.7.1 to 1.9.1

Changelog

Sourced from mint's changelog.

v1.9.1

Security

  • HTTP/1.1 chunked response bodies are now emitted as {:data, ref, data} tuples as soon as data from the chunked body is received. This prevents CVE-2026-56810: the previous behavior was to buffer body chunks according to their advertised length. An attacker could craft a chunked response with a very large chunk length, and Mint would keep accumulating incoming chunked bytes in memory until reaching that length—allowing the attacker to OOM the application using Mint. See also the GHSA-c59h-fq4p-r36r GitHub advisory.

v1.9.0

Security

  • Validate the HTTP/1.1 request method as an RFC 9110 token, rejecting CRLF and other control characters. Forwarding attacker-controlled input as the request method was exposed to CRLF injection (request header injection and request smuggling). Fixes GHSA-2pg6-44cx-c49v.
  • Reject HTTP/1.1 content-length header values that are not strictly 1*DIGIT, so signed values (such as +0) and embedded whitespace no longer parse as valid lengths. This parser disagreement with a strict fronting proxy was a response-smuggling primitive. Fixes GHSA-mjqx-c6f6-7rc2.
  • Bound the HTTP/2 accumulated header block by the locally advertised SETTINGS_MAX_HEADER_LIST_SIZE (now defaulting to 256 KB instead of :infinity), so a malicious server can no longer exhaust client memory with an unbounded chain of CONTINUATION frames. Fixes GHSA-2p26-p43x-fhp8.
  • Count reserved HTTP/2 streams against max_concurrent_streams at PUSH_PROMISE time and refuse promises past the limit with RST_STREAM, so a malicious server can no longer exhaust client memory by flooding PUSH_PROMISE frames. Fixes GHSA-g586-ccqf-7x4r.

Bug Fixes and Improvements

  • Mint.HTTP.stream/2 now returns :unknown (not :unknown_message) when given a message it does not recognize.

v1.8.0

New features

  • Raise the default HTTP/2 receive windows to 16 MB (connection) and 4 MB (stream), and batch HTTP/2 receive-window refills. The larger windows lift the per-stream throughput cap (window / RTT), giving substantially higher throughput on higher-latency connections, in exchange for higher peak memory use per connection. The connection-level window is now configurable via the new :connection_window_size option to Mint.HTTP.connect/4, and refill batching is configurable via the new :receive_window_update_threshold option.
  • Add Mint.HTTP2.set_window_size/3 for advertising a larger receive window to the server after a connection has been established.
  • Add Mint.HTTP.request_body_window/2 for querying the available send-window when streaming a request body.
  • Introduce the :optional_responses option for Mint.HTTP1.connect/4, with a :status_reason value that surfaces the HTTP/1.1 status reason-phrase as a new {:status_reason, request_ref, reason_phrase} response.
  • Change t:Mint.HTTP.t/0 from an opaque to an open type.
  • Add t:Mint.HTTPError.reason/0 and t:Mint.TransportError.reason/0.

Bug Fixes and Improvements

  • Fix HTTP/1 handling of 1xx informational responses.
  • Forbid or replace empty targets in HTTP/1.1 requests.
Commits
  • bc92a3a Fix Dialyzer
  • f9a56d9 Release v1.9.1
  • 193ce71 Merge commit from fork
  • 8a308c2 Update local dependencies
  • daed2df Replace deprecated xref: [exclude:] with elixirc_options: [no_warn_undefined:...
  • d1c8c5c Release v1.9.0
  • 1ed6748 Fix stale Dialyzer ignore after method validation change
  • 70b97b6 Merge commit from fork
  • b662d12 Merge commit from fork
  • fad0914 Merge commit from fork
  • Additional commits viewable in compare view

Updates open_api_spex from 3.22.2 to 3.22.3

Release notes

Sourced from open_api_spex's releases.

v3.22.3

What's Changed

New Contributors

Full Changelog: open-api-spex/open_api_spex@v3.22.2...v3.22.3

Changelog

Sourced from open_api_spex's changelog.

v3.22.3 - 2026-05-05

Commits

Updates phoenix from 1.8.7 to 1.8.8

Changelog

Sourced from phoenix's changelog.

1.8.8 (2026-06-10)

Enhancements

  • [phx.new] Use LiveView 1.2.0
Commits
  • 99df0a9 Release v1.8.8
  • 729f781 Generator changes for LiveView 1.2 (#6696)
  • d453e37 Use Elixir's builtin consolidation from v1.19, closes #4951
  • f30fa36 Clarify channel payloads can be any serializable value (#6695)
  • e1e7912 Replace all hexdocs URLs with the subdomain format (#6693)
  • cf9dd26 Add README template for Phoenix umbrella (#6691)
  • 39eb5dd Refactor template override backward compatibility test (#6684)
  • e1c3816 chore: small typo fix in controllers.md (#6689)
  • b6a4e31 Make websocket disconnect codes explicit (#6678)
  • eea4895 Add eex suffix to phx.gen.auth template override test (#6680)
  • Additional commits viewable in compare view

Updates redix from 1.5.3 to 1.6.0

Changelog

Sourced from redix's changelog.

v1.6.0

  • Add support for Redis Cluster. This is a major feature and this its first release, so use with care—I only tested it (extensively) in non-production-grade scenarios; it was tested on various synthetic environments (like with AWS ElastiCache and locally via Docker) but it has not seen the horrors of production traffic. See the Redix.Cluster documentation to get started.
  • Add Redix.PubSub.ping/2.
  • Fix Elixir 1.19/1.20 warnings.

Unreleased

New features

  • Add support for reading from replicas in Redix.Cluster. Start the cluster with read_from_replicas: true to open and supervise a connection to every replica (each one gets a READONLY after connecting), then pass route: :replica or route: :prefer_replica to Redix.Cluster.command/3 and Redix.Cluster.pipeline/3 to send reads to replicas. The default routing stays :primary, so existing behavior is unchanged.
  • Route commands outside Redix.Cluster's built-in command table to the correct node. Previously commands the driver didn't recognize were treated as keyless and sent to a random node; now their keys are resolved against the server (via COMMAND INFO, with a COMMAND GETKEYS fallback for commands with movable keys) and the result is cached per command name, so repeated calls add no extra round-trips. The built-in table also grew to cover more commands directly (bit commands, the blocking B* list/sorted-set pops, hash-field expiration commands, XSETID, and BITOP).
  • Add a :readonly option to Redix.start_link/1 that issues READONLY after every (re)connection.
  • Add a :health_check_interval option to Redix.start_link/1 that detects half-open connections (the socket is open but the server stopped replying) and reconnects. This fixes slow recovery after a Sentinel failover where the old primary is paused (for example via CLIENT PAUSE): the reconnection re-queries the sentinels and lands on the new primary instead of staying wedged. Defaults to :infinity (disabled).

Changes

  • Verify SSL server hostnames the way browsers do (RFC 6125) by default, which accepts the wildcard certificates used by servers such as Amazon ElastiCache. This sets customize_hostname_check automatically; you can still override it (or any other default SSL option) through :socket_opts.

Bug fixes

  • Bound the total wall-clock of a steady-state Redix.Cluster topology refresh. The refresh runs on the cluster manager's process and probes seed/known nodes serially, so a few black-holed nodes (which accept the connection but never reply) used to block the manager—and every connection restart or MOVED/ASK redirect that needs it—for up to one connection :timeout per node, i.e. tens of seconds. A refresh now stops probing once it exhausts a single :timeout budget, relying on the next refresh for any skipped nodes. The initial topology discovery stays unbounded so startup reliably reaches a reachable seed.
Commits

Updates req from 0.5.17 to 0.6.2

Release notes

Sourced from req's releases.

v0.6.1

v0.6.0

  • encode_body: Security fix for :form_multipart header injection (GHSA-px9f-whj3-246m).

    The multipart encoder interpolated the per-part name, filename, and content_type into the part headers without escaping, so an attacker-controlled value could inject extra headers or smuggle additional parts into the request. These values are now escaped per RFC 7578 / WHATWG form-data (", CR, and LF are percent-encoded).

    Thanks to @​PJUllrich for reporting it.

  • decode_body: Drop automatic zip/tar/tgz/gz/zst/csv decoding, (GHSA-655f-mp8p-96gv).

    Req previously auto-decoded archive and compressed response bodies (zip, tar, tgz, gz, zst, and csv) based on the server-supplied content-type, materialising the full decompressed contents in memory with no size cap. An attacker-controlled (or redirect-reachable) endpoint could return a tiny "decompression bomb" that expanded to gigabytes and exhausted the node's memory.

    Now only JSON is decoded by default. Other formats are opt-in via the new :decoders option, which defaults to [:json, :json_api]. Setting it replaces the default (include :json to keep JSON decoding), and false disables all decoding:

    # opt into archives (only for endpoints you trust):
    Req.get!(url, decoders: [:json, :zip])
    

    Note: The decoded zip/tar is still list of {filename :: charlist(), contents :: binary} tuples. In the future release, this will be list of {filename :: binary(), contents :: binary()} tuples.

    While automatic CSV decoding wasn't a security issue, the behaviour based on presence/absence of nimble_csv dependency was suprising. CSV support is still built-in but need to be enabled with decoders: [:csv].

... (truncated)

Changelog

Sourced from req's changelog.

v0.6.2 (2026-06-19)

  • Use finch ~> 0.21.

v0.6.1 (2026-06-08)

  • [compressed], [decompress_body]: Disable automatic decompression

    Decompression is now opt-in by setting compressed: true.

v0.6.0 (2026-06-08)

  • [encode_body]: Security fix for :form_multipart header injection (GHSA-px9f-whj3-246m).

    The multipart encoder interpolated the per-part name, filename, and content_type into the part headers without escaping, so an attacker-controlled value could inject extra headers or smuggle additional parts into the request. These values are now escaped per RFC 7578 / WHATWG form-data (", CR, and LF are percent-encoded).

    Thanks to @​PJUllrich for reporting it.

  • [decode_body]: Drop automatic zip/tar/tgz/gz/zst/csv decoding, (GHSA-655f-mp8p-96gv).

    Req previously auto-decoded archive and compressed response bodies (zip, tar, tgz, gz, zst, and csv) based on the server-supplied content-type, materialising the full decompressed contents in memory with no size cap. An attacker-controlled (or redirect-reachable) endpoint could return a tiny "decompression bomb" that expanded to gigabytes and exhausted the node's memory.

    Now only JSON is decoded by default. Other formats are opt-in via the new :decoders option, which defaults to [:json, :json_api]. Setting it replaces the default (include :json to keep JSON decoding), and false disables all decoding:

    # opt into archives (only for endpoints you trust):
    Req.get!(url, decoders: [:json, :zip])
    

    Note: The decoded zip/tar is still list of {filename :: charlist(), contents :: binary} tuples. In the future release, this will be list of {filename :: binary(), contents :: binary()} tuples.

    While automatic CSV decoding wasn't a security issue, the behaviour based on presence/absence of nimble_csv dependency was suprising. CSV support is still built-in but need to be enabled with decoders: [:csv].

... (truncated)

Commits
  • f2c833c Release v0.6.2
  • f082be9 Use finch ~> 0.21
  • 36a8252 Release v0.6.1
  • ea5506f compressed, decompress_body: Disable automatic decompression
  • 8e7425f Release v0.6.0
  • 584a490 decode_body: Drop automatic zip/tar/tgz/gz/zst/csv decoding
  • 2d77dbe encode_body: Security fix for :form_multipart header injection
  • 53c3b99 Release v0.5.18
  • dc1f3be Update ex_doc
  • dbd145c Update CHANGELOG.md
  • Additional commits viewable in compare view

Updates tesla from 1.16.0 to 1.20.0

Release notes

Sourced from tesla's releases.

v1.20.0

1.20.0 (2026-06-05)

Features

  • support {:form,data} tagged body tuples (#886) (b1b3b80)

v1.19.0

1.19.0 (2026-06-04)

Features

  • finch-adapter: Finch adapter will pass through all supported options (#879) (7609328)
  • form-urlencoded: support nested bodies via :brackets option (#878) (f7142e8)

v1.18.3

1.18.3 (2026-06-02)

Important {: .error}

Please be careful using :hackney it is recommended to actually test the application before assuming we did not introduce any breaking changes. Also, be aware of the security vulnerabilities we have fixed in this release. Some of them may cause some unexpected behavior from the middleware depending on the assumptions made by the caller.

Features

Security CVE

  • CVE-2026-48598 - Multipart part smuggling via unescaped content-disposition values
  • CVE-2026-48597 - Atom exhaustion via untrusted URL scheme
  • CVE-2026-48596 - CRLF injection in request Content-Type header via add_content_type_param
  • CVE-2026-48595 - Authorization header leaks on cross-origin redirect via case-sensitive filtering
  • CVE-2026-48594 - Decompression bomb on response body

v1.18.2

1.18.2 (2026-05-15)

Bug Fixes

  • builder: include :assigns and :private in request option type (#876) (f5834c1)

v1.18.1

1.18.1 (2026-05-14)

... (truncated)

Changelog

Sourced from tesla's changelog.

1.20.0 (2026-06-05)

Features

  • support {:form,data} tagged body tuples (#886) (b1b3b80)

1.19.0 (2026-06-04)

Features

  • finch-adapter: Finch adapter will pass through all supported options (#879) (7609328)
  • form-urlencoded: support nested bodies via :brackets option (#878) (f7142e8)

1.18.3 (2026-06-02)

Important {: .error}

Please be careful using :hackney it is recommended to actually test the application before assuming we did not introduce any breaking changes. Also, be aware of the security vulnerabilities we have fixed in this release. Some of them may cause some unexpected behavior from the middleware depending on the assumptions made by the caller.

Features

Security CVE

  • CVE-2026-48598 - Multipart part smuggling via unescaped content-disposition values
  • CVE-2026-48597 - Atom exhaustion via untrusted URL scheme
  • CVE-2026-48596 - CRLF injection in request Content-Type header via add_content_type_param
  • CVE-2026-48595 - Authorization header leaks on cross-origin redirect via case-sensitive filtering
  • CVE-2026-48594 - Decompression bomb on response body

1.18.2 (2026-05-15)

Bug Fixes

  • builder: include :assigns and :private in request option type (#876) (f5834c1)

1.18.1 (2026-05-14)

Bug Fixes

  • path-params: raise on missing required path parameter values (#874) (a1dd44b)

... (truncated)

Commits
  • 901ce60 chore(master): release 1.20.0 (#887)
  • b1b3b80 feat: support {:form,data} tagged body tuples (#886)
  • 603ea34 chore(master): release 1.19.0 (#885)
  • 7609328 feat(finch-adapter): Finch adapter will pass through all supported options (#...
  • f7142e8 feat(form-urlencoded): support nested bodies via :brackets option (#878)
  • 2d3c800 chore(ci): bump release workflow to Elixir 1.19 / OTP 28 (#884)
  • 2eb7a78 chore(master): release 1.18.3 (#883)
  • 3a369b8 chore: release 1.18.3
  • 340f75b Merge commit from fork
  • db963db Merge commit from fork
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…with 11 updates

Bumps the elixir-query-service group with 11 updates in the /apps/query-service directory:

| Package | From | To |
| --- | --- | --- |
| [bandit](https://github.com/mtrudel/bandit) | `1.11.1` | `1.12.0` |
| [broadway](https://github.com/dashbitco/broadway) | `1.2.1` | `1.3.0` |
| [castore](https://github.com/elixir-mint/castore) | `1.0.18` | `1.0.19` |
| [credo](https://github.com/rrrene/credo) | `1.7.18` | `1.7.19` |
| [ex_doc](https://github.com/elixir-lang/ex_doc) | `0.40.1` | `0.40.3` |
| [mint](https://github.com/elixir-mint/mint) | `1.7.1` | `1.9.1` |
| [open_api_spex](https://github.com/open-api-spex/open_api_spex) | `3.22.2` | `3.22.3` |
| [phoenix](https://github.com/phoenixframework/phoenix) | `1.8.7` | `1.8.8` |
| [redix](https://github.com/whatyouhide/redix) | `1.5.3` | `1.6.0` |
| [req](https://github.com/wojtekmach/req) | `0.5.17` | `0.6.2` |
| [tesla](https://github.com/elixir-tesla/tesla) | `1.16.0` | `1.20.0` |



Updates `bandit` from 1.11.1 to 1.12.0
- [Changelog](https://github.com/mtrudel/bandit/blob/main/CHANGELOG.md)
- [Commits](mtrudel/bandit@1.11.1...1.12.0)

Updates `broadway` from 1.2.1 to 1.3.0
- [Changelog](https://github.com/elixir-broadway/broadway/blob/main/CHANGELOG.md)
- [Commits](elixir-broadway/broadway@v1.2.1...v1.3.0)

Updates `castore` from 1.0.18 to 1.0.19
- [Commits](elixir-mint/castore@v1.0.18...v1.0.19)

Updates `credo` from 1.7.18 to 1.7.19
- [Release notes](https://github.com/rrrene/credo/releases)
- [Changelog](https://github.com/rrrene/credo/blob/master/CHANGELOG.md)
- [Commits](rrrene/credo@v1.7.18...v1.7.19)

Updates `ex_doc` from 0.40.1 to 0.40.3
- [Release notes](https://github.com/elixir-lang/ex_doc/releases)
- [Changelog](https://github.com/elixir-lang/ex_doc/blob/main/CHANGELOG.md)
- [Commits](elixir-lang/ex_doc@v0.40.1...v0.40.3)

Updates `mint` from 1.7.1 to 1.9.1
- [Changelog](https://github.com/elixir-mint/mint/blob/main/CHANGELOG.md)
- [Commits](elixir-mint/mint@v1.7.1...v1.9.1)

Updates `open_api_spex` from 3.22.2 to 3.22.3
- [Release notes](https://github.com/open-api-spex/open_api_spex/releases)
- [Changelog](https://github.com/open-api-spex/open_api_spex/blob/master/CHANGELOG.md)
- [Commits](open-api-spex/open_api_spex@v3.22.2...v3.22.3)

Updates `phoenix` from 1.8.7 to 1.8.8
- [Release notes](https://github.com/phoenixframework/phoenix/releases)
- [Changelog](https://github.com/phoenixframework/phoenix/blob/v1.8.8/CHANGELOG.md)
- [Commits](phoenixframework/phoenix@v1.8.7...v1.8.8)

Updates `redix` from 1.5.3 to 1.6.0
- [Changelog](https://github.com/whatyouhide/redix/blob/main/CHANGELOG.md)
- [Commits](https://github.com/whatyouhide/redix/commits)

Updates `req` from 0.5.17 to 0.6.2
- [Release notes](https://github.com/wojtekmach/req/releases)
- [Changelog](https://github.com/wojtekmach/req/blob/main/CHANGELOG.md)
- [Commits](wojtekmach/req@v0.5.17...v0.6.2)

Updates `tesla` from 1.16.0 to 1.20.0
- [Release notes](https://github.com/elixir-tesla/tesla/releases)
- [Changelog](https://github.com/elixir-tesla/tesla/blob/master/CHANGELOG.md)
- [Commits](elixir-tesla/tesla@v1.16.0...v1.20.0)

---
updated-dependencies:
- dependency-name: bandit
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: elixir-query-service
- dependency-name: broadway
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: elixir-query-service
- dependency-name: castore
  dependency-version: 1.0.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: elixir-query-service
- dependency-name: credo
  dependency-version: 1.7.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: elixir-query-service
- dependency-name: ex_doc
  dependency-version: 0.40.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: elixir-query-service
- dependency-name: mint
  dependency-version: 1.9.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: elixir-query-service
- dependency-name: open_api_spex
  dependency-version: 3.22.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: elixir-query-service
- dependency-name: phoenix
  dependency-version: 1.8.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: elixir-query-service
- dependency-name: redix
  dependency-version: 1.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: elixir-query-service
- dependency-name: req
  dependency-version: 0.6.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: elixir-query-service
- dependency-name: tesla
  dependency-version: 1.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: elixir-query-service
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, elixir. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
all-source-admin Ready Ready Preview, Comment Jul 6, 2026 7:00pm
all-source-web Ready Ready Preview, Comment Jul 6, 2026 7:00pm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants