Update ecto_sql 3.1.5 → 3.13.2 (minor)

---

Welcome to Depfu 👋

This is one of the first three pull requests with dependency updates we've sent your way. We tried to start with a few easy patch-level updates. Hopefully your tests will pass and you can merge this pull request without too much risk. This should give you an idea how Depfu works in general.

After you merge your first pull request, we'll send you a few more. We'll never open more than seven PRs at the same time so you're not getting overwhelmed with updates.

Let us know if you have any questions. Thanks so much for giving Depfu a try!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ ecto_sql (3.1.5 → 3.13.2) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

✳️ jason (1.1.2 → 1.4.4) · Repo · Changelog

Release Notes

1.4.1 (from changelog)

• Add limit to decoded integer sizes of 1024 digits. This can be changed with the decoding_integer_digit_limit app env config.

1.4.0

Enhancements

• Use the :erlang.float_to_binary(_, [:short]) function, instead of io_lib_format.fwrite_g/1
  where available (OTP 24.1+). This provides equivalent output with much less memory used
  and significantly improved performance.

1.3.0

Enhancements

• Add the Jason.OrderedObject struct
• Support decoding objects preserving all the keys with objects: :ordered_objects option
• Support decoding floats to Decimal with floats: :decimals option
• Add ~j and ~J sigils in module Jason.Sigil to support writing JSON literals in code

Fixes

• Fix error reporting when decoding strings (it was possible to mis-attribute the offending byte)
• Verify fields given to @derive

1.2.2

1.2.2 (08.09.2020)

Enhancements

• Support Decimal 2.

1.2.1 (from changelog)

Security

• Fix html_safe escaping in Jason.encode

The <!-- sequence of characters would not be escaped in Jason.encode withhtml_escape mode, which could lead to DoS attacks when used for embedding of arbitrary, user controlled strings into HTML through JSON (e.g. inside of <script> tags).

If you were not using the html_safe option, you are not affected.

Affected versions: < 1.2.1 Patched versions: >= 1.2.1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

✳️ postgrex (0.14.3 → 0.20.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ db_connection (indirect, 2.1.0 → 2.8.0) · Repo · Changelog

Release Notes

2.8.0 (from changelog)

• Enhancement
  • Allow unallow_existing as an opt to ownership_allow/4
  • Improve ETS performance by enabling descentralized counters
  • Increase default queue interval to 2000s

2.7.0 (from changelog)

• Enhancements

  • Add API for retrieving pool metrics
  • Include a built-in listener that emits telemetry events

• Bug fixes

  • Discard EXIT messages from trapped exits

2.6.0 (from changelog)

• Enhancements
  • Call disconnect on terminate
  • Allow handle_begin callbacks to return query for logging purposes
  • Add :connection_listeners_tag
  • Add DBConnection.available_connection_options/0
  • Add DBConnection.available_start_options/0

2.5.0 (from changelog)

• Internal changes
  • No longer depend on connection

2.4.3 (from changelog)

• Bug fixes
  • Fix bug where disconnect_all/2 interval would be disabled above 4294ms
  • Add :idle_limit to limit the amount of disconnections on a ping

2.4.2 (from changelog)

• Enhancements
  • Add DBConnection.connection_module/1

2.4.1 (from changelog)

• Enhancements
  • Add DBConnection.disconnect_all/2

2.4.0 (from changelog)

• Enhancements
  • Add telemetry events for connection errors
  • Use :rand default algorithm
  • Allow decentralized lookups on DBConnection.Ownership

2.3.1 (from changelog)

• Enhancements
  • Add :connection_listeners to DBConnection.start_link/2
  • Allow connection ~> 1.0

2.3.0 (from changelog)

This release requires Elixir v1.7+.

• Bug fixes
  • Fix deprecation warnings related to the use of System.stacktrace()

2.2.2 (from changelog)

• Bug fixes
  • Make sure all idle connections in the pool are pinged on each idle interval

Does any of this look wrong? Please let us know.

↗️ decimal (indirect, 1.8.1 → 2.3.0) · Repo · Changelog

Release Notes

2.3.0 (from changelog)

• Implement the upcoming JSON.Encoder protocol

2.2.0 (from changelog)

• Add Decimal.gte?/2 and Decimal.lte?/2
• Add Decimal.compare/3 and Decimal.eq?/3 with threshold as parameter

2.1.1 (from changelog)

Decimal v2.1 requires Elixir v1.8+.

Bug fixes

• Fix Decimal.compare/2 when comparing against 0

2.1.0 (from changelog)

Decimal v2.1 requires Elixir v1.8+.

Enhancements

• Improve error message from Decimal.to_integer/1 during precision loss
• Inspect protocol implementation returns strings in the Decimal.new(...) format
• Add Decimal.scale/1
• Optimize Decimal.compare/2 for numbers with large exponents

Bug fixes

• Fix Decimal.integer?/1 spec
• Fix Decimal.integer?/1 check on 0 with >1 significant digits

2.0.0

Decimal v2.0 requires Elixir v1.2+.

Enhancements

• Add Decimal.integer?/1

Breaking changes

• Change Decimal.compare/2 to return :lt | :eq | :gt
• Change Decimal.cast/1 to return {:ok, t} | :error
• Change Decimal.parse/1 to return {t, binary} | :error
• Remove :message and :result fields from Decimal.Error
• Remove sNaN
• Rename qNaN to NaN
• Remove deprecated support for floats in Decimal.new/1
• Remove deprecated Decimal.minus/1
• Remove deprecated Decimal.plus/1
• Remove deprecated Decimal.reduce/1
• Remove deprecated Decimal.with_context/2, Decimal.get_context/1, Decimal.set_context/1,
  and Decimal.update_context/1
• Remove deprecated Decimal.decimal?/1

1.9.0

Enhancements

• Add Decimal.negate/1
• Add Decimal.apply_context/1
• Add Decimal.normalize/1
• Add Decimal.Context.with/2, Decimal.Context.get/1, Decimal.Context.set/2,
  and Decimal.Context.update/1
• Add Decimal.is_decimal/1

Deprecations

• Deprecate Decimal.minus/1 in favour of the new Decimal.negate/1
• Deprecate Decimal.plus/1 in favour of the new Decimal.apply_context/1
• Deprecate Decimal.reduce/1 in favour of the new Decimal.normalize/1
• Deprecate Decimal.with_context/2, Decimal.get_context/1, Decimal.set_context/2,
  and Decimal.update_context/1 in favour of new functions on the Decimal.Context module
• Deprecate Decimal.decimal?/1 in favour of the new Decimal.is_decimal/1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 73 commits:

• Release v2.3.0
• Implement `JSON.Encoder` if available (#215)
• Release v2.2.0
• Update deps
• Update ExDoc
• Adds `compare/3` and `eq?/3` with threshold as parameter (#208)
• CI housekeeping (#210)
• Fix typo in readme.md (#209)
• Add gte?/2 and lte?/2 (#205)
• coef_length def -> defp
• Align examples according to inspect protocol (#198)
• Release v2.1.1
• Fix compare against 0 (#197)
• Release v2.1.0
• Rename branch to main
• Optimize Decimal.compare/2
• Update deps
• Remove unnecessary CI
• Format on latest Elixir
• Add bench script
• Use ubuntu-20.04
• Optimize Decimal.compare/2 (#194)
• Add scale/1 (#191)
• Internal representation clarifications (#192)
• Update CI (#187)
• Fix integer?/1 check on 0 with >1 significant digits (#185)
• Improve documentation (#181)
• Switch to erlef/setup-beam for GitHub Actions (#183)
• Fix CI
• Change inspect to print `Decimal.new(...)` (#176)
• Raise nicer error from Decimal.to_integer/1 (#174)
• Update ex_doc
• Update CI config (#167)
• Fix and revise doc (#166)
• Set ex_doc as runtime: false
• Update ex_doc
• Fix Decimal.integer?/1 spec
• Release v2.0.0
• Update ex_doc
• Add integer?/1 (#152)
• Migrate CI from Travis CI to GitHub Actions (#161)
• Improve Decimal.new/1 checks for %Decimal{} (#159)
• Fix is_decimal/1 for non-Decimal structs
• Fix broken link to IEEE 854-1987 (#156)
• Test case for bug in base10?() (#154)
• Fi bug in base10?() check (#153)
• Fix typespec for Decimal.compare/2 (#151)
• Update README.md
• Update mix.lock
• Add a LICENSE file (#148)
• Update CHANGELOG.md
• Release v2.0.0-rc.0
• Remove sNaN, rename qNaN to NaN (#147)
• Change parse/1 to return {decimal, binary} | :error (#146)
• Change Decimal.cast/1 to return {:ok, t} | :error (#144)
• Remove deprecated features (#141)
• Remove :message and :result fields from Decimal.Error (#143)
• Change Decimal.compare/2 to return :lt | :eq | :gt, deprecate cmp/2 (#142)
• Start v2.0.0-dev
• Prepare v1.9.0-rc.0 (#140)
• Use SPDX license identifier
• Deprecate cast/1 (#138)
• Explain idiomatic API in docs
• Move modules to individual files
• Fix is_decimal/1 in guards
• Add Decimal.is_decimal/1 and deprecate Decimal.decimal?/1 (#133)
• Deprecate Decimal.*context functions in favour of new ones on Decimal.Context (#137)
• Add Decimal.normalize/1 and deprecate Decimal.reduce/1 (#136)
• Add Decimal.apply_context/1 and deprecate Decimal.plus/1 (#135)
• Add Decimal.negate/1 and deprecate Decimal.minus/1 (#134)
• Deprecate Decimal.compare/2 in favour of Decimal.cmp/2 (#132)
• Update changelog
• Start v1.9.0-dev

↗️ ecto (indirect, 3.1.6 → 3.13.2) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ telemetry (indirect, 0.4.1 → 0.4.3) · Repo · Changelog

Release Notes

0.4.3 (from changelog)

This release improves the telemetry:span/3 function by adding the telemetry_span_context metadata to all span events. The new metadata enables correlating span events that belong to the same span.

Added

• Added telemetry_span_context metadata to all events emitted by telemetry:span/3.

0.4.2 (from changelog)

Added

• Added the telemetry:span/3 function.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 12 commits:

• Release 0.4.3 (#76)
• Add support for span context (#75)
• Migrate to main branch (#73)
• Switch to GitHub actions (#72)
• Fix typo in telemetry module documentation (#70)
• Merge pull request #67 from ericsullivan/note_about_convert_time_unit
• add a note about using convert_time_unit
• Release 0.4.2 (#66)
• Update README.md (#65)
• Update README.md (#63)
• Add span/3 function (#61)
• Update README.md

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)