Bump the production-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the production-dependencies group with 9 updates in the / directory:

Package	From	To
bandit	1.5.7	1.6.7
esbuild	0.8.1	0.9.0
gettext	0.25.0	0.26.2
nimble_parsec	1.4.0	1.4.2
phoenix	1.7.14	1.7.19
phoenix_ecto	4.6.2	4.6.3
phoenix_live_dashboard	0.8.4	0.8.6
phoenix_live_view	0.20.17	1.0.4
tailwind	0.2.3	0.2.4

Updates bandit from 1.5.7 to 1.6.7

Changelog

Sourced from bandit's changelog.

1.6.7 (30 Jan 2025)

Changes

• Consider timeouts when reading HTTP/1 headers as a connection error and not an HTTP error
• Enhance logging for WebSocket deflation errors

1.6.6 (25 Jan 2025)

Fixes

• Consider closures during HTTP/1 header reading as a socket error to silence them by default via log_client_closures config flag
• Send connection: close when closing connection on error per RFC9112§9.6

Enhancements

• Add experimental opt-in trace logging to help diagnose hard to reproduce errors
• Move CI to 1.18 & improve tests (#459, #461, thanks @​grzuy!)

1.6.5 (15 Jan 2025)

Fixes

• Fix regression introduced in 1.6.1 where we would not send headers set by the Plug during WebSocket upgrades (#458)

Enhancements

• Properly normalize Erlang errors before emitting telemetry and logged crash_reason (#455, thanks @​grzuy!)

1.6.4 (11 Jan 2025)

Fixes

• Fix error in socket setup error handling introduced in 1.6.2 (thanks @​danielspofford!)

1.6.3 (8 Jan 2025)

Fixes

• Always close HTTP/1 connection in any case where an error comes out of the plug (#452, thanks @​zookzook!)
• Fix dialyzer warning introduced by Thousand Island 1.3.9

1.6.2 (4 Jan 2025)

Enhancements

• Send telemetry events on Plugs that throw or exit (#443)
• Improve test robustness & speed (#446)
• Read a minimal number of bytes when sniffing for protocol (#449)
• Add plug and websock to logging metadata whenever possible (#448)

... (truncated)

Commits

• 5879549 Version bump to 1.6.7
• 2f55abc Include details of websocket deflation error
• 8f257f1 Consider HTTP/1 header read timeouts as connection errors
• 575c396 Version bump to 1.6.6
• 137ff68 Fixup dialyzer warning under 1.18
• 9e6ba26 Don't credo test files
• f62faab Version bump CI to 1.18/27
• a5fcb83 Minor typo
• 5adc828 Trace tooling (#453)
• bc0a4fd Use an apply when inducing runtime crashes in order to fool the increasingly ...
• Additional commits viewable in compare view

Updates esbuild from 0.8.1 to 0.9.0

Changelog

Sourced from esbuild's changelog.

v0.9.0 (2025-02-10)

This release requires Elixir v1.14+ and Erlang/OTP 25+.

• Update PGP keys to support latest esbuild versions
• Update esbuild to version 0.25.0
• Remove dependency on CAStore in favor of using Erlang certificates

v0.8.2 (2024-10-18)

• Fallback to ipv4/ipv6 for unreachable hosts

Commits

• 4f85348 Release v0.9.0
• 9892ddd Update public key (#77)
• b01d15f Remove CAStore from lock
• 45d1853 Update Elixir requirement
• c83c200 Remove dependency on CAStore
• 83b786b Rely on Erlang/OTP 25+ and no more on CAStore (#76)
• 7153c6e Release v0.8.2
• c7d7bb8 fallback to ipv4/ipv6 in the event of an unreachable host error (#74)
• ac23b69 Allow version check to be skipped (#73)
• 2249260 Add support for riscv64 arch (#72)
• See full diff in compare view

Updates gettext from 0.25.0 to 0.26.2

Changelog

Sourced from gettext's changelog.

v0.26.2

• Introduces warning if plural messages are defined with the same singular message and conflicting plural messages.
• Improves performance by striping not required metadata when compiling the Gettext backend.

v0.26.1

• Address backwards incompatible changes in previous release

v0.26.0

This release changes the way you use Gettext. We're not crazy: it does so because doing so makes it a lot faster to compile projects that use Gettext. The changes you have to make to your code are minimal, and the old behavior is deprecated so that you will be guided on how to update.

The reason for this change is that it removes compile-time dependencies from modules that used to import a Gettext backend. In applications such as Phoenix applications, where every view and controller imports the Gettext backend, this change means a lot less compilation when you make translation changes!

Here's the new API. Now, instead of defining a Gettext backend (use Gettext) and then importing that to use its macros, you need to:

1. Define a Gettext backend with use Gettext.Backend
2. Import and use its macros with use Gettext, backend: MyApp.Gettext.

Before and After

Before this release, code using Gettext used to look something like this:

defmodule MyApp.Gettext do
  use Gettext, otp_app: :my_app
end
defmodule MyAppWeb.Controller do
import MyApp.Gettext
end

This creates a compile-time dependency for every module that imports the Gettext backend.

With this release, the above turns into:

defmodule MyApp.Gettext do
  use Gettext.Backend, otp_app: :my_app
end
defmodule MyAppWeb.Controller do
use Gettext, backend: MyApp.Gettext
end

... (truncated)

Commits

• 3a6e81c Release v0.26.2
• 528e9cb Warn user if conflicting plural messages are defined (#400) (#401)
• b41445e Use Expo Metadata Stripping to improve Performance (#398)
• dbc696e Mention Igniter in v0.26 changelog migration guide (#397)
• 898f7c4 Remove unnecessary assertion in a test
• 5835a6c Fix skipped test
• 61e8452 mix format
• 435c574 Release v0.26.1
• bde32c0 Improve message
• 539b72c Allow extraction to work by setting attribute at expansion time
• Additional commits viewable in compare view

Updates nimble_parsec from 1.4.0 to 1.4.2

Changelog

Sourced from nimble_parsec's changelog.

v1.4.2 (2025-01-21)

Enhancements

• Remove more warnings on Elixir v1.18+

v1.4.1 (2025-01-15)

Enhancements

• Remove warnings on Elixir v1.18+

Commits

• e20b0b3 Release v1.4.2
• cab425f Mark code as generated to prevent warnings (#143)
• 0c9a1cc Release v1.4.1
• 7d8c3d7 Mark case as generated
• 922b6b1 Remove warnings on latest Elixir versions
• f9f2cde Small docs fixes (#141)
• 7f56984 CI housekeeping (#138)
• 03610c5 Fix deprecation warning on SimpleXML example (#139)
• 9cb1f6c Fix typos (#137)
• dce8ab5 Updateoptional combinator documentation (#135)
• Additional commits viewable in compare view

Updates phoenix from 1.7.14 to 1.7.19

Changelog

Sourced from phoenix's changelog.

1.7.19 (2024-01-31)

Enhancements

• [phx.new] - bind to 0.0.0.0 in dev.exs if phx.new is being run inside a docker container. This exposes the container's phoenix server to the host so that it is accessible over port forwarding.

1.7.18 (2024-12-10)

Enhancements

• Use new interpolation syntax in generators
• Update gettext in generators to 0.26

1.7.17 (2024-12-03)

Enhancements

• Use LiveView 1.0.0 for newly generated applications

1.7.16 (2024-12-03)

Bug fixes

• Fix required Elixir version in mix.exs

1.7.15 (2024-12-02)

Enhancements

• Support phoenixframework.org installer

Commits

• 83e4b32 Release 1.7.19
• 9f309a6 Expose phx.new dev.exs to host if we're in a docker env
• 1585350 Provide better detection of changed files in code reloader
• ca04e2d mix deps.update ex_doc
• e2ec5e0 Release 1.7.18
• e13540c update changelog
• ac10bf4 backport new interpolation syntax (#6008)
• 4c6fc11 update mix.lock
• ab49d2f Update generators with new Gettext API (#5902) (#6006)
• 6858b4f Updates to release notes and up and running
• Additional commits viewable in compare view

Updates phoenix_ecto from 4.6.2 to 4.6.3

Changelog

Sourced from phoenix_ecto's changelog.

v4.6.3

• Enhancements

  • Add prefix option to check repo status plug

• Bug fix

  • Fix map.field notation warning on Elixir 1.17

Commits

• edbf0d3 Release v4.6.3
• fe00d3d Add prefix option to check repo status plug (#181)
• b44088a Fix map.field notation warning on Elixir 1.17 (#180)
• b6f618d Fix language (#179)
• 945de21 fix matrix key
• 32a4270 fix branch name in CI
• 3e325d3 Merge pull request #178 from kianmeng/ci-housekeeping
• 6be9c3d CI housekeeping
• See full diff in compare view

Updates phoenix_html from 4.1.1 to 4.2.0

Changelog

Sourced from phoenix_html's changelog.

4.2.0 (2024-12-28)

• Enhancements

  • Add Phoenix.HTML.css_escape/1 to escape strings for use inside CSS selectors
  • Add the ability to pass :hr to options_for_select/2 to render a horizontal rule

• Bug fixes

  • Pass form action through in FormData implementation

Commits

• b7fd6b7 Release v4.2.0
• 687cca8 Fix warnings on Elixir v1.19
• b6d63e7 Document and pass through option accordingly
• a8262ad update changelog
• c1ad602 Merge pull request #452 from phoenixframework/sd-css-escape
• 6b67a08 Merge pull request #451 from gilbertbw/gbw-hr
• 465c303 Update lib/phoenix_html/form.ex
• cdbc402 add Phoenix.HTML.css_escape/1
• 2cea68e Fix formatting
• d30c20b Add <hr/> to options_for_select
• Additional commits viewable in compare view

Updates phoenix_live_dashboard from 0.8.4 to 0.8.6

Changelog

Sourced from phoenix_live_dashboard's changelog.

v0.8.6 (2024-12-30)

• Update Erlang docs url
• Fix rendering of durations in Elixir v1.18+
• Fix warnings on Elixir v1.18+
• Remove img nonce which had no effect whatsoever

v0.8.5 (2024-11-14)

• Provide a mechanism for user extensible LiveView hooks
• Add Erlang/OTP 27 Process label support

Commits

• 3a1bd99 Release v0.8.6
• f8f60d2 Duration.to_string (#464)
• 46b14cb Update Erlang docs url since they changed to ExDoc (#462)
• 36ad469 Merge pull request #456 from phoenixframework/sd-update-deps
• 96f6468 don't migrate to curly braces yet
• 028f957 fix test that relied on push_patch to wrong live session
• 7901e06 Update assets
• 3eafe7f Build assets on CI and add caching (#461)
• 93627a3 remove dead code found by type system
• 6b776e5 fix deprecation warnings
• Additional commits viewable in compare view

Updates phoenix_live_view from 0.20.17 to 1.0.4

Changelog

Sourced from phoenix_live_view's changelog.

1.0.4 (2025-02-04)

Bug fixes

• Fix elements with phx-remove inside sticky LiveViews being unintentionally removed on navigation (#3658)
• Fix phx-click-loading not being removed from links in sticky LiveViews (#3656)
• Fix Phoenix.LiveView.JS.focus/2 and Phoenix.LiveView.JS.focus_first/2 not properly focusing elements on Mobile Safari (#3563)

1.0.3 (2025-01-28)

Bug fixes

• Fix regression where browser back/forward buttons used patch instead of navigate, failing to update the page (#3529)
• Fix client hooks inside streams that contain nested LiveViews (#3530)
• Fix LiveComponents in nested LiveViews not updating under certain conditions (#3626)
• Fix client-side hooks not being cleared properly (#3628)
• Fix LiveUpload from client hook not auto uploading when immediately followed by form event (#3647)
• Fix inputs being cleared in some cases when patching locked trees (#3647)
• Fix client hooks with dynamic IDs not being destroyed properly when parts of the DOM are locked (#3651)

Enhancements

• Allow to configure if duplicate IDs / other detected errors should warn or raise by passing on_error to Phoenix.LiveViewTest.live/3 / Phoenix.LiveViewTest.live_isolated/3 (#3653)
• Also detect duplicate LiveComponents that are added dynamically to the page in LiveViewTest (#3653)
• Log an error in the JavaScript console when detecting a stream container with missing phx-update="stream" attribute (#3645)
• Update documentation to mention :fun and {:fun, arity} as valid attribute types for Phoenix.Component.attr/3 (#3635)
• Update documentation to mention ways for dynamically rendering function components (#3632)
• Update documentation to mention {:inner, selector} and {:closest, selector} as valid options for to in JS commands (#3638)

1.0.2 (2025-01-09)

Bug fixes

• Fix inconsistency between mix format and mix format --check-formatted with new curly interpolation syntax (#3590)
• Fix unnecessary compile time dependencies when using attr / on_mount / live (#3592)
• Fix crash when testing LiveViews with embedded XML (e.g. SVGs) (#3594)
• Fix type warning when using follow_redirect (#3581)
• Prevent phx-trigger-action from clashing with locked forms (#3591)
• Fix form recovery sending wrong event name when using JS commands in phx-change (#3607)

Enhancements

• Deduplicate items on stream/4 / steam_insert/4 (#3599)
• Restore scroll position on initial navigation (#3572)
• Change-track non existing keys in maps (#3584)
• Only warn instead of raising when detecting a duplicate ID in LiveViewTest (#3603)

1.0.1 (2024-12-13)

Bug fixes

• Raise when duplicate DOM IDs are found when rendering a LiveView during tests to avoid undefined behaviour
• Fix live session verification causing logged errors, push_patch failures, and failed mounts when a cold deploy occurs
• Fix a bug where the live_session's on_mount hooks would be called for sticky live views on connected mount. Now a sticky live view is consistently marked as :not_mounted_at_router

1.0.0 (2024-12-03) 🚀

... (truncated)

Commits

• 62229c0 Release 1.0.4
• a757b81 update changelog
• 5200ace Update assets
• 0abd80b fix phx-remove and phx-click-loading in sticky LVs (#3659)
• 485c349 don't overuse requestAnimationFrame (#3657)
• 1397b5e Update assets
• 8ea6b48 Release 1.0.3
• e419029 mix format
• df82b86 small refactor of on_error tests
• f1b9d2b only raise by default in later release
• Additional commits viewable in compare view

Updates tailwind from 0.2.3 to 0.2.4

Changelog

Sourced from tailwind's changelog.

v0.2.4 (2024-10-18)

• Add version check flag
• Fallback to ipv4/ipv6 for unreachable hosts

Commits

• 194ab0f Release v0.2.4
• bcc196a Release v0.2.3
• f13003f fallback to ipv4/ipv6 in the event of an unreachable host error (#101)
• f729dc3 Add version check flag (#100)
• a4133dd Bump changelog
• 9b5ca91 Fixup
• 271d195 Merge pull request #98 from Gigitsu/hotfix/version-wiht-path
• 2b7417e Don't check version if path is present
• e2d8d3b Update main.yml
• b8382fb Update ExDoc
• Additional commits viewable in compare view

Updates telemetry_metrics from 1.0.0 to 1.1.0

Changelog

Sourced from telemetry_metrics's changelog.

1.1.0

Changed

Add support for measurements as second argument of keep/drop callback.

Commits

• 138d532 Release v1.1.0
• 9e93f2e Fix 'metadata' typo in moduledoc (#115)
• f1fdb7c Fix typespec for drop option (#114)
• b9675ff CI housekeeping (#113)
• 7a21527 Fix link, closes #112
• 3fde830 Implement event filtering on measurements (#77) (#111)
• ab86164 Console log measurement name with conversion fun name (#109)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions