build(deps): bump the mix-production-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the mix-production-dependencies group with 5 updates in the /src/flagd-ui directory:

Package	From	To
bandit	1.8.0	1.10.1
phoenix	1.8.1	1.8.3
phoenix_live_view	1.1.18	1.1.19
req	0.5.16	0.5.17
swoosh	1.19.8	1.20.0

Updates bandit from 1.8.0 to 1.10.1

Changelog

Sourced from bandit's changelog.

1.10.1 (5 Jan 2026)

Changes

• Change default preference order for compression methods to be 'zstd (if present), gzip, deflate' (#562)

Fixes

• Allow :zstd_options key to be set in config (#558, thanks @​Fudoshiki!)
• Fix error where deflate responses weren't always completely sent (#559, thanks @​josevalim!)

1.10.0 (29 Dec 2025)

Enhancements

• Expose response_encodings to allow specifying an explicit preference order to compression encodings (#555)

1.9.0 (12 Dec 2025)

Enhancements

• Skip body draining when Connection: close is set (#546, thanks @​pepicrft!)
• Make deflate options for WebSockets configurable (#540, thanks @​proxima!)
• Mitigate HTTP/2 rapid reset attacks (#533, thanks @​NelsonVides!)
• Implement improved respect for SETTINGS_MAX_CONCURRENT_STREAMS (#524, thanks @​NelsonVides!)
• Support zstd HTTP compression (#514, thanks @​mattmatters!)

Commits

• cd2b7c5 Version bump to 1.10.1
• bdb424b Demote deflate, promote zstd in compression choices (#562)
• 0f51165 Ensure data is fully deflated on compression (#559)
• 0088145 Remove unused requires (#561)
• 798f0be Optimize iodata emptiness checks (#560)
• 49aac49 Add missing :zstd_options key (#558)
• c26756c Bump credo from 1.7.14 to 1.7.15 (#556)
• deb098d Version bump to 1.10.0
• c72c3b6 Add response_encodings option to http_options (#555)
• 26d741f Bump ex_doc from 0.39.2 to 0.39.3 (#553)
• Additional commits viewable in compare view

Updates phoenix from 1.8.1 to 1.8.3

Changelog

Sourced from phoenix's changelog.

1.8.3 (2025-12-8)

Enhancements

• Add top-level phoenix config: sort_verified_routes_query_params to enable sorting query params in verified routes during tests

Bug fixes

• Fix endpoint port config in an umbrella application. (#6549)
• Drop incoming channel messages with stale join refs

1.8.2 (2025-11-26)

Bug fixes

• [phoenix.js] fix issue where LongPoll can cause "unmatched topic" errors (observed on iOS only) (#6538)
• [phx.gen.live] fix tests when schema and table names are equal (#6477)
• [Verified Routes] do not add path prefixes for static routes
• [Phoenix.Endpoint] fix LongPoll being active by default since 1.8.0 (#6487)

Enhancements

• [phoenix.js] socket now stops reconnection attempts while the page is hidden (#6534)
• [phx.new] (re-)add <.input field={@form[:foo]} type="hidden" /> support in core components
• [phx.new] set force_ssl in prod.exs by default (#6435)
• [phx.new] change --docker base image to debian trixie (#6521)
• [Phoenix.Socket.assign/2] allow passing a function as second argument assign(socket, fn _existing_assigns -> %{this_gets: "merged"} end) (#6530)
• [Phoenix.Controller.assign/2] allow passing a function as second argument (#6542)
• [Phoenix.Controller.assign/2] support keyword lists and maps as second argument similar to LiveView (#6513)
• [Presence] support custom dispatcher for presence_diff broadcast (#6500)
• [AGENTS.md] add short test guidelines to usage rules

Commits

• 07fc5ac Release 1.8.3
• c73bbfc Drop incoming messages with stale join refs
• f16aa8f Remove Ecto.Multi usage in data modelling guides (#6529)
• 8b80f26 Add documentation to exclude paths (#6556)
• 6f6a7d4 Fix missing closing bold tag in html.md (#6546)
• 9c3e921 Fix endpoint port config in an umbrella application. (#6549)
• fe915d3 Fix URL pointing to Phoenix.Component (#6554)
• f2a6f31 sort query params in verified routes during tests (#6536)
• 593d499 Bump actions/checkout from 5.0.0 to 6.0.0 (#6551)
• 18863d7 Bump the minor-and-patch group with 5 updates (#6552)
• Additional commits viewable in compare view

Updates phoenix_live_view from 1.1.18 to 1.1.19

Changelog

Sourced from phoenix_live_view's changelog.

v1.1.19 (2025-12-12)

Bug fixes

• Ensure stale token redirect uses the correct URL (#4068)
• Ignore events from elements that are not connected to the DOM (#4066)
• Skip phx-click-away if clicked element is hidden (#4070)

Enhancements

• Allow disabling symlink warning for colocated js (#4057)

Commits

• d37acf1 release v1.1.19
• f8922e3 Update assets
• 85d74d8 Skip phx-click-away if clicked target is hidden (#4077)
• 29c2af8 ignore events for elements that are not connected (#4074)
• b9307d2 use main view for stale redirect (#4069)
• b3a145e Raise if JS.dispatch detail is not a map (#4062)
• 5bf52e6 Add phx-no-format and phx-no-curly-interpolation to cheatsheet (#4065)
• 7ab8e7d allow disabling symlink warning for colocated js (#4057)
• a8541d7 format for 1.19
• See full diff in compare view

Updates req from 0.5.16 to 0.5.17

Changelog

Sourced from req's changelog.

CHANGELOG

HEAD

• [retry]: Use default delay if retry-after is "negative"

  Previously, we were only handling "negative" retry-after in "http date" format and slept for zero seconds. We were crashing on retry-after with negative seconds.

  Now, we're using the default delay (1s, 2s, 4s, ...) in either format.

Commits

• dce1009 Release v0.5.17
• 2fbb092 retry: Use default delay if retry-after is "negative"
• 28cb697 Refactor http digest handling
• 4e251c2 Link to related package req_proxy (#524)
• 6153730 fix(proxy): schema -> scheme (#520)
• 3671064 Fix docs
• See full diff in compare view

Updates swoosh from 1.19.8 to 1.20.0

Release notes

Sourced from swoosh's releases.

v1.20.0 🚀

✨ Features

• feat: add a resend adapter @​ceolinrenato (#1089)

⛓️ Dependency

• Bump bandit from 1.8.0 to 1.9.0 @​dependabot (#1088)
• Bump ex_doc from 0.39.2 to 0.39.3 @​dependabot (#1087)
• Bump ex_aws from 2.6.0 to 2.6.1 @​dependabot (#1086)

New Contributors

• @​ceolinrenato made their first contribution in swoosh/swoosh#1089

Full Changelog: swoosh/swoosh@v1.19.9...v1.20.0

v1.19.9 🚀

✨ Features

• add support for additional_headers provider option in Scaleway @​jaimeiniesta (#1077)
• Support specifying ip_pool_name data for Sendgrid #1081 @​lardcanoe (#1082)

📝 Documentation

• Add Resend adapter to README @​jtormey (#1080)

⛓️ Dependency

• Bump plug from 1.18.1 to 1.19.1 @​dependabot (#1085)
• Bump mua from 0.2.5 to 0.2.6 @​dependabot (#1084)
• Bump ex_doc from 0.39.1 to 0.39.2 @​dependabot (#1083)
• Bump req from 0.5.15 to 0.5.16 @​dependabot (#1078)
• Bump plug_cowboy from 2.7.4 to 2.7.5 @​dependabot (#1079)
• Bump ex_doc from 0.38.4 to 0.39.1 @​dependabot (#1075)
• Bump tailwind from 0.4.0 to 0.4.1 @​dependabot (#1074)
• Bump cowboy from 2.14.1 to 2.14.2 @​dependabot (#1073)
• Bump ex_aws from 2.5.11 to 2.6.0 @​dependabot (#1072)
• Bump cowboy from 2.14.0 to 2.14.1 @​dependabot (#1071)

New Contributors

• @​jtormey made their first contribution in swoosh/swoosh#1080
• @​lardcanoe made their first contribution in swoosh/swoosh#1082
• @​jaimeiniesta made their first contribution in swoosh/swoosh#1077

Full Changelog: swoosh/swoosh@v1.19.8...v1.19.9

Changelog

Sourced from swoosh's changelog.

1.20.0

✨ Features

• feat: add a resend adapter @​ceolinrenato (#1089)
  • differences from community library :resend can be found in this comment

1.19.9

✨ Features

• add support for additional_headers provider option in Scaleway @​jaimeiniesta (#1077)
• Support specifying ip_pool_name data for Sendgrid #1081 @​lardcanoe (#1082)

📝 Documentation

• Add Resend adapter to README @​jtormey (#1080)

Commits

• aacdcec v1.20.0
• b2c119a feat: add a resend adapter (#1089)
• 0e04a97 Bump bandit from 1.8.0 to 1.9.0 (#1088)
• ad634f2 Bump ex_doc from 0.39.2 to 0.39.3 (#1087)
• 3d1e5ea Bump ex_aws from 2.6.0 to 2.6.1 (#1086)
• 1f41d74 v1.19.9
• 8a2c5fc add support for additional_headers in Scaleway (#1077)
• ef04b56 Bump plug from 1.18.1 to 1.19.1 (#1085)
• 8972fd5 Bump mua from 0.2.5 to 0.2.6 (#1084)
• 15e3015 Bump ex_doc from 0.39.1 to 0.39.2 (#1083)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions