chore(deps): update dependency mint to v1.9.1 #201

Open
renovate wants to merge 1 commit from renovate/mint-1.x-lockfile into main
Collaborator

This PR contains the following updates:

Package Type Update Change
mint (source) prod patch 1.9.01.9.1

Release Notes

elixir-mint/mint (mint)

v1.9.1

Compare Source

Security
  • HTTP/1.1 chunked response bodies are now emitted as {:data, ref, data} tuples as soon as data from the chunked body is received. This prevents CVE-2026-56810: the previous behavior was to buffer body chunks according to their advertised length. An attacker could craft a chunked response with a very large chunk length, and Mint would keep accumulating incoming chunked bytes in memory until reaching that length—allowing the attacker to OOM the application using Mint. See also the GHSA-c59h-fq4p-r36r GitHub advisory.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [mint](https://hex.pm/packages/mint) ([source](https://github.com/elixir-mint/mint)) | prod | patch | `1.9.0` → `1.9.1` | --- ### Release Notes <details> <summary>elixir-mint/mint (mint)</summary> ### [`v1.9.1`](https://github.com/elixir-mint/mint/blob/HEAD/CHANGELOG.md#v191) [Compare Source](https://github.com/elixir-mint/mint/compare/v1.9.0...v1.9.1) ##### Security - HTTP/1.1 chunked response bodies are now emitted as `{:data, ref, data}` tuples as soon as data from the chunked body is received. This prevents `CVE-2026-56810`: the previous behavior was to buffer body chunks according to their advertised length. An attacker could craft a chunked response with a very large chunk length, and Mint would keep accumulating incoming chunked bytes in memory until reaching that length—allowing the attacker to OOM the application using Mint. See also [the `GHSA-c59h-fq4p-r36r` GitHub advisory](https://github.com/elixir-mint/mint/security/advisories/GHSA-c59h-fq4p-r36r). </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE1MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
renovate force-pushed renovate/mint-1.x-lockfile from 39191e5fe6 to 553e90add1 2026-07-10 15:00:49 +02:00 Compare
renovate force-pushed renovate/mint-1.x-lockfile from 553e90add1 to 7a424c7181 2026-07-10 18:00:38 +02:00 Compare
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/mint-1.x-lockfile:renovate/mint-1.x-lockfile
git switch renovate/mint-1.x-lockfile
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
inhji/hajur!201
No description provided.