Skip to content

Bump httpoison from 2.3.0 to 3.0.0#171

Merged
nelsonic merged 2 commits into
mainfrom
dependabot/hex/httpoison-3.0.0
Jul 1, 2026
Merged

Bump httpoison from 2.3.0 to 3.0.0#171
nelsonic merged 2 commits into
mainfrom
dependabot/hex/httpoison-3.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps httpoison from 2.3.0 to 3.0.0.

Release notes

Sourced from httpoison's releases.

HTTPoison 3.0.0

What's Changed

  • Upgrade to hackney 4.0, which fixes several CVEs (atom-table exhaustion via URL schemes, HTTP header injection, WebSocket buffer limits and more)
  • Response bodies now come straight from hackney; max_body_length is trimmed on our side
  • Redirects are now followed inside hackney, so HTTPoison.MaybeRedirect is no longer returned. The struct is kept only for backward compatibility
  • ssl: [verify: :verify_none] disables certificate verification again
  • Skip empty chunks when streaming a request body so they don't truncate the request
  • Basic auth over plain HTTP now requires the insecure_basic_auth: true option

New Contributors

Full Changelog: edgurgel/httpoison@v2.3.0...v3.0.0

Changelog

Sourced from httpoison's changelog.

3.0.0 (2026-06-14)

  • Upgrade to hackney 4.0, which fixes several CVEs (atom-table exhaustion via URL schemes, HTTP header injection, WebSocket buffer limits and more)
  • Response bodies now come straight from hackney; max_body_length is trimmed on our side
  • Redirects are now followed inside hackney, so HTTPoison.MaybeRedirect is no longer returned. The struct is kept only for backward compatibility
  • ssl: [verify: :verify_none] disables certificate verification again
  • Skip empty chunks when streaming a request body so they don't truncate the request
  • Basic auth over plain HTTP now requires the insecure_basic_auth: true option
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code labels Jul 1, 2026
Bumps [httpoison](https://github.com/edgurgel/httpoison) from 2.3.0 to 3.0.0.
- [Release notes](https://github.com/edgurgel/httpoison/releases)
- [Changelog](https://github.com/edgurgel/httpoison/blob/main/CHANGELOG.md)
- [Commits](edgurgel/httpoison@v2.3.0...v3.0.0)

---
updated-dependencies:
- dependency-name: httpoison
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/hex/httpoison-3.0.0 branch from 2865d03 to 442ceed Compare July 1, 2026 21:36
@nelsonic

nelsonic commented Jul 1, 2026

Copy link
Copy Markdown
Member

@nelsonic nelsonic left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Build Should be fixed by updating Elixir + OTP. 👌

@nelsonic

nelsonic commented Jul 1, 2026

Copy link
Copy Markdown
Member

Build passes but CodeCov upload fails:
https://github.com/dwyl/elixir-auth-google/actions/runs/28549805025/job/84644062090#step:7:52

image
{"message":"Token required - not valid tokenless upload"}
400

@nelsonic

nelsonic commented Jul 1, 2026

Copy link
Copy Markdown
Member

@nelsonic nelsonic merged commit da5e1ec into main Jul 1, 2026
1 check passed
@nelsonic nelsonic deleted the dependabot/hex/httpoison-3.0.0 branch July 1, 2026 21:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant