chore(deps): bump the prod group with 4 updates

[dependabot[bot]]

Bumps the prod group with 4 updates: hackney, jason, mime and plug.

Updates hackney from 1.16.0 to 1.20.1

Release notes

Sourced from hackney's releases.

1.20.1

Changes

• fix multipart: handle case where Length is undefined

Config

• rebar.config : {hackney, "1.20.1"}
• erlang.mk: dep_hackney = hex 1.20.1
• mix.exs= {:hackney, "~> 1.21"}

Hex.pm: https://hex.pm/packages/hackney

1.20.0

Changes

• handle * in path encoding
• Support LF separators: since rfc7230-3.5 allows for LF-only
• fix recv stream fix fetching trailers during streaming
• fix CI
• Improve documentation

Config

• rebar.config : {hackney, "1.20.0"}
• erlang.mk: dep_hackney = hex 1.20.0
• mix.exs= {:hackney, "~> 1.20"}

Hex.pm: https://hex.pm/packages/hackney

1.19.0

Changes:

• fix: recv: if expected size < BufSize fallback to old behaviour. Fix issue with negative length
• feature: add support for proxy environment setting

1.18.0 - 2021-09-28

• security: update default CA bundle
• fix pool: make checkout synchrounous (remove unwanted messages)

Hackney 1.17.0

• fix SSL compatibility with erlang OTP 23
• handle empty trailers
• fix race condition in connection pool
• fix memory leak in connection pool
• IDNA update to unicode 13.0.0
• fix build on macosx with OTP >= 20.1
• fix network Location on redirect

... (truncated)

Changelog

Sourced from hackney's changelog.

1.20.1 - 2013-10-11

• fix multipart: handle case where Length is undefined

1.20.0 - 2023-10-10

• handle * in path encoding
• Support LF separators: since rfc7230-3.5 allows for LF-only
• fix recv stream fix fetching trailers during streaming
• fix CI
• Improve documentation

1.19.1 - 2023-09-21

• feature: add no_proxy_env option to bypass proxy environment settings

1.19.0 - 2023-09-20

• fix: recv: if expected size < BufSize fallback to old behaviour. Fix issue with negative length
• feature: add support for proxy environment setting

1.18.2 - 2023-08-29

• security: update default CA bundles

1.18.1 - 2022-02-03

• security: update default CA bundles
• doc: fix typos

1.18.0 - 2021-09-28

• security: update default CA bundle
• fix pool: make checkout synchrounous (remove unwanted messages)

1.17.4 - 2021-03-18

• fix checking when socket is put back in the pool when the requester died.

1.17.3 - 2021-03-17

... (truncated)

Commits

• f190daf bump 1.20.1
• f8b89cd handle case where Length is undefined
• aa95d66 regen doc
• bed69b9 update todo and versions of erlang supported
• 0821202 update changes
• 8f758ea bump to 1.20.0
• 6709e7a Fix partial_pathencode to properly handle asterisk (*) (#720)
• 870b6ad Explicitly state max_connections and timeout defaults in docs (#688)
• 992cc36 (feat) Support LF separators since rfc7230-3.5 allows for LF-only (#706)
• bbe73c8 remove rebar3 from support
• Additional commits viewable in compare view

Updates jason from 1.2.2 to 1.4.4

Release notes

Sourced from jason's releases.

v1.4.0

Enhancements

• Use the :erlang.float_to_binary(_, [:short]) function, instead of io_lib_format.fwrite_g/1 where available (OTP 24.1+). This provides equivalent output with much less memory used and significantly improved performance.

v1.3.0

Enhancements

• Add the Jason.OrderedObject struct
• Support decoding objects preserving all the keys with objects: :ordered_objects option
• Support decoding floats to Decimal with floats: :decimals option
• Add ~j and ~J sigils in module Jason.Sigil to support writing JSON literals in code

Fixes

• Fix error reporting when decoding strings (it was possible to mis-attribute the offending byte)
• Verify fields given to @derive

Changelog

Sourced from jason's changelog.

1.4.4 (26.07.2024)

• Fix warnings on Elixir 1.17 by conditionally compiling Decimal support

1.4.3 (29.06.2024)

• Fix derive with _ struct key

1.4.2 (29.06.2024)

• Fix compiler warnings for Elixir 1.17

1.4.1 (06.07.2023)

• Add limit to decoded integer sizes of 1024 digits. This can be changed with the decoding_integer_digit_limit app env config.

1.4.0 (12.09.2022)

Enhancements

• Use the :erlang.float_to_binary(_, [:short]) function, instead of io_lib_format.fwrite_g/1 where available (OTP 24.1+). This provides equivalent output with much less memory used and significantly improved performance.

1.3.0 (21.12.2021)

Enhancements

• Add the Jason.OrderedObject struct
• Support decoding objects preserving all the keys with objects: :ordered_objects option
• Support decoding floats to Decimal with floats: :decimals option
• Add ~j and ~J sigils in module Jason.Sigil to support writing JSON literals in code

Fixes

• Fix error reporting when decoding strings (it was possible to mis-attribute the offending byte)
• Verify fields given to @derive

Commits

• 926d2ac Bump 1.4.4
• 6c1b99e Raise if trying to decode decimals without decimal
• 9517f56 Remove unneeded workarounds for xref warnings
• 433f93d Fix warnings by conditionally compiling Decimal support
• eb1e92a Bump 1.4.3
• 3ffa13a Fix derive with _ key
• 5c309b1 Require stream_data only from Elixir 1.12
• e9702d4 Bump 1.4.2
• 63d82ec Fix deprecation warnings in tests
• 0d8a04f Update dependencies
• Additional commits viewable in compare view

Updates mime from 1.4.0 to 1.6.0

Changelog

Sourced from mime's changelog.

v1.6.0

• Deprecate MIME.valid?
• Ignore media type params
• Detect subtype suffix according to the spec

v1.5.0

• Compare extensions in a case-insensitive way (see elixir-plug/mime#38).

Commits

• 4cd5656 Release v1.6.0
• a1523bf Ignore params and detect subtype suffix in extensions/1 (#45)
• b9da4cb Update CI config (#44)
• 4a538c5 Release v1.5.0
• 4336bc1 Release v1.4.1
• 36ac399 Add CI on GitHub Actions and stop using Travis CI (#41)
• 982dff1 Update (#40)
• 1af476a Downcase extensions and mime types in extensions (#39)
• See full diff in compare view

Updates plug from 1.6.0 to 1.16.1

Changelog

Sourced from plug's changelog.

v1.16.1 (2024-06-20)

Enhancements

• Optimize cookie parsing by 10x (10x faster, 10x less memory) on Erlang/OTP 26+

v1.16.0 (2024-05-18)

Enhancements

• Support x-forwarded-for in Plug.RewriteOn
• Support MFArgs in Plug.RewriteOn
• Add immutable directive to versioned requests in Plug.Static
• Support disabling MIME type handling in Plug.Static

Bug fixes

• Fix bug with discarded connection state in Plug.Debugger
• Parse media types with underscores in them
• Do not crash on max_age set to nil (for consistency)

v1.15.3 (2024-01-16)

Enhancements

• Allow setting the port on the connection in tests
• Allow returning {:ok, payload} on inform
• Allow custom exceptions in validate_utf8 option
• Allow skipping sent body on chunked replies

v1.15.2 (2023-11-14)

Enhancements

• Add :assign_as option to Plug.RequestId
• Improve performance of Plug.RequestId
• Avoid clashes between Plug nodes
• Add specs to Plug.BasicAuth
• Fix a bug with non-string _method body parameters in Plug.MethodOverride

v1.15.1 (2023-10-06)

Enhancements

• Relax requirement on plug_crypto

v1.15.0 (2023-10-01)

Enhancements

... (truncated)

Commits

• cc535b1 Release v1.16.1
• f589969 Optimize cookie decoding
• f9bca8c Update Elixir/Erlang in CI (#1226)
• 9871e86 Persist stack trace toggle in localStorage (#1224)
• 82eb220 Do not rely on all DOWN messages being delivered simultaniously
• 4280765 Fix typos (#1223)
• 1ff85b7 Add @behaviour attribute to example modules (#1222)
• 0b58ea8 Release v1.16.0
• d0e3407 Track conn value in Plug.Debugger.run_action/1 (#1221)
• 0574733 Support x-forwarded-for
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.