chore(deps): bump hackney from 1.20.1 to 1.24.1

[dependabot[bot]]

Bumps hackney from 1.20.1 to 1.24.1.

Release notes

Sourced from hackney's releases.

1.24.1 - 2025-05-26

Changes

1.24.1 - 2025-05-26

• fix: remove unused variable warning in hackney.erl

1.24.0 - 2025-05-26

• security: fix basic auth credential exposure vulnerability
• security: add application variable support for insecure_basic_auth
• fix: NXDOMAIN error in Docker Compose environments (issue #764)
• fix: stream_body timeout after first chunk (issue #762)
• fix: SSL hostname verification with custom ssl_options and SSL message leak in async streaming
• fix: pool connections not freed on 307 redirects and multiple pool/timer race conditions
• fix: socket leaks, process deadlocks, ETS memory leaks, and infinite gen_server calls
• fix: controlling_process error handling in happy eyeballs and connection pool return
• improvement: update GitHub Actions to ubuntu-22.04 and bump certifi/mimerl dependencies

Breaking Change

The new insecure_basic_auth application variable defaults to false for security. If your application relies on insecure basic auth over HTTP, you must explicitly set application:set_env(hackney, insecure_basic_auth, true) to maintain previous behavior.

Hex.pm : https://hex.pm/packages/hackney/1.24.1 Doc: https://hexdocs.pm/hackney/readme.html

1.24.0 - 2025-05-26

Changes

• security: fix basic auth credential exposure vulnerability
• security: add application variable support for insecure_basic_auth
• fix: NXDOMAIN error in Docker Compose environments (issue #764)
• fix: stream_body timeout after first chunk (issue #762)
• fix: SSL hostname verification with custom ssl_options and SSL message leak in async streaming
• fix: pool connections not freed on 307 redirects and multiple pool/timer race conditions
• fix: socket leaks, process deadlocks, ETS memory leaks, and infinite gen_server calls
• fix: controlling_process error handling in happy eyeballs and connection pool return
• improvement: update GitHub Actions to ubuntu-22.04 and bump certifi/mimerl dependencies

Available on hex.pm

** Breaking Change **

The new insecure_basic_auth application variable defaults to false for security. If your application relies on insecure basic auth over HTTP, you must explicitly set application:set_env(hackney, insecure_basic_auth, true) to maintain previous behavior.

... (truncated)

Changelog

Sourced from hackney's changelog.

1.24.1 - 2025-05-26

• fix: remove unused variable warning in hackney.erl

1.24.0 - 2025-05-26

• security: fix basic auth credential exposure vulnerability
• security: add application variable support for insecure_basic_auth
• fix: NXDOMAIN error in Docker Compose environments (issue #764)
• fix: stream_body timeout after first chunk (issue #762)
• fix: SSL hostname verification with custom ssl_options and SSL message leak in async streaming
• fix: pool connections not freed on 307 redirects and multiple pool/timer race conditions
• fix: socket leaks, process deadlocks, ETS memory leaks, and infinite gen_server calls
• fix: controlling_process error handling in happy eyeballs and connection pool return
• improvement: update GitHub Actions to ubuntu-22.04 and bump certifi/mimerl dependencies

** Breaking Change **

The new insecure_basic_auth application variable defaults to false for security. If your application relies on insecure basic auth over HTTP, you must explicitly set application:set_env(hackney, insecure_basic_auth, true) to maintain previous behavior.

1.23.0 - 2025-02-25

• fix: happy eyeball use correct timeout during connection
• fix: don't wrap connection error
• improvement: only spawn ipv6 worker when needed

1.22.0 - 2025-02-20

• feature: prefer to connect using IPv6. happy eyeball strategy
• improvement: fully support no_proxy environment variable
• doc: migrated to ex_doc

1.21.0 - 2025-02-20

• fix: remove SSL options incompatible with tls 1.3
• fix: url parsing handle "/" path correctly
• fix: simplify integration test suite
• fix: handle chunked response in redirect responses
• fix: handle http & https proxies separately
• fix: skip junk lines in 1.xx response

** security fixes ***

... (truncated)

Commits

• d59b422 fix: remove unused variable warning and bump version to 1.24.1
• 30447da fix version in readme
• fd82258 fix documentation warnings
• 1239ec6 update NEWS.md with stream_body timeout fix for issue #762
• 96e881e fix stream_body timeout issue by reverting breaking error format change
• 431b4f5 Fix typos in NEWS.md
• 3c64db1 update NEWS.md with NXDOMAIN fix for issue #764
• fbdd423 fix NXDOMAIN error in Docker Compose environments
• e044cd5 bump 1.24.0
• 8e5bfe1 fix error information loss in stream body recv error
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)