Bump hex_core from 0.15.0 to 0.16.0

[dependabot]

Bumps hex_core from 0.15.0 to 0.16.0.

Release notes

Sourced from hex_core's releases.

v0.16.0

• Validate tarball file paths and symlink targets when creating package and docs tarballs.
• Add tarball_files_root config for tarball source paths, defaulting to the current directory and allowing absolute paths only inside that root.
• Add streaming metadata.config decoding and increase max metadata size to 1024KB.
• Add metadata_fields config to decode only selected package metadata fields.
• Add security advisory fields to package and versions registry resources.
• Add hex_repo:fingerprint/1 and hex_repo:fingerprint_equal/2 for repository public key verification.
• Return response headers from hex_http_httpc:request_to_file/6.
• Accept SPDX LicenseRef-* license identifiers.

Changelog

Sourced from hex_core's changelog.

v0.16.0 (2026-05-13)

• Validate tarball file paths and symlink targets when creating package and docs tarballs.
• Add tarball_files_root config for tarball source paths, defaulting to the current directory and allowing absolute paths only inside that root.
• Add streaming metadata.config decoding and increase max metadata size to 1024KB.
• Add metadata_fields config to decode only selected package metadata fields.
• Add security advisory fields to package and versions registry resources.
• Add hex_repo:fingerprint/1 and hex_repo:fingerprint_equal/2 for repository public key verification.
• Return response headers from hex_http_httpc:request_to_file/6.
• Accept SPDX LicenseRef-* license identifiers.

Commits

• 0e332e5 Release v0.16.0
• 9783400 Default tarball files root to cwd (#185)
• 1420c10 Validate tarball paths on create (#183)
• bcff989 Accept LicenseRef license identifiers (#184)
• 76c7152 Add Security Advisories to .proto (#182)
• 79bc0f7 Stream metadata.config decoding in chunks and increase max size to 1024KB (#181)
• 9cac2a7 Bump github/codeql-action from 4.35.1 to 4.35.2 (#180)
• c6b0241 Bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 (#179)
• f116f6a Fix hex_repo.fingerprint (#177)
• d8860b9 Add fingerprint/1 and fingerprint_equal/2 to hex_repo (#176)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)