Bump the production-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the production-dependencies group with 10 updates in the / directory:

Package	From	To
absinthe	1.7.9	1.9.0
ecto_sql	3.12.1	3.13.2
gettext	0.26.2	1.0.2
phoenix	1.7.21	1.8.2
phoenix_ecto	4.6.4	4.7.0
phoenix_live_view	1.0.17	1.1.18
swoosh	1.19.1	1.19.8
tailwind	0.2.4	0.4.1
telemetry_poller	1.2.0	1.3.0
thousand_island	1.3.14	1.4.2

Updates absinthe from 1.7.9 to 1.9.0

Release notes

Sourced from absinthe's releases.

v1.9.0

1.9.0 (2025-11-21)

Features

• add GQL sigil to format and lint static GraphQL docs (#1391) (3aef283)

v1.8.0

1.8.0 (2025-11-05)

Features

• spec: Add support for @oneOf directive (#1386) (01e8e4b)

Bug Fixes

• typespec: Absinthe.Phase.Subscription.SubscribeSelf.run/2 (#1384) (4230cc4)

v1.7.11

1.7.11 (2025-10-29)

Bug Fixes

• SDL rendering for directives with input objects (#1375) (02b955c)

v1.7.10

What's Changed

• Bug Fix: Set include_deprecated default value to true for backwards compatibility
• Bug Fix: Rename to TokenLimitEnforcementTest to fix warning
• Bug Fix: Replace regex with pattern as string to support OTP 28
• Bug Fix: Use Code.ensure_compiled! at compile time

Full Changelog: absinthe-graphql/absinthe@v1.7.9...v1.7.10

Changelog

Sourced from absinthe's changelog.

1.9.0 (2025-11-21)

Features

• add GQL sigil to format and lint static GraphQL docs (#1391) (3aef283)

1.8.0 (2025-11-05)

Features

• spec: Add support for [@one](https://github.com/one)Of directive (#1386) (01e8e4b)

Bug Fixes

• typespec: Absinthe.Phase.Subscription.SubscribeSelf.run/2 (#1384) (4230cc4)

1.7.11 (2025-10-29)

Bug Fixes

• SDL rendering for directives with input objects (#1375) (02b955c)

v1.7.10

• Bug Fix: Set include_deprecated default value to true for backwards compatibility
• Bug Fix: Rename to TokenLimitEnforcementTest to fix warning
• Bug Fix: Replace regex with pattern as string to support OTP 28
• Bug Fix: Use Code.ensure_compiled! at compile time

Commits

• b7b25b1 chore(main): release 1.9.0 (#1392)
• 3aef283 feat: add GQL sigil to format and lint static GraphQL docs (#1391)
• 66cec34 chore(ci): rename release workflow and specify otp-version
• 9be72b9 chore(ci): rename and update release workflow
• c3713bf chore(ci): fix release workflow (#1389)
• 1d47437 chore(main): release 1.8.0 (#1388)
• 2918a0b Fix error return when the value is a struct (#1381)
• 01e8e4b feat(spec): Add support for @oneOf directive (#1386)
• 4230cc4 fix(typespec): Absinthe.Phase.Subscription.SubscribeSelf.run/2 (#1384)
• 66e552b chore(ci): Fix release workflow to use proper action (#1387)
• Additional commits viewable in compare view

Updates ecto_sql from 3.12.1 to 3.13.2

Changelog

Sourced from ecto_sql's changelog.

v3.13.2 (2025-06-24)

Enhancements

• [sandbox] Allow passing through opts in Ecto.Adapters.SQL.Sandbox.allow/4 calls
• [sql] Add support for ON DELETE SET DEFAULT

Bug fixes

• [postgres] Fix nested array generated time columns

v3.13.1 (2025-06-20)

Bug fixes

• [postgres] Fix nested array generated columns

v3.13.0 (2025-06-18)

Enhancements

• [Ecto.Migration] Add support for index directions
• [sql] Support :log_stacktrace_mfa for filtering or modifying stacktrace-derived info in query logs
• [mysql] Support arrays using JSON for MariaDB
• [mysql] Allow to specify :prepare per operation
• [postgres] Add support for collations in Postgres
• [postgres] Allow source fields in json_extract_path

Commits

• cf5080c Release v3.13.2
• b876381 Refactor generated handling in column_type
• 62603f8 Fix generated nested time array (#680)
• 701c99e Add support for ON DELETE SET DEFAULT (#677)
• 7959022 Allow passing through opts in Ecto.Adapters.SQL.Sandbox.allow/4 calls (#678)
• 22c7112 Release v3.13.1
• 35e2798 Fix nested array generated columns (#676)
• 955f0fb Release v3.13.0
• aa9a329 Remove unused argument from private helper (#672)
• 3084d71 Better docs for Repos that use Ecto.Adapters.SQL.Adapter (#671)
• Additional commits viewable in compare view

Updates gettext from 0.26.2 to 1.0.2

Changelog

Sourced from gettext's changelog.

v1.0.2

• Only skip manifest removal on Elixir v1.19.3+

v1.0.1 (retired)

• Remove unnecessary cleaning of Elixir manifests

v1.0.0

This is the first 1.0 release of Gettext, a silly 10 years (and 6 months) after we started working on it. There are very few changes from the latest 0.26 release, and none of them are breaking.

Here are the new goodies:

• Add support for concatenating sigils if all parts are known at compile time (such as "Hello " <> ~s(world)).
• Significantly increase the timeout for mix gettext.extract to two minutes.
• Add Gettext.put_locale!/2.

Happy 10+ years of Elixir translations everyone! 🎉

Previous versions

See the CHANGELOG for versions before v1.0.

Commits

• e3180f1 Release v1.0.2
• ec2f9c1 Erase manifest unless on upcoming Elixir (#425)
• 4960e49 Revert "Removed unnecessary cleaning of Elixir manifests (#423)"
• 8844a32 Trim CHANGELOG
• 7fe2dc7 Release v1.0.1
• 30bf87d Removed unnecessary cleaning of Elixir manifests (#423)
• d33d745 Bump actions/checkout from 4.2.2 to 5.0.0 (#422)
• 7443953 Use ubuntu-latest in the publish-to-hex.yml workflow
• d1a8c86 Release v1.0.0
• e1df334 Update Elixir/Erlang versions in CI
• Additional commits viewable in compare view

Updates phoenix from 1.7.21 to 1.8.2

Changelog

Sourced from phoenix's changelog.

1.8.2 (2025-11-26)

Bug fixes

• [phoenix.js] fix issue where LongPoll can cause "unmatched topic" errors (observed on iOS only) (#6538)
• [phx.gen.live] fix tests when schema and table names are equal (#6477)
• [Verified Routes] do not add path prefixes for static routes
• [Phoenix.Endpoint] fix LongPoll being active by default since 1.8.0 (#6487)

Enhancements

• [phoenix.js] socket now stops reconnection attempts while the page is hidden (#6534)
• [phx.new] (re-)add <.input field={@form[:foo]} type="hidden" /> support in core components
• [phx.new] set force_ssl in prod.exs by default (#6435)
• [phx.new] change --docker base image to debian trixie (#6521)
• [Phoenix.Socket.assign/2] allow passing a function as second argument assign(socket, fn _existing_assigns -> %{this_gets: "merged"} end) (#6530)
• [Phoenix.Controller.assign/2] allow passing a function as second argument (#6542)
• [Phoenix.Controller.assign/2] support keyword lists and maps as second argument similar to LiveView (#6513)
• [Presence] support custom dispatcher for presence_diff broadcast (#6500)
• [AGENTS.md] add short test guidelines to usage rules

1.8.1 (2025-08-28)

Bug fixes

• [phx.new] Fix AGENTS.md failing to include CSS and JavaScript sections

1.8.0 (2025-08-05)

Bug fixes

• [phx.new] Don't include node_modules override in generated tsconfig.json

Enhancements

• [phx.gen.live|html|json] - Make context argument optional. Defaults to the plural name.
• [phx.new] Add mix precommit alias
• [phx.new] Add AGENTS.md generation compatible with usage_rules
• [phx.new] Add usage_rules folder to installer, allowing to sync generic Phoenix rules into new projects
• [phx.new] Use LiveView 1.1 release in generated code
• [phx.new] Ensure theme selector and flash closing works without LiveView

1.8.0-rc.4 (2025-07-14)

Bug Fixes

• Fix phx.gen.presence PubSub server name for umbrella apps
• Fix phx.gen.live subscribing to pubsub in disconnected mounts

Enhancements

• [phx.new] Initialize initial git repo when git is installed
• [phx.new] Opt-in to HEEx :debug_tags_location in development
• [phx.gen.live|html|json|context] Make context name optional and inflect based on schema when missing
• [phx.gen.*] Use new Ecto 3.13 Repo.transact/2 in generators
• [phx.gen.auth] Warn when using phx.gen.auth without esbuild as features assume phoenix_html.js in bundle
• Add security.md guide for security best practices

... (truncated)

Commits

• f068728 Release 1.8.2
• bd3cf83 Add test guidelines
• 93e5c69 Fix file path in controllers documentation (#6544)
• 3755ea5 Use E modifier in config regexes on Elixir 1.19.3+ (#6543)
• ae9c9d1 update changelog
• 8d3f405 followup for #6530 (#6542)
• e911f50 Bump js-yaml from 3.14.1 to 3.14.2 (#6541)
• dca7563 prepare 1.8.2
• dab9f79 Update assets
• 2575a6b Stop reconnecting when page is hidden (#6534)
• Additional commits viewable in compare view

Updates phoenix_ecto from 4.6.4 to 4.7.0

Changelog

Sourced from phoenix_ecto's changelog.

v4.7.0

• Bug fixes
  • Disable migration lock when checking for pending migrations to avoid slow downs

v4.6.6

• Bug fixes
  • Keep backwards compatibility on sandbox API

v4.6.5

• Bug fixes
  • Unallow existing allowances when attempting to allow a Plug to access a connection

Commits

• See full diff in compare view

Updates phoenix_live_view from 1.0.17 to 1.1.18

Changelog

Sourced from phoenix_live_view's changelog.

v1.1.18 (2025-11-25)

Bug fixes

• Fix boolean attributes not being properly ignored when using JS.ignore_attributes (#4049)

Enhancements

• [Phoenix.Component.assign/2] allow passing a function as second argument assign(socket, fn _existing_assigns -> %{this_gets: "merged"} end) (#4051)
• Annotate phx-drop-target elements with the phx-drop-target-active class when items are being dropped (#4012)
• Add onDocumentPatch dom callback and allow specifying the event dispatch phase (#4043) This allows users to use view transitions, see the linked gist in the PR.
• Warn in createHook if passed element has no ID (#4010)
• Allow Phoenix.Component.portal/1 to be nested (#4048)
• Add phx-viewport-overrun-target to make infinitely scrolled tables easier to implement (#4053) (Example)
• Allow to disable the symlink warning for colocated js (#4057)

v1.1.17 (2025-11-04)

Bug fixes

• noop in empty live reloader config

v1.1.16 (2025-10-22)

Bug fixes

• Fix phx-disable-with restoring whitespace improperly (regression in 1.1.15)

v1.1.15 (2025-10-21)

Bug fixes

• Fix form recovery not sending elements with form="..." attribute when using Firefox (#4021)
• Fix keyed comprehension merging in LiveComponents (#4027)
• Use textContent instead of innerText when restoring phx-disable-with text to avoid issues with CSS transforms (#4015)

Enhancements

• Allow attaching handle_async hooks on LiveComponents (#4018)

v1.1.14 (2025-10-07)

Bug fixes

• Fix form recovery not working when form is teleported (#4009)
• Fix handle_event hook not being able to return {:halt, reply, socket} in LiveComponents (#4006)
• Only set title to default when it is set to empty by the main view, not by nested or sticky views (#4003)

Enhancements

... (truncated)

Commits

• f821d9c release v1.1.18
• 3616e96 Update assets
• f8f1cbb prepare 1.1.18
• 6b5abeb infinite scroll: add phx-viewport-overrun-target (#4053)
• 2d5a09f recursively teleport elements (#4059)
• 01adc34 warn if createHook el has no id (#4056)
• 55ca559 Add onDocumentPatch callback and allow specifying event dispatch phase (#4043)
• ea1a439 Allow Styling Phoenix Uploads On Drag And Drop (#4012)
• 63188fb Fix ignored boolean attributes getting set by the server (#4050)
• 522e11b Accept function in Phoenix.Component.assign/2 (#4051)
• Additional commits viewable in compare view

Updates postgrex from 0.20.0 to 0.21.1

Changelog

Sourced from postgrex's changelog.

v0.21.1 (2025-08-03)

• Bug fixes
  • Fix ssl: true with missing ssl_opts handling

v0.21.0 (2025-07-31)

This release requires Erlang/OTP 25+

• Enhancements

  • Add query timeout option on ReplicationConnection

• Bug fixes

  • PGHOST option does not override explicitly given endpoint configuration
  • Add ltxtquery support

Commits

• b419aff Release v0.21.1
• 567ea8a Fix ssl: true with missing ssl_opts handling (#749)
• 0eb228f Release v0.21.0
• 2660c6b List options given when setopts fail
• d990017 Add query timeout option on ReplicationConnection (#748)
• 412b555 Prioritize explicit endpoint options over PGHOST-derived defaults (#742)
• 257daa7 Require Erlang/OTP 25 for cacerts (#741)
• 14a8a58 Update CI (#740)
• 3bb2ee2 Add example with ANY() (#736)
• f7f9a4e Add ltxtquery support (#735)
• Additional commits viewable in compare view

Updates swoosh from 1.19.1 to 1.19.8

Release notes

Sourced from swoosh's releases.

v1.19.8 🚀

✨ Features

• Encode international domain names (IDNA) @​jiegillet (#1070)

Full Changelog: swoosh/swoosh@v1.19.7...v1.19.8

v1.19.7 🚀

🐛 Bug Fixes

• Fix special "TEMPLATE" from option in CustomerIO adapter @​maltoe (#1069)

New Contributors

• @​maltoe made their first contribution in swoosh/swoosh#1069

Full Changelog: swoosh/swoosh@v1.19.6...v1.19.7

v1.19.6 🚀

✨ Features

• Add Lettermint adapter. @​olivermt (#1064)

⛓️ Dependency

• Bump cowboy from 2.13.0 to 2.14.0 @​dependabot (#1067)
• Bump ex_doc from 0.38.3 to 0.38.4 @​dependabot (#1065)
• Bump tailwind from 0.3.1 to 0.4.0 @​dependabot (#1066)
• Bump mua from 0.2.4 to 0.2.5 @​dependabot (#1063)
• Bump bandit from 1.7.0 to 1.8.0 @​dependabot (#1062)
• Bump ex_doc from 0.38.2 to 0.38.3 @​dependabot (#1061)
• Bump ex_aws from 2.5.10 to 2.5.11 @​dependabot (#1060)

Full Changelog: swoosh/swoosh@v1.19.5...v1.19.6

v1.19.5 🚀

🐛 Bug Fixes

• Support rendering TEMPLATE in the mailbox @​axelson (#1059)

Full Changelog: swoosh/swoosh@v1.19.4...v1.19.5

v1.19.4 🚀

✨ Features

• Allow Customer.io to use TEMPLATE for from @​axelson (#1058)

⛓️ Dependency

• Bump hackney from 1.24.1 to 1.25.0 @​dependabot (#1057)
• Bump req from 0.5.14 to 0.5.15 @​dependabot (#1056)

... (truncated)

Changelog

Sourced from swoosh's changelog.

1.19.8

✨ Features

• Encode international domain names (IDNA) @​jiegillet (#1070)

1.19.7

🐛 Bug Fixes

• Fix special "TEMPLATE" from option in CustomerIO adapter @​maltoe (#1069)

1.19.6

✨ Features

• Add Lettermint adapter @​olivermt (#1064)

1.19.5

🐛 Bug Fixes

• Support rendering "TEMPLATE" in the mailbox @​axelson (#1059)

1.19.4

✨ Features

• Allow Customer.io to use "TEMPLATE" for from @​axelson (#1058)

1.19.3

✨ Features

• Add deliver_many support to Brevo adapter @​linusdm (#1049)

