build(deps): bump the mix-production-dependencies group across 1 directory with 2 updates

[dependabot]

Bumps the mix-production-dependencies group with 2 updates in the /src/flagd-ui directory: bandit and phoenix_live_view.

Updates bandit from 1.8.0 to 1.9.0

Changelog

Sourced from bandit's changelog.

1.9.0 (12 Dec 2025)

Enhancements

• Skip body draining when Connection: close is set (#546, thanks @​pepicrft!)
• Make deflate options for WebSockets configurable (#540, thanks @​proxima!)
• Mitigate HTTP/2 rapid reset attacks (#533, thanks @​NelsonVides!)
• Implement improved respect for SETTINGS_MAX_CONCURRENT_STREAMS (#524, thanks @​NelsonVides!)
• Support zstd HTTP compression (#514, thanks @​mattmatters!)

Commits

• 858317a Don't kill the process_label entry on each request
• 35b5cc6 Version bump to 1.9.0
• 05eb476 Update Thousand Island dep
• f11fc7b Skip body draining when Connection: close is set (#546)
• 4a24bda Configurable deflate options for websockets (#540)
• cc2a3f1 Streams/rapid resets (#533)
• cd6a995 Bump ex_doc from 0.39.1 to 0.39.2 (#547)
• c5d9491 Bump plug from 1.18.1 to 1.19.0 (#548)
• 6852b64 Bump credo from 1.7.13 to 1.7.14 (#544)
• 614aa95 Bump actions/checkout from 5 to 6 (#543)
• Additional commits viewable in compare view

Updates phoenix_live_view from 1.1.18 to 1.1.19

Changelog

Sourced from phoenix_live_view's changelog.

v1.1.19 (2025-12-12)

Bug fixes

• Ensure stale token redirect uses the correct URL (#4068)
• Ignore events from elements that are not connected to the DOM (#4066)
• Skip phx-click-away if clicked element is hidden (#4070)

Enhancements

• Allow disabling symlink warning for colocated js (#4057)

Commits

• d37acf1 release v1.1.19
• f8922e3 Update assets
• 85d74d8 Skip phx-click-away if clicked target is hidden (#4077)
• 29c2af8 ignore events for elements that are not connected (#4074)
• b9307d2 use main view for stale redirect (#4069)
• b3a145e Raise if JS.dispatch detail is not a map (#4062)
• 5bf52e6 Add phx-no-format and phx-no-curly-interpolation to cheatsheet (#4065)
• 7ab8e7d allow disabling symlink warning for colocated js (#4057)
• a8541d7 format for 1.19
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions