v8.0.0
8.0.0 (2026-01-12)
Bug Fixes
- correct CSS classes for select, radio, and textarea inputs (f79931c)
- correct dm_mdi syntax in tooltip component documentation (aef2710)
- correct icon component syntax across storybook and docs (2b3e0b0)
- synchronize version numbers and automate version management (d3dfb41)
Features
- add graceful error handling for missing icon files in dm_mdi and dm_bsi (99241fe)
- enhance moonlight theme colors and add build tool path configuration (eaefe60)
BREAKING CHANGES
- Components now require LiveView hooks to be registered in your application.
Security Fixes:
- Remove unsafe inline JavaScript with EEx interpolation from theme_switcher.ex
- Remove inline scripts with XSS vulnerabilities from spotlight.ex
- Remove inline scripts from page_header.ex
- All scripts moved to secure LiveView hooks using data attributes
API Fixes:
- Fix @Myself usage in form/input.ex - add phx_target attribute
- Fix misleading @Myself documentation in spotlight_search.ex
- Fix misleading @Myself documentation in plasma_ball.ex
- Components now correctly support phx-target for LiveComponent usage
New Features:
- Add ThemeSwitcher hook for theme persistence
- Add Spotlight hook for keyboard shortcut handling
- Add PageHeader hook for IntersectionObserver effects
- Add hooks/index.js for easy import of all hooks
- Add comprehensive hooks setup documentation in CLAUDE.md
Migration Required:
Users must now register hooks in their LiveSocket:
import * as DuskmoonHooks from "phoenix_duskmoon/hooks"
let liveSocket = new LiveSocket("/live", Socket, {hooks: DuskmoonHooks})
See CLAUDE.md for detailed setup instructions.
Closes: Critical security vulnerabilities identified in architecture analysis
Affects: theme_switcher, spotlight, page_header, form/input components
Contributors
Myself