Bump plug from 1.4.3 to 1.5.0

[dependabot-preview]

Bumps plug from 1.4.3 to 1.5.0.

Changelog

Sourced from plug's changelog.

v1.5.0 (2018-03-09)

• Enhancements

  • Add init_mode to Plug.Builder for runtime initialization
  • Allow passing MFA tuple to JSON decoder
  • Allow :log_error_on_incomplete_requests to be disabled for Cowboy adapters
  • Support Cowboy 2.2 with HTTP/2 support
  • Optimize Plug.RequestID on machines with multiple cores
  • Add Plug.Conn.push/3 and Plug.Conn.push!/3 to support HTTP/2 server push
  • Add Plug.Conn.request_url/1
  • Optimise Plug.HTML.html_escape_to_iodata/1
  • Add Plug.Router.match_path/1
  • Log on Plug.SSL redirects
  • Allow Plug.CSRFProtection tokens to be generated and matched with host specific information
  • Add Plug.Conn.prepend_resp_headers/3
  • Add Plug.Status.reason_atom/1

• Bug fixes

  • Ensure CSRF token is not deleted if plug is called twice
  • Do not fail on empty multipart body without boundary
  • Do not decode empty query string pairs
  • Consider both the connection protocol and x-forwarded-proto when redirecting on Plug.SSL

• Deprecations

  • Deprecate Plug.Conn's Collectable protocol implementation

v1.4

See CHANGELOG in the v1.4 branch.

Commits

• 365c322 Release v1.5.0
• 3b1da79 Log on mismatched hosts and support explicit allowances
• ec03aae Make the adapter contract for push return :ok or {:error, reason} (#678)
• b4b5081 Do not repeat path and allow logging to be disabled
• 0b7aacc Log on redirect (#676)
• 6eea5b3 Keep docs summary for push short
• 2a1fb04 Redirect on x-forwarded-proto whatever the scheme (#675)
• 5437312 Add a prepend_resp_headers/3 to Plug.Conn (#664)
• 94d54d2 Reduce warning message at runtime
• b6e6b08 Use IO.warn
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot ignore this [minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use [this|these] label[s] will set the current labels as the default for future PRs for this repo and language

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #14.