build(deps-dev): Bump credo from 1.7.18 to 1.7.19 in /elixir-orchestration by dependabot[bot] · Pull Request #140 · hyperpolymath/verisimdb

dependabot · 2026-06-13T22:32:52Z

Bumps credo from 1.7.18 to 1.7.19.

Release notes

v1.17.19

Check it out on Hex: https://hex.pm/packages/credo/1.7.19

Fix compatibility & compiler warnings with Elixir 1.20.0

Changelog

Sourced from credo's changelog.

1.7.19

Fix compatibility & compiler warnings with Elixir 1.20.0

Commits

d4a88d4 Bump version to 1.7.19
b87f0b6 Update CHANGELOG
c4ed6df Use mix format
9172f39 Fix token error
a6de9b5 Add reproducing test for #1275
b726ad4 Run mix format
ccd27fb Add test for sigil_p position
8a03b78 Clean stale deps
a902c97 Set "old credo" to 1.7.18
cc2ce91 Update GitHub actions
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [credo](https://github.com/rrrene/credo) from 1.7.18 to 1.7.19. - [Release notes](https://github.com/rrrene/credo/releases) - [Changelog](https://github.com/rrrene/credo/blob/v1.7.19/CHANGELOG.md) - [Commits](rrrene/credo@v1.7.18...v1.7.19) --- updated-dependencies: - dependency-name: credo dependency-version: 1.7.19 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-06-13T22:33:57Z

🔍 Hypatia Security Scan

Findings: 136 issues detected

Severity	Count
🔴 Critical	17
🟠 High	50
🟡 Medium	69

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Issue in scorecard-enforcer.yml",
    "type": "scorecard_publish_with_run_step",
    "file": "scorecard-enforcer.yml",
    "action": "split_scorecard_publish_job",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in instant-sync.yml",
    "type": "secret_action_without_presence_gate",
    "file": "instant-sync.yml",
    "action": "peter-evans/repository-dispatch",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "codeql_missing_actions_language",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (1 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/Provenance.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (2 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/PlannerSemantic.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (1 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/Planner.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (6 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/Drift.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (1 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/WAL.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (2 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/Normalizer.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "getExn on external data -- use pattern matching (1 occurrences, CWE-754)",
    "type": "getexn_on_external",
    "file": "/home/runner/work/verisimdb/verisimdb/src/registry/Registry.res",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

…7.19

github-actions · 2026-06-14T00:29:04Z

🔍 Hypatia Security Scan

Findings: 136 issues detected

Severity	Count
🔴 Critical	17
🟠 High	50
🟡 Medium	69

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Issue in scorecard-enforcer.yml",
    "type": "scorecard_publish_with_run_step",
    "file": "scorecard-enforcer.yml",
    "action": "split_scorecard_publish_job",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in instant-sync.yml",
    "type": "secret_action_without_presence_gate",
    "file": "instant-sync.yml",
    "action": "peter-evans/repository-dispatch",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "codeql_missing_actions_language",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (1 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/Provenance.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (2 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/PlannerSemantic.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (1 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/Planner.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (6 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/Drift.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (1 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/WAL.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "User-defined Coq axiom -- not verified by kernel (2 occurrences, CWE-704)",
    "type": "coq_axiom",
    "file": "/home/runner/work/verisimdb/verisimdb/formal/Normalizer.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "getExn on external data -- use pattern matching (1 occurrences, CWE-754)",
    "type": "getexn_on_external",
    "file": "/home/runner/work/verisimdb/verisimdb/src/registry/Registry.res",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

dependabot Bot added dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code labels Jun 13, 2026

dependabot Bot requested a review from hyperpolymath as a code owner June 13, 2026 22:32

dependabot Bot added dependencies Pull requests that update a dependency file elixir Pull requests that update elixir code labels Jun 13, 2026

hyperpolymath approved these changes Jun 14, 2026

View reviewed changes

Merge branch 'main' into dependabot/hex/elixir-orchestration/credo-1.…

be590db

…7.19

hyperpolymath merged commit dfd7119 into main Jun 14, 2026
28 of 38 checks passed

hyperpolymath deleted the dependabot/hex/elixir-orchestration/credo-1.7.19 branch June 14, 2026 00:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps-dev): Bump credo from 1.7.18 to 1.7.19 in /elixir-orchestration#140

build(deps-dev): Bump credo from 1.7.18 to 1.7.19 in /elixir-orchestration#140
hyperpolymath merged 2 commits into
mainfrom
dependabot/hex/elixir-orchestration/credo-1.7.19

dependabot Bot commented on behalf of github Jun 13, 2026

Uh oh!

github-actions Bot commented Jun 13, 2026

Uh oh!

Uh oh!

github-actions Bot commented Jun 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 13, 2026

v1.17.19

1.7.19

Uh oh!

github-actions Bot commented Jun 13, 2026

🔍 Hypatia Security Scan

Uh oh!

Uh oh!

github-actions Bot commented Jun 14, 2026

🔍 Hypatia Security Scan

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant