chore(deps): bump the production-dependencies group with 16 updates

[dependabot]

Bumps the production-dependencies group with 16 updates:

Package	From	To
ecto_sql	3.12.1	3.13.4
esbuild	0.9.0	0.10.0
floki	0.37.1	0.38.0
gettext	0.26.2	1.0.2
hackney	1.23.0	1.25.0
igniter	0.5.43	0.7.0
image	0.59.0	0.62.1
mdex	0.5.0	0.11.1
phoenix_ecto	4.6.3	4.7.0
phoenix_html	4.2.1	4.3.0
phoenix_live_view	1.0.9	1.1.20
phoenix_pubsub	2.1.3	2.2.0
postgrex	0.20.0	0.22.0
req_embed	0.2.1	0.3.4
solid	0.18.0	1.2.0
vix	0.33.0	0.36.0

Updates ecto_sql from 3.12.1 to 3.13.4

Changelog

Sourced from ecto_sql's changelog.

v3.13.4 (2025-12-27)

Bug fixes

• [mysql] Do not crash mix ecto.load with large dumped databases

v3.13.3 (2025-12-08)

Enhancements

• [sql] Tag generated functions as :generated
• [sql] Add :wrap_in_transaction option to explain

Bug fixes

• [mysql] Fix structure_load/2 for MySQL 9.4+

v3.13.2 (2025-06-24)

Enhancements

• [sandbox] Allow passing through opts in Ecto.Adapters.SQL.Sandbox.allow/4 calls
• [sql] Add support for ON DELETE SET DEFAULT

Bug fixes

• [postgres] Fix nested array generated time columns

v3.13.1 (2025-06-20)

Bug fixes

• [postgres] Fix nested array generated columns

v3.13.0 (2025-06-18)

Enhancements

• [Ecto.Migration] Add support for index directions
• [sql] Support :log_stacktrace_mfa for filtering or modifying stacktrace-derived info in query logs
• [mysql] Support arrays using JSON for MariaDB
• [mysql] Allow to specify :prepare per operation
• [postgres] Add support for collations in Postgres
• [postgres] Allow source fields in json_extract_path

Commits

• ed07cf2 Release v3.13.4
• 1883163 Use input redirection for mysql structure_load (#706)
• 2c0aacb Document passing Repo.get_dynamic_repo(), closes #701
• 912cb34 Release v3.13.3
• 5d6d82b Add generated option to quote in SQL adapter (#700)
• bddc7bc chore(docs): Update Safe Ecto Migrations link (#689)
• 074a271 Improve sandbox docs (#687)
• e223a37 Fix structure_load/2 for MySQL 9.4+ (#685)
• 69954cb Updated myxql to 0.8 (#683)
• 4752ad2 Add :wrap_in_transaction option to explain (#682)
• Additional commits viewable in compare view

Updates esbuild from 0.9.0 to 0.10.0

Changelog

Sourced from esbuild's changelog.

v0.10.0 (2025-05-27)

• Automatically join environment variables specified as lists using the correct PATH separator. For example:

  config :esbuild,
    my_profile: [
      ...
      env: %{
        "NODE_PATH" => [Path.expand("../deps", __DIR__), Mix.Project.build_path()]
      }
    ]

Commits

• 86f4304 release v0.10.0
• c891ea2 Merge pull request #78 from phoenixframework/sd-path-sep
• 6f8b4df join all lists
• e818a27 update CI
• 809c25f support passing NODE_PATH as list
• See full diff in compare view

Updates floki from 0.37.1 to 0.38.0

Release notes

Sourced from floki's releases.

v0.38.0

Added

• This version adds initial support for the :has pseudo-selector. It is a great addition that enables finding elements containing matching children.

  Examples for selectors:

  • "div:has(h1)"
  • "div:has(h1, p, span)"
  • "div:has(p.foo)"
  • "div:has(img[src='https://example.com'])"
  • "tr:has(*:fl-contains('TEST'))"

  Note that combinators like ">" are not allowed yet.

  Thank you @​bvobart for this feature!

Fixed

• Add :style option documentation to Floki.text/2. Thanks @​s3cur3 for the fix.

• Fix deprecation warnings for upcoming Elixir 1.19.

• Prevent from crashing when selector is an empty string.

Removed

• Remove support for Elixir 1.14 and OTP 23.

• Remove deprecated functions and function clauses that were accepting strings (binaries).

  Affected functions:

  • parse/1 - removed function
  • map/2 - removed function
  • attr/4 - removed clause
  • find/2 - removed clause
  • text/3 - removed clause
  • text/3 - removed clause
  • attribute/2 - removed clause
  • filter_out/2 - removed clause

  HTML must be parsed before searching. Functions like Floki.find/2, Floki.attribute/2, and other HTML manipulation functions no longer work directly with HTML strings. The HTML must be parsed first using Floki.parse_fragment/2 or Floki.parse_document/2.

... (truncated)

Changelog

Sourced from floki's changelog.

[0.38.0] - 2025-06-14

Added

• This version adds initial support for the :has pseudo-selector. It is a great addition that enables finding elements containing matching children.

  Examples for selectors:

  • "div:has(h1)"
  • "div:has(h1, p, span)"
  • "div:has(p.foo)"
  • "div:has(img[src='https://example.com'])"
  • "tr:has(*:fl-contains('TEST'))"

  Note that combinators like ">" are not allowed yet.

  Thank you @​bvobart for this feature!

Fixed

• Add :style option documentation to Floki.text/2. Thanks @​s3cur3 for the fix.

• Fix deprecation warnings for upcoming Elixir 1.19.

• Prevent from crashing when selector is an empty string.

Removed

• Remove support for Elixir 1.14 and OTP 23.

• Remove deprecated functions and function clauses that were accepting strings (binaries).

  Affected functions:

  • parse/1 - removed function
  • map/2 - removed function
  • attr/4 - removed clause
  • find/2 - removed clause
  • text/3 - removed clause
  • text/3 - removed clause
  • attribute/2 - removed clause
  • filter_out/2 - removed clause

• HTML must be parsed before searching. Functions like Floki.find/2, Floki.attribute/2, and other HTML manipulation functions no longer work directly with HTML strings. The HTML must be parsed first using

... (truncated)

Commits

• 2c41ba8 Release v0.38 (#629)
• ca714a4 Prevent find/2 from crashing with empty selector (#631)
• 541bdce Remove deprecation warnings for the upcoming Elixir 1.19 (#630)
• 72b4563 Remove deprecations (#628)
• dcdc385 Remove support for Elixir 1.14 (#626)
• b92cd73 Add :style flag to text/2` docs (#627)
• c0de672 Bump benchee from 1.3.1 to 1.4.0 (#618)
• a516972 Bump credo from 1.7.11 to 1.7.12 (#619)
• 5398a08 Bump ex_doc from 0.37.3 to 0.38.2 (#625)
• f900ea1 feat: implement :has pseudo-selector functionality (#624)
• Additional commits viewable in compare view

Updates gettext from 0.26.2 to 1.0.2

Changelog

Sourced from gettext's changelog.

v1.0.2

• Only skip manifest removal on Elixir v1.19.3+

v1.0.1 (retired)

• Remove unnecessary cleaning of Elixir manifests

v1.0.0

This is the first 1.0 release of Gettext, a silly 10 years (and 6 months) after we started working on it. There are very few changes from the latest 0.26 release, and none of them are breaking.

Here are the new goodies:

• Add support for concatenating sigils if all parts are known at compile time (such as "Hello " <> ~s(world)).
• Significantly increase the timeout for mix gettext.extract to two minutes.
• Add Gettext.put_locale!/2.

Happy 10+ years of Elixir translations everyone! 🎉

Previous versions

See the CHANGELOG for versions before v1.0.

Commits

• e3180f1 Release v1.0.2
• ec2f9c1 Erase manifest unless on upcoming Elixir (#425)
• 4960e49 Revert "Removed unnecessary cleaning of Elixir manifests (#423)"
• 8844a32 Trim CHANGELOG
• 7fe2dc7 Release v1.0.1
• 30bf87d Removed unnecessary cleaning of Elixir manifests (#423)
• d33d745 Bump actions/checkout from 4.2.2 to 5.0.0 (#422)
• 7443953 Use ubuntu-latest in the publish-to-hex.yml workflow
• d1a8c86 Release v1.0.0
• e1df334 Update Elixir/Erlang versions in CI
• Additional commits viewable in compare view

Updates hackney from 1.23.0 to 1.25.0

Release notes

Sourced from hackney's releases.

1.25.0 - 2025-07-24

IMPORTANT CHANGE

• change: insecure_basic_auth now defaults to true instead of false

  This restores backward compatibility with pre-1.24.0 behavior where basic auth was allowed over HTTP connections. If you need strict HTTPS-only basic auth:

  • Set globally: application:set_env(hackney, insecure_basic_auth, false)
  • Or per-request: {insecure_basic_auth, false} in options

Hex.pm : https://hex.pm/packages/hackney/1.25.0 Doc: https://hexdocs.pm/hackney/readme.html

1.24.1 - 2025-05-26

Changes

1.24.1 - 2025-05-26

• fix: remove unused variable warning in hackney.erl

1.24.0 - 2025-05-26

• security: fix basic auth credential exposure vulnerability
• security: add application variable support for insecure_basic_auth
• fix: NXDOMAIN error in Docker Compose environments (issue #764)
• fix: stream_body timeout after first chunk (issue #762)
• fix: SSL hostname verification with custom ssl_options and SSL message leak in async streaming
• fix: pool connections not freed on 307 redirects and multiple pool/timer race conditions
• fix: socket leaks, process deadlocks, ETS memory leaks, and infinite gen_server calls
• fix: controlling_process error handling in happy eyeballs and connection pool return
• improvement: update GitHub Actions to ubuntu-22.04 and bump certifi/mimerl dependencies

Breaking Change

The new insecure_basic_auth application variable defaults to false for security. If your application relies on insecure basic auth over HTTP, you must explicitly set application:set_env(hackney, insecure_basic_auth, true) to maintain previous behavior.

Hex.pm : https://hex.pm/packages/hackney/1.24.1 Doc: https://hexdocs.pm/hackney/readme.html

1.24.0 - 2025-05-26

Changes

• security: fix basic auth credential exposure vulnerability

... (truncated)

Changelog

Sourced from hackney's changelog.

1.25.0 - 2025-07-24

** IMPORTANT CHANGE **

• change: insecure_basic_auth now defaults to true instead of false

  This restores backward compatibility with pre-1.24.0 behavior where basic auth was allowed over HTTP connections. If you need strict HTTPS-only basic auth:

  • Set globally: application:set_env(hackney, insecure_basic_auth, false)
  • Or per-request: {insecure_basic_auth, false} in options

1.24.1 - 2025-05-26

• fix: remove unused variable warning in hackney.erl

1.24.0 - 2025-05-26

• security: fix basic auth credential exposure vulnerability
• security: add application variable support for insecure_basic_auth
• fix: NXDOMAIN error in Docker Compose environments (issue #764)
• fix: stream_body timeout after first chunk (issue #762)
• fix: SSL hostname verification with custom ssl_options and SSL message leak in async streaming
• fix: pool connections not freed on 307 redirects and multiple pool/timer race conditions
• fix: socket leaks, process deadlocks, ETS memory leaks, and infinite gen_server calls
• fix: controlling_process error handling in happy eyeballs and connection pool return
• improvement: update GitHub Actions to ubuntu-22.04 and bump certifi/mimerl dependencies

Commits

• 8c00789 Merge pull request #778 from benoitc/insecure-basic-auth-default-true
• a1d4108 change insecure_basic_auth default to true
• e2bbdf7 bump unicode compat lib
• 3b901a6 update readme
• d59b422 fix: remove unused variable warning and bump version to 1.24.1
• 30447da fix version in readme
• fd82258 fix documentation warnings
• 1239ec6 update NEWS.md with stream_body timeout fix for issue #762
• 96e881e fix stream_body timeout issue by reverting breaking error format change
• 431b4f5 Fix typos in NEWS.md
• Additional commits viewable in compare view

Updates igniter from 0.5.43 to 0.7.0

Release notes

Sourced from igniter's releases.

v0.7.0

Features:

• Add support for SiteEncrypt.Phoenix.Endpoint detection (#339) by Herman verschooten

Bug Fixes:

• put_in_map/set_map_key not setting keys properly (#348) by Nick Krichevsky

• don't pass --no-git onto installers by Zach Daniel

• modify_config_code twice with keyword values (#332) by grzuy

v0.6.30

Bug Fixes:

• don't silently ignore certain errors during spinners by Zach Daniel

• don't display "temporarily adding igniter" when we aren't by Zach Daniel

v0.6.25

Bug Fixes:

• remove another enumeration of the rewrite by Zach Daniel

v0.6.24

Bug Fixes:

• iterate over sources, not rewrite, in one more place by Zach Daniel

v0.6.23

... (truncated)

Changelog

Sourced from igniter's changelog.

v0.7.0 (2025-11-05)

Features:

• Add support for SiteEncrypt.Phoenix.Endpoint detection (#339) by Herman verschooten

Bug Fixes:

• put_in_map/set_map_key not setting keys properly (#348) by Nick Krichevsky

• don't pass --no-git onto installers by Zach Daniel

• modify_config_code twice with keyword values (#332) by grzuy

v0.6.30 (2025-09-25)

Bug Fixes:

• don't silently ignore certain errors during spinners by Zach Daniel

• don't display "temporarily adding igniter" when we aren't by Zach Daniel

v0.6.29 (2025-09-20)

Bug Fixes:

• prevent duplicate 'live' directories for modules with Live namespace (#330) by Matthew Sinclair

• prevent duplicate 'live' directories for modules with Live namespace by Matthew Sinclair

Improvements:

• add delay_task to run tasks at the end by Zach Daniel

v0.6.28 (2025-08-21)

Bug Fixes:

... (truncated)

Commits

• e41f7e0 chore: release version v0.7.0
• 1cb6f21 build(deps-dev): bump the dev-dependencies group with 3 updates (#350)
• 4930cd4 Fix: put_in_map/set_map_key not setting keys properly (#348)
• bd2b582 doc: fix type link (#346)
• d90eb60 docs: Update docs to indicate behavior of List.map/2, add tests (#345)
• 5c43202 docs: Clarify Elixir version requirements (#344)
• 6153ea0 feat: Add support for SiteEncrypt.Phoenix.Endpoint detection (#339)
• 435cde1 chore: Fix REUSE license attribution
• 0127832 build(deps): bump rewrite in the production-dependencies group (#342)
• a866ab5 chore: Fix failing test (#340)
• Additional commits viewable in compare view

Updates image from 0.59.0 to 0.62.1

Release notes

Sourced from image's releases.

Image version 0.62.1

Bug Fixes

• Fix decoding EXIF component configuration if the value is invalid. Fixes #194. Thanks to @​ethangunderson for the report.

• Fix Image.minimize_metadata/1 when the image does not have an author or copyright field.

Image version 0.62.0

Breaking Change

• Image.histogram/1 previously normalized the results which meant that the pixel counts for each bucket could not be resolved. The function no longer normalises the histogram so the raw pixel counts per bucket are retained.

Bug Fixes

• Image.histogram/1 is fixed to not normalize histogram entries. Therefore the histogram now returns correct pixel counts.

• Fix Image.Text.add_background_padding/2 when the padding is derived from a base image.

Enhancements

• Add Image.to_list/1 to return an image as a nested list.

• Added an example for Image.histogram/1 to illustrate what data is returned and how to interpret it.

Image version 0.61.1

Bug Fixes

• Fix "function get_req_message/1" compiler warning.

Image version 0.61.0

Enhancements

• Adds Image.from_req_stream/2. This function returns a Vix.Vips.Image.t/0 from streaming a Req request using the Req.get/2 option into: :self,

Image version 0.60.0

Breaking Changes

• Image.Math.maxpos/2 is renamed to Image.Math.top_n/2 to better reflect its intent. The keyword options argument is also replaced with a simple integer argument n.

• Image.Math.minpos/2 is renamed to Image.Math.bottom_n/2 to better reflect its intent. The keyword options argument is also replaced with a simple integer argument n.

• The return value from Image.Math.top_n/2 and Image.Math.bottom_n/2 have changed. They will now return the form {max, max_x, max_y, [{x_max_1, y_max_1}, {x_max_2, y_max_2}, ...]}.

Bug Fixes

• Improve the error messages for Image.crop/5 when the crop bounding box is invalid. Closes #190.

Enhancements

• Add Image.band_and/1, Image.band_or/1 and Image.band_xor/1 to apply the appropriate boolean operation across the bands of an image.

... (truncated)

Changelog

Sourced from image's changelog.

Image 0.62.1

This is the changelog for Image version 0.62.1 released on October 23rd, 2025. For older changelogs please consult the release tag on GitHub

Bug Fixes

• Fix decoding EXIF component configuration if the value is invalid. Fixes #194. Thanks to @​ethangunderson for the report.

• Fix Image.minimize_metadata/1 when the image does not have an author or copyright field.

Image 0.62.0

This is the changelog for Image version 0.62.0 released on August 8th, 2025. For older changelogs please consult the release tag on GitHub

Breaking Change

• Image.histogram/1 previously normalized the results which meant that the pixel counts for each bucket could not be resolved. The function no longer normalises the histogram so the raw pixel counts per bucket are retained.

Bug Fixes

• Image.histogram/1 is fixed to not normalize histogram entries. Therefore the histogram now returns correct pixel counts.

• Fix Image.Text.add_background_padding/2 when the padding is derived from a base image.

Enhancements

• Add Image.to_list/1 to return an image as a nested list.

• Added an example for Image.histogram/1 to illustrate what data is returned and how to interpret it.

Image 0.61.1

This is the changelog for Image version 0.61.1 released on July 14th, 2025. For older changelogs please consult the release tag on GitHub

Bug Fixes

• Fix "function get_req_message/1" compiler warning.

Image 0.61.0

This is the changelog for Image version 0.61.0 released on July 2nd, 2025. For older changelogs please consult the release tag on GitHub

Enhancements

• Adds Image.from_req_stream/2. This function returns a Vix.Vips.Image.t/0 from streaming a Req request using the Req.get/2 option into: :self,

Image 0.60.0

This is the changelog for Image version 0.60.0 released on June 27th, 2025. For older changelogs please consult the release tag on GitHub

... (truncated)

Commits

• 1749809 Add tests for metadata minimization when no exif
• d71edab Make note about not using from_binary/2 more prominent
• 72f62dc Improve minimize_metadata/1 docs
• 05cc213 minimize_metadata/1 shouldnt error if there's no exif
• 049b6b5 Fix Image.minimize_metadata/1 again
• 30f6a61 Update version and changelog
• 6d1c906 Fix error on invalid exif components. Fixes #194
• f9d7349 Update changelog date
• b36b032 Don't write validation image again
• 07018aa Fix k_means tests
• Additional commits viewable in compare view

Updates mdex from 0.5.0 to 0.11.1

Release notes

Sourced from mdex's releases.

v0.11.1

0.11.1 - 2026-01-19

Changed

• Add use MDEx macro to set up MDEx in a module (optional)
• [HEEx] Add to_heex/2 and to_heex!/2 macros to convert Markdown, MDEx.Document, or HTML to HEEx with Phoenix component support
• [HEEx] Add support for Phoenix.LiveView.Rendered in to_html/2 to convert rendered HEEx to HTML string
• Add :assigns option to pass assigns to HEEx templates
• [Document] Add MDEx.Document.assign/2 and MDEx.Document.assign/3 to set assigns on a document
• [Document] Add MDEx.Document.put_plugins/2 to attach plugins to a document
• [Plugins] Add :plugins option to MDEx.to_* functions for one-off conversions with plugins

Fixed

• [Docs] Indent sigil modifiers items (@​gmile)
• [Plugins] Add :plugins to MDEx.new/1 options to configure multiple plugins at once (@​halostatue)
• [Deps] Make :rustler optional (@​scrogson)
• [Parser] Fix HEEx parsing on mixed components/markdown (ref kivikakk/comrak@0b327a3)

Checksum

6480d6769f6e0cab5297c1983b8a6e3dc78a31c1dfd1f7eb18b5232c64ecb5fd  comrak_nif-v0.11.1-nif-2.15-x86_64-pc-windows-gnu--legacy_cpu.dll.tar.gz
0e525c53979d9d69cd7b16befb0ba36b53747b5604c5659e9dc69521f674521f  comrak_nif-v0.11.1-nif-2.15-x86_64-pc-windows-gnu.dll.tar.gz
e3e2db54ba6ea73b4a45c62c1a5548c72b5dc66935f4ce4ff7689a01ae79809c  comrak_nif-v0.11.1-nif-2.15-x86_64-pc-windows-msvc--legacy_cpu.dll.tar.gz
2c7f61e0468d33fd8fbef360a92a21a643444299d69474b32f4477700ff76dd2  comrak_nif-v0.11.1-nif-2.15-x86_64-pc-windows-msvc.dll.tar.gz
5eb6cd74ab240c9a26764ed563309ee10aca3fef155f31871f96a7cd0fa3df45  libcomrak_nif-v0.11.1-nif-2.15-aarch64-apple-darwin.so.tar.gz
458a0c757efb64f948455d4e8592fe8616d99bda32ad11d9a23deaa0518835d5  libcomrak_nif-v0.11.1-nif-2.15-aarch64-unknown-linux-gnu.so.tar.gz
deb20784c4846527397c027539bca1dc827f2045d2db643396058c7ac1eaecc5  libcomrak_nif-v0.11.1-nif-2.15-aarch64-unknown-linux-musl.so.tar.gz
a48cb6dd8f2017315abeb3ee3b05465ab4401603e1387fdc3733c8dd1ae1ea0d  libcomrak_nif-v0.11.1-nif-2.15-arm-unknown-linux-gnueabihf.so.tar.gz
496017a83c3c5b87fee89038aabad14e077d997497050d69b8ecde0a05faf0cf  libcomrak_nif-v0.11.1-nif-2.15-riscv64gc-unknown-linux-gnu.so.tar.gz
cf64df3a67b485e1775825ac2b896e8757dc2a3f2c40c9a12384e3b1b835a29c  libcomrak_nif-v0.11.1-nif-2.15-x86_64-apple-darwin.so.tar.gz
71aef7fa7bf133cb37fab60cb3a190a0828d3d4ada395dd1d5965bf83fbac70c  libcomrak_nif-v0.11.1-nif-2.15-x86_64-unknown-freebsd--legacy_cpu.so.tar.gz
14af0aa36dc24bc7efc84f4c04301722ee23ed607122ede90b1afd68c3fc542f  libcomrak_nif-v0.11.1-nif-2.15-x86_64-unknown-freebsd.so.tar.gz
d19d9de6b12445495cf01dca1b036214643c2831c4b6f32021b1fd15ebc56e4f  libcomrak_nif-v0.11.1-nif-2.15-x86_64-unknown-linux-gnu--legacy_cpu.so.tar.gz
973507a4e16ebb0691b7a87f5adf772773f22ee6815aec4953029c3788995a2e  libcomrak_nif-v0.11.1-nif-2.15-x86_64-unknown-linux-gnu.so.tar.gz
a93a606cafa395fbdc048021fd0b148c8ba87abe875a491a5bbd4d6b178c4141  libcomrak_nif-v0.11.1-nif-2.15-x86_64-unknown-linux-musl.so.tar.gz

v0.11.0

0.11.0 - 2026-01-09

Changed

• [Sigil] Minor breaking change Returns %MDEx.HeexInline{} instead of %MDEx.Text{} for Elixir expressions in the AST
• [Deps] Update autumn to v0.6.0

Added

• [Sigil] HEEX modifier for Phoenix LiveView components and Elixir expressions in Markdown
• [Syntax Highlighter] Support multi (light/dark) themes

Fixed

• Preserve HTML entities in output

... (truncated)

Changelog

Sourced from mdex's changelog.

0.11.1 - 2026-01-19

Changed

• Add use MDEx macro to set up MDEx in a module (optional)
• [HEEx] Add to_heex/2 and to_heex!/2 macros to convert Markdown, MDEx.Document, or HTML to HEEx with Phoenix component support
• [HEEx] Add support for Phoenix.LiveView.Rendered in to_html/2 to convert rendered HEEx to HTML string
• Add :assigns option to pass assigns to HEEx templates
• [Document] Add MDEx.Document.assign/2 and MDEx.Document.assign/3 to set assigns on a document
• [Document] Add MDEx.Document.put_plugins/2 to attach plugins to a document
• [Plugins] Add :plugins option to MDEx.to_* functions for one-off conversions with plugins

Fixed

• [Docs] Indent sigil modifiers items (@​gmile)
• [Plugins] Add :plugins to MDEx.new/1 options to configure multiple plugins at once (@​halostatue)
• [Deps] Make :rustler optional (@​scrogson)
• [Parser] Fix HEEx parsing on mixed components/markdown (ref kivikakk/comrak@0b327a3)

0.11.0 - 2026-01-09

Changed

• [Sigil] Minor breaking change Returns %MDEx.HeexInline{} instead of %MDEx.Text{} for Elixir expressions in the AST
• [Deps] Update autumn to v0.6.0

Added

• [Sigil] HEEX modifier for Phoenix LiveView components and Elixir expressions in Markdown
• [Syntax Highlighter] Support multi (light/dark) themes

Fixed

• Preserve HTML entities in output

0.10.0 - 2025-11-13

Changed

• BREAKING Move :ignore_setext from render to parse options
• BREAKING Update comrak to v0.48.0 with breaking changes:
  • Added closed field to MDEx.CodeBlock (indicates if code block was explicitly closed)
  • Added closed field to MDEx.Heading (indicates if ATX heading had closing hashes)
  • Added texts field to MDEx.FootnoteReference (stores original text elements with positions)
  • Changed MDEx.Table num_rows calculation: now includes the header row in the count
  • NUL byte handling changed: no longer translated to replacement character during parsing
  • No virtual newline appended at EOF when missing
• Overall performance optimizations in parsing and syntax highlighting
• Add extension option :highlight for ==highlighted text== (renders as <mark> tags)
• Add extension option :inline_footnotes
• Add extension option :subtext for Discord-style subtext
• Add parse option :tasklist_in_table for tasklist items in table cells
• Add parse option :leave_footnote_definitions to keep footnotes inline
• Add parse option :escaped_char_spans for tracking escaped characters with source positions
• Update autumnus to v0.7.8

... (truncated)

Commits

• 01fb483 v0.11.1
• a5c08fe docs
• ff9d6d5 chore: update comrak
• 981b4af chore: update usage-rules
• 7379cc4 docs: promote GLFM fully supported
• 0b9cc6e feat: add :plugins to MDEx.to_* functions (#292)
• 81e4d14 HEEx improvements (#291)
• 7c814f3 changelog
• 0bf9b7b revert deps bump
• 2eb816d fix: Make rustler optional and update rustler dependencies (#289)
• Additional commits viewable in compare view

Updates phoenix_ecto from 4.6.3 to 4.7.0

Changelog

Sourced from phoenix_ecto's changelog.

v4.7.0

• Bug fixes
  • Disable migration lock when checking for pending migrations to avoid slow downs

v4.6.6

• Bug fixes
  • Keep backwards compatibility on sandbox API

v4.6.5

• Bug fixes
  • Unallow existing allowances when attempting to allow a Plug to access a connection

v4.6.4

• Enhancements
  • Wrap raised Ecto exceptions so context is not lost
  • Do not override changeset actions

Commits

• 73a83af Release v4.7.0
• 35fcd9e Revert "Revert "Disable migration lock by default on CheckRepoStatus (#196)""
• a0012c2 Release 4.6.6
• 6705443 Revert "Disable migration lock by default on CheckRepoStatus (#196)"
• 3cb5053 Maintain backwards compatibility on sandbox API, closes #197
• 95fde93 Disable migration lock by default on CheckRepoStatus (#196)
• c131a74 Release v4.6.5
• 2ee0684 Unallow existing allowances when attempting to allow a Plug to access a conne...
• 93143d5 Update ExDoc
• 2e7f33a Updates runner to 24.04 and elixir to 1.18 (#191)
• Additional commits viewable in compare view

Updates phoenix_html from 4.2.1 to 4.3.0

Changelog

Sourced from phoenix_html's changelog.

4.3.0 (2025-09-28)

• Enhancements

  • Implement Phoenix.HTML.Safe for Duration
  • Add function head for argument names of normalize_value/2 to improve documentation
  • Allow custom tags in options_for_select
  • Allow datetime as form option values

• Bug fixes

  • Avoid false positive warnings on Elixir v1.19

Commits

• 8cfd3e3 Release v4.3.0
• 053861d Avoid false positive in Elixir v1.19
• 671042c allow datetime as form option values (#468)
• 0f31c95 feat(custom option tags): allow custom tags in options_for_select (#467)
• 0229e74 Add function head for argument names of normalize_value/2 (#466)
• 49bb6e5 Add Phoenix.HTML.Safe to Duration (#463)
• ddaf11e Update CI (#464)
• c11a9e3 Implement Access for form fields
• See full diff in compare view

Updates phoenix_live_view from 1.0.9 to 1.1.20

Changelog

Sourced from phoenix_live_view's changelog.

v1.1.20 (2026-01-14)

Bug fixes

• Fix redirect in handle_params for client-initiated patches causing a JS exception (#4094)
• Fix events initiated from elements teleported outside of a LiveComponent being sent to the LiveView instead of the LiveComponent (#4101)
• Ensure HooksOptions accepts non-default typed hooks (#4099)
• Prevent portal content from disappearing in rare cases (#4095)
• Fix <form> submission to a controller from inside a portal not working (#4107)
• Prevent JS crash when debouncing inputs attached to a form with the form="..." attribute (#4102)
• Fix UploadClient (from LiveViewTest) crashing when receiving a :socket_close message (#4079)
• Allow live_file_input to update attributes (#4078)
• Fix invalid HTML when setting LiveView :container option to :body (#3932)

v1.1.19 (2025-12-12)

Bug fixes

• Ensure stale token redirect uses the correct URL (#4068)
• Ignore events from elements that are not connected to the DOM (#4066)
• Skip phx-click-away if clicked element is hidden (#4070)

Enhancements

• Allow disabling symlink warning for colocated js (#4057)

v1.1.18 (2025-11-25)

Bug fixes

• Fix boolean attributes not being properly ignored when using JS.ignore_attributes (#4049)

Enhancements

• [Phoenix.Component.assign/2] allow passing a function as second argument assign(socket, fn _existing_assigns -> %{this_gets: "merged"} end) (#4051)
• Annotate phx-drop-target elements with the phx-drop-target-active class when items are being dropped (#4012)
• Add onDocumentPatch dom callback and allow specifying the event dispatch phase (#4043) This allows users to use view transitions, see the linked gist in the PR.
• Warn in createHook if passed element has no ID (#4010)
• Allow Phoenix.Component.portal/1 to be nested (#4048)
• Add phx-viewport-overrun-target to make infinitely scrolled tables easier to implement (#4053) (Example)
• Allow to disable the symlink warning for colocated js (#4057)

v1.1.17 (2025-11-04)

Bug fixes

• noop in empty live reloader config

v1.1.16 (2025-10-22)

... (truncated)

Commits

• b146b33 release v1.1.20
• b7f2e12 Update assets
• 32b3925 Bump morphom. Closes #3932
• fa54735 Allow live_file_input to sync attributes except value (#4112)
• 82e50cd add warning about bypassing form validation (#4115)
• 75c5320 Fix incorrect test name for teleported external form submission (#4113)
• dad5d1f add note about setting properties to JS.set_attribute/1 (#3826)
• f8f9fb6 Add documentation example for Phoenix.LiveView.render_with/2 (#4063)
• dd29392 fix: add handle_info for :socket_close on UploadClient (#4080)
• a2c0b8f fix external form submission for teleported form (#4111)
• Additional commits viewable in compare view

Updates phoenix_pubsub from 2.1.3 to 2.2.0

Changelog

Sourced from phoenix_pubsub's changelog.

2.2.0 (2025-10-22)

Enhancements

• Allow the registry size to be set separate from pool size
• Introduce :broadcast_pool_size option to allow safe pool size migration

Bug fixes

• Only restart shards if they terminate unexpectedly

2.1.4 (2024-09-27)

Enhancements

• Add :permdown_on_shutdown option

Commits

• 086e0af Release v2.2.0
• f442cb1 Remove unused require
• 0176ce6 Fix dialyzer Shard module warning (#201)
• fff23f8 Separate Registry pool size configuration (#198)
• 95b4ad2 Introduce broadcast_pool_size option to allow safe pool size migration (#197)
• 420a87a Update ExDoc
• 2c466f3 Remove deprecation warnings on latest Elixir
• 95eb7cc update CI
• 4f0b4ba mix format
• 148ae10 Only restart shards if they terminate ...

  Description has been truncated

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.