Bump phlex from 1.9.1 to 1.10.2 in /gem

[dependabot[bot]]

Bumps phlex from 1.9.1 to 1.10.2.

Release notes

Sourced from phlex's releases.

1.10.2

Includes security fixes for https://github.com/phlex-ruby/phlex/security/advisories/GHSA-9p57-h987-4vgx

1.10.1

Includes important security fixes https://github.com/phlex-ruby/phlex/security/advisories/GHSA-g7xq-xv8c-h98c

1.10.0

Highlights

[Experimental] Selective Rendering

When rendering Phlex::HTML or Phlex::SVG components, you can now pass a list of ids to be rendered and Phlex will skip past everything else.

This is incredibly useful for Turbo/HTMX-style “HTML-Over-The-Wire” responses. It allows you to render just the parts you need so you don’t need to set up special endpoints for those fragments.

This feature will become more useful in 2.0, which will ship with an optional frontend package, Phlex.js, an alternative to Turbo as well as Morphlex, our DOM morphing library, an alternative to Idiomorph.

To use selective rendering, pass an array of IDs as the fragments: keyword argument when calling call.

[Experimental] Component Kits (limited to Ruby 3.2 and up)

Kits allow you to render components in your templates without using the render method or calling .new.

For this to work, the components need to be in a “Kit”. A Kit is a special Ruby module that contains components. In your app, you might just call this module Components. But you could call it anything and UI kits can ship gems with Phlex Kits in them. The module should extend Phlex::Kit like this:

module Components
  extend Phlex::Kit
end

Now you can define a component in that Kit like this:

class Components::Card < Phlex::HTML
  def initialize(title)
    @title = title
  end
def view_template(&)
article(class: "card") {
h1(class: "card-title") { @​title }
yield
}
end
end

When this component class is defined, a method will automatically be defined on the containing kit (Components) with the same name as the component, in this case, the method Card will be defined on Components.

... (truncated)

Changelog

Sourced from phlex's changelog.

Changelog

All notable changes to this project will be documented in this file. The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.10.0] 2024-04-05

• [Added] new Phlex::CSV class for streaming CSV views
• [Added] new (experimental) Phlex::Kit for collections of components
• [Added] support for selective rendering
• [Changed] mix does a better job when mixing different types of attributes
• [Changed] Phlex will now try to call to_s on attribute values
• [Changed] No runtime dependencies
• [Deprecated] Phlex::HTML#param, (<param>) tags have been deprecated
• [Deprecated] Defining the template method is now deprecated. You should define view_template instead. In Phlex 2.0, the template method will render a \<template> tag.

Commits

• 7052ee8 1.10.2
• 61c0303 1.10.1
• 941eacf Restore mix functionality when the mixed values are nil (#705)
• 215dec3 Hot fix
• b5d58b1 Selective capture blocks (#702)
• 544b32d Update CHANGELOG.md
• 3a44739 Test custom object method call precedence (#700)
• 45b105e Test await and flush (#697)
• a68bb2d Update sgml.rb
• 54226c6 improve warnings
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.