From d79427d0450655d771a2a978d0e188eb9c6dd6d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 19:53:16 +0530 Subject: [PATCH 01/51] Bump s4u/maven-settings-action from 3.0.0 to 3.1.0 (#2025) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [s4u/maven-settings-action](https://github.com/s4u/maven-settings-action) from 3.0.0 to 3.1.0.
Release notes

Sourced from s4u/maven-settings-action's releases.

v3.1.0

What's Changed

:fire: New features

:hammer: Maintenance

:toolbox: Dependency updates

:heart: Thanks

Many thanks for collaboration on this release for: @​Gozke, @​pwoodworth and @​slawekjaranowski

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=s4u/maven-settings-action&package-manager=github_actions&previous-version=3.0.0&new-version=3.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8014135c2..4a462dc99 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: run: rm -f /home/runner/.m2/settings.xml - name: Maven Settings - uses: s4u/maven-settings-action@v3.0.0 + uses: s4u/maven-settings-action@v3.1.0 with: servers: | [{ From a3e7db3cf45539485e4ce542002d15fead39f88b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 20:02:18 +0530 Subject: [PATCH 02/51] Bump ch.qos.logback:logback-classic from 1.5.8 to 1.5.12 (#2024) Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.8 to 1.5.12.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ch.qos.logback:logback-classic&package-manager=maven&previous-version=1.5.8&new-version=1.5.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aayush Atharva <24762260+hyperxpro@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index aeb65d5f9..ecab5943b 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ 2.0.16 1.5.6-7 2.0.1 - 1.5.8 + 1.5.12 26.0.1 From a2c1767fc6bf27325b7f03cfdf5f0f6fd13d4b6c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 20:09:22 +0530 Subject: [PATCH 03/51] Bump com.uber.nullaway:nullaway from 0.11.3 to 0.12.1 (#2023) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [com.uber.nullaway:nullaway](https://github.com/uber/NullAway) from 0.11.3 to 0.12.1.
Release notes

Sourced from com.uber.nullaway:nullaway's releases.

NullAway 0.12.1

  • Add library model for Apache Commons CollectionUtils.isNotEmpty (#932) (#1062)
  • Handle records in targetTypeMatches (#1061)

NullAway 0.12.0

IMPORTANT:

  • We now by default check/enforce that pure type-use annotations from JSpecify are written in the "right place" on array types, varargs types, and nested types. More details can be found in the wiki. We also expose -XepOpt:NullAway:LegacyAnnotationLocations flag to disable this new behavior for now to ease the migration. We expect to remove this flag in a future version of NullAway.
  • We now support writing @​EnsuresNonNullIf on methods to capture cases where a method conditionally ensures that a field is @​NonNull. Thanks @​mauricioaniche for the contributions!

(The changelog below contains all changes from version 0.11.2, since version 0.11.3 contains only one cherry-picked PR from master).

  • Enforce Strict Interpretation Of Type Use Annotation Locations Outside of JSpecify mode (#1010)
  • Update handling of annotations on varargs argument (#1025)
  • Create basic unit tests for library model generation (#1031)
  • Partial handling for restrictive annotations on varargs in unannotated code (#1029)
  • Add missing source files in android-jarinfer-models-sdk modules (#1033)
  • External Library Models: Adding support for @​nullable Method parameters (#1006)
  • JDK 23 support (#1034)
  • Support @​EnsuresNonNullIf (#1044)
  • Update some Android astubx models (#1052)
  • Remove unused or unneeded JarInfer flags (#1050)
  • Enforce correct type-use annotation locations for nested types (#1045)
  • Update Android SDK 31 astubx models (#1054)
  • Fix bugs in reading varargs annotations from bytecodes (#1055)
  • General maintenance:
    • Update to Gradle 8.10 (#1023)
    • Update to Gradle 8.10.1 (#1036)
    • Update to Error Prone 2.32.0 (#1037)
    • Typo fix in README.md (#1041)
    • Fix Gradle config instructions (#1039)
    • Update to v4 of setup-gradle GitHub action (#1043)
    • Add extra JVM args needed for JMH on recent JDK versions (#1049)
    • Use HTTP instead of SSH for cloning repo for JMH Benchmarks (#1056)
    • Various version updates (#1051)
    • Update to Checker Framework 3.48.0 (#1030)
Changelog

Sourced from com.uber.nullaway:nullaway's changelog.

Version 0.12.1

  • Add library model for Apache Commons CollectionUtils.isNotEmpty (#932) (#1062)
  • Handle records in targetTypeMatches (#1061)

Version 0.12.0

IMPORTANT:

  • We now by default check/enforce that pure type-use annotations from JSpecify are written in the "right place" on array types, varargs types, and nested types. More details can be found in the wiki. We also expose -XepOpt:NullAway:LegacyAnnotationLocations flag to disable this new behavior for now to ease the migration. We expect to remove this flag in a future version of NullAway.
  • We now support writing @​EnsuresNonNullIf on methods to capture cases where a method conditionally ensures that a field is @​NonNull. Thanks @​mauricioaniche for the contributions!

(The changelog below contains all changes from version 0.11.2, since version 0.11.3 contains only one cherry-picked PR from master).

  • Enforce Strict Interpretation Of Type Use Annotation Locations Outside of JSpecify mode (#1010)
  • Update handling of annotations on varargs argument (#1025)
  • Create basic unit tests for library model generation (#1031)
  • Partial handling for restrictive annotations on varargs in unannotated code (#1029)
  • Add missing source files in android-jarinfer-models-sdk modules (#1033)
  • External Library Models: Adding support for @​nullable Method parameters (#1006)
  • JDK 23 support (#1034)
  • Support @​EnsuresNonNullIf (#1044)
  • Update some Android astubx models (#1052)
  • Remove unused or unneeded JarInfer flags (#1050)
  • Enforce correct type-use annotation locations for nested types (#1045)
  • Update Android SDK 31 astubx models (#1054)
  • Fix bugs in reading varargs annotations from bytecodes (#1055)
  • General maintenance:
    • Update to Gradle 8.10 (#1023)
    • Update to Gradle 8.10.1 (#1036)
    • Update to Error Prone 2.32.0 (#1037)
    • Typo fix in README.md (#1041)
    • Fix Gradle config instructions (#1039)
    • Update to v4 of setup-gradle GitHub action (#1043)
    • Add extra JVM args needed for JMH on recent JDK versions (#1049)
    • Use HTTP instead of SSH for cloning repo for JMH Benchmarks (#1056)
    • Various version updates (#1051)
    • Update to Checker Framework 3.48.0 (#1030)
Commits
  • e7a1bd1 Prepare for release 0.12.1.
  • dc9cf0e Handle records in targetTypeMatches (#1061)
  • 8f4b928 Add library model for Apache Commons CollectionUtils.isNotEmpty (#932) (#1062)
  • d6b7fa3 Prepare next development version.
  • 84273f6 Prepare for release 0.12.0.
  • 91cf25d Fix bugs in reading varargs annotations from bytecodes (#1055)
  • 2a9188b Update Android SDK 31 astubx models (#1054)
  • 0f6f3d2 Use HTTP instead of SSH for cloning repo for JMH Benchmarks (#1056)
  • cc5ef65 Enforce correct type-use annotation locations for nested types (#1045)
  • 9eea2be Remove unused or unneeded JarInfer flags (#1050)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.uber.nullaway:nullaway&package-manager=maven&previous-version=0.11.3&new-version=0.12.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ecab5943b..a5f960a6e 100644 --- a/pom.xml +++ b/pom.xml @@ -327,7 +327,7 @@ com.uber.nullaway nullaway - 0.11.3 + 0.12.1 From c1ed191dc0bb3fbf5688a2d6298e73c13b75c3b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 20:51:01 +0530 Subject: [PATCH 04/51] Bump netty.version from 4.1.113.Final to 4.1.114.Final (#2013) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `netty.version` from 4.1.113.Final to 4.1.114.Final. Updates `io.netty:netty-buffer` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-http` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-socks` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler-proxy` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-common` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-resolver-dns` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-epoll` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-kqueue` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aayush Atharva <24762260+hyperxpro@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a5f960a6e..1fcc3439f 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 11 UTF-8 - 4.1.113.Final + 4.1.114.Final 0.0.25.Final 1.17.0 2.0.16 From dee9f8f3838709e2e09275dc0ea2e31c02de504e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 00:09:21 +0530 Subject: [PATCH 05/51] Bump org.junit:junit-bom from 5.11.0 to 5.11.3 (#2029) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.11.0 to 5.11.3.
Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.11.3 = Platform 1.11.3 + Jupiter 5.11.3 + Vintage 5.11.3

See Release Notes.

Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.2...r5.11.3

JUnit 5.11.2 = Platform 1.11.2 + Jupiter 5.11.2 + Vintage 5.11.2

See Release Notes.

Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.1...r5.11.2

JUnit 5.11.1 = Platform 1.11.1 + Jupiter 5.11.1 + Vintage 5.11.1

See Release Notes.

Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1

Commits
  • b20991e Release 5.11.3
  • e57b508 Finalize 5.11.3 release notes
  • fb1254c Allow repeating ExtendWith annotation on fields and parameters
  • a3192bd Fix package name comparison on Java 8 (#4077)
  • fcb7b01 Remove useless Order annotation
  • 57dfcb5 Allow repeating @…Source annotations when used as meta annotations
  • 09cd8b3 Add ArchUnit test for consistency of repeatable annotations
  • fa46a92 Hard-wrap at 90 characters
  • 8f45eea Find repeatable @⁠ExtendWith meta-annotations on fields again
  • b451122 Introduce release notes for 5.11.3
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit:junit-bom&package-manager=maven&previous-version=5.11.0&new-version=5.11.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1fcc3439f..e538be35e 100644 --- a/pom.xml +++ b/pom.xml @@ -105,7 +105,7 @@ org.junit junit-bom - 5.11.0 + 5.11.3 pom import From b0676656eddcece472f7e92245c8e06ae7e21499 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 23:07:25 +0530 Subject: [PATCH 06/51] Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.0 to 3.11.1 (#2030) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.10.0 to 3.11.1.
Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

maven-javadoc-plugin-3.10.1

What's Changed

Full Changelog: https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.10.0...maven-javadoc-plugin-3.10.1

Commits
  • 619650c [maven-release-plugin] prepare release maven-javadoc-plugin-3.11.1
  • e314da0 [MJAVADOC-821] Align toolchain discovery code with Maven Compiler Plugin
  • 62a6861 [MJAVADOC-820] [REGRESSION] MJAVADOC-787 was merged incompletely
  • d1090c5 [maven-release-plugin] prepare for next development iteration
  • ee030f7 [maven-release-plugin] prepare release maven-javadoc-plugin-3.11.0
  • 6c5fdc0 [MJAVADOC-819] Align archive generation code with Maven Source Plugin
  • 3a90de5 [MJAVADOC-787] Automatic detection of release option for JDK < 9
  • 373172d [MJAVADOC-817] Upgrade to Doxia 2.0.0 GA Stack
  • ba266c0 Fix SCM tag
  • 5775ce1 Fix typo
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-javadoc-plugin&package-manager=maven&previous-version=3.10.0&new-version=3.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e538be35e..89dc79442 100644 --- a/pom.xml +++ b/pom.xml @@ -382,7 +382,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.10.0 + 3.11.1 attach-javadocs From 39b34c17d65fedfb7c41b72452043830393edff2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 21:47:22 +0530 Subject: [PATCH 07/51] Bump io.netty:netty-common from 4.1.114.Final to 4.1.115.Final (#2031) Bumps [io.netty:netty-common](https://github.com/netty/netty) from 4.1.114.Final to 4.1.115.Final.
Commits
  • 04f9b4a [maven-release-plugin] prepare release netty-4.1.115.Final
  • fbf7a70 Merge commit from fork
  • 7b4fe3d Specialize Adaptive's allocator Recycler based on magazine's owner (#14421)
  • 9f3699e Explicit specify the platform for Docker files (#14448)
  • 3520fc7 Ensure netty-all generation does not override other snapshot jars (#14450)
  • 925064e Preserve ordering of default named groups during conversation (#14447)
  • 837b738 Make JMH executor threads look like event loop threads (#14444)
  • a434eef AdaptiveByteBufAllocator: Make pooling of AdaptiveByteBuf magazine local (#14...
  • 16123be Allow to set used named groups per OpenSslContext (#14433)
  • dadbf58 Correctly detect if KeyManager is not supported by OpenSSL version (#14437)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.netty:netty-common&package-manager=maven&previous-version=4.1.114.Final&new-version=4.1.115.Final)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AsyncHttpClient/async-http-client/network/alerts).
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 89dc79442..89e92d57a 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 11 UTF-8 - 4.1.114.Final + 4.1.115.Final 0.0.25.Final 1.17.0 2.0.16 From 2200b2477c84d2517fcbdf5d42f71d459c09066f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 21:47:37 +0530 Subject: [PATCH 08/51] Bump commons-io:commons-io from 2.16.1 to 2.17.0 (#2028) Bumps commons-io:commons-io from 2.16.1 to 2.17.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io&package-manager=maven&previous-version=2.16.1&new-version=2.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index a31faffad..cb76aec5a 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -32,7 +32,7 @@ 11.0.24 10.1.30 - 2.16.1 + 2.17.0 4.11.0 3.0 2.1.0 From 0fcb589eac3573dfb3fbf54eef34921c04c8dc5a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 02:12:24 +0530 Subject: [PATCH 09/51] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.0 to 3.5.2 (#2032) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.0 to 3.5.2.
Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.2

🚀 New features and improvements

📦 Dependency updates

👻 Maintenance

Full Changelog: https://github.com/apache/maven-surefire/compare/surefire-3.5.1...surefire-3.5.2

