build(deps): bump the production-dependencies group with 10 updates

[dependabot]

Bumps the production-dependencies group with 10 updates:

Package	From	To
beacon	c496ae8	236da4b
ecto	3.12.5	3.13.3
esbuild	0.9.0	0.10.0
floki	0.37.1	0.38.0
igniter	0.5.43	0.6.30
live_svelte	0.15.0	0.16.0
phoenix	1.7.21	1.8.1
phoenix_html	4.2.1	4.3.0
phoenix_live_view	1.0.9	1.1.13
tailwind	0.3.1	0.4.0

Updates beacon from c496ae8 to 236da4b

Commits

• 236da4b chore(deps): bump igniter in the production-dependencies group (#816)
• See full diff in compare view

Updates ecto from 3.12.5 to 3.13.3

Changelog

Sourced from ecto's changelog.

v3.13.3 (2025-09-19)

Enhancements

• [Ecto.Query] Accept a list of things to exclude in exclude

Bug fixes

• [Ecto.Query] Allow 2-arity functions as preload function in query
• [Ecto.Query] Remove soft deprecated literal warning
• [Ecto.Schema] Do not consider space and newlines as empty for binary types

v3.13.2 (2025-06-24)

Bug fixes

• [Ecto.Query] Fix regression which made queries with multiple joins expensive to compile
• [Ecto.Repo] Fix detection of missing primary key on associations with only nil entries
• [Ecto.Query] Fix macro expansion in over clause's order_by

v3.13.1 (2025-06-19)

Bug fixes

• [Ecto.Repo] Do not automatically apply HOT updates on upsert with replace. It is the user responsibility to make sure they do not overlap

v3.13.0 (2025-06-18)

Requires Elixir v1.14+.

Enhancements

• [Ecto] Support Elixir's built-in JSON
• [Ecto.Enum] Add Ecto.Enum.cast_value/3
• [Ecto.Query] Allow schema to be used for values list types
• [Ecto.Query] Allow strings in field/2
• [Ecto.Query] Add identifier/1 in queries
• [Ecto.Query] Add constant/1 in queries
• [Ecto.Query] Allow exclude/2 to remove windows
• [Ecto.Query] Allow source fields in json_extract_path
• [Ecto.Repo] Add Ecto.Repo.prepare_transaction/2 user callback
• [Ecto.Repo] Add Ecto.Repo.all_by/3
• [Ecto.Repo] Add Ecto.Repo.transact/2
• [Ecto.Repo] Allow HOT updates on upsert queries in Postgres by removing duplicate fields during replace_all_except
• [Ecto.Schema] Support @schema_redact: :all_except_primary_keys module attribute

Bug fixes

• [Ecto.Query] Allow select merging maps with all nil values
• [Ecto.Query] map/2 in queries now always returns a map on joins, even on left joins, for consistency with from sources

... (truncated)

Commits

• 941bd10 Release v3.13.3
• 9719089 Remove soft deprecated literal warning (#4660)
• 148c03c Allow 2-arity functions as preload function in Query (#4659)
• 535b267 Document get_meta/2 a bit more (#4658)
• 2ffda89 Update Repo Documentation: Paranthesis on function calls (#4657)
• baa1a9b Make default empty values consider type + allow users to define 2-arity empty...
• 420a84d add links to named bindings docs (#4654)
• c2f435f docs: remove duplicate as typo (#4649)
• d57c500 Add warning about global repo naming (#4648)
• c2fc43f Tweak formatting and language in Multi (#4645)
• Additional commits viewable in compare view

Updates esbuild from 0.9.0 to 0.10.0

Changelog

Sourced from esbuild's changelog.

v0.10.0 (2025-05-27)

• Automatically join environment variables specified as lists using the correct PATH separator. For example:

  config :esbuild,
    my_profile: [
      ...
      env: %{
        "NODE_PATH" => [Path.expand("../deps", __DIR__), Mix.Project.build_path()]
      }
    ]

Commits

• 86f4304 release v0.10.0
• c891ea2 Merge pull request #78 from phoenixframework/sd-path-sep
• 6f8b4df join all lists
• e818a27 update CI
• 809c25f support passing NODE_PATH as list
• See full diff in compare view

Updates floki from 0.37.1 to 0.38.0

Release notes

Sourced from floki's releases.

v0.38.0

Added

• This version adds initial support for the :has pseudo-selector. It is a great addition that enables finding elements containing matching children.

  Examples for selectors:

  • "div:has(h1)"
  • "div:has(h1, p, span)"
  • "div:has(p.foo)"
  • "div:has(img[src='https://example.com'])"
  • "tr:has(*:fl-contains('TEST'))"

  Note that combinators like ">" are not allowed yet.

  Thank you @​bvobart for this feature!

Fixed

• Add :style option documentation to Floki.text/2. Thanks @​s3cur3 for the fix.

• Fix deprecation warnings for upcoming Elixir 1.19.

• Prevent from crashing when selector is an empty string.

Removed

• Remove support for Elixir 1.14 and OTP 23.

• Remove deprecated functions and function clauses that were accepting strings (binaries).

  Affected functions:

  • parse/1 - removed function
  • map/2 - removed function
  • attr/4 - removed clause
  • find/2 - removed clause
  • text/3 - removed clause
  • text/3 - removed clause
  • attribute/2 - removed clause
  • filter_out/2 - removed clause

  HTML must be parsed before searching. Functions like Floki.find/2, Floki.attribute/2, and other HTML manipulation functions no longer work directly with HTML strings. The HTML must be parsed first using Floki.parse_fragment/2 or Floki.parse_document/2.

... (truncated)

Changelog

Sourced from floki's changelog.

[0.38.0] - 2025-06-14

Added

• This version adds initial support for the :has pseudo-selector. It is a great addition that enables finding elements containing matching children.

  Examples for selectors:

  • "div:has(h1)"
  • "div:has(h1, p, span)"
  • "div:has(p.foo)"
  • "div:has(img[src='https://example.com'])"
  • "tr:has(*:fl-contains('TEST'))"

  Note that combinators like ">" are not allowed yet.

  Thank you @​bvobart for this feature!

Fixed

• Add :style option documentation to Floki.text/2. Thanks @​s3cur3 for the fix.

• Fix deprecation warnings for upcoming Elixir 1.19.

• Prevent from crashing when selector is an empty string.

Removed

• Remove support for Elixir 1.14 and OTP 23.

• Remove deprecated functions and function clauses that were accepting strings (binaries).

  Affected functions:

  • parse/1 - removed function
  • map/2 - removed function
  • attr/4 - removed clause
  • find/2 - removed clause
  • text/3 - removed clause
  • text/3 - removed clause
  • attribute/2 - removed clause
  • filter_out/2 - removed clause

• HTML must be parsed before searching. Functions like Floki.find/2, Floki.attribute/2, and other HTML manipulation functions no longer work directly with HTML strings. The HTML must be parsed first using

... (truncated)

Commits

• 2c41ba8 Release v0.38 (#629)
• ca714a4 Prevent find/2 from crashing with empty selector (#631)
• 541bdce Remove deprecation warnings for the upcoming Elixir 1.19 (#630)
• 72b4563 Remove deprecations (#628)
• dcdc385 Remove support for Elixir 1.14 (#626)
• b92cd73 Add :style flag to text/2` docs (#627)
• c0de672 Bump benchee from 1.3.1 to 1.4.0 (#618)
• a516972 Bump credo from 1.7.11 to 1.7.12 (#619)
• 5398a08 Bump ex_doc from 0.37.3 to 0.38.2 (#625)
• f900ea1 feat: implement :has pseudo-selector functionality (#624)
• Additional commits viewable in compare view

Updates igniter from 0.5.43 to 0.6.30

Release notes

Sourced from igniter's releases.

v0.6.30

Bug Fixes:

• don't silently ignore certain errors during spinners by Zach Daniel

• don't display "temporarily adding igniter" when we aren't by Zach Daniel

v0.6.25

Bug Fixes:

• remove another enumeration of the rewrite by Zach Daniel

v0.6.24

Bug Fixes:

• iterate over sources, not rewrite, in one more place by Zach Daniel

v0.6.23

Bug Fixes:

• remove case where we iterate a rewrite by Zach Daniel

v0.6.22

Bug Fixes:

• handle :error coming from alias updater by Zach Daniel

• add :error case clause in modify_existing_alias by Zach Daniel

v0.6.21

... (truncated)

Changelog

Sourced from igniter's changelog.

v0.6.30 (2025-09-25)

Bug Fixes:

• don't silently ignore certain errors during spinners by Zach Daniel

• don't display "temporarily adding igniter" when we aren't by Zach Daniel

v0.6.29 (2025-09-20)

Bug Fixes:

• prevent duplicate 'live' directories for modules with Live namespace (#330) by Matthew Sinclair

• prevent duplicate 'live' directories for modules with Live namespace by Matthew Sinclair

Improvements:

• add delay_task to run tasks at the end by Zach Daniel

v0.6.28 (2025-08-21)

Bug Fixes:

• use appropriate function name function -> function? (#326) by Ciarán Walsh

Improvements:

• igniter.new Don't run git init if already in git repo (#328) by Erik André Jakobsen

v0.6.27 (2025-08-14)

• releasing a new version to handle locally published version with IO.inspects left in 🤦‍♂️

v0.6.26 (2025-07-29)

... (truncated)

Commits

• 928f586 chore: release version v0.6.30
• 78c00b1 fix: don't silently ignore certain errors during spinners
• 7508897 chore: release version v0.6.29
• 69ba2ac chore: remove beacon from projects list for now
• 04bae76 improvement: add delay_task to run tasks at the end
• c3f2011 fix: prevent duplicate 'live' directories for modules with Live namespace (#330)
• 961b665 chore: update igniter
• 3234063 chore: release version v0.6.28
• 924a724 improvement: igniter.new Don't run git init if already in git repo (#328)
• ff45e81 chore: update changelog
• Additional commits viewable in compare view

Updates live_svelte from 0.15.0 to 0.16.0

Release notes

Sourced from live_svelte's releases.

v0.16.0

What's Changed

• Add Beacon LiveAdmin in list of projects by @​leandrocp in woutdp/live_svelte#163
• Update README.md by @​jose-INCUE in woutdp/live_svelte#165
• fix: broken docs header by @​davydog187 in woutdp/live_svelte#168
• fix: use Phoenix for formatting attr and other macros by @​davydog187 in woutdp/live_svelte#169
• fix: clarify socket documentation by @​davydog187 in woutdp/live_svelte#170
• feat: put the logo in the docs by @​davydog187 in woutdp/live_svelte#172
• feat: <:loading /> slot for server-rendered markup by @​davydog187 in woutdp/live_svelte#171

New Contributors

• @​leandrocp made their first contribution in woutdp/live_svelte#163
• @​jose-INCUE made their first contribution in woutdp/live_svelte#165

Full Changelog: woutdp/live_svelte@v0.15.0...v0.16.0

Changelog

Sourced from live_svelte's changelog.

0.16.0 - 2025-04-18

Added

• Added support for fallback content while the component is rendering

Fixed

• Documentation tweaks that refer to adding the socket when not using SSR

Commits

• 08ecd4d Update changelog
• 23f64b2 Bump version 0.15.0 -> 0.160
• b1f6845 Add TV labs and remore territoriez
• 1d811a7 Add to changelog
• ec1923c Update README.md fallback content
• 26fd898 Add documentation for loading slot
• 649a99a Edit warning message ssr + loading
• 7fd90a5 Add example loading slot
• 640dd6e Add warning if ssr and loading slot is being used together
• a3615e4 feat: <:loading /> slot for server-rendered markup
• Additional commits viewable in compare view

Updates phoenix from 1.7.21 to 1.8.1

Changelog

Sourced from phoenix's changelog.

1.8.1 (2025-08-28)

Bug fixes

• [phx.new] Fix AGENTS.md failing to include CSS and JavaScript sections

1.8.0 (2025-08-05)

Bug fixes

• [phx.new] Don't include node_modules override in generated tsconfig.json

Enhancements

• [phx.gen.live|html|json] - Make context argument optional. Defaults to the plural name.
• [phx.new] Add mix precommit alias
• [phx.new] Add AGENTS.md generation compatible with usage_rules
• [phx.new] Add usage_rules folder to installer, allowing to sync generic Phoenix rules into new projects
• [phx.new] Use LiveView 1.1 release in generated code
• [phx.new] Ensure theme selector and flash closing works without LiveView

1.8.0-rc.4 (2025-07-14)

Bug Fixes

• Fix phx.gen.presence PubSub server name for umbrella apps
• Fix phx.gen.live subscribing to pubsub in disconnected mounts

Enhancements

• [phx.new] Initialize initial git repo when git is installed
• [phx.new] Opt-in to HEEx :debug_tags_location in development
• [phx.gen.live|html|json|context] Make context name optional and inflect based on schema when missing
• [phx.gen.*] Use new Ecto 3.13 Repo.transact/2 in generators
• [phx.gen.auth] Warn when using phx.gen.auth without esbuild as features assume phoenix_html.js in bundle
• Add security.md guide for security best practices
• [phoenix.js] - Add fetch() support to LongPoll when XMLHTTPRequest is not available
• Optimize parameter scrubbing by precompiling patterns

1.8.0-rc.3 (2025-05-07)

Enhancements

• [phx.gen.auth] Allow configuring the scope's assign key in phx.gen.auth
• [phx.new] Do not override theme in root layout if explicitly set

1.8.0-rc.2 (2025-04-29)

Bug Fixes

• [phx.gen.live] Only subscribe to pubsub if connected
• [phx.gen.auth] Remove unused current_password field
• [phx.gen.auth] Use context_app for scopes to fix generated scopes in umbrella apps

1.8.0-rc.1 (2025-04-16)

Enhancements

... (truncated)

Commits

• 675e924 Release 1.8.1
• 21ee261 Bump eslint from 9.33.0 to 9.34.0 (#6440)
• a280eed Bump @​eslint/js from 9.33.0 to 9.34.0 (#6439)
• c3d2fa9 Touchup
• 8502ed0 Clarify timestamp further. Closes #6438
• 820b0ba Clarify timestamp. Closes #6438
• a64dd8c Run mix compile before assets.build in generated aliases (#6407)
• b0fe7ec Update controllers documentation (#6416)
• a5646df Fix some typos (#6386)
• 14faee2 Fix controller.ex documentation typo (#6417)
• Additional commits viewable in compare view

Updates phoenix_html from 4.2.1 to 4.3.0

Changelog

Sourced from phoenix_html's changelog.

4.3.0 (2025-09-28)

• Enhancements

  • Implement Phoenix.HTML.Safe for Duration
  • Add function head for argument names of normalize_value/2 to improve documentation
  • Allow custom tags in options_for_select
  • Allow datetime as form option values

• Bug fixes

  • Avoid false positive warnings on Elixir v1.19

Commits

• 8cfd3e3 Release v4.3.0
• 053861d Avoid false positive in Elixir v1.19
• 671042c allow datetime as form option values (#468)
• 0f31c95 feat(custom option tags): allow custom tags in options_for_select (#467)
• 0229e74 Add function head for argument names of normalize_value/2 (#466)
• 49bb6e5 Add Phoenix.HTML.Safe to Duration (#463)
• ddaf11e Update CI (#464)
• c11a9e3 Implement Access for form fields
• See full diff in compare view

Updates phoenix_live_view from 1.0.9 to 1.1.13

Changelog

Sourced from phoenix_live_view's changelog.

v1.1.13 (2025-09-18)

Bug fixes

• Fix invalid stream merging in LiveViewTest (#3993)
• Fix extra spaces when formatting nested inline tags (#3995)
• Ensure error reasons are serialized into message on the client (#3984)
• Prevent JavaScript exception when passing "*" to JS.ignore_attributes/3 (#3996)

v1.1.12 (2025-09-14)

Bug fixes

• Prevent HEEx line from being reported as uncovered when using a pattern in :let={} (#3989)

Enhancements

• Automatically symlink assets/node_modules folder for colocated hooks (see the documentation for Phoenix.LiveView.ColocatedJS, #3988)

v1.1.11 (2025-09-04)

Bug fixes

• Fix LiveComponents being destroyed when their DOM ID changes, even though they are still rendered (#3981)
• Fix warning when an empty comprehension is rendered in LiveViewTest

Enhancements

• Speed up duplicate ID check in LiveViewTest (#3962)

v1.1.10 (2025-09-03)

Bug fixxes

• Regression in v1.1.9 - fix Phoenix.LiveViewTest.submit_form/2 and Phoenix.LiveViewTest.follow_trigger_action/2 crashing when using keywords lists and not properly handling atom keys (#3975)

v1.1.9 (2025-09-02)

Bug fixes

• Fix moved comprehension diff crashing LiveViewTest (#3963)
• Ensure push_patch works during form recovery (#3964)
• Fix diff crash in LiveViewTest when rendering structs (#3970)

Enhancements

• Include form values from DOM in Phoenix.LiveViewTest.submit_form/2 and Phoenix.LiveViewTest.follow_trigger_action/2 to mimic browser behavior (#3885)
• Allow assigning generic hooks to type Hook (#3955)
• Allow typing hook element when using TypeScript (#3956)
• Add more metadata to phx:page-loading-start event in case of errors (#3910)

... (truncated)

Commits

• 975bc91 release v1.1.13
• c1f1de9 Update assets
• ff403bb prevent crash when passing * to ignore_attributes (#3997)
• 67a3bc0 Fix extra spaces being continually added when formatting nested inline tags (...
• 68619fb fix merging of streams in LiveViewTest (#3994)
• e898d68 Serialize error reason as JSON (#3984)
• 72189f6 release v1.1.12
• f6c87c4 allow auto-symlinking node_modules for ColocatedJS (#3988)
• a60512c Prevent pattern in :let from leading to uncovered line (#3989)
• 0519193 Fix heading in CHANGELOG (#3986)
• Additional commits viewable in compare view

Updates tailwind from 0.3.1 to 0.4.0

Changelog

Sourced from tailwind's changelog.

v0.4.0 (2025-09-10)

• No longer copy assets in mix tailwind.install
• Discard empty proxy env vars
• Ensure watcher picks up rule changes on Windows

Commits

• e8e2891 Release v0.4.0
• d09a32b Add comments
• 3e49513 Normalize windows driver
• 5f8a6b9 Update versions
• e988790 Sanitize empty strings when getting Proxy Environment variables (#92)
• 2bf28d7 Revert config
• 327cef3 Remove outdated docs, closes #102
• 21c4b76 Fix path in message, closes #126
• be2c7b6 Update tests, readme, and simplify install
• f7e3037 Update README.md (#132)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
beacon	[>= 1.a, < 2]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.