Skip to content

chore(deps): bump hackney from 1.20.1 to 1.23.0#1200

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/hex/hackney-1.23.0
Closed

chore(deps): bump hackney from 1.20.1 to 1.23.0#1200
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/hex/hackney-1.23.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 3, 2025

Bumps hackney from 1.20.1 to 1.23.0.

Release notes

Sourced from hackney's releases.

1.23.0 - 2025-02-25

Changes:

fix: happy eyeball use correct timeout during connectino fix: don't wrap conection error improvement: eyeballonly spawn ipv6 worker when needed

Available on hex.pm https://hexdocs.pm/hackney/1.23.0/

1.22.0 - 2025-02-20

Changes

  • feature: prefer to connect using IPv6. happy eyeball strategy
  • improvement: fully support no_proxy environment variable
  • doc: migrated to ex_doc

1.21.0 - 2025-02-20

fix: remove SSL options incompatible with tls 1.3 fix: url parsing handle "/" path correctly fix: simplify integration test suite fix: handle chunked response in redirect responses fix: handle http & https proxies separately fix: skip junk lines in 1.xx response

** security fixes ***

fix URL parsing to prevent SSRF . (related to CVE-2025-1211) use latest SSL certificate bundle

Available on hex.pm : https://hex.pm/packages/hackney

Changelog

Sourced from hackney's changelog.

1.23.0 - 2025-02-25

  • fix: happy eyeball use correct timeout during connectino
  • fix: don't wrap conection error
  • improvement: eyeballonly spawn ipv6 worker when needed

1.22.0 - 2025-02-20

  • feature: prefer to connect using IPv6. happy eyeball strategy
  • improvement: fully support no_proxy environment variable
  • doc: migrated to ex_doc

1.21.0 - 2025-02-20

  • fix: remove SSL options incompatible with tls 1.3
  • fix: url parsing handle "/" path correctly
  • fix: simplify integration test suite
  • fix: handle chunked response in redirect responses
  • fix: handle http & https proxies separately
  • fix: skip junk lines in 1.xx response

** security fixes ***

  • fix URL parsing to prevent SSRF . (related to CVE-2025-1211)
  • use latest SSL certificate bundle
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump hackney from 1.20.1 to 1.23.0
9e7fdc8 
Bumps [hackney](https://github.com/benoitc/hackney) from 1.20.1 to 1.23.0.
- [Release notes](https://github.com/benoitc/hackney/releases)
- [Changelog](https://github.com/benoitc/hackney/blob/master/NEWS.md)
- [Commits](benoitc/hackney@1.20.1...1.23.0)

---
updated-dependencies:
- dependency-name: hackney
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file elixir Pull requests that update Elixir code labels Apr 3, 2025
@dependabot dependabot bot requested a review from a team as a code owner April 3, 2025 18:19
@dependabot dependabot bot requested review from rudiejd and removed request for a team April 3, 2025 18:19
@rudiejd
Copy link
Copy Markdown
Member

rudiejd commented Apr 10, 2025
edited
Loading

❌ do not merge, this will cause issues with keycloak #1194

@rudiejd rudiejd closed this Apr 10, 2025
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 10, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/hex/hackney-1.23.0 branch April 10, 2025 14:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rudiejd rudiejd Awaiting requested review from rudiejd rudiejd is a code owner automatically assigned from mbta/transit-data

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file elixir Pull requests that update Elixir code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rudiejd