chore(deps): bump hackney from 1.25.0 to 2.0.1 in the prod group

[dependabot]

Bumps the prod group with 1 update: hackney.

Updates hackney from 1.25.0 to 2.0.1

Changelog

Sourced from hackney's changelog.

2.0.1 - 2026-01-21

Dependencies

• Remove unicode_util_compat dependency (stdlib has unicode_util since OTP 20)
• Bump idna to 7.1.0
• Replace string_compat calls with stdlib string module functions

2.0.0 - 2026-01-20

This release finalizes the 2.0 architecture with many bug fixes and new features since beta.1.

See Migration Guide and Design Guide for details.

New Features

• HTTP 1xx informational responses (#631) - Support for handling 103 Early Hints and other informational responses
• HTTPS proxy support (#795) - Full support for proxying through HTTPS proxies
• Proxy authentication callback (#799) - New proxy_auth_fun option for custom proxy authentication logic
• CONNECT response callback (#798) - New on_connect_response callback to inspect CONNECT proxy response headers
• SSL peer certificate (#599) - New hackney:peercert/1 function to get the peer's SSL certificate

New Options

• auto_decompress - When true, automatically decompresses gzip/deflate responses (#155):

  {ok, Status, Headers, Body} = hackney:request(get, URL, [], [],
      [{with_body, true}, {auto_decompress, true}]).

• stream_to - For async requests, the stream_to process is now set as the connection owner (#646). If stream_to dies, the connection terminates; if the original caller dies, the connection continues as long as stream_to is alive.
• proxy_auth_fun - Callback function for custom proxy authentication
• on_connect_response - Callback to receive CONNECT proxy response headers

New Functions

• hackney:peercert/1 - Get the peer's SSL certificate from a connection

Bug Fixes

• fix: handle non-HTTP URL schemes properly (#468)
• fix: force connection close for 204/304 responses (#434)
• fix: sanitize header values to prevent HTTP header injection (#506)
• fix: filter Host header for HTTP/2 requests (send as :authority pseudo-header)
• fix: handle non-standard decimal status codes (#697)
• fix: remove parse_trans from runtime dependencies (#714)
• fix: handle race condition in get_protocol calls
• fix: strip auth credentials on cross-host redirects (#701)
• fix: tolerate trailing semicolons in parameter parsing (#618)

... (truncated)

Commits

• 4cb3c8e chore: release 2.0.1
• 72783fb deps: bump idna to 7.1.0, remove string_compat usage
• 3bbec80 chore: remove unicode_util_compat dependency
• 41c5e26 docs: add CONTRIBUTING.md and DEVELOPMENT.md to ex_doc
• a7ce34b chore: release hackney 2.0.0
• f9e966b fix: auto-release connections to pool when body reading completes (#820)
• 0de0f92 docs: complete 2.0.0 changelog with all changes since beta.1 (#819)
• b1c920f docs: add documentation for auto_decompress and stream_to features (#818)
• 06608b6 feat: add transparent gzip/deflate decompression (#155) (#817)
• 9a18132 fix: use stream_to as owner for async requests (#646) (#816)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions