build(deps): Bump httpoison from 2.1.0 to 2.2.0

[dependabot]

Bumps httpoison from 2.1.0 to 2.2.0.

Release notes

Sourced from httpoison's releases.

HTTPoison 2.2.0

What's Changed

• fix code snippet(headers) of Multipart in README.md by @​TORIFUKUKaiou in edgurgel/httpoison#472
• Update README.md: httparrot -> postman-echo by @​tamanugi in edgurgel/httpoison#476
• Add the request!/1 function by @​GuillaumeMilan in edgurgel/httpoison#473
• Fix formatting errors on the doc by @​michelboaventura in edgurgel/httpoison#477
• Update hackney to 1.20.1 by @​kyleboe in edgurgel/httpoison#478
• Better stack traces by @​paulanthonywilson in edgurgel/httpoison#480
• Update README.md by @​spencerdcarlson in edgurgel/httpoison#479

New Contributors

• @​TORIFUKUKaiou made their first contribution in edgurgel/httpoison#472
• @​tamanugi made their first contribution in edgurgel/httpoison#476
• @​GuillaumeMilan made their first contribution in edgurgel/httpoison#473
• @​michelboaventura made their first contribution in edgurgel/httpoison#477
• @​kyleboe made their first contribution in edgurgel/httpoison#478
• @​paulanthonywilson made their first contribution in edgurgel/httpoison#480
• @​spencerdcarlson made their first contribution in edgurgel/httpoison#479

Full Changelog: edgurgel/httpoison@v2.1.0...v2.2.0

Commits

• 8040bdb Bump version
• d22f1b1 Update README.md
• 0b8c71a fix test failures due to map key ordering
• 24a3908 Keep location in HTTPoison.Base.using/1
• 5920e19 Updates hackney to 1.20.1 to include a fix for path encoding.
• b562a28 Fix formatting errors on the doc
• b2d4438 [Format] Fix formatting warning
• 6fe3b1c add test for request
• 112ceb5 Add the request!/1 function
• 711093f Update README.md: httparrot -> postman-echo
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #42 (7027a2d) into main (e8f988e) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##              main       #42   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines           34        34           
=========================================
  Hits            34        34           

📣 Codecov offers a browser extension for seamless coverage viewing on GitHub. Try it in Chrome or Firefox today!

[nelsonic]

Thanks @dependabot 👌

[cheerfulstoic]

👋 Hey, I'm trying to use this library and getting an error in resolving dependencies:

Resolving Hex dependencies...
Resolution completed in 0.232s
Because "the lock" specifies httpoison 2.2.0 and elixir_auth_microsoft >= 1.1.1 depends on httpoison ~> 2.1.0, the lock is incompatible with elixir_auth_microsoft >= 1.1.1.
And because elixir_auth_microsoft < 1.1.1 depends on httpoison ~> 1.8.0, if the lock and elixir_auth_microsoft then httpoison ~> 1.8.0.
And because your app depends on the lock, elixir_auth_microsoft requires httpoison ~> 1.8.0.
And because your app depends on elixir_auth_microsoft ~> 1.1.0, httpoison ~> 1.8.0 is required.
So, because your app depends on httpoison ~> 2.0, version solving failed.

I think maybe this PR wasn't released, but I also think maintaining dependencies in a library is different than in an app. In an app you'd want to use something like dependabot to make sure you're (almost) always using the latest versions, but in a library your requirements become the requirements of the applications which use this library. So probably you should have something like >= 2.1.0 instead of ~> 2.1.0 or ~> 2.2.0. Even better you should go back as far as possible, depending on the usage of httpoison in this library (so like >= 2.0.0 or even >= 1.0.0 if you're not using any newer features)

Thanks very much

[cheerfulstoic]

Something to clarify depending on your background: if you've used Node.js, for example, even library gets its own copy of dependencies, so an application might have a lot of different versions of the same transient dependency nested inside of the node_modules folder. With Elixir, though, only one version of a dependency (like httpoison) needs to be shared by all code and so there needs to be as much room as possible for compatibility.

[nelsonic]

We may need to exclude HTTPoison from @dependabot updates ... 💭

[cheerfulstoic]

👍 Thanks! I would do the same with jason since that's the other public (is that the word?) dependency. All of the other dependencies (excoveralls, mock, ex_doc, credo, etc...) just affect the development/release of the project so I think that those can be whatever works for you