chore(deps): bump hackney from 1.25.0 to 2.0.1

[dependabot]

Bumps hackney from 1.25.0 to 2.0.1.

Changelog

Sourced from hackney's changelog.

2.0.1 - 2026-01-21

Dependencies

• Remove unicode_util_compat dependency (stdlib has unicode_util since OTP 20)
• Bump idna to 7.1.0
• Replace string_compat calls with stdlib string module functions

2.0.0 - 2026-01-20

This release finalizes the 2.0 architecture with many bug fixes and new features since beta.1.

See Migration Guide and Design Guide for details.

New Features

• HTTP 1xx informational responses (#631) - Support for handling 103 Early Hints and other informational responses
• HTTPS proxy support (#795) - Full support for proxying through HTTPS proxies
• Proxy authentication callback (#799) - New proxy_auth_fun option for custom proxy authentication logic
• CONNECT response callback (#798) - New on_connect_response callback to inspect CONNECT proxy response headers
• SSL peer certificate (#599) - New hackney:peercert/1 function to get the peer's SSL certificate

New Options

• auto_decompress - When true, automatically decompresses gzip/deflate responses (#155):

  {ok, Status, Headers, Body} = hackney:request(get, URL, [], [],
      [{with_body, true}, {auto_decompress, true}]).

• stream_to - For async requests, the stream_to process is now set as the connection owner (#646). If stream_to dies, the connection terminates; if the original caller dies, the connection continues as long as stream_to is alive.
• proxy_auth_fun - Callback function for custom proxy authentication
• on_connect_response - Callback to receive CONNECT proxy response headers

New Functions

• hackney:peercert/1 - Get the peer's SSL certificate from a connection

Bug Fixes

• fix: handle non-HTTP URL schemes properly (#468)
• fix: force connection close for 204/304 responses (#434)
• fix: sanitize header values to prevent HTTP header injection (#506)
• fix: filter Host header for HTTP/2 requests (send as :authority pseudo-header)
• fix: handle non-standard decimal status codes (#697)
• fix: remove parse_trans from runtime dependencies (#714)
• fix: handle race condition in get_protocol calls
• fix: strip auth credentials on cross-host redirects (#701)
• fix: tolerate trailing semicolons in parameter parsing (#618)

... (truncated)

Commits

• 4cb3c8e chore: release 2.0.1
• 72783fb deps: bump idna to 7.1.0, remove string_compat usage
• 3bbec80 chore: remove unicode_util_compat dependency
• 41c5e26 docs: add CONTRIBUTING.md and DEVELOPMENT.md to ex_doc
• a7ce34b chore: release hackney 2.0.0
• f9e966b fix: auto-release connections to pool when body reading completes (#820)
• 0de0f92 docs: complete 2.0.0 changelog with all changes since beta.1 (#819)
• b1c920f docs: add documentation for auto_decompress and stream_to features (#818)
• 06608b6 feat: add transparent gzip/deflate decompression (#155) (#817)
• 9a18132 fix: use stream_to as owner for async requests (#646) (#816)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #190.