Skip to content

deps(elixir): bump the elixir-mcp-server group in /apps/mcp-server-elixir with 3 updates#205

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/hex/apps/mcp-server-elixir/elixir-mcp-server-9f052d9f2e
Open

deps(elixir): bump the elixir-mcp-server group in /apps/mcp-server-elixir with 3 updates#205
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/hex/apps/mcp-server-elixir/elixir-mcp-server-9f052d9f2e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the elixir-mcp-server group in /apps/mcp-server-elixir with 3 updates: credo, hackney and tesla.

Updates credo from 1.7.18 to 1.7.19

Release notes

Sourced from credo's releases.

v1.17.19

Check it out on Hex: https://hex.pm/packages/credo/1.7.19

  • Fix compatibility & compiler warnings with Elixir 1.20.0
Changelog

Sourced from credo's changelog.

1.7.19

  • Fix compatibility & compiler warnings with Elixir 1.20.0
Commits

Updates hackney from 1.25.0 to 4.2.2

Release notes

Sourced from hackney's releases.

4.2.2

Fixed

  • Pool no longer crashes when a pooled connection dies during the liveness check. find_available could call hackney_conn:is_ready/1 on a connection that died right after the is_process_alive/1 check, and the resulting noproc exit took down the pool. The dead connection is now skipped. (#869)

4.2.1

Dependencies

  • quic 1.6.3 -> 1.6.4.
  • webtransport 0.3.1 -> 0.3.2.
  • certifi 2.16.0 -> 2.17.0.

4.2.0

Added

  • IPv6 for HTTP/3. The family connect option (inet | inet6) is forwarded to QUIC, which resolves DNS and races addresses with Happy Eyeballs (RFC 8305). IPv6 literals such as https://[::1]/ work too.
  • 0-RTT and session resumption for HTTP/3. Session tickets are cached per {host, port, transport} and replayed on the next connection; a bodyless one-shot request is then sent as 0-RTT, otherwise the ticket gives a resumed handshake. Controlled by the zero_rtt option, with an explicit session_ticket taking precedence. New hackney_h3 helpers: early_data_accepted/1, get_session_ticket/1, wait_session_ticket/2.

Fixed

  • Recover from an expired cross-signed root instead of failing the handshake (e.g. Let's Encrypt's ISRG Root X2 cross-signed by the expired ISRG Root X1), across HTTP/1.1, HTTP/2, HTTP/3 and WebTransport. A genuinely expired leaf or intermediate still fails, and partial chains keep working.
  • HTTP/3 connections from the pool now apply ssl_options (cacerts, insecure) that previously did not reach the QUIC layer.
  • A pooled connection that stops between checkout and the request call no longer leaks exit:{normal, _} / exit:noproc to the caller; request, body and streaming calls return {error, closed} instead (#861).
  • A proxy host given as an atom (e.g. localhost) or a binary is accepted again for the plain, connect and socks5 proxy tuples instead of being silently ignored (#858).

Dependencies

  • quic 1.4.5 -> 1.6.3.
  • h2 0.6.1 -> 0.8.0.
  • webtransport 0.2.6 -> 0.3.1.

hackney 4.1.0

WebTransport client. Drop-in addition alongside the WebSocket API, no breaking changes.

Added

  • WebTransport client API (hackney:wt_connect/1,2, wt_send/2, wt_recv/1,2, wt_setopts/2, wt_close/1,2), mirroring the WebSocket ws_* API so code switches by swapping the ws_ prefix for wt_. Runs over HTTP/3 (default) or HTTP/2. One session multiplexes many streams (wt_open_stream/2, wt_stream_send/3,4, wt_stream_recv/2,3, wt_close_stream/2, wt_reset_stream/3, wt_stop_sending/3) plus unreliable datagrams (wt_send_datagram/2) and wt_session_info/1. No custom wire framing, so it interoperates with any WebTransport server. Caller path and headers are checked for CR/LF/NUL and a buffer cap bounds unread data. See the WebTransport Guide.

Dependencies

  • Add webtransport 0.2.6.

Full changelog: https://github.com/benoitc/hackney/blob/master/NEWS.md

hackney 4.0.3

OTP 29 support and HTTP/3 server-certificate verification. Drop-in upgrade from 4.0.2, no API changes.

Security

  • HTTP/3 now verifies the server certificate. quic 1.4.4 authenticates the server by default; hackney passes the request's insecure option and any configured CA (cacerts/cacertfile in ssl_options) through to the QUIC connection, so verification can be disabled or pointed at a custom trust store. Without a configured CA, quic uses its default trust store.

... (truncated)

Changelog

Sourced from hackney's changelog.

4.2.2 - 2026-06-07

Fixed

  • Pool no longer crashes when a pooled connection dies during the liveness check. find_available could call hackney_conn:is_ready/1 on a connection that died right after the is_process_alive/1 check, and the resulting noproc exit took down the pool. The dead connection is now skipped. (#869)

4.2.1 - 2026-06-05

Dependencies

  • quic 1.6.3 -> 1.6.4.
  • webtransport 0.3.1 -> 0.3.2.
  • certifi 2.16.0 -> 2.17.0.

