Skip to content

build(deps): bump the mix-production-dependencies group across 1 directory with 12 updates#292

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/hex/src/flagd-ui/mix-production-dependencies-24dfb37e2a
Open

build(deps): bump the mix-production-dependencies group across 1 directory with 12 updates#292
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/hex/src/flagd-ui/mix-production-dependencies-24dfb37e2a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026

Copy link
Copy Markdown
Contributor

Bumps the mix-production-dependencies group with 11 updates in the /src/flagd-ui directory:

Package From To
bandit 1.8.0 1.11.1
dns_cluster 0.1.3 0.2.0
gettext 0.26.2 1.0.2
heroicons v2.1.1 v2.2.0
jason 1.4.4 1.4.5
opentelemetry_exporter 1.8.1 1.10.0
phoenix 1.8.1 1.8.7
phoenix_live_view 1.1.3 1.1.31
req 0.5.15 0.5.18
swoosh 1.19.5 1.26.0
tailwind 0.3.1 0.4.1

Updates bandit from 1.8.0 to 1.11.1

Changelog

Sourced from bandit's changelog.

1.11.1 (13 May 2026)

Fixes

Changes

  • We no longer disallow . and .. path components in HTTP/2 absolute paths (#581)

1.11.0 (1 May 2026)

Fixes

Enhancements

  • Define a new max_inflate_ratio WebSocket configuration option that defines a maximum allowable decompression ratio to help mitigate inflate bombing. Defaults to 25:1
  • Define a new max_fragmented_message_size WebSocket configuration option which defines the maximum allowed WebSocket frame size (inclusive of continuation frames). Defaults to 8MB

Changes

  • The default value of the max_frame_size WebSocket option has changed from :infinity to 8MB
  • Zero length non-fin continuation frames are now disallowed (we now skip Autobahn 6.1.2 as a result)
  • Multiple content-length fields in an HTTP/1 request are now disallowed (CVE-2026-39805, commit f2ca636, thanks @​PJUllrich & @​maennchen!)
  • We now only use the underlying transport when determining scheme (CVE-2026-39807, commit 45feea2, thanks @​PJUllrich & @​maennchen!)

1.10.4 (25 Mar 2026)

Enhancements

1.10.3 (22 Feb 2026)

Enhancements

  • Support authority form requests for CONNECT requests (#571)
  • Narrow acceptance of asterisk form requests to OPTIONS requests (#571)
  • Detect client disconnect on timeout in ensure_completed (#566, thanks @​pepicrft!)
  • Improve http2 sendfile streaming (#565, thanks @​elibosley!)

... (truncated)

Commits

Updates dns_cluster from 0.1.3 to 0.2.0

Changelog

Sourced from dns_cluster's changelog.

0.2.0 (2025-03-04)

  • Support multiple DNS queries
Commits

Updates gettext from 0.26.2 to 1.0.2

Changelog

Sourced from gettext's changelog.

v1.0.2

  • Only skip manifest removal on Elixir v1.19.3+

v1.0.1 (retired)

  • Remove unnecessary cleaning of Elixir manifests

v1.0.0

This is the first 1.0 release of Gettext, a silly 10 years (and 6 months) after we started working on it. There are very few changes from the latest 0.26 release, and none of them are breaking.

Here are the new goodies:

  • Add support for concatenating sigils if all parts are known at compile time (such as "Hello " <> ~s(world)).
  • Significantly increase the timeout for mix gettext.extract to two minutes.
  • Add Gettext.put_locale!/2.

Happy 10+ years of Elixir translations everyone! 🎉

Previous versions

See the CHANGELOG for versions before v1.0.

Commits
  • e3180f1 Release v1.0.2
  • ec2f9c1 Erase manifest unless on upcoming Elixir (#425)
  • 4960e49 Revert "Removed unnecessary cleaning of Elixir manifests (#423)"
  • 8844a32 Trim CHANGELOG
  • 7fe2dc7 Release v1.0.1
  • 30bf87d Removed unnecessary cleaning of Elixir manifests (#423)
  • d33d745 Bump actions/checkout from 4.2.2 to 5.0.0 (#422)
  • 7443953 Use ubuntu-latest in the publish-to-hex.yml workflow
  • d1a8c86 Release v1.0.0
  • e1df334 Update Elixir/Erlang versions in CI
  • Additional commits viewable in compare view

Updates heroicons from v2.1.1 to v2.2.0

Release notes

Sourced from heroicons's releases.

v2.2.0

Added

  • Add React 19 support (#1247)

Fixed

  • Removed unnecessary clipping path from solid/arrow-left-circle (#1211)

v2.1.5

Added

  • Add new icons (arrow-turn-*, bold, calendar-date-range, divide, document-currency-*, equals, h1, h2, h3, italic, link-slash, numbered-list, percent-badge, slash, strikethrough, underline)

v2.1.4

Fixed

  • Improve tree-shakability of React package (#1192)

v2.1.3

  • Improve project READMEs (#1152)

v2.1.2

  • Include license file with published packages (#1151)
Changelog

Sourced from heroicons's changelog.

[2.2.0] - 2024-11-18

Added

  • Add React 19 support (#1247)

Fixed

  • Removed unnecessary clipping path from solid/arrow-left-circle (#1211)

[2.1.5] - 2024-07-10

Added

  • Add new icons (arrow-turn-*, bold, calendar-date-range, divide, document-currency-*, equals, h1, h2, h3, italic, link-slash, numbered-list, percent-badge, slash, strikethrough, underline)

[2.1.4] - 2024-06-17

Fixed

  • Improve tree-shakability of React package (#1192)

[2.1.3] - 2024-03-22

  • Improve project READMEs (#1152)

[2.1.2] - 2024-03-22

  • Include license file with published packages (#1151)
Commits

Updates jason from 1.4.4 to 1.4.5

Changelog

Sourced from jason's changelog.

1.4.5 (05.05.2026)

  • Add support for Decimal 3.0
Commits
  • 4ede428 Bump v1.4.5
  • b8c2185 Fix dialyzer job
  • a363975 Modernise CI to currently supported versions
  • 243c8a8 Allow decimal 3.0
  • c8e8d05 Revert the experimental 1.5 branch and jason_native experiment
  • 0e7a3e2 Add example/doctest for Jason.OrderedObject.new/1
  • 984bc07 fix broken link
  • f775592 Raise if trying to decode decimals without decimal
  • 79d59df Remove unneeded workarounds for xref warnings
  • baac78e Fix warnings by conditionally compiling Decimal support
  • Additional commits viewable in compare view

Updates opentelemetry_exporter from 1.8.1 to 1.10.0

Release notes

Sourced from opentelemetry_exporter's releases.

API/SDK/OTLP Exporter 1.0.2 and Zipking Exporter 1.0.0

[API 1.0.2] - 2022-02-22

[SDK 1.0.2] - 2022-02-22

Added

Fixed

[Zipkin Exporter 1.0.0] - 2022-2-22

Fixed

Changelog

Sourced from opentelemetry_exporter's changelog.

This changelog has been split into a changelog per application found under apps/*. This file remains for changelogs before 2025-07-31.

Changelog

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

SDK 1.6.0 - 2025-09-16

Added

OTLP Exporter 1.9.0 - 2025-09-16

Added

API 1.4.1 - 2025-07-31

Fixes

  • Various type spec fixes

SDK 1.5.1 - 2025-07-31

Fixes

Commits

Updates phoenix from 1.8.1 to 1.8.7

Changelog

Sourced from phoenix's changelog.

1.8.7 (2026-05-06)

Bug fixes

  • Fix invalid status when longpoll request times out

Enhancements

  • Mask token parameter in logs by default (in addition to "password")

JavaScript Client Bug Fixes

  • Fix encoding of non-ASCII metadata in binary channel messages

1.8.6 (2026-05-05)

Security fixes

  • CVE-2026-32689: Fix Phoenix.Socket Longpoll transport memory exhaustion in nd-JSON body splitting

Enhancements

  • [phoenix] Raise if use Phoenix.VerifiedRoutes is called multiple times in the same module
  • [phoenix] Fix more deprecation and type checker warnings on Elixir 1.20
  • [phoenix] Raise when interpolating a list in Phoenix.VerifiedRoutes (#6632)
  • [phoenix] Gracefully handle non-binary vsn socket parameter (#6662)
  • [phx.gen.*] Use .eex filename suffix in generator files
  • [phx.new] Add interactive mode: mix phx.new --interactive (#6630)
  • [phx.new] Add phx-no-format to generated <.live_title> tag (#6667)

Bug fixes

  • [phx.gen.*] Fix generated migrations for myxql when using scopes (#6635)
  • [phx.new] Fix crash when parent directory contains a colon (#6633)

1.8.5 (2026-03-05)

JavaScript Client Bug Fixes

  • Fix socket connecting on visibility change when never established

Enhancements

  • Fix warnings on Elixir 1.20

1.8.4 (2026-02-23)

JavaScript Client Bug Fixes

  • Fix bug reconnecting connections when close was gracefully initiated by server
  • Fix LongPoll transport name in sessionStorage and logs

Enhancements

  • Adds guards support in assert_push, assert_broadcast, and assert_reply
  • Enable purging in Phoenix code server for Elixir 1.20

1.8.3 (2025-12-08)

Enhancements

... (truncated)

Commits

Updates phoenix_html from 4.2.1 to 4.3.0

Changelog

Sourced from phoenix_html's changelog.

4.3.0 (2025-09-28)

  • Enhancements

    • Implement Phoenix.HTML.Safe for Duration
    • Add function head for argument names of normalize_value/2 to improve documentation
    • Allow custom tags in options_for_select
    • Allow datetime as form option values
  • Bug fixes

    • Avoid false positive warnings on Elixir v1.19
Commits

Updates phoenix_live_view from 1.1.3 to 1.1.31

Release notes

Sourced from phoenix_live_view's releases.

v1.1.31

Enhancements

  • Validate URL scheme in push_patch / push_navigate, JS.patch / JS.navigate, and clientside js().patch / js().navigate (#4250)

Bug fixes

  • Fix nested assign change tracking (#4225)
  • Ensure Phoenix.LiveViewTest.live_redirect/2 properly passes the URI as a string in handle_params (#4247)

v1.1.30

Bug fixes

  • Ensure internal phx-viewport hook does not crash on update if no scroll container is used (#4214), introduced in v1.1.29.

v1.1.29

Bug fixes

  • Prevent JS crash when hook has a duplicate ID (#4196)
  • Recompute scroll container for phx-viewport bindings if it is no longer available (#4169)
  • Fix phx-viewport events not firing when container has horizontal overflow (#3897)
  • Handle locks on skipped nodes (#4209)
  • Use moveBefore if available when reordering stream elements (#4212)

v1.1.28

Bug fixes

  • Fix race condition that could lead to a JS exception when nested LiveView is removed while it is joining (#4177)

Enhancements

  • A bunch of small performance and documentation improvements (thank you @​preciz!)

v1.1.27

Bug fixes

  • Workaround Chrome bug when patching \<template> elements (#4163)
  • Fix more type warnings on Elixir 1.20

v1.1.26

Bug fixes

  • Fix phx-click-away for nested portals
  • Fix type warnings on Elixir 1.20

... (truncated)

Changelog

Sourced from phoenix_live_view's changelog.

Commits

Updates req from 0.5.15 to 0.5.18

Release notes

Sourced from req's releases.

v0.5.16

Changelog

Sourced from req's changelog.

v0.5.18 (2026-05-20)

  • [run_finch]: Allow :finch option with IPv6 URLs.

  • [run_finch]: Normalize Finch.TransportError and Finch.HTTPError (introduced in Finch v0.22.0) into Req.TransportError and Req.HTTPError.

  • [retry]: Automatically retry on :pool_not_available.

  • Require Finch ~> 0.21.0 or ~> 0.22.0.

v0.5.17 (2026-01-22)

  • [retry]: Use default delay if retry-after is "negative"

    Previously, we were only handling "negative" retry-after in "http date" format and slept for zero seconds. We were crashing on retry-after with negative seconds.

    Now, we're using the default delay (1s, 2s, 4s, ...) in either format.

v0.5.16 (2025-11-10)

  • [Req.Test]: Fix verify_on_exit! accidentally using Mox name
  • [auth]: Support MFArgs
  • [auth]: Support digest auth
  • [put_aws_sigv4]: Support MFArgs
  • [put_path_params]: Encode :path_params even with reserved characters
  • [put_path_params]: Set :path_params_template on empty params
  • [run_plug]: Handle compressed request body
Commits
  • 53c3b99 Release v0.5.18
  • dc1f3be Update ex_doc
  • dbd145c Update CHANGELOG.md
  • 75f077e retry: Automatically retry on :pool_not_available
  • 4cfbf54 run_finch: Normalize Finch.TransportError,HTTPError (Finch 0.22+) (#544)
  • 1a40841 Update CHANGELOG
  • b110a03 run_finch: Allow :finch option with IPv6 URLs (#538)
  • dce1009 Release v0.5.17
  • 2fbb092 retry: Use default delay if retry-after is "negative"
  • 28cb697 Refactor http digest handling
  • Additional commits viewable in compare view

Updates swoosh from 1.19.5 to 1.26.0

Release notes

Sourced from swoosh's releases.

v1.26.0 🚀

✨ Features

⛓️ Dependency

New Contributors

Full Changelog: swoosh/swoosh@1.25.3...v1.26.0

v1.25.3 🚀

📝 Documentation

🧰 Maintenance

New Contributors

Full Changelog: swoosh/swoosh@v1.25.2...1.25.3

v1.25.2 🚀

🐛 Bug Fixes

⛓️ Dependency

v1.25.1 🚀

✨ Features

... (truncated)

Changelog

Sourced from swoosh's changelog.

1.26.0

✨ Features

📝 Documentation

  • Document the new Mailpit adapter in the README

1.25.3

📝 Documentation

🧰 Maintenance

1.25.2

🐛 Bug Fixes

1.25.1

🐛 Bug Fixes

1.25.0

✨ Features

📝 Documentation

🧰 Maintenance

1.24.0

... (truncated)

Commits

Updates tailwind from 0.3.1 to 0.4.1

Changelog

Sourced from tailwind's changelog.

v0.4.1 (2025-10-17)

  • Ignore ANSI escape codes when checking version

v0.4.0 (2025-09-10)

  • No longer copy assets in mix tailwind.install
  • Discard empty proxy env vars
  • Ensure watcher picks up rule changes on Windows
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…ctory with 12 updates

Bumps the mix-production-dependencies group with 11 updates in the /src/flagd-ui directory:

| Package | From | To |
| --- | --- | --- |
| [bandit](https://github.com/mtrudel/bandit) | `1.8.0` | `1.11.1` |
| [dns_cluster](https://github.com/phoenixframework/dns_cluster) | `0.1.3` | `0.2.0` |
| [gettext](https://github.com/elixir-gettext/gettext) | `0.26.2` | `1.0.2` |
| [heroicons](https://github.com/tailwindlabs/heroicons) | `v2.1.1` | `v2.2.0` |
| [jason](https://github.com/michalmuskala/jason) | `1.4.4` | `1.4.5` |
| [opentelemetry_exporter](https://github.com/open-telemetry/opentelemetry-erlang) | `1.8.1` | `1.10.0` |
| [phoenix](https://github.com/phoenixframework/phoenix) | `1.8.1` | `1.8.7` |
| [phoenix_live_view](https://github.com/phoenixframework/phoenix_live_view) | `1.1.3` | `1.1.31` |
| [req](https://github.com/wojtekmach/req) | `0.5.15` | `0.5.18` |
| [swoosh](https://github.com/swoosh/swoosh) | `1.19.5` | `1.26.0` |
| [tailwind](https://github.com/phoenixframework/tailwind) | `0.3.1` | `0.4.1` |



Updates `bandit` from 1.8.0 to 1.11.1
- [Changelog](https://github.com/mtrudel/bandit/blob/main/CHANGELOG.md)
- [Commits](mtrudel/bandit@1.8.0...1.11.1)

Updates `dns_cluster` from 0.1.3 to 0.2.0
- [Changelog](https://github.com/phoenixframework/dns_cluster/blob/main/CHANGELOG.md)
- [Commits](phoenixframework/dns_cluster@v0.1.3...v0.2.0)

Updates `gettext` from 0.26.2 to 1.0.2
- [Changelog](https://github.com/elixir-gettext/gettext/blob/main/CHANGELOG.md)
- [Commits](elixir-gettext/gettext@v0.26.2...v1.0.2)

Updates `heroicons` from v2.1.1 to v2.2.0
- [Release notes](https://github.com/tailwindlabs/heroicons/releases)
- [Changelog](https://github.com/tailwindlabs/heroicons/blob/master/CHANGELOG.md)
- [Commits](tailwindlabs/heroicons@88ab3a0...0435d4c)

Updates `jason` from 1.4.4 to 1.4.5
- [Release notes](https://github.com/michalmuskala/jason/releases)
- [Changelog](https://github.com/michalmuskala/jason/blob/master/CHANGELOG.md)
- [Commits](michalmuskala/jason@v1.4.4...v1.4.5)

Updates `opentelemetry_exporter` from 1.8.1 to 1.10.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-erlang/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-erlang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-erlang/commits/opentelemetry_exporter/v1.10.0)

Updates `phoenix` from 1.8.1 to 1.8.7
- [Release notes](https://github.com/phoenixframework/phoenix/releases)
- [Changelog](https://github.com/phoenixframework/phoenix/blob/main/CHANGELOG.md)
- [Commits](phoenixframework/phoenix@v1.8.1...v1.8.7)

Updates `phoenix_html` from 4.2.1 to 4.3.0
- [Changelog](https://github.com/phoenixframework/phoenix_html/blob/main/CHANGELOG.md)
- [Commits](phoenixframework/phoenix_html@v4.2.1...v4.3.0)

Updates `phoenix_live_view` from 1.1.3 to 1.1.31
- [Release notes](https://github.com/phoenixframework/phoenix_live_view/releases)
- [Changelog](https://github.com/phoenixframework/phoenix_live_view/blob/v1.1.31/CHANGELOG.md)
- [Commits](phoenixframework/phoenix_live_view@v1.1.3...v1.1.31)

Updates `req` from 0.5.15 to 0.5.18
- [Release notes](https://github.com/wojtekmach/req/releases)
- [Changelog](https://github.com/wojtekmach/req/blob/main/CHANGELOG.md)
- [Commits](wojtekmach/req@v0.5.15...v0.5.18)

Updates `swoosh` from 1.19.5 to 1.26.0
- [Release notes](https://github.com/swoosh/swoosh/releases)
- [Changelog](https://github.com/swoosh/swoosh/blob/main/CHANGELOG.md)
- [Commits](swoosh/swoosh@v1.19.5...v1.26.0)

Updates `tailwind` from 0.3.1 to 0.4.1
- [Changelog](https://github.com/phoenixframework/tailwind/blob/main/CHANGELOG.md)
- [Commits](phoenixframework/tailwind@v0.3.1...v0.4.1)

---
updated-dependencies:
- dependency-name: bandit
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mix-production-dependencies
- dependency-name: dns_cluster
  dependency-version: 0.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mix-production-dependencies
- dependency-name: gettext
  dependency-version: 1.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: mix-production-dependencies
- dependency-name: heroicons
  dependency-version: 0435d4ca364a608cc75e2f8683d374e55abbae26
  dependency-type: direct:production
  dependency-group: mix-production-dependencies
- dependency-name: jason
  dependency-version: 1.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mix-production-dependencies
- dependency-name: opentelemetry_exporter
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mix-production-dependencies
- dependency-name: phoenix
  dependency-version: 1.8.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mix-production-dependencies
- dependency-name: phoenix_html
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mix-production-dependencies
- dependency-name: phoenix_live_view
  dependency-version: 1.1.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mix-production-dependencies
- dependency-name: req
  dependency-version: 0.5.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mix-production-dependencies
- dependency-name: swoosh
  dependency-version: 1.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mix-production-dependencies
- dependency-name: tailwind
  dependency-version: 0.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mix-production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code labels Jun 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants