chore(deps): bump the prod-dependencies group with 3 updates

[dependabot]

Bumps the prod-dependencies group with 3 updates: jason, phoenix and phoenix_live_view.

Updates jason from 1.4.4 to 1.4.5

Changelog

Sourced from jason's changelog.

1.4.5 (05.05.2026)

• Add support for Decimal 3.0

Commits

• 4ede428 Bump v1.4.5
• b8c2185 Fix dialyzer job
• a363975 Modernise CI to currently supported versions
• 243c8a8 Allow decimal 3.0
• c8e8d05 Revert the experimental 1.5 branch and jason_native experiment
• 0e7a3e2 Add example/doctest for Jason.OrderedObject.new/1
• 984bc07 fix broken link
• f775592 Raise if trying to decode decimals without decimal
• 79d59df Remove unneeded workarounds for xref warnings
• baac78e Fix warnings by conditionally compiling Decimal support
• Additional commits viewable in compare view

Updates phoenix from 1.8.5 to 1.8.7

Changelog

Sourced from phoenix's changelog.

1.8.7 (2026-05-06)

Bug fixes

• Fix invalid status when longpoll request times out

Enhancements

• Mask token parameter in logs by default (in addition to "password")

JavaScript Client Bug Fixes

• Fix encoding of non-ASCII metadata in binary channel messages

1.8.6 (2026-05-05)

Security fixes

• CVE-2026-32689: Fix Phoenix.Socket Longpoll transport memory exhaustion in nd-JSON body splitting

Enhancements

• [phoenix] Raise if use Phoenix.VerifiedRoutes is called multiple times in the same module
• [phoenix] Fix more deprecation and type checker warnings on Elixir 1.20
• [phoenix] Raise when interpolating a list in Phoenix.VerifiedRoutes (#6632)
• [phoenix] Gracefully handle non-binary vsn socket parameter (#6662)
• [phx.gen.*] Use .eex filename suffix in generator files
• [phx.new] Add interactive mode: mix phx.new --interactive (#6630)
• [phx.new] Add phx-no-format to generated <.live_title> tag (#6667)

Bug fixes

• [phx.gen.*] Fix generated migrations for myxql when using scopes (#6635)
• [phx.new] Fix crash when parent directory contains a colon (#6633)

Commits

• ba3a131 Release v1.8.7
• e74eacc fix invalid status on longpoll window timeout
• 035fde9 Update assets
• eb5f52f Correctly serialize non ASCII metadata (#6664)
• a99c5e8 Filter token parameters by default (#6665)
• 2190111 update installer version
• ddcdadb Release v1.8.6
• 1a67c61 prevent unexpected memory usage on nd-json body splitting
• 8ca76a2 fix a couple of typos (#6672)
• 6214d83 Bump postcss from 8.5.6 to 8.5.13 (#6671)
• Additional commits viewable in compare view

Updates phoenix_live_view from 1.1.28 to 1.1.30

Release notes

Sourced from phoenix_live_view's releases.

v1.1.30

Bug fixes

• Ensure internal phx-viewport hook does not crash on update if no scroll container is used (#4214), introduced in v1.1.29.

v1.1.29

Bug fixes

• Prevent JS crash when hook has a duplicate ID (#4196)
• Recompute scroll container for phx-viewport bindings if it is no longer available (#4169)
• Fix phx-viewport events not firing when container has horizontal overflow (#3897)
• Handle locks on skipped nodes (#4209)
• Use moveBefore if available when reordering stream elements (#4212)

Changelog

Sourced from phoenix_live_view's changelog.

v1.1.30 (2026-05-05)

Bug fixes

• Ensure internal phx-viewport hook does not crash on update if no scroll container is used (#4214), introduced in v1.1.29.

v1.1.29 (2026-05-04)

Bug fixes

• Prevent JS crash when hook has a duplicate ID (#4196)
• Recompute scroll container for phx-viewport bindings if it is no longer available (#4169)
• Fix phx-viewport events not firing when container has horizontal overflow (#3897)
• Handle locks on skipped nodes (#4209)
• Use moveBefore if available when reordering stream elements (#4212)

Commits

• fdbbe52 Release v1.1.30
• 970932b Update assets
• ff31d01 Ensure phx-viewport hook does not fail if there's no scrollContainer
• 24090b5 Release v1.1.29
• cc83643 Update assets
• 8deb3e5 Use moveBefore if supported when reordering stream items (#4213)
• 174dad5 DOM patching: Fall back to PHX_MAGIC_ID if node ID was touched by client hook...
• 4e18a20 handle locks on skipped nodes (#4210)
• 031f00c Remove unreachable error clause in UploadTmpFileWriter.write_chunk/2
• 0b4005b Optimize traverse_dynamic for nil and binary entries
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.