4.2.0 - 2026-06-03

Added

  • IPv6 for HTTP/3. The family connect option (inet | inet6) is forwarded to QUIC, which resolves DNS and races addresses with Happy Eyeballs (RFC 8305). IPv6 literals such as https://[::1]/ work too. family may be set in connect_options or ssl_options.
  • 0-RTT and session resumption for HTTP/3. The server's session ticket is cached in the pool per {host, port, transport} and replayed on the next connection; a bodyless one-shot request is then sent as 0-RTT, otherwise the ticket gives a resumed handshake. Enabled by default and controlled by the zero_rtt option, with an explicit session_ticket taking precedence over the cache. New hackney_h3 helpers: early_data_accepted/1, get_session_ticket/1, wait_session_ticket/2.

Fixed

  • Recover from an expired cross-signed root instead of failing the handshake (e.g. Let's Encrypt's ISRG Root X2 cross-signed by the expired ISRG Root X1). For HTTP/1.1 and HTTP/2 the verification function rewrites cert_expired to root_cert_expired so OTP's cross-sign recovery runs; for HTTP/3 and WebTransport the same recovery is in quic 1.6.2. A genuinely expired leaf or intermediate still fails, and partial chains keep working.
  • HTTP/3 connections from the pool now apply ssl_options (cacerts, insecure) that previously did not reach the QUIC layer.
  • A pooled connection that stops between checkout and the request call no longer leaks exit:{normal, _} (or exit:noproc) to the caller. The request, body and streaming calls now return {error, closed} instead (issue #861).

... (truncated)

Commits
  • 6bf3d36 Release 4.2.2
  • 1d8354e Merge pull request #870 from benoitc/fix/pool-noproc-race-test
  • 9cc6653 hackney_pool: regression test for the noproc race (#869)
  • 33351f2 Merge pull request #869 from kpy3/master
  • 0a660b2 Fix race in hackney_pool
  • 548b9d7 Release 4.2.1
  • 907a4d3 Merge pull request #868 from benoitc/deps/quic-1.6.4-wt-0.3.2
  • 6af28e1 Bump certifi to 2.17.0
  • 6c4fb9d Bump quic to 1.6.4 and webtransport to 0.3.2
  • 1d19996 Merge pull request #867 from benoitc/deps/quic-1.6.3
  • Additional commits viewable in compare view

Updates tesla from 1.18.3 to 1.20.0

Release notes

Sourced from tesla's releases.

v1.20.0

1.20.0 (2026-06-05)

Features

  • support {:form,data} tagged body tuples (#886) (b1b3b80)

v1.19.0

1.19.0 (2026-06-04)

Features

  • finch-adapter: Finch adapter will pass through all supported options (#879) (7609328)
  • form-urlencoded: support nested bodies via :brackets option (#878) (f7142e8)
Changelog

Sourced from tesla's changelog.

1.20.0 (2026-06-05)

Features

  • support {:form,data} tagged body tuples (#886) (b1b3b80)

1.19.0 (2026-06-04)

Features

  • finch-adapter: Finch adapter will pass through all supported options (#879) (7609328)
  • form-urlencoded: support nested bodies via :brackets option (#878) (f7142e8)
Commits
  • 901ce60 chore(master): release 1.20.0 (#887)
  • b1b3b80 feat: support {:form,data} tagged body tuples (#886)
  • 603ea34 chore(master): release 1.19.0 (#885)
  • 7609328 feat(finch-adapter): Finch adapter will pass through all supported options (#...
  • f7142e8 feat(form-urlencoded): support nested bodies via :brackets option (#878)
  • 2d3c800 chore(ci): bump release workflow to Elixir 1.19 / OTP 28 (#884)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(elixir): bump the elixir-mcp-server group
2db5fdb 
Bumps the elixir-mcp-server group in /apps/mcp-server-elixir with 3 updates: [credo](https://github.com/rrrene/credo), [hackney](https://github.com/benoitc/hackney) and [tesla](https://github.com/elixir-tesla/tesla).


Updates `credo` from 1.7.18 to 1.7.19
- [Release notes](https://github.com/rrrene/credo/releases)
- [Changelog](https://github.com/rrrene/credo/blob/v1.7.19/CHANGELOG.md)
- [Commits](rrrene/credo@v1.7.18...v1.7.19)

Updates `hackney` from 1.25.0 to 4.2.2
- [Release notes](https://github.com/benoitc/hackney/releases)
- [Changelog](https://github.com/benoitc/hackney/blob/master/NEWS.md)
- [Commits](benoitc/hackney@1.25.0...4.2.2)

Updates `tesla` from 1.18.3 to 1.20.0
- [Release notes](https://github.com/elixir-tesla/tesla/releases)
- [Changelog](https://github.com/elixir-tesla/tesla/blob/master/CHANGELOG.md)
- [Commits](elixir-tesla/tesla@v1.18.3...v1.20.0)

---
updated-dependencies:
- dependency-name: credo
  dependency-version: 1.7.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: elixir-mcp-server
- dependency-name: hackney
  dependency-version: 4.2.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: elixir-mcp-server
- dependency-name: tesla
  dependency-version: 1.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: elixir-mcp-server
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github

dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, elixir. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@vercel

vercel Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
all-source-admin Ready Ready Preview, Comment Jun 8, 2026 6:57pm
all-source-web Ready Ready Preview, Comment Jun 8, 2026 6:57pm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants