Skip to content

Bump ash from 3.5.34 to 3.6.2 in /server#972

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/hex/server/ash-3.6.2
Closed

Bump ash from 3.5.34 to 3.6.2 in /server#972
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/hex/server/ash-3.6.2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 13, 2025

Bumps ash from 3.5.34 to 3.6.2.

Release notes

Sourced from ash's releases.

v3.6.2

Bug Fixes:

  • properly apply bypass policies that can never pass by @​zachdaniel

resolves CVE-2025-48043

v3.6.1

Bug Fixes:

  • only add field to error function if not already present by @​zachdaniel

v3.6.0

Features:

Bug Fixes:

  • don't stringify fieldset atoms in read action by @​zachdaniel

  • extended context collision prevention to all bulk operation types and added convenience helpers (#2357) by Daniel Gollings

  • improve nested bulk action notification handling (#2353) by Daniel Gollings

  • Ash.Query.after_transaction result argument issues. (#2354) by James Harton

  • after_transaction on read error bug. by James Harton

  • correct after_transaction result type for successful queries. by James Harton

  • properly set defaults when using string keys in typed structs by @​zachdaniel

  • move rollback_on_error logic to DataLayer.transaction by @​barnabasJ

... (truncated)

Changelog

Sourced from ash's changelog.

v3.6.2 (2025-10-10)

Bug Fixes:

v3.6.1 (2025-10-10)

Bug Fixes:

  • only add field to error function if not already present by @​zachdaniel

v3.6.0 (2025-10-10)

Features:

Bug Fixes:

  • don't stringify fieldset atoms in read action by @​zachdaniel

  • extended context collision prevention to all bulk operation types and added convenience helpers (#2357) by Daniel Gollings

  • improve nested bulk action notification handling (#2353) by Daniel Gollings

  • Ash.Query.after_transaction result argument issues. (#2354) by James Harton

  • after_transaction on read error bug. by James Harton

  • correct after_transaction result type for successful queries. by James Harton

  • properly set defaults when using string keys in typed structs by @​zachdaniel

  • move rollback_on_error logic to DataLayer.transaction by @​barnabasJ

... (truncated)

Commits
  • 35c098c chore: release version v3.6.2
  • ffec7ea fix: properly apply bypass policies that can never pass
  • 66d8130 Merge commit from fork
  • 1b01c32 chore: release version v3.6.1
  • 99e4162 chore: docs and sobelow
  • 4e78f53 fix: only add field to error function if not already present
  • 873d127 chore: release version v3.6.0
  • 21a1e56 fix: don't stringify fieldset atoms in read action
  • b7b855f chore: Add optional REUSE check to ash-ci.yml (#2359)
  • 306db0d feat: Improve selection of atomic validation attribute, including resource-le...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump ash from 3.5.34 to 3.6.2 in /server
f3cab2b 
Bumps [ash](https://github.com/ash-project/ash) from 3.5.34 to 3.6.2.
- [Release notes](https://github.com/ash-project/ash/releases)
- [Changelog](https://github.com/ash-project/ash/blob/main/CHANGELOG.md)
- [Commits](ash-project/ash@v3.5.34...v3.6.2)

---
updated-dependencies:
- dependency-name: ash
  dependency-version: 3.6.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file elixir Pull requests that update Elixir code labels Oct 13, 2025
@dependabot dependabot bot requested a review from skanderm as a code owner October 13, 2025 12:53
@dependabot dependabot bot added dependencies Pull requests that update a dependency file elixir Pull requests that update Elixir code labels Oct 13, 2025
@dependabot dependabot bot mentioned this pull request Oct 13, 2025
Closed
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 13, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@paulcretu paulcretu temporarily deployed to orcasite-pr-972 October 13, 2025 12:55 Inactive
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 20, 2025

Superseded by #976.

@dependabot dependabot bot closed this Oct 20, 2025
@dependabot dependabot bot deleted the dependabot/hex/server/ash-3.6.2 branch October 20, 2025 13:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@skanderm skanderm Awaiting requested review from skanderm skanderm is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file elixir Pull requests that update Elixir code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@paulcretu