Bump hackney from 1.20.1 to 1.23.0

[dependabot]

Bumps hackney from 1.20.1 to 1.23.0.

Release notes

Sourced from hackney's releases.

1.23.0 - 2025-02-25

Changes:

fix: happy eyeball use correct timeout during connectino fix: don't wrap conection error improvement: eyeballonly spawn ipv6 worker when needed

Available on hex.pm https://hexdocs.pm/hackney/1.23.0/

1.22.0 - 2025-02-20

Changes

• feature: prefer to connect using IPv6. happy eyeball strategy
• improvement: fully support no_proxy environment variable
• doc: migrated to ex_doc

1.21.0 - 2025-02-20

fix: remove SSL options incompatible with tls 1.3 fix: url parsing handle "/" path correctly fix: simplify integration test suite fix: handle chunked response in redirect responses fix: handle http & https proxies separately fix: skip junk lines in 1.xx response

** security fixes ***

fix URL parsing to prevent SSRF . (related to CVE-2025-1211) use latest SSL certificate bundle

Available on hex.pm : https://hex.pm/packages/hackney

Changelog

Sourced from hackney's changelog.

1.23.0 - 2025-02-25

• fix: happy eyeball use correct timeout during connectino
• fix: don't wrap conection error
• improvement: eyeballonly spawn ipv6 worker when needed

1.22.0 - 2025-02-20

• feature: prefer to connect using IPv6. happy eyeball strategy
• improvement: fully support no_proxy environment variable
• doc: migrated to ex_doc

1.21.0 - 2025-02-20

• fix: remove SSL options incompatible with tls 1.3
• fix: url parsing handle "/" path correctly
• fix: simplify integration test suite
• fix: handle chunked response in redirect responses
• fix: handle http & https proxies separately
• fix: skip junk lines in 1.xx response

** security fixes ***

• fix URL parsing to prevent SSRF . (related to CVE-2025-1211)
• use latest SSL certificate bundle

Commits

• befe2df bump to 1.23
• 9999f98 Merge pull request #760 from benoitc/fix-happy-eyeball
• 69ec909 happy eyeball: don't wrap error
• 0e499e2 Revert "re-add reuse_session option"
• f5a19c4 fix timeout issue: ensure to use proper timeout
• 5166973 re-add reuse_session option
• 7abf954 remove useless modules part from the readme
• 1fac9c7 fix doc
• e61da0b bump to 1.22.0
• f60a5a1 fix unused variable
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)