build(deps): bump the mix-production-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the mix-production-dependencies group with 5 updates in the /src/flagd-ui directory:

Package	From	To
bandit	1.8.0	1.10.3
phoenix	1.8.3	1.8.4
phoenix_live_view	1.1.18	1.1.24
req	0.5.16	0.5.17
swoosh	1.19.9	1.22.0

Updates bandit from 1.8.0 to 1.10.3

Changelog

Sourced from bandit's changelog.

1.10.3 (22 Feb 2026)

Enhancements

• Support authority form requests for CONNECT requests (#571)
• Narrow acceptance of asterisk form requests to OPTIONS requests (#571)
• Detect client disconnect on timeout in ensure_completed (#566, thanks @​pepicrft!)
• Improve http2 sendfile streaming (#565, thanks @​elibosley!)

1.10.2 (22 Jan 2026)

Enhancements

• Distinguish client disconnects from genuine body read timeouts (#564, thanks @​pepicrft!)

1.10.1 (5 Jan 2026)

Changes

• Change default preference order for compression methods to be 'zstd (if present), gzip, deflate' (#562)

Fixes

• Allow :zstd_options key to be set in config (#558, thanks @​Fudoshiki!)
• Fix error where deflate responses weren't always completely sent (#559, thanks @​josevalim!)

1.10.0 (29 Dec 2025)

Enhancements

• Expose response_encodings to allow specifying an explicit preference order to compression encodings (#555)

1.9.0 (12 Dec 2025)

Enhancements

• Skip body draining when Connection: close is set (#546, thanks @​pepicrft!)
• Make deflate options for WebSockets configurable (#540, thanks @​proxima!)
• Mitigate HTTP/2 rapid reset attacks (#533, thanks @​NelsonVides!)
• Implement improved respect for SETTINGS_MAX_CONCURRENT_STREAMS (#524, thanks @​NelsonVides!)
• Support zstd HTTP compression (#514, thanks @​mattmatters!)

Commits

• e3fd682 Version bump to 1.10.3
• a330b13 Grant actions:write permission to lint job for PLT cache eviction
• 0aa42c2 Support authority form requests for CONNECT requests (#571)
• ac63021 fix: detect client disconnect on timeout in ensure_completed (#566)
• c746d8e Bump ex_doc from 0.40.0 to 0.40.1 (#569)
• 5640a10 Bump credo from 1.7.15 to 1.7.16 (#568)
• 78e5184 feat: http2 sendfile streaming (#565)
• 5af3c8f Version bump to 1.10.2
• 06c199d fix: distinguish client disconnects from genuine body read timeouts (#564)
• da97c51 Bump req from 0.5.16 to 0.5.17 (#563)
• Additional commits viewable in compare view

Updates phoenix from 1.8.3 to 1.8.4

Changelog

Sourced from phoenix's changelog.

1.8.4 (2026-2-23)

JavaScritp Client Bug Fixes

• Fix bug reconnecting connections when close was gracefully initiated by server
• Fix LongPoll transport name in sessionStorage and logs

Enhancements

• Adds guards support in assert_push, assert_broadcast, and assert_reply
• Enable purging in Phoenix code server for Elixir 1.20

Commits

• 5c0f19f Release 1.8.4
• 22ac56e Update assets
• 72192e3 Bump lodash from 4.17.21 to 4.17.23 (#6584)
• 92a79b0 Adds guards support in assert_push, assert_broadcast and assert_reply (#6595)
• ac12eec Fix concurrent socket teardown (#6602)
• 0f6a26f Update umbrella link
• 2dda4b0 Fix @​stream typo in usage-rules liveview streams example (#6601)
• 7c37fa7 Fix bad link (#6597)
• dadf946 followup for phoenixframework/phoenix#6563
• 666dcae Revert "autocomplete with email in email fields (#6502)" (#6574)
• Additional commits viewable in compare view

Updates phoenix_live_view from 1.1.18 to 1.1.24

Changelog

Sourced from phoenix_live_view's changelog.

v1.1.24 (2026-02-16)

Bug fixes

• Prevent map access on assigns (@foo.bar.baz) being expanded when used in root attributes causing an invalid warning

v1.1.23 (2026-02-12)

Enhancements

• If a macro is used in HEEx root attributes (<div {@root_attr} />), it is now expanded at compile time (#4145)

v1.1.22 (2026-01-28)

Bug fixes

• Fix live component container patch throwing a JavaScript error when container is locked (#4088)

v1.1.21 (2026-01-27)

Bug fixes

• Fix stream reset and deletes not working if stream is teleported using Phoenix.Component.portal/1 (#4121)

Enhancements

• Mark LiveView template code as generated to prevent warnings on Elixir 1.20
• Allow unused function warnings for function components to be emitted
• Add Phoenix.LiveView.TagEngine.compile/2 as an official entrypoint for compiling templates in favor of relying on the EEx.Engine behaviour

v1.1.20 (2026-01-14)

Bug fixes

• Fix redirect in handle_params for client-initiated patches causing a JS exception (#4094)
• Fix events initiated from elements teleported outside of a LiveComponent being sent to the LiveView instead of the LiveComponent (#4101)
• Ensure HooksOptions accepts non-default typed hooks (#4099)
• Prevent portal content from disappearing in rare cases (#4095)
• Fix <form> submission to a controller from inside a portal not working (#4107)
• Prevent JS crash when debouncing inputs attached to a form with the form="..." attribute (#4102)
• Fix UploadClient (from LiveViewTest) crashing when receiving a :socket_close message (#4079)
• Allow live_file_input to update attributes (#4078)
• Fix invalid HTML when setting LiveView :container option to :body (#3932)

v1.1.19 (2025-12-12)

Bug fixes

• Ensure stale token redirect uses the correct URL (#4068)
• Ignore events from elements that are not connected to the DOM (#4066)

... (truncated)

Commits

• 94da4e5 Release v1.1.24
• 2cf7835 backport a304c175dd662cd989baa15307134b00e2d5ac28
• 65b41b0 Release v1.1.23
• 25eadc5 backport #4145
• 49e5f94 Slightly reorganize LiveComponent docs
• 105db30 Update index.ts (#4136)
• b6ec0df Update ExDoc
• 748f193 Release v1.1.22
• dc2753a Update assets
• 2419627 fix patching locked livecomponent container (closes #4088) (#4134)
• Additional commits viewable in compare view

Updates req from 0.5.16 to 0.5.17

Changelog

Sourced from req's changelog.

v0.5.17 (2026-01-22)

• [retry]: Use default delay if retry-after is "negative"

  Previously, we were only handling "negative" retry-after in "http date" format and slept for zero seconds. We were crashing on retry-after with negative seconds.

  Now, we're using the default delay (1s, 2s, 4s, ...) in either format.

Commits

• dce1009 Release v0.5.17
• 2fbb092 retry: Use default delay if retry-after is "negative"
• 28cb697 Refactor http digest handling
• 4e251c2 Link to related package req_proxy (#524)
• 6153730 fix(proxy): schema -> scheme (#520)
• 3671064 Fix docs
• See full diff in compare view

Updates swoosh from 1.19.9 to 1.22.0

Release notes

Sourced from swoosh's releases.

v1.22.0 🚀

✨ Features

• Adapter/mailersend @​cpursley (#1104)

⛓️ Dependency

• Bump plug_cowboy from 2.7.5 to 2.8.0 @​dependabot (#1103)
• Bump ex_doc from 0.40.0 to 0.40.1 @​dependabot (#1102)
• Bump finch from 0.20.0 to 0.21.0 @​dependabot (#1101)
• Bump bandit from 1.10.1 to 1.10.2 @​dependabot (#1100)
• Bump ex_doc from 0.39.3 to 0.40.0 @​dependabot (#1098)
• Bump multipart from 0.5.0 to 0.6.0 @​dependabot (#1099)
• Bump multipart from 0.4.0 to 0.5.0 @​dependabot (#1097)

New Contributors

• @​cpursley made their first contribution in swoosh/swoosh#1104

Full Changelog: swoosh/swoosh@v1.21.0...v1.22.0

v1.21.0 🚀

• Bump Elixir requirement to 1.16, Erlang OTP to 26

Full Changelog: swoosh/swoosh@v1.20.1...v1.21.0

v1.20.1 🚀

🐛 Bug Fixes

• Fix Content-Transfer-Encoding for message/* attachments @​romsahel (#1096)

⛓️ Dependency

• Bump mail from 0.5.1 to 0.5.2 @​dependabot (#1093)
• Bump bandit from 1.10.0 to 1.10.1 @​dependabot (#1092)
• Bump req from 0.5.16 to 0.5.17 @​dependabot (#1091)
• Bump bandit from 1.9.0 to 1.10.0 @​dependabot (#1090)

New Contributors

• @​romsahel made their first contribution in swoosh/swoosh#1096

Full Changelog: swoosh/swoosh@v1.20.0...v1.20.1

v1.20.0 🚀

✨ Features

• feat: add a resend adapter @​ceolinrenato (#1089)

⛓️ Dependency

• Bump bandit from 1.8.0 to 1.9.0 @​dependabot (#1088)

... (truncated)

Changelog

Sourced from swoosh's changelog.

1.22.0

✨ Features

• Adapter/mailersend @​cpursley (#1104)

1.21.0

• Bump Elixir requirement to 1.16, Erlang OTP to 26

1.20.1

🐛 Bug Fixes

• Fix Content-Transfer-Encoding for message/* attachments @​romsahel (#1096)

1.20.0

✨ Features

• feat: add a resend adapter @​ceolinrenato (#1089)
  • differences from community library :resend can be found in this comment

Commits

• 1a41c89 v1.22.0
• f96fcaa feat: consistent mailersend return type and remove unnecessary auth headers
• 98d8546 feat: add mailersend deliver_many
• 842e1e0 feat: add mailersend adapter
• e3433ab Bump plug_cowboy from 2.7.5 to 2.8.0 (#1103)
• dd81c92 Bump ex_doc from 0.40.0 to 0.40.1 (#1102)
• 7b2a34e Bump finch from 0.20.0 to 0.21.0 (#1101)
• f056683 Bump bandit from 1.10.1 to 1.10.2 (#1100)
• 16bb82c Bump ex_doc from 0.39.3 to 0.40.0 (#1098)
• e233c1e Bump multipart from 0.5.0 to 0.6.0 (#1099)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions