chore(deps): bump the production-dependencies group with 3 updates

[dependabot]

Bumps the production-dependencies group with 3 updates: ash, ash_phoenix and cinder.

Updates ash from 3.23.1 to 3.24.3

Release notes

Sourced from ash's releases.

v3.24.3

Bug Fixes:

• fixes for embedded resources within unions (#2676) by Jesse Williams [(#2676)](ash-project/ash#2676)

• Policy Authorizer strict checking forbid_unless (#2678) by Mike Buhot [(#2678)](ash-project/ash#2678)

• compile error (#2675) by Jesse Williams [(#2675)](ash-project/ash#2675)

• do not ignore missing context on Ash.PlugHelpers.update_context/2 (#2674) by Maciej Malecki [(#2674)](ash-project/ash#2674)

Improvements:

• add generate_rest? option to seed_generator (#2591) by robesris [(#2591)](ash-project/ash#2591)

v3.24.1

Bug Fixes:

• ensure policie son intermediate resources are respected in through by @​zachdaniel

• don't apply relationship filters to the source query on through by @​zachdaniel

Changelog

Sourced from ash's changelog.

v3.24.3 (2026-04-17)

Bug Fixes:

• fixes for embedded resources within unions (#2676) by Jesse Williams [(#2676)](ash-project/ash#2676)

• Policy Authorizer strict checking forbid_unless (#2678) by Mike Buhot [(#2678)](ash-project/ash#2678)

• compile error (#2675) by Jesse Williams [(#2675)](ash-project/ash#2675)

• do not ignore missing context on Ash.PlugHelpers.update_context/2 (#2674) by Maciej Malecki [(#2674)](ash-project/ash#2674)

Improvements:

• add generate_rest? option to seed_generator (#2591) by robesris [(#2591)](ash-project/ash#2591)

v3.24.2 (2026-04-13)

Bug Fixes:

• expand the paths in exists filters by @​zachdaniel

v3.24.1 (2026-04-12)

Bug Fixes:

• ensure policie son intermediate resources are respected in through by @​zachdaniel

• don't apply relationship filters to the source query on through by @​zachdaniel

v3.24.0 (2026-04-12)

Features:

• Relationship Through (#2567) by Kenneth Kostrešević [(#2567)](ash-project/ash#2567)

• add eager_validate? option to manage_relationship/4 (#2663) by @​nallwhy [(#2663)](ash-project/ash#2663)

... (truncated)

Commits

• 2a530ea chore: release version v3.24.3
• 7f494cc chore: format
• 9efb8a0 fix: stabilize field order in Ash.Expr.determine_map_type/1 (#2679)
• 83c62b1 improvement: add generate_rest? option to seed_generator (#2591)
• afebe88 fix: fixes for embedded resources within unions (#2676)
• 68350bd fix: Policy Authorizer strict checking forbid_unless (#2678)
• edf88bc fix: compile error (#2675)
• f2f2a53 fix: do not ignore missing context on Ash.PlugHelpers.update_context/2 (#2674)
• b4a63c0 chore: release version v3.24.2
• 67f706a fix: expand the paths in exists filters
• Additional commits viewable in compare view

Updates ash_phoenix from 2.3.20 to 2.3.21

Changelog

Sourced from ash_phoenix's changelog.

v2.3.21 (2026-04-13)

Bug Fixes:

• Add missing usage_rules files to hex package (#470) by @​Munksgaard [(#470)](ash-project/ash_phoenix#470)

• propagate context to nested forms (#465) by @​rapidfsub [(#465)](ash-project/ash_phoenix#465)

Commits

• 6c0fa92 chore: release version v2.3.21
• 3680af0 chore: update deps
• 128c85d fix: Add missing usage_rules files to hex package (#470)
• 792615f chore(deps): bump the production-dependencies group across 1 directory with 5...
• 77cf8bc chore(deps-dev): bump the dev-dependencies group with 2 updates (#466)
• 5db38dc fix: propagate context to nested forms (#465)
• See full diff in compare view

Updates cinder from 0.12.1 to 0.13.0

Changelog

Sourced from cinder's changelog.

v0.13.0 (2026-04-27)

Features

• Respect the :ash, :disable_async? application env when loading data (#156)
• Add Spanish translation (#164)

Bugfixes

• Fix bulk actions ignoring scope={@scope} and running with nil actor and tenant, bypassing policies that depend on either. Bulk actions now resolve the scope the same way reads do.
• Validate page_size values from the URL and dropdown against the table's configuration, so they can't exceed or bypass the developer's intent.
• Fix loading_message, filters_label, and empty_message attributes not being translated when using gettext (#165)
• Sort cycles without nil (e.g. cycle: [:asc, :desc]) now apply the first cycle value as the default sort on initial load, instead of starting unsorted (#132)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions