Bump the production-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the production-dependencies group with 5 updates in the / directory:

Package	From	To
gettext	1.0.0	1.0.2
phoenix	1.8.1	1.8.2
phoenix_ecto	4.6.5	4.7.0
phoenix_live_view	1.1.14	1.1.18
tailwind	0.4.0	0.4.1

Updates gettext from 1.0.0 to 1.0.2

Changelog

Sourced from gettext's changelog.

v1.0.2

• Only skip manifest removal on Elixir v1.19.3+

v1.0.1 (retired)

• Remove unnecessary cleaning of Elixir manifests

Commits

• e3180f1 Release v1.0.2
• ec2f9c1 Erase manifest unless on upcoming Elixir (#425)
• 4960e49 Revert "Removed unnecessary cleaning of Elixir manifests (#423)"
• 8844a32 Trim CHANGELOG
• 7fe2dc7 Release v1.0.1
• 30bf87d Removed unnecessary cleaning of Elixir manifests (#423)
• d33d745 Bump actions/checkout from 4.2.2 to 5.0.0 (#422)
• 7443953 Use ubuntu-latest in the publish-to-hex.yml workflow
• See full diff in compare view

Updates phoenix from 1.8.1 to 1.8.2

Changelog

Sourced from phoenix's changelog.

1.8.2 (2025-11-26)

Bug fixes

• [phoenix.js] fix issue where LongPoll can cause "unmatched topic" errors (observed on iOS only) (#6538)
• [phx.gen.live] fix tests when schema and table names are equal (#6477)
• [Verified Routes] do not add path prefixes for static routes
• [Phoenix.Endpoint] fix LongPoll being active by default since 1.8.0 (#6487)

Enhancements

• [phoenix.js] socket now stops reconnection attempts while the page is hidden (#6534)
• [phx.new] (re-)add <.input field={@form[:foo]} type="hidden" /> support in core components
• [phx.new] set force_ssl in prod.exs by default (#6435)
• [phx.new] change --docker base image to debian trixie (#6521)
• [Phoenix.Socket.assign/2] allow passing a function as second argument assign(socket, fn _existing_assigns -> %{this_gets: "merged"} end) (#6530)
• [Phoenix.Controller.assign/2] allow passing a function as second argument (#6542)
• [Phoenix.Controller.assign/2] support keyword lists and maps as second argument similar to LiveView (#6513)
• [Presence] support custom dispatcher for presence_diff broadcast (#6500)
• [AGENTS.md] add short test guidelines to usage rules

Commits

• f068728 Release 1.8.2
• bd3cf83 Add test guidelines
• 93e5c69 Fix file path in controllers documentation (#6544)
• 3755ea5 Use E modifier in config regexes on Elixir 1.19.3+ (#6543)
• ae9c9d1 update changelog
• 8d3f405 followup for #6530 (#6542)
• e911f50 Bump js-yaml from 3.14.1 to 3.14.2 (#6541)
• dca7563 prepare 1.8.2
• dab9f79 Update assets
• 2575a6b Stop reconnecting when page is hidden (#6534)
• Additional commits viewable in compare view

Updates phoenix_ecto from 4.6.5 to 4.7.0

Changelog

Sourced from phoenix_ecto's changelog.

v4.7.0

• Bug fixes
  • Disable migration lock when checking for pending migrations to avoid slow downs

v4.6.6

• Bug fixes
  • Keep backwards compatibility on sandbox API

Commits

• 73a83af Release v4.7.0
• 35fcd9e Revert "Revert "Disable migration lock by default on CheckRepoStatus (#196)""
• a0012c2 Release 4.6.6
• 6705443 Revert "Disable migration lock by default on CheckRepoStatus (#196)"
• 3cb5053 Maintain backwards compatibility on sandbox API, closes #197
• 95fde93 Disable migration lock by default on CheckRepoStatus (#196)
• See full diff in compare view

Updates phoenix_live_view from 1.1.14 to 1.1.18

Changelog

Sourced from phoenix_live_view's changelog.

v1.1.18 (2025-11-25)

Bug fixes

• Fix boolean attributes not being properly ignored when using JS.ignore_attributes (#4049)

Enhancements

• [Phoenix.Component.assign/2] allow passing a function as second argument assign(socket, fn _existing_assigns -> %{this_gets: "merged"} end) (#4051)
• Annotate phx-drop-target elements with the phx-drop-target-active class when items are being dropped (#4012)
• Add onDocumentPatch dom callback and allow specifying the event dispatch phase (#4043) This allows users to use view transitions, see the linked gist in the PR.
• Warn in createHook if passed element has no ID (#4010)
• Allow Phoenix.Component.portal/1 to be nested (#4048)
• Add phx-viewport-overrun-target to make infinitely scrolled tables easier to implement (#4053) (Example)
• Allow to disable the symlink warning for colocated js (#4057)

v1.1.17 (2025-11-04)

Bug fixes

• noop in empty live reloader config

v1.1.16 (2025-10-22)

Bug fixes

• Fix phx-disable-with restoring whitespace improperly (regression in 1.1.15)

v1.1.15 (2025-10-21)

Bug fixes

• Fix form recovery not sending elements with form="..." attribute when using Firefox (#4021)
• Fix keyed comprehension merging in LiveComponents (#4027)
• Use textContent instead of innerText when restoring phx-disable-with text to avoid issues with CSS transforms (#4015)

Enhancements

• Allow attaching handle_async hooks on LiveComponents (#4018)

Commits

• f821d9c release v1.1.18
• 3616e96 Update assets
• f8f1cbb prepare 1.1.18
• 6b5abeb infinite scroll: add phx-viewport-overrun-target (#4053)
• 2d5a09f recursively teleport elements (#4059)
• 01adc34 warn if createHook el has no id (#4056)
• 55ca559 Add onDocumentPatch callback and allow specifying event dispatch phase (#4043)
• ea1a439 Allow Styling Phoenix Uploads On Drag And Drop (#4012)
• 63188fb Fix ignored boolean attributes getting set by the server (#4050)
• 522e11b Accept function in Phoenix.Component.assign/2 (#4051)
• Additional commits viewable in compare view

Updates req from 0.5.15 to 0.5.16

Release notes

Sourced from req's releases.

v0.5.16

• Req.Test: Fix verify_on_exit! accidentally using Mox name
• auth: Support MFArgs
• auth: Support digest auth
• put_aws_sigv4: Support MFArgs
• put_path_params: Encode :path_params even with reserved characters
• put_path_params: Set :path_params_template on empty params
• run_plug: Handle compressed request body

Changelog

Sourced from req's changelog.

v0.5.16 (2025-11-10)

• [Req.Test]: Fix verify_on_exit! accidentally using Mox name
• [auth]: Support MFArgs
• [auth]: Support digest auth
• [put_aws_sigv4]: Support MFArgs
• [put_path_params]: Encode :path_params even with reserved characters
• [put_path_params]: Set :path_params_template on empty params
• [run_plug]: Handle compressed request body

Commits

• de1992a Release v0.5.16
• f0225a7 run_plug: Handle compressed request body (#496)
• 2a365ac Fix tests
• 3cb0a53 Update ex_doc
• 4c850fa auth: Support MFArgs (#519)
• 536880a fix: tiny typo (#514)
• 158165c auth: Support digest auth (#511)
• 3edef76 put_aws_sigv4: Allow providing an mfa tuple (#510)
• 8517f1d Fix warnings
• 5797455 Fix test
• Additional commits viewable in compare view

Updates tailwind from 0.4.0 to 0.4.1

Changelog

Sourced from tailwind's changelog.

v0.4.1 (2025-10-17)

• Ignore ANSI escape codes when checking version

Commits

• ad3e403 Release v0.4.1
• f3bfbcf Ensure executable output without ANSI escape codes in bin_version/0 (#135)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}