chore(deps): bump oban from 2.21.1 to 2.22.1

[dependabot]

Bumps oban from 2.21.1 to 2.22.1.

Release notes

Sourced from oban's releases.

v2.22.1

Bug Fixes

• [Repo] Conditionally reference database driver errors

  The retryable_exceptions macro previously hard-coded references to MyXQL.Error and Postgrex.Error, which Elixir v1.20.0.rc.2+ flags as missing module references at macro expansion time when the corresponding driver isn't a project dependency. The missing module reference could escalate into a deadlock, and compilation would halt entirely.

  Driver error lists are now resolved at compile time and only include modules that are actually loaded, so projects using Postgrex without MyXQL (or vice versa) compile cleanly.

• [Cron] Reject impossible combinations in cron expressions

  Cron strings whose day and month fields could never align (e.g. "0 0 30 2 *", or "0 0 31 4 *") parsed, but caused next_at/2 and last_at/2 to loop indefinitely.

  Now expressions are validated to ensure at least one day fits within the maximum length of at least one selected month.

• [Cron] Validate cron range bounds before expansion

  Range parts like 0-99999999 were accepted and expanded into the full integer range before the out-of-bounds check fired. For sufficiently large upper bounds that could stall the BEAM and risk OOM. The same path was reachable via the step variant 0-99999999/1 and the open-ended form 99999999/1.

  Expression parsing now compares against the field's allowed min/max and rejects out-of-range values before any range is materialized.

• [Migration] Fix prefix escaping in Postgres migrations

  Switch to the standard doubled-quote escape so it works under default Postgres configuration.

  The escaped_prefix value was using \' to escape single quotes, which hasn't been enabled by default since 9.1. Under default settings, the backslash was treated literally and the quote terminated the string, allowing a crafted prefix to break out of the SQL literal in migrated_version/1 and the notify trigger bodies.

• [Backoff] Narrow with_retry exit catch to :timeout

  Exits never carry a database error module atom in the first tuple element. Connection failures surface as raised database exceptions, which the rescue clause above already handles. The catch now only matches :exit, {:timeout, _}, the one shape that's actually reachable.

v2.22.0

Adds a job querying API, migration checking in test mode, smarter notifier ping cadence, and a handful of bug fixes around recovery and resilience.

📇 Job Querying

Two new functions make it easier to load jobs without hand-rolling Ecto queries. Oban.Job.query/1 builds a composable query from a keyword list of field filters, and Oban.all_jobs/2 runs any queryable through the configured repo.

For example, to fetch every available job for a worker with account_id: 1:

[args: %{account_id: 1}, worker: MyApp.Worker, state: :available]
|> Oban.Job.query()
|> Oban.all_jobs()

The result is an Ecto.Queryable, so it composes with further Ecto.Query calls, and pairs naturally with with Oban.cancel_all_jobs/2 and Oban.delete_all_jobs/2:

[state: :available, queue: :media]
</tr></table> 

... (truncated)

Changelog

Sourced from oban's changelog.

v2.22.1 — 2026-04-30

Bug Fixes

• [Repo] Conditionally reference database driver errors

  The retryable_exceptions macro previously hard-coded references to MyXQL.Error and Postgrex.Error, which Elixir v1.20.0.rc.2+ flags as missing module references at macro expansion time when the corresponding driver isn't a project dependency. The missing module reference could escalate into a deadlock, and compilation would halt entirely.

  Driver error lists are now resolved at compile time and only include modules that are actually loaded, so projects using Postgrex without MyXQL (or vice versa) compile cleanly.

• [Cron] Reject impossible combinations in cron expressions

  Cron strings whose day and month fields could never align (e.g. "0 0 30 2 *", or "0 0 31 4 *") parsed, but caused next_at/2 and last_at/2 to loop indefinitely.

  Now expressions are validated to ensure at least one day fits within the maximum length of at least one selected month.

• [Cron] Validate cron range bounds before expansion

  Range parts like 0-99999999 were accepted and expanded into the full integer range before the out-of-bounds check fired. For sufficiently large upper bounds that could stall the BEAM and risk OOM. The same path was reachable via the step variant 0-99999999/1 and the open-ended form 99999999/1.

  Expression parsing now compares against the field's allowed min/max and rejects out-of-range values before any range is materialized.

• [Migration] Fix prefix escaping in Postgres migrations

  Switch to the standard doubled-quote escape so it works under default Postgres configuration.

  The escaped_prefix value was using \' to escape single quotes, which hasn't been enabled by default since 9.1. Under default settings, the backslash was treated literally and the quote terminated the string, allowing a crafted prefix to break out of the SQL literal in migrated_version/1 and the notify trigger bodies.

• [Backoff] Narrow with_retry exit catch to :timeout

  Exits never carry a database error module atom in the first tuple element. Connection failures surface as raised database exceptions, which the rescue clause above already handles. The catch now only matches :exit, {:timeout, _}, the one shape that's actually reachable.

v2.22.0 — 2026-04-27

... (truncated)

Commits

• 2a94028 Release v1.22.1
• f210c4a Fix prefix escaping in Postgres migrations
• 38a0242 Reject impossible combinations in cron expressions
• dfa415b Validate cron range bounds before expansion
• 39702f2 Drop missing oban_peers safety net
• 945855a Narrow with_retry exit catch to :timeout
• 8a704aa Conditionally reference database driver errors
• 67b004b Release v2.22.0
• 1ef601e Notify queues regardless of staging success
• 5c5d7e4 Shared listen/notify helper in sonar
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.