Bump the production-dependencies group with 12 updates

[dependabot]

Bumps the production-dependencies group with 12 updates:

Package	From	To
bandit	1.6.7	1.6.11
cachex	4.0.3	4.0.4
dns_cluster	0.1.3	0.2.0
ecto_sqlite3	0.18.1	0.19.0
esbuild	0.8.2	0.9.0
phoenix	1.7.19	1.7.21
phoenix_html	4.2.0	4.2.1
phoenix_live_view	1.0.3	1.0.9
req	0.5.8	0.5.10
swoosh	1.17.8	1.18.4
tailwind	0.2.4	0.3.1
telemetry_poller	1.1.0	1.2.0

Updates bandit from 1.6.7 to 1.6.11

Changelog

Sourced from bandit's changelog.

1.6.11 (31 Mar 2025)

Changes

• Ensure that HTTP/1 request headers are sent to the Plug in the order they're sent (#482)
• Do not populate the cookies header with an empty string if no cookies were sent in HTTP/2 (#483)

1.6.10 (25 Mar 2025)

Fixes

• Fix bug introduced when closing compressed websock connections in certain circumstances (#478)

Enhancements

• Standardize & document the format of messages sent to HTTP/2 Stream processes (#481)

1.6.9 (21 Mar 2025)

Fixes

• Do not close compression context before calling websock close callback (#462, thanks @​thiagopromano!)

1.6.8 (5 Mar 2025)

Fixes

• Do not send stream WINDOW_UPDATEs on the last data frame of a stream

Enhancements

• Add status to the telemetry metadata emitted on WebSocket upgrades (#466)

Commits

• 3b8b1a4 Version bump to 1.6.11
• 5b58392 Order headers (#483)
• 8b612e1 Version bump to 1.6.10
• db4d9db Namespace plug process messages to look like {:bandit, msg} (#481)
• 52ebc2f Properly track connection state during ConnectionClose frame handling
• 4eee15b Nil out compression context so we don't double close it
• f636dd8 Bump req from 0.5.8 to 0.5.10 (#479)
• 5167d6d Version bump to 1.6.9
• 8e60b3d Bump Thousand Island dep
• 1b7fb61 Close the deflation context after the socket close callback (#477)
• Additional commits viewable in compare view

Updates cachex from 4.0.3 to 4.0.4

Release notes

Sourced from cachex's releases.

v4.0.4

This is small release to fix a couple of issues with caching.

Fixes:

• Fix incorrect documentation on Cachex.fetch/4
• Fix an issue when LRU checking against a missing key
• Resolve an issue with long running proactive warmers

Please file an issue if there are any further problems!

Commits

• 9c52af4 Bump to v4.0.4
• 688837f Fix cache warmer for long running tasks (#403)
• 5e26934 Allow matching against missing cache items (#402)
• 4391698 Support Elixir 1.18 in GitHub CI (#399)
• dae0e1a Update redundant typespec (#398)
• 361d1aa Update Cachex.fetch documentation (#396)
• 0e3b982 Fix incorrect specification for fetch/3
• f750574 Update overview based on README changes
• efcac15 Update README with minor grammar edits (#394)
• See full diff in compare view

Updates dns_cluster from 0.1.3 to 0.2.0

Changelog

Sourced from dns_cluster's changelog.

0.2.0 (2025-03-04)

• Support multiple DNS queries

Commits

• 188df65 Release 0.2.0
• 2161d1f Merge pull request #7 from davydog187/support-multiple-queries
• 11bd821 Bump
• 1dac479 don't allow nested lists for queries
• 982dd43 revert first sentence
• 759e5a3 edit docs for clarity
• 7c3b5dd Support differing basenames
• 2d3aa14 expand the tests
• 842edab fix example
• d0c6808 Support multiple DNS queries
• See full diff in compare view

Updates ecto_sqlite3 from 0.18.1 to 0.19.0

Release notes

Sourced from ecto_sqlite3's releases.

v0.19.0

What's Changed

• Make map/array encoding configurable by @​a-nassim in elixir-sqlite/ecto_sqlite3#163

New Contributors

• @​a-nassim made their first contribution in elixir-sqlite/ecto_sqlite3#163

Full Changelog: elixir-sqlite/ecto_sqlite3@v0.18.1...v0.19.0

Changelog

Sourced from ecto_sqlite3's changelog.

v0.19.0

• changed: Configurable encoding for :map and :array, allowing usage of SQLite's JSONB storage format.

Commits

• d108903 Bump to v0.19.0
• 40beb89 Update locked dependencies
• 952f38b Make map/array encoding configurable (#163)
• See full diff in compare view

Updates esbuild from 0.8.2 to 0.9.0

Changelog

Sourced from esbuild's changelog.

v0.9.0 (2025-02-10)

This release requires Elixir v1.14+ and Erlang/OTP 25+.

• Update PGP keys to support latest esbuild versions
• Update esbuild to version 0.25.0
• Remove dependency on CAStore in favor of using Erlang certificates

Commits

• 4f85348 Release v0.9.0
• 9892ddd Update public key (#77)
• b01d15f Remove CAStore from lock
• 45d1853 Update Elixir requirement
• c83c200 Remove dependency on CAStore
• 83b786b Rely on Erlang/OTP 25+ and no more on CAStore (#76)
• See full diff in compare view

Updates phoenix from 1.7.19 to 1.7.21

Commits

• See full diff in compare view

Updates phoenix_html from 4.2.0 to 4.2.1

Changelog

Sourced from phoenix_html's changelog.

4.2.1 (2025-02-21)

• Enhancements
  • Add type to Phoenix.HTML.FormField
  • Allow keyword lists in options to use nil as key/value

Commits

• 71430c1 Release v4.2.1
• 1a9341e Expand documentation of options_for_select (#460)
• 0d15b13 Update ci.yml (#459)
• 1bea177 Add type to Phoenix.HTML.FormField (#458)
• 0a11e96 Merge pull request #457 from phoenixframework/sd-makeup-syntect
• 7ccce86 use makeup_syntect for highlighting JS (and diff)
• 9007635 Allow keyword list options to use nil as key and/or value (#456)
• df2a3f6 Update ExDoc
• See full diff in compare view

Updates phoenix_live_view from 1.0.3 to 1.0.9

Changelog

Sourced from phoenix_live_view's changelog.

1.0.9 (2025-03-26)

Bug fixes

• Fix testing uploads inside nested LiveViews with LiveViewTest (#3732)

1.0.8 (2025-03-26)

Bug fixes

• Regression: ensure _target is sent as ["undefined"] when an input has no name (#3727)
• Fix stream items from disconnected render not being removed when rendered inside a nested stream (#3730)

Enhancements

• Add Phoenix.LiveViewTest.refute_redirected/1 to assert that no redirect took place (#3729)

1.0.7 (2025-03-21)

Bug fixes

• Fix _target parameter being sent incorrectly (#3719).

1.0.6 (2025-03-20)

Bug fixes

• Fix race condition where patches were discarded when a new navigation was already pending (#3710)
• Fix phx-debounce="blur" re-sending events for subsequent blurs (#3689)
• Fix code_change callback not returning the new channel state (#3712)
• Fix LiveViews not being able to reconnect without a full page reload after a deployment that changed the router (#3715)

Enhancements

• Improve performance of large forms (#3696)
• Ensure JS.push values are sent on form events (#3674)
• Allow to skip persistent_id generation in Phoenix.Component.inputs_for/1 (#3677)
• Delay phx-disconnected binding to prevent brief flash of "Attempting to reconnect" message for short disconnects (#3680). This can be configured by passing the disconnectedTimeout option to the LiveSocket constructor.

1.0.5 (2025-02-27)

Bug fixes

• Fix JS.exec failing when a selector is passed (#3678)
• Fix race conditions when testing a live upload that redirects in the progress callback (#3676)
• Fix streams in sticky LiveView being reset under some circumstances when another LiveView also contains a stream (#3681)
• Fix recursively locked elements not being correctly patched on unlock (#3684)
• Fix JS.show/hide/toggle behavior while also fixing JS.focus() on Mobile Safari (#3692)

Enhancements

• Detect infinite patch redirect loops and raise an error (#3670)

1.0.4 (2025-02-04)

Bug fixes

• Fix elements with phx-remove inside sticky LiveViews being unintentionally removed on navigation (#3658)
• Fix phx-click-loading not being removed from links in sticky LiveViews (#3656)

... (truncated)

Commits

• 7875688 release v1.0.9
• 04e535d update changelog
• 0eefc92 add test for LiveViewTest uploads in nested LV
• 026c737 fix ClientProxy sync_with_root
• 8d54070 Update assets
• caa6230 release v1.0.8
• 82fb99c Update assets
• ca0d782 update changelog
• 0d99adc fix: allow refute_redirect to refute any redirections (#3729)
• 8ac8e78 Force remove stream elements on join patch (#3730)
• Additional commits viewable in compare view

Updates req from 0.5.8 to 0.5.10

Release notes

Sourced from req's releases.

v0.5.10

• Req: Add Req.get_headers_list/1.

Changelog

Sourced from req's changelog.

v0.5.10 (2025-03-21)

• [Req]: Add [Req.get_headers_list/1].

v0.5.9 (2025-03-17)

• [encode_body]: Support any enumerable in :form_multipart

• [Req.Test.expect/3]: Fix usage in shared mode

• [retry]: Do not carry halt between retries

• (Internal) Support custom headers in Req.Utils.aws_sigv4_url/1

• (Internal) Support custom query params in Req.Utils.aws_sigv4_url/1

Commits

• 71e31f1 Release v0.5.10
• 8db1395 Fix doc since
• 44f3384 Add Req.get_headers_list/1
• 87eba81 Add internal Req.Fields
• fff2a22 Move code around
• 95f07bf Hide warnings
• 105989f Release v0.5.9
• 97e0533 Req: Do not carry halt between retries (#450)
• 2046dc5 Support custom query params in Req.Utils.aws_sigv4_url/1 (#445)
• 1cbf092 Minor improvements to the documentation (#468)
• Additional commits viewable in compare view

Updates swoosh from 1.17.8 to 1.18.4

Release notes

Sourced from swoosh's releases.

v1.18.4 🚀

✨ Features

• Support dark/light mode based on system theme in dev preview mailbox @​chrismccord (#1027)

⛓️ Dependency

• Bump bandit from 1.6.9 to 1.6.10 @​dependabot (#1026)
• Bump mail from 0.4.3 to 0.4.4 @​dependabot (#1025)
• Bump bandit from 1.6.8 to 1.6.9 @​dependabot (#1024)

New Contributors

• @​chrismccord made their first contribution in swoosh/swoosh#1027

Full Changelog: swoosh/swoosh@v1.18.3...v1.18.4

v1.18.3 🚀

🧰 Maintenance

• Update Req usage, preparing for v1.0 @​wojtekmach (#1022)

Full Changelog: swoosh/swoosh@v1.18.2...v1.18.3

v1.18.2 🚀

🐛 Bug Fixes

• Fix: Prevent zeptomail error when receiving non json response body on 500 @​atoncetti (#1017)

⛓️ Dependency

• Bump ex_doc from 0.37.2 to 0.37.3 @​dependabot (#1018)
• Bump bandit from 1.6.7 to 1.6.8 @​dependabot (#1016)

New Contributors

• @​atoncetti made their first contribution in swoosh/swoosh#1017

Full Changelog: swoosh/swoosh@v1.18.1...v1.18.2

v1.18.1 🚀

✨ Features

• Add PostUp adapter @​zatchheems (#1015)

New Contributors

• @​zatchheems made their first contribution in swoosh/swoosh#1015

Full Changelog: swoosh/swoosh@v1.18.0...v1.18.1

v1.18.0 🚀

✨ Features

... (truncated)

Changelog

Sourced from swoosh's changelog.

1.18.4

✨ Features

• Support dark/light mode based on system theme in dev preview mailbox @​chrismccord (#1027)

1.18.3

🧰 Maintenance

• Update Req usage, preparing for v1.0 @​wojtekmach (#1022)

1.18.2

🐛 Bug Fixes

• Fix: Prevent zeptomail error when receiving non json response body on 500 @​atoncetti (#1017)

1.18.1

✨ Features

• Add PostUp adapter @​zatchheems (#1015)

1.18.0

✨ Features

• Implement loops.so adapter @​caioaao (#1012)

1.17.10

🐛 Bug Fixes

• Fix broken attachments on Scaleway adapter @​olivermt (#1003)

1.17.9

🐛 Bug Fixes

• fix assets path prefix
• improve static serving config

Commits

• a5ced79 v1.18.4
• b524ff3 Support dark/light mode based on system theme (#1027)
• 9db488a Bump bandit from 1.6.9 to 1.6.10 (#1026)
• 328e7ab Bump mail from 0.4.3 to 0.4.4 (#1025)
• b3f8d0b Bump bandit from 1.6.8 to 1.6.9 (#1024)
• 37880a7 Update test_assertions.ex
• e878e49 v1.18.3
• 629cc55 Update Req usage, preparing for v1.0 (#1022)
• 3290fde update adapters table
• f1e14be v1.18.2
• Additional commits viewable in compare view

Updates tailwind from 0.2.4 to 0.3.1

Changelog

Sourced from tailwind's changelog.

v0.3.1 (2025-02-28)

• Support correct target for Linux MUSL with Tailwind v3.

v0.3.0 (2025-02-26)

• Support Tailwind v4+. This release assumes Tailwind v4 for new projects.

Note: v0.3.0 dropped target code for handling Linux MUSL with Tailwind v3. Use v0.3.1+ instead.

Commits

• dec852e release v0.3.1
• 2bc2fdf Merge pull request #115 from phoenixframework/sd-musl-target-v3v4
• c0006e2 Support Linux MUSL v3 and v4
• 08629c8 release v0.3.0
• 8b3247d Merge branch 'next'
• 7e1f93b use Tailwind 4.0.9 as latest
• 44ac901 don't mention 0.3 or Tailwind v4 in README yet
• 8ad425c Pass url as a string into fetch_body! as URI.parse would not succeed with a c...
• 6f45cae Merge pull request #97 from arcanemachine/main
• 2278885 Merge pull request #110 from phoenixframework/sd-tailwind3to4
• Additional commits viewable in compare view

Updates telemetry_poller from 1.1.0 to 1.2.0

Changelog

Sourced from telemetry_poller's changelog.

1.2.0

Added

• Support persistent_term measurements.
• Require Erlang/OTP 24+.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions