chore(deps): bump the production-dependencies group with 9 updates

[dependabot[bot]]

Bumps the production-dependencies group with 9 updates:

Package	From	To
ash	3.0.15	3.0.16
ash_admin	0.11.1	0.11.3
ash_json_api	1.2.0	1.2.2
ash_postgres	2.0.10	2.0.12
bandit	1.5.4	1.5.5
oban	2.17.10	2.17.11
phoenix_live_dashboard	0.8.3	0.8.4
phoenix_live_view	0.20.15	0.20.17
req	0.5.0	0.5.1

Updates ash from 3.0.15 to 3.0.16

Changelog

Sourced from ash's changelog.

v3.0.16 (2024-06-21)

Bug Fixes:

• [bulk updates] use the proper opts when calling manual updates in bulk updates

• [pagination] apply pagination at runtime for non lateral join queries

• [multitenancy] consider multitenancy when checking if through-join is unique

• [Ash.Changeset] don't run any before_action hooks if changeset is invalidated in prior hook

• [atomic upgrade] only prevent atomic upgrade when hooks were explicitly added

Improvements:

• [Ash.Error] retain error context on overridden messages

Commits

• c43286c chore: release version v3.0.16
• af1fa5e fix: use the proper opts when calling manual updates in bulk updates
• b256e1d test: Test loading paginated relationship when tenant is in primary key (#1252)
• 2bdc6ef fix: don't run any before_action hooks if changeset is invalidated in prior...
• cb29738 chore: fix credo/build
• fae2c72 chore(deps-dev): bump ex_doc in the dev-dependencies group (#1251)
• aa93fe0 chore(deps): bump the production-dependencies group with 2 updates (#1250)
• 71d871b Test loading relationships on multitenant resources after create or update (#...
• 3888acb docs: fix typo in update-actions.md (#1248)
• 0eea01d chore: consider MapSet as valid for {:array type in matches_type?/2
• Additional commits viewable in compare view

Updates ash_admin from 0.11.1 to 0.11.3

Changelog

Sourced from ash_admin's changelog.

v0.11.3 (2024-06-25)

Bug Fixes:

• don't go to potentially non-existant create actions

v0.11.2 (2024-06-25)

Bug Fixes:

• properly render errors data table forms

• update to support 0.20 (#179)

Commits

• 8e735db chore: release version v0.11.3
• cbde312 fix: don't go to potentially non-existant create actions
• 4c31983 chore: get build passing
• a935578 chore: release version v0.11.2
• 240e1f6 fix: properly render errors data table forms
• 02dd39c test: fix test assertion
• 8e6e5b9 fix: update to support 0.20 (#179)
• acd8ff7 chore(deps-dev): bump the dev-dependencies group with 2 updates (#178)
• 2e829cc chore(deps): bump the production-dependencies group with 2 updates (#177)
• ee25b7f chore(deps): bump phoenix from 1.7.12 to 1.7.14 (#176)
• Additional commits viewable in compare view

Updates ash_json_api from 1.2.0 to 1.2.2

Changelog

Sourced from ash_json_api's changelog.

v1.2.2 (2024-06-19)

Bug Fixes:

• properly still perform includes on record fetched from path

Improvements:

• newtype/enum support for json_schema as well

• render enums as enums in open api

v1.2.1 (2024-06-18)

Bug Fixes:

• don't raise error including on get related endpoints

• don't show exceptions if show_raised_errors? is false

• don't expose action.name over api docs

• resource comes from the route on domains

• add missing fields from InvalidField

• validate relationships from routes at compile time

Improvements:

• support name on routes, use in description and operationId

• verify includes list at compile time

• allow setting a resource second option on domain's base_route entity

Commits

• 5da8e6c chore: release version v1.2.2
• a4c0513 improvement: newtype/enum support for json_schema as well
• f92ff96 improvement: render enums as enums in open api
• 5cc050b fix: properly still perform includes on record fetched from path
• 994fc6f docs: update getting-started guide
• 7a46c6a chore(deps): bump ash from 3.0.13 to 3.0.14 (#175)
• 97c65d0 chore: release version v1.2.1
• 2515ef8 fix: don't raise error including on get related endpoints
• 4b96765 improvement: support name on routes, use in description and operationId
• acc0750 fix: resource comes from the route on domains
• Additional commits viewable in compare view

Updates ash_postgres from 2.0.10 to 2.0.12

Changelog

Sourced from ash_postgres's changelog.

v2.0.12 (2024-06-20)

Bug Fixes:

• [migration generator] only add references indexes if they've changed

v2.0.11 (2024-06-19)

Bug Fixes:

• [AshPostgres.DataLayer] rework expression type detection

• [migration generator] ensure index keys are atoms in generated migrations (#332)

Commits

• See full diff in compare view

Updates bandit from 1.5.4 to 1.5.5

Changelog

Sourced from bandit's changelog.

1.5.5 (19 Jun 2024)

Changes

• Add domain: [:bandit] to the metadata of all logger calls
• Bring logging of early-connect HTTP2 errors under the log_protocol_errors umbrella

Commits

• 9cdb467 Version bump to 1.5.5
• 87c281f Use top-level rescue
• b62a7eb Add :bandit domain to logger metadata
• bc67149 Bring logging of early-connect HTTP2 errors under the log_protocol_errors umb...
• f2761ad Bump credo from 1.7.6 to 1.7.7 (#370)
• See full diff in compare view

Updates oban from 2.17.10 to 2.17.11

Release notes

Sourced from oban's releases.

v2.17.11

Bug Fixes

• [Oban] Handle deprecation warnings from Elixir 1.17

• [Notifier] Prevent noisy logging about switching between modes.

  There's an apparent race condition in Sonar between pruning stale nodes on :ping and updating the status after a notification. This primarily happens in development for two reasons:

  1. Development laptops are most prone to time warp because of system sleep.
  2. Apps only run a single node in development.

  Using monotonic_time/1 instead of system_time/1 guards against clock drift/time warp effects.

• [Stager] Prevent notification status timeouts from bubbling into the Stager.

  A clogged Ecto pool could cause cascading errors on startup due to a sequence of calls between the Notifier, Sonar, and Stager.

  1. Sonar sends a notification in handle_continue on startup.
  2. The notification is blocked while the Notifier waits for a connection from the Ecto pool.
  3. Stager checks for the connection status on startup, which would eventually time out because the Sonar hadn't finished initializing.
  4. The Stager crashes from the timeout error.

  This makes the following changes to prevent this sequence of events:

  1. The Stager no longer gets the sonar status during startup.
  2. The Notifier catches timeout errors from Sonar checks, warns about it, then returns an :unknown status.

• [Engine] Defensively check the process dictionary during inline testing.

  Not all processes are guaranteed to return a value for the process dictionary. Sometimes a value was missing during inline testing, which would crash the test.

• [Basic] Set conflict? flag when encountering a unique advisory lock.

  The conflict? flag wasn't set when inserting a unique job was blocked by an advisory lock. Now the flag is set on either a fetched duplicate, or when the advisory lock is set.

• [Job] Correct replace_by_state_option type by switching from keyword to tuples.

• [Config] Correctly type shutdown_grace_period as an integer rather than a timeout.

Changelog

Sourced from oban's changelog.

v2.17.11 — 2024-06-25

Bug Fixes

• [Oban] Handle deprecation warnings from Elixir 1.17

• [Notifier] Prevent noisy logging about switching between modes.

  There's an apparent race condition in Sonar between pruning stale nodes on :ping and updating the status after a notification. This primarily happens in development for two reasons:

  1. Development laptops are most prone to time warp because of system sleep.
  2. Apps only run a single node in development.

  Using monotonic_time/1 instead of system_time/1 guards against clock drift/time warp effects.

• [Stager] Prevent notification status timeouts from bubbling into the Stager.

  A clogged Ecto pool could cause cascading errors on startup due to a sequence of calls between the Notifier, Sonar, and Stager.

  1. Sonar sends a notification in handle_continue on startup.
  2. The notification is blocked while the Notifier waits for a connection from the Ecto pool.
  3. Stager checks for the connection status on startup, which would eventually time out because the Sonar hadn't finished initializing.
  4. The Stager crashes from the timeout error.

  This makes the following changes to prevent this sequence of events:

  1. The Stager no longer gets the sonar status during startup.
  2. The Notifier catches timeout errors from Sonar checks, warns about it, then returns an :unknown status.

• [Engine] Defensively check the process dictionary during inline testing.

  Not all processes are guaranteed to return a value for the process dictionary. Sometimes a value was missing during inline testing, which would crash the test.

• [Basic] Set conflict? flag when encountering a unique advisory lock.

  The conflict? flag wasn't set when inserting a unique job was blocked by an advisory lock. Now the flag is set on either a fetched duplicate, or when the advisory lock is set.

• [Job] Correct replace_by_state_option type by switching from keyword to tuples.

• [Config] Correctly type shutdown_grace_period as an integer rather than a timeout.

Commits

• fb07db6 Release v2.17.11
• 0b2a72d Bump all outdated deps to latest version
• 1c9e0b8 Add typedocs for Worker.return/0 type (#1108)
• ad9b7ee Use monotonic_time for pruning stale Sonar nodes
• b1d9c24 Make replace_by_state_option tuples instead of a keyword (#1103)
• 140e49e Defensively check the pdict for inline testing
• 4c0ac00 Prevent sonar timeouts bubbling into the stager
• ef0805f Handle deprecation warnings from Elixir 1.17-rc.0
• a7dad1b Set conflict? flag on unique advisory lock
• ca0b368 Correctly type shutdown_grace_period as an integer
• See full diff in compare view

Updates phoenix_live_dashboard from 0.8.3 to 0.8.4

Changelog

Sourced from phoenix_live_dashboard's changelog.

v0.8.4 (2024-06-21)

• Add immutable directive to cache-control header
• Wrap log lines in request logger page
• Fix deprecation warnings on LiveView release candidate

Commits

• 1685c55 Release v0.8.4
• bbff5fb Run npm audit fix updating vulnerable deps (#445)
• 5fe566b Rename deprecated push_redirect to push_navigate (#444)
• f87a1bd Wrap log lines in request logger page (#442)
• 001ca7d Update README.md (#441)
• 78d772d Add immutable directive to cache-control header (#440)
• a39af07 Add :on_mount to router documentation (#436)
• 54239fd Fix @​input to @​output (#434)
• 2cd0556 Update node, packages and sass #431
• 6bf35a1 Update node, package and sass
• See full diff in compare view

Updates phoenix_live_view from 0.20.15 to 0.20.17

Changelog

Sourced from phoenix_live_view's changelog.

0.20.17 (2024-06-21)

Bug fixes

• Fix formatter adding newlines in script tags

0.20.16 (2024-06-20)

Bug fixes

• Fix bug introduced in 0.20.15 causing incorrect patching on form elements when awaiting acknowledgements

Commits

• f778e5b Release 0.20.17
• df90cc3 prepare 0.20.17
• 41bb78e update changelog
• f6f8f9c Format EEx blocks within script tag, closes #3312
• 8f39fd6 Release 0.20.16
• f9ab757 update changelog
• See full diff in compare view

Updates req from 0.5.0 to 0.5.1

Changelog

Sourced from req's changelog.

v0.5.1 (2024-06-24)

• [retry]: Default :retry_log_level to :warning

• [put_path_params]: Add :path_params_style option

• [put_aws_sigv4]: Fix path encoding

• [decode_body]: Improve tar detection

• [run_finch]: Fix defaulting to using just HTTP/1

Commits

• 84308db Release v0.5.1
• af1a34f run_finch: Fix defaulting to using just HTTP/1
• 7148e42 Improve test
• b6f542c Remove TODO
• e893132 decode_body: Improve tar detection
• db53ac4 Update CHANGELOG
• deae87c put_aws_sigv4: Fix path encoding (#374)
• a7ce008 Fix run!/2 specs
• 59f4ea0 Update docs
• 3c1319c Update docs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions