Skip to content

chore: remove hackney and httpoison dependencies #1390

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
edgurgel merged 1 commit into from
May 30, 2025
Merged

chore: remove hackney and httpoison dependencies #1390

edgurgel merged 1 commit into from
May 30, 2025

Conversation

@edgurgel
Copy link
Member

@edgurgel edgurgel commented May 28, 2025

What kind of change does this PR introduce?

A new CVE was released for hackney and it would involve upgrading this library or adding a new advisory exclusion. But we don't seem to use it.

GHSA-9fm9-hp7p-53mf

We don't seem to use them for anything

What is the current behavior?

Having hackney and httpoison as dependencies.

What is the new behavior?

Not having them.

Additional context

I simply removed httpoison from listed dependencies. Called mix deps.unlock --unused and that's what I got from it.

@vercel
Copy link

vercel bot commented May 28, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
realtime-demo ⬜️ Ignored (Inspect) May 30, 2025 1:13am

@edgurgel edgurgel mentioned this pull request May 28, 2025
Merged
@coveralls
Copy link

coveralls commented May 28, 2025
edited
Loading

Coverage Status

coverage: 82.829% (-0.8%) from 83.62%
when pulling 77e7944 on remove/httpoison-hackney
into 24b60b0 on main.

@edgurgel
chore: remove hackney and httpoison dependencies
77e7944 
We don't seem to use them for anything
@edgurgel edgurgel force-pushed the remove/httpoison-hackney branch from 17d8eb9 to 77e7944 Compare May 30, 2025 01:13
@edgurgel edgurgel merged commit 4bf5a73 into main May 30, 2025
5 checks passed
@edgurgel edgurgel deleted the remove/httpoison-hackney branch May 30, 2025 01:26
@kiwicopple
Copy link
Member

kiwicopple commented May 30, 2025

🎉 This PR is included in version 2.36.6 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@filipecabaco filipecabaco filipecabaco approved these changes

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@edgurgel @coveralls @kiwicopple @filipecabaco