Bump the production-dependencies group with 6 updates

[dependabot]

Bumps the production-dependencies group with 6 updates:

Package	From	To
bandit	1.6.11	1.7.0
esbuild	0.9.0	0.10.0
heroicons	v2.1.3	v2.2.0
phoenix_ecto	4.6.3	4.6.4
phoenix_live_view	1.0.10	1.0.14
swoosh	1.19.0	1.19.1

Updates bandit from 1.6.11 to 1.7.0

Changelog

Sourced from bandit's changelog.

1.7.0 (29 May 2025)

Enhancements

• Add support for new get_sock_data/1 and get_ssl_data/1 callbacks from Plug 1.18 (#497)
• Honour server-sent Connection: close headers (#495, thanks @​ruslandoga!)

Fixes

• Don't overwrite non-default HTTP/2 settings when receiving HTTP/2 settings (#494, thanks @​ns-blee!)
• Fix handling of early-connection error handling in HTTP/2 (#486)

Commits

• 7e8609a Version bump to 1.7.0
• 8444026 Automate the publishing of hex packages
• a6aca4e Add support for Plug.Conn.Adapter.sock_data and `Plug.Conn.Adapter.ssl_data...
• 7fcb133 Bump thousand_island from 1.3.13 to 1.3.14 (#498)
• 2af82bd Streamline keepalive logic, respect server-sent connection: close headers (#495)
• 0ac9859 Merge received HTTP/2 settings with existing ones (#494)
• 5092d59 Bump ex_doc from 0.37.3 to 0.38.1 (#491)
• 1810aa9 Bump thousand_island from 1.3.12 to 1.3.13 (#488)
• 43bf872 Bump credo from 1.7.11 to 1.7.12 (#487)
• b31059d Look up connection in a safe manner
• Additional commits viewable in compare view

Updates esbuild from 0.9.0 to 0.10.0

Changelog

Sourced from esbuild's changelog.

v0.10.0 (2025-05-27)

• Automatically join environment variables specified as lists using the correct PATH separator. For example:

  config :esbuild,
    my_profile: [
      ...
      env: %{
        "NODE_PATH" => [Path.expand("../deps", __DIR__), Mix.Project.build_path()]
      }
    ]

Commits

• 86f4304 release v0.10.0
• c891ea2 Merge pull request #78 from phoenixframework/sd-path-sep
• 6f8b4df join all lists
• e818a27 update CI
• 809c25f support passing NODE_PATH as list
• See full diff in compare view

Updates heroicons from v2.1.3 to v2.2.0

Release notes

Sourced from heroicons's releases.

v2.2.0

Added

• Add React 19 support (#1247)

Fixed

• Removed unnecessary clipping path from solid/arrow-left-circle (#1211)

v2.1.5

Added

• Add new icons (arrow-turn-*, bold, calendar-date-range, divide, document-currency-*, equals, h1, h2, h3, italic, link-slash, numbered-list, percent-badge, slash, strikethrough, underline)

v2.1.4

Fixed

• Improve tree-shakability of React package (#1192)

Changelog

Sourced from heroicons's changelog.

[2.2.0] - 2024-11-18

Added

• Add React 19 support (#1247)

Fixed

• Removed unnecessary clipping path from solid/arrow-left-circle (#1211)

[2.1.5] - 2024-07-10

Added

• Add new icons (arrow-turn-*, bold, calendar-date-range, divide, document-currency-*, equals, h1, h2, h3, italic, link-slash, numbered-list, percent-badge, slash, strikethrough, underline)

[2.1.4] - 2024-06-17

Fixed

• Improve tree-shakability of React package (#1192)

Commits

• 0435d4c 2.2.0
• f327cbe Add React 19 support (#1247)
• 56c073c Update changelog
• 64e2368 Remove clip-path from 20/arrow-left-circle (#1211)
• ad0ad1f 2.1.5
• 58d511e Add new icons (#1204)
• c1b192b 2.1.4
• e2e487f Make sure calls to forwardRef are marked as pure (#1192)
• cafc7d6 use size-* instead of w-* h-* (#1182)
• 9a17872 Update README.md (#1167)
• See full diff in compare view

Updates phoenix_ecto from 4.6.3 to 4.6.4

Changelog

Sourced from phoenix_ecto's changelog.

v4.6.4

• Enhancements
  • Wrap raised Ecto exceptions so context is not lost
  • Do not override changeset actions

Commits

• See full diff in compare view

Updates phoenix_live_view from 1.0.10 to 1.0.14

Changelog

Sourced from phoenix_live_view's changelog.

1.0.14 (2025-05-30)

Bug fixes

• Ensure _unused parameters are sent correctly during form recovery (#3809)
• Fix form recovery failing and blocking updates when a form does not have any inputs (#3818)

1.0.13 (2025-05-28)

Bug fixes

• Ensure submitter value is sent when submitting a form with phx-trigger-action (#3815)

1.0.12 (2025-05-20)

Enhancements

• Allow Phoenix 1.8 rc.

Bug fixes

• Ensure event listeners for refs are properly cleaned up (#3887)

1.0.11 (2025-05-05)

Enhancements

• Allow focusing non interactive elements with tabindex="0" using JS commands (#3617)

Commits

• 34e0634 release v1.0.14
• cb37eb1 Update assets
• 9c8be3e backport #3821
• 8d41712 backport #3816
• 1c4cec5 release v1.0.13
• 11c9990 Update form-bindings.md to add a note about known limitations of phx-disable-...
• 8bca186 Add section for preventing form submission in the form bindings guide (#3798)
• f29bbc5 Improve doc links betweens async result/1 and assign_async/4 (#3803)
• 1ab79c9 fix live_reload_test on OTP 28
• a819547 Update assets
• Additional commits viewable in compare view

Updates swoosh from 1.19.0 to 1.19.1

Release notes

Sourced from swoosh's releases.

v1.19.1 🚀

🐛 Bug Fixes

• Regenerate styles, fix swoosh/swoosh#1030

⛓️ Dependency

• Bump mime from 2.0.6 to 2.0.7 @​dependabot (#1038)
• Bump ex_doc from 0.38.0 to 0.38.1 @​dependabot (#1037)
• Bump ex_doc from 0.37.3 to 0.38.0 @​dependabot (#1036)

Full Changelog: swoosh/swoosh@v1.19.0...v1.19.1

Changelog

Sourced from swoosh's changelog.

1.19.1

🐛 Bug Fixes

• Regenerate styles, fix #1030

Commits

• 6adb136 v1.19.1
• 690dec7 bump styles
• 22620c5 Bump mime from 2.0.6 to 2.0.7 (#1038)
• 855dea1 Bump ex_doc from 0.38.0 to 0.38.1 (#1037)
• 308f9dc Bump ex_doc from 0.37.3 to 0.38.0 (#1036)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions