chore(deps): bump the prod group across 1 directory with 12 updates

[dependabot]

Bumps the prod group with 11 updates in the / directory:

Package	From	To
appsignal_phoenix	2.5.0	2.7.0
esbuild	0.8.1	0.9.0
gettext	0.26.1	0.26.2
httpoison	2.2.1	2.2.2
libcluster	3.3.3	3.5.0
nimble_publisher	0.1.3	1.1.1
phoenix_html	3.3.4	4.2.1
phoenix_live_view	0.20.17	1.0.9
telemetry_metrics	0.6.2	1.1.0
telemetry_poller	1.1.0	1.2.0
timex	3.6.4	3.7.11

Updates appsignal_phoenix from 2.5.0 to 2.7.0

Changelog

Sourced from appsignal_phoenix's changelog.

2.7.0

Published on 2025-03-24.

Changed

• Remove the Hackney dependency. It is no longer used since AppSignal package 2.15.0. (minor ca33981)

Fixed

• Update appsignal_plug dependency requirement. This fixes an issue with spans being closed double, which led to inaccurate reporting. (patch 7516c42)

2.6.0

Published on 2024-12-03.

Added

• Handle live component update events (minor 24b9d94)

2.5.1

Published on 2024-11-06.

Added

• Set render metadata as tags on render error. When a template rendering error is reported, its backtrace is limited to the Elixir process that is spawned to render the template. Add information about the template and view being rendered as tags, to provide additional context about the error. (patch 8d27329)

Commits

• 12edb8c Publish package v2.7.0
• 9d58a4b Remove poison dependency (#110)
• ca33981 Remove unused hackney dependency (#109)
• 66134ff Bump AppSignal package to version 2.15.0 (#108)
• f9ecc6f Merge pull request #107 from appsignal/update-plug-dep
• eab373a Remove double close calls on spans
• 7516c42 Update appsignal_plug dependency
• a62870b Merge pull request #106 from appsignal/ci-workflow
• 2fd629d Don't cancel builds in the matrix on first error
• 263643a Run CI workflow for Pull Requests
• Additional commits viewable in compare view

Updates esbuild from 0.8.1 to 0.9.0

Changelog

Sourced from esbuild's changelog.

v0.9.0 (2025-02-10)

This release requires Elixir v1.14+ and Erlang/OTP 25+.

• Update PGP keys to support latest esbuild versions
• Update esbuild to version 0.25.0
• Remove dependency on CAStore in favor of using Erlang certificates

v0.8.2 (2024-10-18)

• Fallback to ipv4/ipv6 for unreachable hosts

Commits

• 4f85348 Release v0.9.0
• 9892ddd Update public key (#77)
• b01d15f Remove CAStore from lock
• 45d1853 Update Elixir requirement
• c83c200 Remove dependency on CAStore
• 83b786b Rely on Erlang/OTP 25+ and no more on CAStore (#76)
• 7153c6e Release v0.8.2
• c7d7bb8 fallback to ipv4/ipv6 in the event of an unreachable host error (#74)
• ac23b69 Allow version check to be skipped (#73)
• 2249260 Add support for riscv64 arch (#72)
• See full diff in compare view

Updates gettext from 0.26.1 to 0.26.2

Changelog

Sourced from gettext's changelog.

v0.26.2

• Introduces warning if plural messages are defined with the same singular message and conflicting plural messages.
• Improves performance by striping not required metadata when compiling the Gettext backend.

Commits

• 3a6e81c Release v0.26.2
• 528e9cb Warn user if conflicting plural messages are defined (#400) (#401)
• b41445e Use Expo Metadata Stripping to improve Performance (#398)
• dbc696e Mention Igniter in v0.26 changelog migration guide (#397)
• 898f7c4 Remove unnecessary assertion in a test
• 5835a6c Fix skipped test
• 61e8452 mix format
• See full diff in compare view

Updates httpoison from 2.2.1 to 2.2.2

Release notes

Sourced from httpoison's releases.

HTTPoison 2.2.2

What's Changed

• Bump hackney version to address CVE issue (benoitc/hackney#753)
• fix syntax in readme multipart example by @​thth in edgurgel/httpoison#488

New Contributors

• @​thth made their first contribution in edgurgel/httpoison#488

Full Changelog: edgurgel/httpoison@v2.2.1...v2.2.2

Commits

• ee21d00 Bump HTTPoison version
• 96745a4 Bump hackney version
• 4029183 fix syntax
• See full diff in compare view

Updates libcluster from 3.3.3 to 3.5.0

Changelog

Sourced from libcluster's changelog.

Changelog

Unreleased

• Add kubernetes_use_cached_resources option to Kubernetes strategy

3.4.1

• Use new cypher names
• Allow Epmd strategy to reconnect after connection failures
• Detect Self Signed Certificate Authority for Kubernetes Strategy
• Remove calls to deprecated Logger.warn/2
• Correct misspell of 'Empd' -> 'Epmd' in Cluster.Strategy.LocalEpmd moduledoc

3.4.0

Added

• Telemetry events added for tracking node connects and disconnects

3.3.0

Changed

• Default multicast address is now 233.252.1.32, was 230.1.1.251, commit

2.3.0

Added

• Clustering strategy for the Rancher container platform (see: https://github.com/rancher/rancher)
• LocalEpmd strategy that uses epmd to discover nodes on the local host
• Gossip strategy multicast interface is used for adding multicast membership

2.0.0

Added

• Configurable connect and disconnect options for implementing strategies on top of custom topologies
• The ability to start libcluster for more than a single topology
• Added polling_interval option to Kubernetes strategy
• Added ability to specify a list of hosts for the Epmd strategy to connect to on start

Removed

• Cluster.Events module, as it was redundant and unused

Changed

... (truncated)

Commits

• See full diff in compare view

Updates nimble_publisher from 0.1.3 to 1.1.1

Changelog

Sourced from nimble_publisher's changelog.

v1.1.1 (2025-02-21)

• Relax language detector from Markdown snippet to support languages like C++

v1.1.0 (2023-10-23)

• Allow custom parsing functions to return multiple entries per file
• Allow custom HTML converter
• Support .livemd in default html converter

v1.0.0

• First stable release

Commits

• 49dfb61 Release v1.1.1
• 93ffc93 Use a more relaxed language pattern in code highlight regex (#36)
• 140066e Update couple of internal section links (#34)
• 5d35d42 update documentation to change extname to filepath (#32)
• 21fc283 Update README.md (#30)
• 56b1712 Release v1.1.0
• 7c32381 Refactor the GitHub Actions CI workflow (#29)
• 7ab6a42 Update ci.yml
• 8e731fa Fix suite
• 2a93095 Add support for custom html converters (#28)
• Additional commits viewable in compare view

Updates phoenix from 1.7.20 to 1.7.21

Commits

• See full diff in compare view

Updates phoenix_html from 3.3.4 to 4.2.1

Changelog

Sourced from phoenix_html's changelog.

4.2.1 (2025-02-21)

• Enhancements
  • Add type to Phoenix.HTML.FormField
  • Allow keyword lists in options to use nil as key/value

4.2.0 (2024-12-28)

• Enhancements

  • Add Phoenix.HTML.css_escape/1 to escape strings for use inside CSS selectors
  • Add the ability to pass :hr to options_for_select/2 to render a horizontal rule

• Bug fixes

  • Pass form action through in FormData implementation

v4.1.1 (2024-03-01)

• Fix dependency resolution error

v4.1.0 (2024-02-29)

• Enhancements
  • Introduce form :action and consider input as changed if action changes to support better change tracking

v4.0.0 (2023-12-19)

This version removes deprecated functionality and moved all HTML helpers to a separate library. HTML Helpers are no longer used in new apps from Phoenix v1.7, instead it relies on function components from Phoenix.LiveView. Older applications who wish to maintain compatibility, add {:phoenix_html_helpers, "~> 1.0"} to your mix.exs and then replace use Phoenix.HTML in your applications by:

import Phoenix.HTML
import Phoenix.HTML.Form
use PhoenixHTMLHelpers

v3.3.3 (2023-10-09)

• Enhancements
  • Allow string fields on input_changed?

v3.3.2 (2023-08-10)

• Enhancements

  • Address deprecations in Elixir v1.16+

• Deprecations

  • Deprecate inputs_for/2 and inputs_for/3 (without anonymous functions)

v3.3.1 (2023-02-27)

• Bug fix
  • Set display to none on generated forms

... (truncated)

Commits

• 71430c1 Release v4.2.1
• 1a9341e Expand documentation of options_for_select (#460)
• 0d15b13 Update ci.yml (#459)
• 1bea177 Add type to Phoenix.HTML.FormField (#458)
• 0a11e96 Merge pull request #457 from phoenixframework/sd-makeup-syntect
• 7ccce86 use makeup_syntect for highlighting JS (and diff)
• 9007635 Allow keyword list options to use nil as key and/or value (#456)
• df2a3f6 Update ExDoc
• b7fd6b7 Release v4.2.0
• 687cca8 Fix warnings on Elixir v1.19
• Additional commits viewable in compare view

Updates phoenix_live_view from 0.20.17 to 1.0.9

Changelog

Sourced from phoenix_live_view's changelog.

1.0.9 (2025-03-26)

Bug fixes

• Fix testing uploads inside nested LiveViews with LiveViewTest (#3732)

1.0.8 (2025-03-26)

Bug fixes

• Regression: ensure _target is sent as ["undefined"] when an input has no name (#3727)
• Fix stream items from disconnected render not being removed when rendered inside a nested stream (#3730)

Enhancements

• Add Phoenix.LiveViewTest.refute_redirected/1 to assert that no redirect took place (#3729)

1.0.7 (2025-03-21)

Bug fixes

• Fix _target parameter being sent incorrectly (#3719).

1.0.6 (2025-03-20)

Bug fixes

• Fix race condition where patches were discarded when a new navigation was already pending (#3710)
• Fix phx-debounce="blur" re-sending events for subsequent blurs (#3689)
• Fix code_change callback not returning the new channel state (#3712)
• Fix LiveViews not being able to reconnect without a full page reload after a deployment that changed the router (#3715)

Enhancements

• Improve performance of large forms (#3696)
• Ensure JS.push values are sent on form events (#3674)
• Allow to skip persistent_id generation in Phoenix.Component.inputs_for/1 (#3677)
• Delay phx-disconnected binding to prevent brief flash of "Attempting to reconnect" message for short disconnects (#3680). This can be configured by passing the disconnectedTimeout option to the LiveSocket constructor.

1.0.5 (2025-02-27)

Bug fixes

• Fix JS.exec failing when a selector is passed (#3678)
• Fix race conditions when testing a live upload that redirects in the progress callback (#3676)
• Fix streams in sticky LiveView being reset under some circumstances when another LiveView also contains a stream (#3681)
• Fix recursively locked elements not being correctly patched on unlock (#3684)
• Fix JS.show/hide/toggle behavior while also fixing JS.focus() on Mobile Safari (#3692)

Enhancements

• Detect infinite patch redirect loops and raise an error (#3670)

1.0.4 (2025-02-04)

Bug fixes

• Fix elements with phx-remove inside sticky LiveViews being unintentionally removed on navigation (#3658)
• Fix phx-click-loading not being removed from links in sticky LiveViews (#3656)

... (truncated)

Commits

• 7875688 release v1.0.9
• 04e535d update changelog
• 0eefc92 add test for LiveViewTest uploads in nested LV
• 026c737 fix ClientProxy sync_with_root
• 8d54070 Update assets
• caa6230 release v1.0.8
• 82fb99c Update assets
• ca0d782 update changelog
• 0d99adc fix: allow refute_redirect to refute any redirections (#3729)
• 8ac8e78 Force remove stream elements on join patch (#3730)
• Additional commits viewable in compare view

Updates telemetry_metrics from 0.6.2 to 1.1.0

Changelog

Sourced from telemetry_metrics's changelog.

1.1.0

Changed

Add support for measurements as second argument of keep/drop callback.

1.0.0

No changes. API is considered stable.

Commits

• 138d532 Release v1.1.0
• 9e93f2e Fix 'metadata' typo in moduledoc (#115)
• f1fdb7c Fix typespec for drop option (#114)
• b9675ff CI housekeeping (#113)
• 7a21527 Fix link, closes #112
• 3fde830 Implement event filtering on measurements (#77) (#111)
• ab86164 Console log measurement name with conversion fun name (#109)
• 182dbd7 Release v1.0.0
• 9132fcb List known reporters
• See full diff in compare view

Updates telemetry_poller from 1.1.0 to 1.2.0

Changelog

Sourced from telemetry_poller's changelog.

1.2.0

Added

• Support persistent_term measurements.
• Require Erlang/OTP 24+.

Commits

• See full diff in compare view

Updates timex from 3.6.4 to 3.7.11

Changelog

Sourced from timex's changelog.

Change Log

All notable changes to this project will be documented in this file (at least to the extent possible, I am not infallible sadly). This project adheres to Semantic Versioning.

Unreleased

Added/Changed

• Changed Timex.Duration.Parse to be 2x faster
• Fixed compilation warning from gettext
• Added cycled option for Timex.between?/4 to support time-range checks that pass through midnight
• Add Croatian translation
• Changed charlists from the deprecated '' to ~c""
• Changed negative range to pass the step of default value for suppressing deprecation warnings

Fixed

• Updated Timex.now/1 typespec to remove the AmbiguousDateTime
• Corrected pluralization rules for bg/cs/he/id/ro/ru
• Fixed documentation formatting of Timex.TimezoneInfo.create/6
• Updated tzdata to fix issues with 2024b

---

3.7.8

Added/Changed

• Add Thai translations
• Add Estonian translation
• Added TimezoneInfo.format_offset/1

Fixed

• Fix incorrect Timex.weekday/2 typespecs
• Added timezone field to set_options type
• Corrected type definition for Types.week_of_month to include possiblity of 6th week (see #703)
• Added specs to parse function to account for AmbiguousDateTime return type

---

3.7.6

Changed

• The documentation on weekday formatting via %w and %u strftime directives and WDmon and WDsun default directives did not match, and worse, the behaviour had regressed as well and did not match the docs for either. The behaviour now matches between the two formatters, as does the documentation, and aligns with the C strftime specification (i.e. Monday is 1..7, Sunday is 0..6)

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.