1.19.2

✨ Features

• Escape quotes and backslashes in address names @​jiegillet (#1047)
• Add Accept header to all requests made by Sendgrid adapter @​sergey-elkin (#1046)
• Remove svg fill for dark mode @​cmnstmntmn (#1044)

🧰 Maintenance

• Fix unused variable warnings in CI - Gmail Test @​DuldR (#1045)

Commits

• 30febae v1.19.8
• 108a5fa Encode international domain names (IDNA) (#1070)
• d562b96 v1.19.7
• a563e7b Fix special "TEMPLATE" from option in CustomerIO adapter (#1069)
• 65b40fb v1.19.6
• 80b67fa Bump cowboy from 2.13.0 to 2.14.0 (#1067)
• 6ccd9fa Bump ex_doc from 0.38.3 to 0.38.4 (#1065)
• 23e6196 Bump tailwind from 0.3.1 to 0.4.0 (#1066)
• 60d0a08 Add Lettermint adapter. (#1064)
• b3748bc Bump mua from 0.2.4 to 0.2.5 (#1063)
• Additional commits viewable in compare view

Updates tailwind from 0.2.4 to 0.4.1

Changelog

Sourced from tailwind's changelog.

v0.4.1 (2025-10-17)

• Ignore ANSI escape codes when checking version

v0.4.0 (2025-09-10)

• No longer copy assets in mix tailwind.install
• Discard empty proxy env vars
• Ensure watcher picks up rule changes on Windows

v0.3.1 (2025-02-28)

• Support correct target for Linux MUSL with Tailwind v3.

v0.3.0 (2025-02-26)

• Support Tailwind v4+. This release assumes Tailwind v4 for new projects.

Note: v0.3.0 dropped target code for handling Linux MUSL with Tailwind v3. Use v0.3.1+ instead.

Commits

• ad3e403 Release v0.4.1
• f3bfbcf Ensure executable output without ANSI escape codes in bin_version/0 (#135)
• e8e2891 Release v0.4.0
• d09a32b Add comments
• 3e49513 Normalize windows driver
• 5f8a6b9 Update versions
• e988790 Sanitize empty strings when getting Proxy Environment variables (#92)
• 2bf28d7 Revert config
• 327cef3 Remove outdated docs, closes #102
• 21c4b76 Fix path in message, closes #126
• Additional commits viewable in compare view

Updates telemetry_poller from 1.2.0 to 1.3.0

Changelog

Sourced from telemetry_poller's changelog.

1.3.0

Added

• Add atom_limit, process_limit, and port_limit measurements to the [vm, system_counts] event. (#79)

Commits

• 6d5c98f Release v1.3.0
• 411675d Add vm.system_counts measurements with atom, port, process limits (#79)
• fefb3e9 Fix incorrect GitHub CI badge URL (#78)
• f5a3a38 Mention persistent_term in the README (#77)
• 8e8148f Fix docs
• See full diff in compare view

Updates thousand_island from 1.3.14 to 1.4.2

Changelog

Sourced from thousand_island's changelog.

1.4.2 (19 Oct 2025)

Changes

• Resolve compiler warnings in Elixir 1.19 (#171, thanks @​psantos10!)

1.4.1 (4 Sept 2025)

Enhancements

• Improve performance of SSL sendfile function on larger files (#176, thanks @​NelsonVides!)

1.4.0 (22 Aug 2025)

Enhancements

• Add num_listen_sockets parameter to allow for improved performance on specific systems (#174, thanks @​NelsonVides!)

Commits

• 0400e55 Version bump to 1.4.2
• e5f94f1 Remove deprecation warnings on latest Elixir (#171)
• 63768f2 Bump ex_doc from 0.38.3 to 0.38.4 (#179)
• 29ccb4f Version bump to 1.4.1
• d50634a Chunk ssl sendfile (#176)
• 1590f71 Fix doc typo (#178)
• 4c9b274 Version bump to 1.4.0
• 8ca750d Implement multiple listener sockets (reuseport support) (#174)
• 77bdc8a Bump ex_doc from 0.38.2 to 0.38.3 (#175)
• 5e7c6b5 Bump dialyxir from 1.4.5 to 1.4.6 (#173)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.