Skip to content

Bump the mix-production-dependencies group across 1 directory with 4 updates#81

Open
dependabot[bot] wants to merge 1 commit intodependabot/composer/src/quote/composer-production-dependencies-ff27a81262from
dependabot/hex/src/flagd-ui/mix-production-dependencies-28b65c612f
Open

Bump the mix-production-dependencies group across 1 directory with 4 updates#81
dependabot[bot] wants to merge 1 commit intodependabot/composer/src/quote/composer-production-dependencies-ff27a81262from
dependabot/hex/src/flagd-ui/mix-production-dependencies-28b65c612f

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 5, 2026
edited
Loading

Bumps the mix-production-dependencies group with 4 updates in the /src/flagd-ui directory: bandit, phoenix, phoenix_live_view and swoosh.

Updates bandit from 1.10.1 to 1.10.3

Changelog

Sourced from bandit's changelog.

1.10.3 (22 Feb 2026)

Enhancements

  • Support authority form requests for CONNECT requests (#571)
  • Narrow acceptance of asterisk form requests to OPTIONS requests (#571)
  • Detect client disconnect on timeout in ensure_completed (#566, thanks @​pepicrft!)
  • Improve http2 sendfile streaming (#565, thanks @​elibosley!)

1.10.2 (22 Jan 2026)

Enhancements

  • Distinguish client disconnects from genuine body read timeouts (#564, thanks @​pepicrft!)
Commits
  • e3fd682 Version bump to 1.10.3
  • a330b13 Grant actions:write permission to lint job for PLT cache eviction
  • 0aa42c2 Support authority form requests for CONNECT requests (#571)
  • ac63021 fix: detect client disconnect on timeout in ensure_completed (#566)
  • c746d8e Bump ex_doc from 0.40.0 to 0.40.1 (#569)
  • 5640a10 Bump credo from 1.7.15 to 1.7.16 (#568)
  • 78e5184 feat: http2 sendfile streaming (#565)
  • 5af3c8f Version bump to 1.10.2
  • 06c199d fix: distinguish client disconnects from genuine body read timeouts (#564)
  • da97c51 Bump req from 0.5.16 to 0.5.17 (#563)
  • See full diff in compare view

Updates phoenix from 1.8.3 to 1.8.5

Changelog

Sourced from phoenix's changelog.

1.8.5 (2026-03-05)

JavaScript Client Bug Fixes

  • Fix socket connecting on visibility change when never established

Enhancements

  • Fix warnings on Elixir 1.20

1.8.4 (2026-02-23)

JavaScript Client Bug Fixes

  • Fix bug reconnecting connections when close was gracefully initiated by server
  • Fix LongPoll transport name in sessionStorage and logs

Enhancements

  • Adds guards support in assert_push, assert_broadcast, and assert_reply
  • Enable purging in Phoenix code server for Elixir 1.20
Commits

Updates phoenix_live_view from 1.1.20 to 1.1.26

Release notes

Sourced from phoenix_live_view's releases.

v1.1.26

Bug fixes

  • Fix phx-click-away for nested portals
  • Fix type warnings on Elixir 1.20

v1.1.25

Bug fixes

  • Fix phx-click-away when clicked element is teleported (#4141)
  • Handle phx-hook outside of LiveViews when reconnecting (#4147)
Changelog

Sourced from phoenix_live_view's changelog.

v1.1.26 (2026-03-04)

Bug fixes

  • Fix phx-click-away for nested portals
  • Fix type warnings on Elixir 1.20

v1.1.25 (2026-02-26)

Bug fixes

  • Fix phx-click-away when clicked element is teleported (#4141)
  • Handle phx-hook outside of LiveViews when reconnecting (#4147)

v1.1.24 (2026-02-16)

Bug fixes

  • Prevent map access on assigns (@foo.bar.baz) being expanded when used in root attributes causing an invalid warning

v1.1.23 (2026-02-12)

Enhancements

  • If a macro is used in HEEx root attributes (<div {@root_attr} />), it is now expanded at compile time (#4145)

v1.1.22 (2026-01-28)

Bug fixes

  • Fix live component container patch throwing a JavaScript error when container is locked (#4088)

v1.1.21 (2026-01-27)

Bug fixes

  • Fix stream reset and deletes not working if stream is teleported using Phoenix.Component.portal/1 (#4121)

Enhancements

  • Mark LiveView template code as generated to prevent warnings on Elixir 1.20
  • Allow unused function warnings for function components to be emitted
  • Add Phoenix.LiveView.TagEngine.compile/2 as an official entrypoint for compiling templates in favor of relying on the EEx.Engine behaviour
Commits

Updates swoosh from 1.20.1 to 1.23.0

Release notes

Sourced from swoosh's releases.

v1.23.0 🚀

✨ Features

Full Changelog: swoosh/swoosh@v1.22.1...v1.23.0

v1.22.1 🚀

🐛 Bug Fixes

⛓️ Dependency

Full Changelog: swoosh/swoosh@v1.22.0...v1.22.1

v1.22.0 🚀

✨ Features

⛓️ Dependency

New Contributors

Full Changelog: swoosh/swoosh@v1.21.0...v1.22.0

v1.21.0 🚀

  • Bump Elixir requirement to 1.16, Erlang OTP to 26

Full Changelog: swoosh/swoosh@v1.20.1...v1.21.0

Changelog

Sourced from swoosh's changelog.

1.23.0

✨ Features

1.22.1

🐛 Bug Fixes

1.22.0

✨ Features

1.21.0

  • Bump Elixir requirement to 1.16, Erlang OTP to 26
Commits
  • 95f37b4 Prepare minor release 1.23.0 (#1110)
  • 768e745 Make deliver/1 and deliver/2 overridable in Swoosh.Mailer (#1109)
  • 3efa0d3 v1.22.1
  • 8e176fd remove bad test
  • f368d1c Fix mailbox preview text-body clipping by removing negative top offset (#1108)
  • cffbc67 Move preferred_cli_env to cli function
  • bb2f6e8 Add GitHub Actions workflow for Copilot setup
  • 71ce6f2 Update Tailwind CSS version to 4.2.1
  • 4556b02 Bump bandit from 1.10.2 to 1.10.3
  • 1a41c89 v1.22.0
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the mix-production-dependencies group across 1 directory with 4 …
472ea08 
…updates

Bumps the mix-production-dependencies group with 4 updates in the /src/flagd-ui directory: [bandit](https://github.com/mtrudel/bandit), [phoenix](https://github.com/phoenixframework/phoenix), [phoenix_live_view](https://github.com/phoenixframework/phoenix_live_view) and [swoosh](https://github.com/swoosh/swoosh).


Updates `bandit` from 1.10.1 to 1.10.3
- [Changelog](https://github.com/mtrudel/bandit/blob/main/CHANGELOG.md)
- [Commits](mtrudel/bandit@1.10.1...1.10.3)

Updates `phoenix` from 1.8.3 to 1.8.5
- [Release notes](https://github.com/phoenixframework/phoenix/releases)
- [Changelog](https://github.com/phoenixframework/phoenix/blob/main/CHANGELOG.md)
- [Commits](phoenixframework/phoenix@v1.8.3...v1.8.5)

Updates `phoenix_live_view` from 1.1.20 to 1.1.26
- [Release notes](https://github.com/phoenixframework/phoenix_live_view/releases)
- [Changelog](https://github.com/phoenixframework/phoenix_live_view/blob/v1.1.26/CHANGELOG.md)
- [Commits](phoenixframework/phoenix_live_view@v1.1.20...v1.1.26)

Updates `swoosh` from 1.20.1 to 1.23.0
- [Release notes](https://github.com/swoosh/swoosh/releases)
- [Changelog](https://github.com/swoosh/swoosh/blob/main/CHANGELOG.md)
- [Commits](swoosh/swoosh@v1.20.1...v1.23.0)

---
updated-dependencies:
- dependency-name: bandit
  dependency-version: 1.10.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mix-production-dependencies
- dependency-name: phoenix
  dependency-version: 1.8.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mix-production-dependencies
- dependency-name: phoenix_live_view
  dependency-version: 1.1.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mix-production-dependencies
- dependency-name: swoosh
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mix-production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code labels Mar 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants