Bump hex_core from 0.13.0 to 0.15.0 in the mix-dependencies group

[dependabot]

Bumps the mix-dependencies group with 1 update: hex_core.

Updates hex_core from 0.13.0 to 0.15.0

Release notes

Sourced from hex_core's releases.

v0.15.0

• Add request_to_file callback to hex_http behaviour for streaming HTTP response body directly to a file.
• Add hex_repo:get_tarball_to_file/4 and hex_repo:get_docs_to_file/4 for downloading tarballs and docs directly to disk.
• Implement request_to_file in hex_http_httpc using httpc's {stream, Filename} option.

v0.14.1

• Add max_size extraction limit to package inner tarball and docs tarball unpacking for zip bomb protection.

v0.14.0

• Stream tar extraction to disk, writing file entries in chunks instead of loading into memory.
• Add {file, Path} support to hex_tarball:unpack_docs/2,3 to read doc tarballs from disk.
• Add none output mode to hex_tarball:unpack/2,3 to extract only metadata and checksums, skipping contents.

Changelog

Sourced from hex_core's changelog.

v0.15.0 (2026-03-09)

• Add request_to_file callback to hex_http behaviour for streaming HTTP response body directly to a file.
• Add hex_repo:get_tarball_to_file/4 and hex_repo:get_docs_to_file/4 for downloading tarballs and docs directly to disk.
• Implement request_to_file in hex_http_httpc using httpc's {stream, Filename} option.

v0.14.1 (2026-03-09)

• Add max_size extraction limit to package inner tarball and docs tarball unpacking for zip bomb protection.

v0.14.0 (2026-03-09)

• Stream tar extraction to disk, writing file entries in chunks instead of loading into memory.
• Add {file, Path} support to hex_tarball:unpack_docs/2,3 to read doc tarballs from disk.
• Add none output mode to hex_tarball:unpack/2,3 to extract only metadata and checksums, skipping contents.

Commits

• 90f9f59 Release v0.15.0
• c6a3995 Add request_to_file to HTTP contract for streaming downloads to disk (#169)
• 34a2952 Release v0.14.1
• 4383e1b Add max_size extraction limit for zip bomb protection (#168)
• a71bea5 Release v0.14.0
• 3585078 Fix ex_doc warnings
• 13bb9fb Stream tar extraction to disk and add file-based unpack (#167)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions