Please upgrade your hackney dependency when possible

[Trevoke]

Hello,

Recently, a CVE (Common Vulnerability and Exposure) was created for one of your dependencies, hackney.

Hackney is aware of this ( benoitc/hackney#751 ) and will create a release soon ( benoitc/hackney#753 (comment) ).

When the new hackney release comes out, please create a new tesla release incorporating this security update.

Thank you!

[yordis]

Thank you for the head up,

:hackney is an optional step so that you can manage the version in your app; there is no need to release a new version unless I am missing something.

I am watching the issue; I will upgrade the dependency in the package.

[grzuy]

tesla declares itself compatible with hackney ~> 1.6 (https://github.com/elixir-tesla/tesla/blob/master/mix.exs#L59).

So apps depending on latest tesla won't have any problem upgrading to an hypothetical upcoming hackney 1.20.2 or even hackney 1.21 with mix deps.update hackney.

[grzuy]

For what is worth, the pinned version of hackney in tesla's mix.lock doesn't affect packages or apps depending on tesla, it only affects which version of hackney tesla is using to run tests or developing tesla locally.