chore(deps): bump phoenix_live_view from 1.1.30 to 1.1.31 by dependabot[bot] · Pull Request #93 · hyperpolymath/bofig

dependabot · 2026-06-05T06:13:18Z

Bumps phoenix_live_view from 1.1.30 to 1.1.31.

Release notes

Sourced from phoenix_live_view's releases.

v1.1.31

Enhancements

Validate URL scheme in push_patch / push_navigate, JS.patch / JS.navigate, and clientside js().patch / js().navigate (#4250)

Bug fixes

Fix nested assign change tracking (#4225)

Ensure Phoenix.LiveViewTest.live_redirect/2 properly passes the URI as a string in handle_params (#4247)

Changelog

Sourced from phoenix_live_view's changelog.

v1.1.31 (2026-05-29)

Enhancements

Validate URL scheme in push_patch / push_navigate, JS.patch / JS.navigate, and clientside js().patch / js().navigate (#4250)

Bug fixes

Fix nested assign change tracking (#4225)

Ensure Phoenix.LiveViewTest.live_redirect/2 properly passes the URI as a string in handle_params (#4247)

Commits

0a4a3e6 Release v1.1.31
bc4878c Validate URL scheme in <.link> for navigate / patch (#4250)
5afe9ef Update assets
c95244a Clarify external upload error message (#4245)
dda4b92 fix: Convert URI struct to string in live_redirect test helper (#4247)
d95af53 docs: document hooks and JS commands in dead views (#4246)
96f221b Clarify live_session layout error (#4244)
f15cbf5 Fix JS.hide selector examples (#4239)
731d0ab Fix assign_async return docs (#4236)
59a3869 Clarify JS display defaults (#4234)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [phoenix_live_view](https://github.com/phoenixframework/phoenix_live_view) from 1.1.30 to 1.1.31. - [Release notes](https://github.com/phoenixframework/phoenix_live_view/releases) - [Changelog](https://github.com/phoenixframework/phoenix_live_view/blob/v1.1.31/CHANGELOG.md) - [Commits](phoenixframework/phoenix_live_view@v1.1.30...v1.1.31) --- updated-dependencies: - dependency-name: phoenix_live_view dependency-version: 1.1.31 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-06-05T06:14:14Z

🔍 Hypatia Security Scan

Findings: 26 issues detected

Severity	Count
🔴 Critical	1
🟠 High	4
🟡 Medium	21

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Issue in elixir-ci.yml",
    "type": "missing_timeout_minutes",
    "file": "elixir-ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in generator-generic-ossf-slsa3-publish.yml",
    "type": "missing_timeout_minutes",
    "file": "generator-generic-ossf-slsa3-publish.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in governance.yml",
    "type": "missing_timeout_minutes",
    "file": "governance.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in mirror.yml",
    "type": "missing_timeout_minutes",
    "file": "mirror.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in scorecard.yml",
    "type": "missing_timeout_minutes",
    "file": "scorecard.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in secret-scanner.yml",
    "type": "missing_timeout_minutes",
    "file": "secret-scanner.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in scorecard-enforcer.yml",
    "type": "scorecard_publish_with_run_step",
    "file": "scorecard-enforcer.yml",
    "action": "split_scorecard_publish_job",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in instant-sync.yml",
    "type": "secret_action_without_presence_gate",
    "file": "instant-sync.yml",
    "action": "peter-evans/repository-dispatch",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "line": 164,
    "reason": "Secret found: Password",
    "type": "secret_detected",
    "file": "/home/runner/work/bofig/bofig/lib/evidence_graph/accounts.ex",
    "action": "revoke_rotate_and_purge",
    "rule_module": "security_errors",
    "severity": "critical"
  },
  {
    "reason": "Nominal-only SAST in bofig: codeql.yml language matrix contains no language present in the repo and lacks `actions`, so CodeQL records zero results on every commit. Remediation: set the CodeQL matrix to `language: actions`.",
    "type": "StaticAnalysis",
    "file": "/home/runner/work/bofig/bofig",
    "action": "auto_fix",
    "rule_module": "scorecard",
    "severity": "medium",
    "remediation": "Add CodeQL or equivalent SAST workflow.",
    "scorecard_check": "SAST"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

github-actions · 2026-06-05T10:25:39Z

🔍 Hypatia Security Scan

Findings: 26 issues detected

Severity	Count
🔴 Critical	1
🟠 High	4
🟡 Medium	21

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Issue in elixir-ci.yml",
    "type": "missing_timeout_minutes",
    "file": "elixir-ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in generator-generic-ossf-slsa3-publish.yml",
    "type": "missing_timeout_minutes",
    "file": "generator-generic-ossf-slsa3-publish.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in governance.yml",
    "type": "missing_timeout_minutes",
    "file": "governance.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in mirror.yml",
    "type": "missing_timeout_minutes",
    "file": "mirror.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in scorecard.yml",
    "type": "missing_timeout_minutes",
    "file": "scorecard.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in secret-scanner.yml",
    "type": "missing_timeout_minutes",
    "file": "secret-scanner.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in scorecard-enforcer.yml",
    "type": "scorecard_publish_with_run_step",
    "file": "scorecard-enforcer.yml",
    "action": "split_scorecard_publish_job",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in instant-sync.yml",
    "type": "secret_action_without_presence_gate",
    "file": "instant-sync.yml",
    "action": "peter-evans/repository-dispatch",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "line": 164,
    "reason": "Secret found: Password",
    "type": "secret_detected",
    "file": "/home/runner/work/bofig/bofig/lib/evidence_graph/accounts.ex",
    "action": "revoke_rotate_and_purge",
    "rule_module": "security_errors",
    "severity": "critical"
  },
  {
    "reason": "Nominal-only SAST in bofig: codeql.yml language matrix contains no language present in the repo and lacks `actions`, so CodeQL records zero results on every commit. Remediation: set the CodeQL matrix to `language: actions`.",
    "type": "StaticAnalysis",
    "file": "/home/runner/work/bofig/bofig",
    "action": "auto_fix",
    "rule_module": "scorecard",
    "severity": "medium",
    "remediation": "Add CodeQL or equivalent SAST workflow.",
    "scorecard_check": "SAST"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

dependabot Bot added dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code labels Jun 5, 2026

hyperpolymath approved these changes Jun 5, 2026

View reviewed changes

Merge branch 'main' into dependabot/hex/phoenix_live_view-1.1.31

f17441d

hyperpolymath merged commit e482a46 into main Jun 5, 2026
31 checks passed

hyperpolymath deleted the dependabot/hex/phoenix_live_view-1.1.31 branch June 5, 2026 10:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump phoenix_live_view from 1.1.30 to 1.1.31#93

chore(deps): bump phoenix_live_view from 1.1.30 to 1.1.31#93
hyperpolymath merged 2 commits into
mainfrom
dependabot/hex/phoenix_live_view-1.1.31

dependabot Bot commented on behalf of github Jun 5, 2026

Uh oh!

github-actions Bot commented Jun 5, 2026

Uh oh!

github-actions Bot commented Jun 5, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 5, 2026

v1.1.31

Enhancements

Bug fixes

v1.1.31 (2026-05-29)

Enhancements

Bug fixes

Uh oh!

github-actions Bot commented Jun 5, 2026

🔍 Hypatia Security Scan

Uh oh!

github-actions Bot commented Jun 5, 2026

🔍 Hypatia Security Scan

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant