Welcome to GigaElixir Gazette, your 5-minute digest of Elixir ecosystem news that actually matters.
This week in Elixir: Phoenix LiveView 1.2 arrives with colocated CSS - write scoped styles inside your HEEx templates without touching your bundler config. OTP 29.0.2 closes seven CVEs across erts, SSH, SSL, FTP, and inets - including a buffer overflow in SCTP chunk parsing that could escalate to remote code execution.
Also: Thinking Elixir wraps six years and 307 episodes on June 23rd. Continuum brings Temporal-style durable workflows to OTP natively. The Pro Tips section covers DoubleDown: DB-free Ecto tests that run hundreds of times faster.
. WEEKLY PICKS .
📻 Thinking Elixir Wraps Six Years - Final Episode June 23rd
Mark announces the final episode lands June 23rd - over six years and 307 weekly episodes. The news section covers Ecto 3.14 landing with UUIDv7 support for time-sortable primary keys, Oban Pro adding a human-approval step that pauses jobs mid-execution without holding a database connection open, Hologram v0.9 shipping a Realtime WebSocket push feature, and NSA Zero Trust Implementation Guidelines that complement the Erlang Foundation's own security hardening document.
💡 LiveView 1.2 Colocates CSS - Scoped Styles Inside HEEx Templates
LiveView 1.2 lets you write CSS directly in HEEx templates using a <style :type={ColocatedCSS}> tag. The compiler extracts styles into the _build directory at compile time, feeding your existing Tailwind or Esbuild pipeline. The new @scope mechanism - opt-in via root_tag_attribute: phx-r - keeps component styles from leaking onto unrelated page elements. Browser support for @scope is still partial, so scoping ships as a configurable behavior rather than a default. Upgrade: {:phoenix_live_view, "~> 1.2.0"}.
🔐 OTP 29.0.2 Closes Seven CVEs Across SSH, SSL, and SCTP
OTP 29.0.2 patches seven CVEs in a single release: a buffer overflow in ERTS SCTP chunk parsing (CVE-2026-49759) that could escalate to remote code execution; an SSH username enumeration timing side-channel (CVE-2026-48859); an SSH path disclosure in the SFTP server (CVE-2026-48855); an FTP passive-mode SSRF vulnerability (CVE-2026-48858); and an inets HTTP client that was forwarding auth headers across redirects to different hosts (CVE-2026-48856). SSL distribution also patched. Patch OTP 29 today.
⚡ Continuum Brings Temporal-Style Durable Workflows to OTP
Continuum is an OTP-native durable execution engine backed by Postgres - the Elixir answer to Temporal. Write workflows as ordinary Elixir; activity results are journaled on first execution and replayed from the event log on restarts. Determinism is enforced at compile time: the compiler scans workflow code for non-deterministic calls - time, randomness, IO - and flags violations before they reach production. Sagas, compensation, signals, durable timers, parent-child workflows, and OpenTelemetry are all included. Run on the built-in worker pool or delegate to Oban.
🛠️ LiveView Streams Dutch Smart Meter Telegrams for IoT Testing
p1meter.dev simulates a live DSMR 5.0 smart meter and streams telegrams over raw TCP. The web interface shows a live preview; the TCP endpoint emits the same telegram format a physical P1 reader would receive. Connect with nc p1meter.dev 8080. The use case: teams building home energy dashboards, DSMR parsers, and P1 integrations typically need a physical meter and cable to test against - this eliminates that constraint entirely. Built with Phoenix LiveView and the open-source dsmr package.
💡 Pro Tip
Your 45,000 Tests Take 12 Minutes Because 75% Don't Need Postgres
The Ecto sandbox serializes your test suite at the database. Every test that needs data gets a transaction, and 45,000 transactions on a fast laptop add up to 12 minutes.
Nobody runs the full suite locally anymore. DoubleDown's answer is Repo.InMemory: a stateful Ecto.Repo fake that runs ExMachina factory tests unchanged without touching a database.
Swap the fallback in your test setup - one line - and tests that only use the database for fixture placement run hundreds of times faster. The library covers writes, PK reads, aggregates, preloads, insert_all, update_all, delete_all, Ecto.Multi transactions with full rollback, and FK backfill on insert.
Roughly 75% of unit tests in a typical project qualify, according to the author's measurements.
DoubleDown is built in the Mox lineage: behaviors, dispatch facades, compile-time dispatch resolution. The differences matter in practice. Handlers carry state across calls - which is how the Repo fake works - giving you stateful fakes that Mox cannot model.
The DynamicFacade mode adds a test boundary to any module by calling setup(Module) in test_helper.exs with no contract module and no config wiring. Cross-contract state lets fakes inspect each other during dispatch, enabling multi-contract orchestration tests without a database in the loop.
If your CI build takes 45 minutes because of Ecto sandbox overhead, this is the trade worth making.
Remember, for faster Elixir test suites:
DB tests are the minority - Roughly 75% of unit tests only use the database for fixture placement; Repo.InMemory removes that dependency without changing test code or ExMachina factories
One-line swap, hundreds of times faster - Install the in-memory fallback in setup and data-fixturing tests no longer touch Postgres
Stateful fakes solve what Mox cannot - Handlers carry state across calls, enabling Ecto.Multi rollback, FK backfill on insert, and multi-contract orchestration in memory
Keep sandbox tests for query logic - Ecto.Query operations, stream, and raw SQL delegate to an optional fallback; complex query tests still use the sandbox, everything else does not
. TIRED OF DEVOPS HEADACHES? .
Deploy your next Elixir app hassle-free with Gigalixir and focus more on coding, less on ops.
We're specifically designed to support all the features that make Elixir special, so you can keep building amazing things without becoming a DevOps expert.
See you next week,
Michael
P.S. Forward this to a friend who loves Elixir as much as you do 💜