3.5.1

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

👻 Maintenance

Commits
  • ea9f049 [maven-release-plugin] prepare release surefire-3.5.2
  • e1f94a0 [SUREFIRE-2276] JUnit5's TestTemplate failures treated as flakes with retries
  • d24adb4 [SUREFIRE-2277] RunResult#getFlakes() is lost during serialisation/deserialis...
  • 4385e94 Remove links to non-existing report
  • 8881971 Remove outdated FAQ
  • 0121834 [SUREFIRE-2283] FAQ site contains broken link to failsafe-plugin
  • 91d16c3 Fix formatting of XML schema files
  • 6cb417a Add .xsd to .gitattributes
  • 9ce5221 [SUREFIRE-2282] surefire-report-plugin: Update Introduction documentation page
  • 620b983 [SUREFIRE-2281] Upgrade to Doxia 2.0.0 GA Stack
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-surefire-plugin&package-manager=maven&previous-version=3.5.0&new-version=3.5.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 89e92d57a..557768f80 100644 --- a/pom.xml +++ b/pom.xml @@ -337,7 +337,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.5.0 + 3.5.2 @{argLine} --add-exports java.base/jdk.internal.misc=ALL-UNNAMED From c2755e71b2f59cb86b5f3158ab55ffc5b0bc902c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 01:08:10 +0530 Subject: [PATCH 10/51] Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#2036) Bumps commons-io:commons-io from 2.17.0 to 2.18.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io&package-manager=maven&previous-version=2.17.0&new-version=2.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index cb76aec5a..062d866e5 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -32,7 +32,7 @@ 11.0.24 10.1.30 - 2.17.0 + 2.18.0 4.11.0 3.0 2.1.0 From 527e7fd7466881f53a732a7d84eaa9bc82781234 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 00:23:19 +0530 Subject: [PATCH 11/51] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.30 to 10.1.31 in /client (#2034) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.30 to 10.1.31. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.30&new-version=10.1.31)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AsyncHttpClient/async-http-client/network/alerts).
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index 062d866e5..d2bd097d0 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.30 + 10.1.31 2.18.0 4.11.0 3.0 From 91a358c5c641da47d33f614a5435ff45933045d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 23:15:52 +0530 Subject: [PATCH 12/51] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.31 to 10.1.33 (#2038) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.31 to 10.1.33.
Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | org.apache.tomcat.embed:tomcat-embed-core | [>= 11.a0, < 12] |
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.31&new-version=10.1.33)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index d2bd097d0..71b945bdd 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.31 + 10.1.33 2.18.0 4.11.0 3.0 From 2af27154ba181c49b762c7a4a68c12b6831de093 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 23:22:56 +0530 Subject: [PATCH 13/51] Bump com.github.luben:zstd-jni from 1.5.6-7 to 1.5.6-8 (#2037) Bumps [com.github.luben:zstd-jni](https://github.com/luben/zstd-jni) from 1.5.6-7 to 1.5.6-8.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.luben:zstd-jni&package-manager=maven&previous-version=1.5.6-7&new-version=1.5.6-8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 557768f80..fb1a841a6 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 0.0.25.Final 1.17.0 2.0.16 - 1.5.6-7 + 1.5.6-8 2.0.1 1.5.12 26.0.1 From d5a83362f7aed81b93ebca559746ac9be0f95425 Mon Sep 17 00:00:00 2001 From: Chris Earle Date: Sun, 1 Dec 2024 12:10:55 -0700 Subject: [PATCH 14/51] [CookieStore] Only set `Cookie`s if they are not already set (#2033) This changes the behavior of the automatic usage of the `CookieStore` to avoid overwriting already-set `Cookie`s and, instead only sets them if they do not exist yet. Closes https://github.com/AsyncHttpClient/async-http-client/issues/1964 Co-authored-by: Aayush Atharva --- .../DefaultAsyncHttpClient.java | 2 +- .../asynchttpclient/RequestBuilderBase.java | 21 ++++++++++-- .../intercept/Redirect30xInterceptor.java | 7 ++-- .../asynchttpclient/RequestBuilderTest.java | 34 +++++++++++++++++++ 4 files changed, 55 insertions(+), 9 deletions(-) diff --git a/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClient.java b/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClient.java index 1f616c328..3b417a5a3 100644 --- a/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClient.java +++ b/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClient.java @@ -235,7 +235,7 @@ public ListenableFuture executeRequest(Request request, AsyncHandler h if (!cookies.isEmpty()) { RequestBuilder requestBuilder = request.toBuilder(); for (Cookie cookie : cookies) { - requestBuilder.addOrReplaceCookie(cookie); + requestBuilder.addCookieIfUnset(cookie); } request = requestBuilder.build(); } diff --git a/client/src/main/java/org/asynchttpclient/RequestBuilderBase.java b/client/src/main/java/org/asynchttpclient/RequestBuilderBase.java index 9f5cf9e5e..dbc5e4144 100644 --- a/client/src/main/java/org/asynchttpclient/RequestBuilderBase.java +++ b/client/src/main/java/org/asynchttpclient/RequestBuilderBase.java @@ -323,6 +323,21 @@ public T addCookie(Cookie cookie) { * @return this */ public T addOrReplaceCookie(Cookie cookie) { + return maybeAddOrReplaceCookie(cookie, true); + } + + /** + * Add a cookie based on its name, if it does not exist yet. Cookies that + * are already set will be ignored. + * + * @param cookie the new cookie + * @return this + */ + public T addCookieIfUnset(Cookie cookie) { + return maybeAddOrReplaceCookie(cookie, false); + } + + private T maybeAddOrReplaceCookie(Cookie cookie, boolean allowReplace) { String cookieKey = cookie.name(); boolean replace = false; int index = 0; @@ -335,10 +350,10 @@ public T addOrReplaceCookie(Cookie cookie) { index++; } - if (replace) { - cookies.set(index, cookie); - } else { + if (!replace) { cookies.add(cookie); + } else if (allowReplace) { + cookies.set(index, cookie); } return asDerivedType(); } diff --git a/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java b/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java index 51e7c8a9b..e60495f80 100644 --- a/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java +++ b/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java @@ -142,11 +142,8 @@ public boolean exitAfterHandlingRedirect(Channel channel, NettyResponseFuture CookieStore cookieStore = config.getCookieStore(); if (cookieStore != null) { // Update request's cookies assuming that cookie store is already updated by Interceptors - List cookies = cookieStore.get(newUri); - if (!cookies.isEmpty()) { - for (Cookie cookie : cookies) { - requestBuilder.addOrReplaceCookie(cookie); - } + for (Cookie cookie : cookieStore.get(newUri)) { + requestBuilder.addCookieIfUnset(cookie); } } diff --git a/client/src/test/java/org/asynchttpclient/RequestBuilderTest.java b/client/src/test/java/org/asynchttpclient/RequestBuilderTest.java index 024fce5f1..34e79121d 100644 --- a/client/src/test/java/org/asynchttpclient/RequestBuilderTest.java +++ b/client/src/test/java/org/asynchttpclient/RequestBuilderTest.java @@ -166,6 +166,40 @@ public void testAddOrReplaceCookies() { assertEquals(requestBuilder.cookies.size(), 2, "cookie size must be 2 after adding 1 more cookie i.e. cookie3"); } + @RepeatedIfExceptionsTest(repeats = 5) + public void testAddIfUnsetCookies() { + RequestBuilder requestBuilder = new RequestBuilder(); + Cookie cookie = new DefaultCookie("name", "value"); + cookie.setDomain("google.com"); + cookie.setPath("/"); + cookie.setMaxAge(1000); + cookie.setSecure(true); + cookie.setHttpOnly(true); + requestBuilder.addCookieIfUnset(cookie); + assertEquals(requestBuilder.cookies.size(), 1, "cookies size should be 1 after adding one cookie"); + assertEquals(requestBuilder.cookies.get(0), cookie, "cookie does not match"); + + Cookie cookie2 = new DefaultCookie("name", "value"); + cookie2.setDomain("google2.com"); + cookie2.setPath("/path"); + cookie2.setMaxAge(1001); + cookie2.setSecure(false); + cookie2.setHttpOnly(false); + + requestBuilder.addCookieIfUnset(cookie2); + assertEquals(requestBuilder.cookies.size(), 1, "cookies size should remain 1 as we just ignored cookie2 because of a cookie with same name"); + assertEquals(requestBuilder.cookies.get(0), cookie, "cookie does not match"); + + Cookie cookie3 = new DefaultCookie("name2", "value"); + cookie3.setDomain("google.com"); + cookie3.setPath("/"); + cookie3.setMaxAge(1000); + cookie3.setSecure(true); + cookie3.setHttpOnly(true); + requestBuilder.addCookieIfUnset(cookie3); + assertEquals(requestBuilder.cookies.size(), 2, "cookie size must be 2 after adding 1 more cookie i.e. cookie3"); + } + @RepeatedIfExceptionsTest(repeats = 5) public void testSettingQueryParamsBeforeUrlShouldNotProduceNPE() { RequestBuilder requestBuilder = new RequestBuilder(); From 6bd376ad336a237ef02a632df0042d4eb22e2d32 Mon Sep 17 00:00:00 2001 From: Aayush Atharva Date: Mon, 2 Dec 2024 21:40:34 +0530 Subject: [PATCH 15/51] Prepare for v3.0.1 release (#2040) --- README.md | 4 ++-- client/pom.xml | 2 +- pom.xml | 5 ++--- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 21a20ebbe..4ae651b75 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Maven: org.asynchttpclient async-http-client - 3.0.0 + 3.0.1 ``` @@ -28,7 +28,7 @@ Maven: Gradle: ```groovy dependencies { - implementation 'org.asynchttpclient:async-http-client:3.0.0' + implementation 'org.asynchttpclient:async-http-client:3.0.1' } ``` diff --git a/client/pom.xml b/client/pom.xml index 71b945bdd..58dcd0aad 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -19,7 +19,7 @@ org.asynchttpclient async-http-client-project - 3.0.0 + 3.0.1 4.0.0 diff --git a/pom.xml b/pom.xml index fb1a841a6..d02f7c7ee 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ org.asynchttpclient async-http-client-project - 3.0.0 + 3.0.1 pom AHC/Project @@ -368,10 +368,9 @@ org.apache.maven.plugins maven-source-plugin - 3.3.1 + 3.2.1 - attach-sources jar-no-fork From 549ea34d0cb814595b79cd64af5a31238d374da1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 02:52:24 +0530 Subject: [PATCH 16/51] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.33 to 10.1.34 (#2044) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.33 to 10.1.34.
Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | org.apache.tomcat.embed:tomcat-embed-core | [>= 11.a0, < 12] |
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.33&new-version=10.1.34)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index 58dcd0aad..b2e551d5a 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.33 + 10.1.34 2.18.0 4.11.0 3.0 From 6c6c8125ec59cf4e1bfbae9fa4ef224d91c77add Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 22:56:10 +0530 Subject: [PATCH 17/51] Bump brotli4j.version from 1.17.0 to 1.18.0 (#2045) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `brotli4j.version` from 1.17.0 to 1.18.0. Updates `com.aayushatharva.brotli4j:brotli4j` from 1.17.0 to 1.18.0
Release notes

Sourced from com.aayushatharva.brotli4j:brotli4j's releases.

Brotli4j v1.18.0 Release

What's Changed

New Contributors

Full Changelog: https://github.com/hyperxpro/Brotli4j/compare/v1.17.0...v1.18.0

Commits
  • 3c271d5 Prepare for v1.18.0 release (#192)
  • f280107 Avoid unintended garbage collection of raw data in PreparedDictionaryImpl (#190)
  • 160890b Bump io.netty:netty-buffer from 4.1.114.Final to 4.1.115.Final (#188)
  • 0536a9d Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.1 to 3.11.1 (#186)
  • e4cf7db Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.1 to 3.5.2 (#187)
  • 66ec7d2 Update JUnit to 5.11.3 (#185)
  • 6d11b04 Bump org.codehaus.mojo:exec-maven-plugin from 3.4.1 to 3.5.0 (#181)
  • 107cb5b Bump uraimo/run-on-arch-action from 2.7.2 to 2.8.1 (#180)
  • 32e3d38 Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.0 to 3.5.1 (#179)
  • 4bcee08 Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.0 to 3.10.1 (#177)
  • Additional commits viewable in compare view

Updates `com.aayushatharva.brotli4j:native-linux-x86_64` from 1.17.0 to 1.18.0 Updates `com.aayushatharva.brotli4j:native-linux-aarch64` from 1.17.0 to 1.18.0 Updates `com.aayushatharva.brotli4j:native-linux-riscv64` from 1.17.0 to 1.18.0 Updates `com.aayushatharva.brotli4j:native-osx-x86_64` from 1.17.0 to 1.18.0 Updates `com.aayushatharva.brotli4j:native-osx-aarch64` from 1.17.0 to 1.18.0 Updates `com.aayushatharva.brotli4j:native-windows-x86_64` from 1.17.0 to 1.18.0 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d02f7c7ee..7845d63e4 100644 --- a/pom.xml +++ b/pom.xml @@ -47,7 +47,7 @@ 4.1.115.Final 0.0.25.Final - 1.17.0 + 1.18.0 2.0.16 1.5.6-8 2.0.1 From a3fd14e4069b2252ceb4c95e0ee7416740bc9597 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Dec 2024 19:11:09 +0530 Subject: [PATCH 18/51] Bump netty.version from 4.1.115.Final to 4.1.116.Final (#2049) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `netty.version` from 4.1.115.Final to 4.1.116.Final. Updates `io.netty:netty-buffer` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-http` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-socks` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler-proxy` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-common` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-resolver-dns` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-epoll` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-kqueue` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7845d63e4..338c5cd02 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 11 UTF-8 - 4.1.115.Final + 4.1.116.Final 0.0.25.Final 1.18.0 2.0.16 From ab89c7c4c26ca4aab803d49bff1f5c92aa66dd7d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 20:56:32 +0530 Subject: [PATCH 19/51] Bump io.netty.incubator:netty-incubator-transport-native-io_uring from 0.0.25.Final to 0.0.26.Final (#2052) Bumps [io.netty.incubator:netty-incubator-transport-native-io_uring](https://github.com/netty/netty-incubator-transport-io_uring) from 0.0.25.Final to 0.0.26.Final.
Commits
  • 83607a9 [maven-release-plugin] prepare release netty-incubator-transport-parent-io_ur...
  • 360fc05 Update to netty 4.1.116.Final (#767) (#262)
  • 385823d Bump dawidd6/action-download-artifact from 3.0.0 to 6 in /.github/workflows (...
  • 2796864 Update dependencies (#259)
  • c2962b7 Explicit specify the platform for Docker files (#258)
  • 0e9c440 Add devcontainers for Linux (#257)
  • 6a3704b Update to netty 4.1.114.Final (#256)
  • 65b4234 Upgrade netty and netty-tcnative-boringssl-static (#255)
  • 4b74bc1 Upload hidden files for staging (#254)
  • b05fe91 Replace docker-compose with docker compose (#253)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.netty.incubator:netty-incubator-transport-native-io_uring&package-manager=maven&previous-version=0.0.25.Final&new-version=0.0.26.Final)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 338c5cd02..c01de9918 100644 --- a/pom.xml +++ b/pom.xml @@ -46,7 +46,7 @@ UTF-8 4.1.116.Final - 0.0.25.Final + 0.0.26.Final 1.18.0 2.0.16 1.5.6-8 From 998f15c18c5b19f2f065617e2852cc159d792a0a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 01:38:47 +0530 Subject: [PATCH 20/51] Bump com.uber.nullaway:nullaway from 0.12.1 to 0.12.3 (#2055) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [com.uber.nullaway:nullaway](https://github.com/uber/NullAway) from 0.12.1 to 0.12.3.
Release notes

Sourced from com.uber.nullaway:nullaway's releases.

NullAway 0.12.3

  • Remove InferredJARModelsHandler (#1079)
  • Fix crash with annotation on enum (#1097)
  • Handle case null in switch statements (#1100)
  • Don't report errors for writes to @​NullUnmarked fields (#1102)
  • Support primitive static final fields as constant args in access paths (#1105)
  • Fix issue with annotations in module-info.java files (#1109)
  • Report error for @​nullable synchronized block expression (#1106)
  • Add support for parameter types with wildcards for JarInfer (#1107)
  • Properly handle nested generics and multiple wildcard type args in JarInfer (#1114)
  • Proper checking of vararg overrides with JSpecify annotations (#1116)
  • Add flag to indicate only @​NullMarked code should be checked (#1117)
  • Add support for static fields in contracts (#1118)
  • Maintenance
    • Fix comment positions (#1098)
    • [refactoring] Wrap calls to Types.subst and Types.memberType (#1115)
    • Build latest Caffeine on CI (#1111)

NullAway 0.12.2

  • Fix reading of JSpecify @​nullable annotations from varargs parameter in bytecode (#1089)
  • Fix JarInfer handling of generic types (#1078)
  • Fix another JSpecify mode crash involving raw types (#1086)
  • Fix bugs in handling of valueOf calls for map keys (#1085)
  • Suggest correct fix when array component of non-nullable array is made null. (#1087)
  • Substitute type arguments when checking type parameter nullability at call site (#1070)
  • Fix JarInfer parameter indexes for instance methods (#1071)
  • JSpecify mode: initial support for generic methods (with explicit type arguments at calls) (#1053)
  • Maintenance
    • Update to latest Error Prone and Error Prone Gradle plugin (#1064)
    • Refactor serialization adapter retrieval by version (#1066)
    • Remove fixes.tsv serialization from NullAway serialization service (#1063)
    • Enable javac -parameters flag (#1069)
    • Update to Gradle 8.11 (#1073)
    • Add test for issue 1035 (#1074)
    • remove use of deprecated Gradle API (#1076)
    • Update to Error Prone 2.36.0 (#1077)
Changelog

Sourced from com.uber.nullaway:nullaway's changelog.

Version 0.12.3

  • Remove InferredJARModelsHandler (#1079)
  • Fix crash with annotation on enum (#1097)
  • Handle case null in switch statements (#1100)
  • Don't report errors for writes to @​NullUnmarked fields (#1102)
  • Support primitive static final fields as constant args in access paths (#1105)
  • Fix issue with annotations in module-info.java files (#1109)
  • Report error for @​nullable synchronized block expression (#1106)
  • Add support for parameter types with wildcards for JarInfer (#1107)
  • Properly handle nested generics and multiple wildcard type args in JarInfer (#1114)
  • Proper checking of vararg overrides with JSpecify annotations (#1116)
  • Add flag to indicate only @​NullMarked code should be checked (#1117)
  • Add support for static fields in contracts (#1118)
  • Maintenance
    • Fix comment positions (#1098)
    • [refactoring] Wrap calls to Types.subst and Types.memberType (#1115)
    • Build latest Caffeine on CI (#1111)

Version 0.12.2

  • Fix reading of JSpecify @​nullable annotations from varargs parameter in bytecode (#1089)
  • Fix JarInfer handling of generic types (#1078)
  • Fix another JSpecify mode crash involving raw types (#1086)
  • Fix bugs in handling of valueOf calls for map keys (#1085)
  • Suggest correct fix when array component of non-nullable array is made null. (#1087)
  • Substitute type arguments when checking type parameter nullability at call site (#1070)
  • Fix JarInfer parameter indexes for instance methods (#1071)
  • JSpecify mode: initial support for generic methods (with explicit type arguments at calls) (#1053)
  • Maintenance
    • Update to latest Error Prone and Error Prone Gradle plugin (#1064)
    • Refactor serialization adapter retrieval by version (#1066)
    • Remove fixes.tsv serialization from NullAway serialization service (#1063)
    • Enable javac -parameters flag (#1069)
    • Update to Gradle 8.11 (#1073)
    • Add test for issue 1035 (#1074)
    • remove use of deprecated Gradle API (#1076)
    • Update to Error Prone 2.36.0 (#1077)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.uber.nullaway:nullaway&package-manager=maven&previous-version=0.12.1&new-version=0.12.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c01de9918..8a442dd59 100644 --- a/pom.xml +++ b/pom.xml @@ -327,7 +327,7 @@ com.uber.nullaway nullaway - 0.12.1 + 0.12.3 From f75dfbe8c2c7d20743dd98707d21eafeed48525e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 01:39:01 +0530 Subject: [PATCH 21/51] Bump ch.qos.logback:logback-classic from 1.5.12 to 1.5.16 (#2054) Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.12 to 1.5.16.
Commits
  • 74c9ebd prepare release 1.5.16
  • 9308a58 javadocs structure changed
  • 8935470 adapt test to SLF4J version 2.0.16
  • cb60369 addded StubEventEvaluator as default class for evaluator element so as to dir...
  • 1da2f17 bump jxr version
  • 5bde644 bump slf4j version to 2.0.16
  • aa2ebae remove stax related code
  • 80db86b fix issues/860
  • a8a2303 start work on 1.5.16-SNAPSHOT
  • bf14c2c minor javadoc update
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ch.qos.logback:logback-classic&package-manager=maven&previous-version=1.5.12&new-version=1.5.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8a442dd59..8dfad9c98 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ 2.0.16 1.5.6-8 2.0.1 - 1.5.12 + 1.5.16 26.0.1 From bf63baf04ca17e2a94adb356bcc42f2acbc51847 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 01:39:14 +0530 Subject: [PATCH 22/51] Bump org.junit:junit-bom from 5.11.3 to 5.11.4 (#2046) Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.11.3 to 5.11.4.
Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.11.4 = Platform 1.11.4 + Jupiter 5.11.4 + Vintage 5.11.4

See Release Notes.

Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.3...r5.11.4

Commits
  • 6430ba4 Release 5.11.4
  • d093121 Finalize 5.11.4 release notes
  • 0444353 Fix Maven integration tests on JDK 24
  • b5c7f4e Move #4153 to 5.11.4 release notes
  • b20c4e2 Ensure the XMLStreamWriter is closed after use
  • 6376f0a Configure Git username and email
  • 2b485c4 Set reference repo URI
  • 500b5a0 Inject username and password via new DSL
  • d671961 Update plugin gitPublish to v5
  • 3d11279 Add JAVA_25 to JRE enum
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit:junit-bom&package-manager=maven&previous-version=5.11.3&new-version=5.11.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8dfad9c98..c83b5794a 100644 --- a/pom.xml +++ b/pom.xml @@ -105,7 +105,7 @@ org.junit junit-bom - 5.11.3 + 5.11.4 pom import From 86c2176dfb8cb93f246ff8a134906afac6982d74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 2 Feb 2025 03:54:12 +0530 Subject: [PATCH 23/51] Bump org.jetbrains:annotations from 26.0.1 to 26.0.2 (#2058) Bumps [org.jetbrains:annotations](https://github.com/JetBrains/java-annotations) from 26.0.1 to 26.0.2.
Release notes

Sourced from org.jetbrains:annotations's releases.

26.0.2

  • Fixed missing klibs for apple artifacts.
Changelog

Sourced from org.jetbrains:annotations's changelog.

Version 26.0.2

  • Fixed missing klibs for apple artifacts.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jetbrains:annotations&package-manager=maven&previous-version=26.0.1&new-version=26.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c83b5794a..52d768182 100644 --- a/pom.xml +++ b/pom.xml @@ -52,7 +52,7 @@ 1.5.6-8 2.0.1 1.5.16 - 26.0.1 + 26.0.2 From 390c26b0890ca381b8865295801156e8e945ca98 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 2 Feb 2025 03:54:19 +0530 Subject: [PATCH 24/51] Bump com.github.luben:zstd-jni from 1.5.6-8 to 1.5.6-9 (#2057) Bumps [com.github.luben:zstd-jni](https://github.com/luben/zstd-jni) from 1.5.6-8 to 1.5.6-9.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.luben:zstd-jni&package-manager=maven&previous-version=1.5.6-8&new-version=1.5.6-9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 52d768182..71240c309 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 0.0.26.Final 1.18.0 2.0.16 - 1.5.6-8 + 1.5.6-9 2.0.1 1.5.16 26.0.2 From eef8d9374b411d2bf0f42bf6452ee3b0333915c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 2 Feb 2025 03:54:26 +0530 Subject: [PATCH 25/51] Bump netty.version from 4.1.116.Final to 4.1.117.Final (#2056) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps `netty.version` from 4.1.116.Final to 4.1.117.Final. Updates `io.netty:netty-buffer` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-http` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-socks` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler-proxy` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-common` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-resolver-dns` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-epoll` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-kqueue` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 71240c309..9dfe832a7 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 11 UTF-8 - 4.1.116.Final + 4.1.117.Final 0.0.26.Final 1.18.0 2.0.16 From a4a3746b6461181221513870dded579cb041e4bc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Feb 2025 03:23:19 +0530 Subject: [PATCH 26/51] Bump netty.version from 4.1.117.Final to 4.1.118.Final (#2060) Bumps `netty.version` from 4.1.117.Final to 4.1.118.Final. Updates `io.netty:netty-buffer` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-http` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-socks` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler-proxy` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-common` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-resolver-dns` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-epoll` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-kqueue` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9dfe832a7..68d95dc04 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 11 UTF-8 - 4.1.117.Final + 4.1.118.Final 0.0.26.Final 1.18.0 2.0.16 From 6fa2efd3f9af636bf192a452698044a9829cf8ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Feb 2025 03:23:35 +0530 Subject: [PATCH 27/51] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.34 to 10.1.35 (#2061) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.34 to 10.1.35.
Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | org.apache.tomcat.embed:tomcat-embed-core | [>= 11.a0, < 12] |
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.34&new-version=10.1.35)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index b2e551d5a..f035ac57c 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.34 + 10.1.35 2.18.0 4.11.0 3.0 From 6c2cc553201581eb5a0ec348f67b064ae32c770f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Feb 2025 03:23:45 +0530 Subject: [PATCH 28/51] Bump io.github.nettyplus:netty-leak-detector-junit-extension from 0.0.5 to 0.0.6 (#2062) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [io.github.nettyplus:netty-leak-detector-junit-extension](https://github.com/nettyplus/netty-leak-detector-junit-extension) from 0.0.5 to 0.0.6.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.github.nettyplus:netty-leak-detector-junit-extension&package-manager=maven&previous-version=0.0.5&new-version=0.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 68d95dc04..8ea2684ca 100644 --- a/pom.xml +++ b/pom.xml @@ -112,7 +112,7 @@ io.github.nettyplus netty-leak-detector-junit-extension - 0.0.5 + 0.0.6 From 3972890fbb63ae96faafc7e1892416915b619fd6 Mon Sep 17 00:00:00 2001 From: sullis Date: Thu, 13 Feb 2025 14:05:52 -0800 Subject: [PATCH 29/51] netty leak detector 0.0.6 (#2059) Co-authored-by: Aayush Atharva From 11a15c388a930515eefc93f03fd0997200481b7d Mon Sep 17 00:00:00 2001 From: sullis Date: Sat, 15 Feb 2025 21:34:21 -0800 Subject: [PATCH 30/51] enable leak detection in AutomaticDecompressionTest (#2064) use Netty Leak Detector JUnit extension in AutomaticDecompressionTest ``` https://github.com/nettyplus/netty-leak-detector-junit-extension ``` --- .../java/org/asynchttpclient/AutomaticDecompressionTest.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java b/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java index dfd0a9446..0f9843af1 100644 --- a/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java +++ b/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java @@ -22,6 +22,7 @@ import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpHandler; import com.sun.net.httpserver.HttpServer; +import io.github.nettyplus.leakdetector.junit.NettyLeakDetectorExtension; import io.netty.handler.codec.compression.Brotli; import org.junit.jupiter.api.AfterAll; import org.junit.jupiter.api.BeforeAll; @@ -35,9 +36,11 @@ import java.util.List; import java.util.stream.Collectors; import java.util.zip.GZIPOutputStream; +import org.junit.jupiter.api.extension.ExtendWith; import static org.junit.jupiter.api.Assertions.assertEquals; +@ExtendWith(NettyLeakDetectorExtension.class) public class AutomaticDecompressionTest { private static final String UNCOMPRESSED_PAYLOAD = "a".repeat(500); From 182ab1b36b603eeebe85ee05da269f18c710278b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 16 Feb 2025 11:04:37 +0530 Subject: [PATCH 31/51] Bump com.github.luben:zstd-jni from 1.5.6-9 to 1.5.6-10 (#2063) Bumps [com.github.luben:zstd-jni](https://github.com/luben/zstd-jni) from 1.5.6-9 to 1.5.6-10.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.luben:zstd-jni&package-manager=maven&previous-version=1.5.6-9&new-version=1.5.6-10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8ea2684ca..18c754452 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 0.0.26.Final 1.18.0 2.0.16 - 1.5.6-9 + 1.5.6-10 2.0.1 1.5.16 26.0.2 From 600520c9810052c1c80925ed6041795a48e22a18 Mon Sep 17 00:00:00 2001 From: sullis Date: Mon, 17 Feb 2025 08:58:39 -0800 Subject: [PATCH 32/51] use larger payload in AutomaticDecompressionTest (#2065) --- .../java/org/asynchttpclient/AutomaticDecompressionTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java b/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java index 0f9843af1..8f57ffb88 100644 --- a/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java +++ b/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java @@ -42,7 +42,7 @@ @ExtendWith(NettyLeakDetectorExtension.class) public class AutomaticDecompressionTest { - private static final String UNCOMPRESSED_PAYLOAD = "a".repeat(500); + private static final String UNCOMPRESSED_PAYLOAD = "a".repeat(50_000); private static HttpServer HTTP_SERVER; From f19415223262b3333212652aeae47040dc006919 Mon Sep 17 00:00:00 2001 From: Jason Joo Date: Mon, 10 Mar 2025 03:09:46 +0800 Subject: [PATCH 33/51] fix: inappropriate connection reuse when using HTTP proxy if the initial CONNECT failed (#2072) # What This MR Resolves A CONNECT request is needed to sent to the HTTP proxy first before the actual client request to establish the tunnel on the proxy. A `HTTP/1.1 200 Connection established` is expected for the initial CONNECT request. Only when the CONNECT is successful, the client continues sending the actual request through the "tunnel". And when CONNECT failed, the connection remains the initial state `unconnected`. There are following circumstances that a CONNECT fails under but not limited to following situations: - The destination is not whitelisted. - The dest domain can't be resolved(timeout/SERVFAIL/NX/etc.). - The dest IP can't be connected(timeout/unreachable/etc.). There could be 2 following strategies to deal with CONNECT failures on the client side: 1. Close the connection before return to the caller. 2. Mark this connection "unconnected" and put it into the pool. Then retry the CONNECT next time it's picked out of the pool. The 2nd one needs to add extra state to Channel in the manager which brings bigger change to the code. This MR employs the 1st strategy to resolve it. The issue is described in #2071 . # Readings The CONNECT is documented in `Section 5.3` in RFC2871: https://www.ietf.org/rfc/rfc2817.txt The proxy won't actively terminate the connection if the CONNECT failed if keep-alive is enabled. Unless the tunnel is established and there is any communication failures in the middle. Therefore the client needs to deal with this error by its own. Signed-off-by: Jason Joo --- .../netty/handler/HttpHandler.java | 11 +++-- .../asynchttpclient/proxy/HttpsProxyTest.java | 45 ++++++++++++++++++- 2 files changed, 52 insertions(+), 4 deletions(-) diff --git a/client/src/main/java/org/asynchttpclient/netty/handler/HttpHandler.java b/client/src/main/java/org/asynchttpclient/netty/handler/HttpHandler.java index 06ec46a2b..99a23c7e9 100755 --- a/client/src/main/java/org/asynchttpclient/netty/handler/HttpHandler.java +++ b/client/src/main/java/org/asynchttpclient/netty/handler/HttpHandler.java @@ -21,6 +21,7 @@ import io.netty.handler.codec.DecoderResultProvider; import io.netty.handler.codec.http.HttpContent; import io.netty.handler.codec.http.HttpHeaders; +import io.netty.handler.codec.http.HttpMethod; import io.netty.handler.codec.http.HttpRequest; import io.netty.handler.codec.http.HttpResponse; import io.netty.handler.codec.http.LastHttpContent; @@ -32,6 +33,7 @@ import org.asynchttpclient.netty.NettyResponseStatus; import org.asynchttpclient.netty.channel.ChannelManager; import org.asynchttpclient.netty.request.NettyRequestSender; +import org.asynchttpclient.util.HttpConstants.ResponseStatusCodes; import java.io.IOException; import java.net.InetSocketAddress; @@ -43,8 +45,11 @@ public HttpHandler(AsyncHttpClientConfig config, ChannelManager channelManager, super(config, channelManager, requestSender); } - private static boolean abortAfterHandlingStatus(AsyncHandler handler, NettyResponseStatus status) throws Exception { - return handler.onStatusReceived(status) == State.ABORT; + private static boolean abortAfterHandlingStatus(AsyncHandler handler, HttpMethod httpMethod, NettyResponseStatus status) throws Exception { + // For non-200 response of a CONNECT request, it's still unconnected. + // We need to either close the connection or reuse it but send CONNECT request again. + // The former one is easier or we have to attach more state to Channel. + return handler.onStatusReceived(status) == State.ABORT || httpMethod == HttpMethod.CONNECT && status.getStatusCode() != ResponseStatusCodes.OK_200; } private static boolean abortAfterHandlingHeaders(AsyncHandler handler, HttpHeaders responseHeaders) throws Exception { @@ -61,7 +66,7 @@ private void handleHttpResponse(final HttpResponse response, final Channel chann HttpHeaders responseHeaders = response.headers(); if (!interceptors.exitAfterIntercept(channel, future, handler, response, status, responseHeaders)) { - boolean abort = abortAfterHandlingStatus(handler, status) || abortAfterHandlingHeaders(handler, responseHeaders); + boolean abort = abortAfterHandlingStatus(handler, httpRequest.method(), status) || abortAfterHandlingHeaders(handler, responseHeaders); if (abort) { finishUpdate(future, channel, true); } diff --git a/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java b/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java index 6c4109aec..011f15d78 100644 --- a/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java +++ b/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java @@ -13,14 +13,21 @@ package org.asynchttpclient.proxy; import io.github.artsok.RepeatedIfExceptionsTest; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; + import org.asynchttpclient.AbstractBasicTest; import org.asynchttpclient.AsyncHttpClient; import org.asynchttpclient.AsyncHttpClientConfig; import org.asynchttpclient.RequestBuilder; import org.asynchttpclient.Response; +import org.asynchttpclient.proxy.ProxyServer.Builder; import org.asynchttpclient.request.body.generator.ByteArrayBodyGenerator; import org.asynchttpclient.test.EchoHandler; +import org.asynchttpclient.util.HttpConstants; import org.eclipse.jetty.proxy.ConnectHandler; +import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; import org.eclipse.jetty.server.handler.AbstractHandler; @@ -37,6 +44,8 @@ import static org.asynchttpclient.test.TestUtils.addHttpsConnector; import static org.junit.jupiter.api.Assertions.assertEquals; +import java.io.IOException; + /** * Proxy usage tests. */ @@ -46,7 +55,7 @@ public class HttpsProxyTest extends AbstractBasicTest { @Override public AbstractHandler configureHandler() throws Exception { - return new ConnectHandler(); + return new ProxyHandler(); } @Override @@ -142,4 +151,38 @@ public void testPooledConnectionsWithProxy() throws Exception { assertEquals(200, response2.getStatusCode()); } } + + @RepeatedIfExceptionsTest(repeats = 5) + public void testFailedConnectWithProxy() throws Exception { + try (AsyncHttpClient asyncHttpClient = asyncHttpClient(config().setFollowRedirect(true).setUseInsecureTrustManager(true).setKeepAlive(true))) { + Builder proxyServer = proxyServer("localhost", port1); + proxyServer.setCustomHeaders(r -> r.getHeaders().add(ProxyHandler.HEADER_FORBIDDEN, "1")); + RequestBuilder rb = get(getTargetUrl2()).setProxyServer(proxyServer); + + Response response1 = asyncHttpClient.executeRequest(rb.build()).get(); + assertEquals(403, response1.getStatusCode()); + + Response response2 = asyncHttpClient.executeRequest(rb.build()).get(); + assertEquals(403, response2.getStatusCode()); + + Response response3 = asyncHttpClient.executeRequest(rb.build()).get(); + assertEquals(403, response3.getStatusCode()); + } + } + + public static class ProxyHandler extends ConnectHandler { + final static String HEADER_FORBIDDEN = "X-REJECT-REQUEST"; + + @Override + public void handle(String s, Request r, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { + if (HttpConstants.Methods.CONNECT.equalsIgnoreCase(request.getMethod())) { + if (request.getHeader(HEADER_FORBIDDEN) != null) { + response.setStatus(HttpServletResponse.SC_FORBIDDEN); + r.setHandled(true); + return; + } + } + super.handle(s, r, request, response); + } + } } From c06dcab48c85bb84f071124a97898d56130dbcc6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Mar 2025 00:40:16 +0530 Subject: [PATCH 34/51] Bump org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.14.0 (#2069) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.13.0 to 3.14.0.
Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.14.0

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

👻 Maintenance

🔧 Build

Commits
  • b5e7d9b [maven-release-plugin] prepare release maven-compiler-plugin-3.14.0
  • 9134f12 Enable GitHub Issues
  • 19b8b12 Update scm tag according to branch
  • 09dce4e [MCOMPILER-579] allow module-version configuration (#273)
  • f7c3c5f Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.4.0
  • 764a54b [MNGSITE-529] Rename "Goals" to "Plugin Documentation"
  • cfacbc1 PR Automation only on close event
  • 5c26bba Use JUnit version from parent
  • 5449407 [MCOMPILER-529] Update docs about version schema (Maven 3)
  • 01d5b88 Bump mavenVersion from 3.6.3 to 3.9.9 (#283)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-compiler-plugin&package-manager=maven&previous-version=3.13.0&new-version=3.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 18c754452..6393a3ac5 100644 --- a/pom.xml +++ b/pom.xml @@ -293,7 +293,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.13.0 + 3.14.0 11 11 From 8f314527ffa7fa091f8cb115f7012ae01b9cc7f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Mar 2025 00:40:29 +0530 Subject: [PATCH 35/51] Bump com.github.luben:zstd-jni from 1.5.6-10 to 1.5.7-1 (#2067) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [com.github.luben:zstd-jni](https://github.com/luben/zstd-jni) from 1.5.6-10 to 1.5.7-1.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.luben:zstd-jni&package-manager=maven&previous-version=1.5.6-10&new-version=1.5.7-1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6393a3ac5..bc92eb92e 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 0.0.26.Final 1.18.0 2.0.16 - 1.5.6-10 + 1.5.7-1 2.0.1 1.5.16 26.0.2 From 8189c92e5ab1e2a34d326cdc13d66de02b99ce67 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Mar 2025 00:40:43 +0530 Subject: [PATCH 36/51] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.35 to 10.1.36 (#2066) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.35 to 10.1.36.
Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | org.apache.tomcat.embed:tomcat-embed-core | [>= 11.a0, < 12] |
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.35&new-version=10.1.36)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index f035ac57c..826ee0db8 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.35 + 10.1.36 2.18.0 4.11.0 3.0 From a9a3a7eb5a1df87fb2a5b5fd23eeb7519435ab4a Mon Sep 17 00:00:00 2001 From: Jason Joo Date: Sat, 15 Mar 2025 01:50:47 +0800 Subject: [PATCH 37/51] fix: send CONNECT first when recovering a HTTPS request (#2077) # Issue description AHC has retry mechanism enabled with up to 5 attempts by default. But the initial CONNECT is omitted when recovering the HTTPS requests with IO exceptions. This MR fixes this issue and guarantees the proper workflow in retries. It's related to #2071 and fixes a different failing case. # How the issue is fixed * For any new connections, make sure there is an initial CONNECT for WebSocket/HTTPS request. * For the condition check that a CONNECT has been sent, make sure the connection the current future attaches is reusable/active. # Unit test IOException has various reasons but in the unit test, we emulate it by closing the connection after receiving the CONNECT request. The internal recovery process will retry another 4 times, and through an IOException eventually. Signed-off-by: Jason Joo --- .../netty/request/NettyRequestSender.java | 29 +++++++++++++----- .../asynchttpclient/proxy/HttpsProxyTest.java | 30 +++++++++++++++++-- 2 files changed, 50 insertions(+), 9 deletions(-) diff --git a/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestSender.java b/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestSender.java index 9fff868b2..b66dd713d 100755 --- a/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestSender.java +++ b/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestSender.java @@ -97,6 +97,13 @@ public NettyRequestSender(AsyncHttpClientConfig config, ChannelManager channelMa requestFactory = new NettyRequestFactory(config); } + // needConnect returns true if the request is secure/websocket and a HTTP proxy is set + private boolean needConnect(final Request request, final ProxyServer proxyServer) { + return proxyServer != null + && proxyServer.getProxyType().isHttp() + && (request.getUri().isSecured() || request.getUri().isWebSocket()); + } + public ListenableFuture sendRequest(final Request request, final AsyncHandler asyncHandler, NettyResponseFuture future) { if (isClosed()) { throw new IllegalStateException("Closed"); @@ -106,9 +113,7 @@ public ListenableFuture sendRequest(final Request request, final AsyncHan ProxyServer proxyServer = getProxyServer(config, request); // WebSockets use connect tunneling to work with proxies - if (proxyServer != null && proxyServer.getProxyType().isHttp() && - (request.getUri().isSecured() || request.getUri().isWebSocket()) && - !isConnectAlreadyDone(request, future)) { + if (needConnect(request, proxyServer) && !isConnectAlreadyDone(request, future)) { // Proxy with HTTPS or WebSocket: CONNECT for sure if (future != null && future.isConnectAllowed()) { // Perform CONNECT @@ -125,6 +130,8 @@ public ListenableFuture sendRequest(final Request request, final AsyncHan private static boolean isConnectAlreadyDone(Request request, NettyResponseFuture future) { return future != null + // If the channel can't be reused or closed, a CONNECT is still required + && future.isReuseChannel() && Channels.isChannelActive(future.channel()) && future.getNettyRequest() != null && future.getNettyRequest().getHttpRequest().method() == HttpMethod.CONNECT && !request.getMethod().equals(CONNECT); @@ -137,11 +144,19 @@ private static boolean isConnectAlreadyDone(Request request, NettyResponseFuture */ private ListenableFuture sendRequestWithCertainForceConnect(Request request, AsyncHandler asyncHandler, NettyResponseFuture future, ProxyServer proxyServer, boolean performConnectRequest) { - NettyResponseFuture newFuture = newNettyRequestAndResponseFuture(request, asyncHandler, future, proxyServer, performConnectRequest); Channel channel = getOpenChannel(future, request, proxyServer, asyncHandler); - return Channels.isChannelActive(channel) - ? sendRequestWithOpenChannel(newFuture, asyncHandler, channel) - : sendRequestWithNewChannel(request, proxyServer, newFuture, asyncHandler); + if (Channels.isChannelActive(channel)) { + NettyResponseFuture newFuture = newNettyRequestAndResponseFuture(request, asyncHandler, future, + proxyServer, performConnectRequest); + return sendRequestWithOpenChannel(newFuture, asyncHandler, channel); + } else { + // A new channel is not expected when performConnectRequest is false. We need to + // revisit the condition of sending + // the CONNECT request to the new channel. + NettyResponseFuture newFuture = newNettyRequestAndResponseFuture(request, asyncHandler, future, + proxyServer, needConnect(request, proxyServer)); + return sendRequestWithNewChannel(request, proxyServer, newFuture, asyncHandler); + } } /** diff --git a/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java b/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java index 011f15d78..9bd5ca911 100644 --- a/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java +++ b/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java @@ -13,6 +13,7 @@ package org.asynchttpclient.proxy; import io.github.artsok.RepeatedIfExceptionsTest; +import io.netty.handler.codec.http.DefaultHttpHeaders; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; @@ -43,8 +44,10 @@ import static org.asynchttpclient.test.TestUtils.addHttpConnector; import static org.asynchttpclient.test.TestUtils.addHttpsConnector; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrowsExactly; import java.io.IOException; +import java.util.concurrent.ExecutionException; /** * Proxy usage tests. @@ -156,7 +159,7 @@ public void testPooledConnectionsWithProxy() throws Exception { public void testFailedConnectWithProxy() throws Exception { try (AsyncHttpClient asyncHttpClient = asyncHttpClient(config().setFollowRedirect(true).setUseInsecureTrustManager(true).setKeepAlive(true))) { Builder proxyServer = proxyServer("localhost", port1); - proxyServer.setCustomHeaders(r -> r.getHeaders().add(ProxyHandler.HEADER_FORBIDDEN, "1")); + proxyServer.setCustomHeaders(r -> new DefaultHttpHeaders().set(ProxyHandler.HEADER_FORBIDDEN, "1")); RequestBuilder rb = get(getTargetUrl2()).setProxyServer(proxyServer); Response response1 = asyncHttpClient.executeRequest(rb.build()).get(); @@ -170,16 +173,39 @@ public void testFailedConnectWithProxy() throws Exception { } } + @RepeatedIfExceptionsTest(repeats = 5) + public void testClosedConnectionWithProxy() throws Exception { + try (AsyncHttpClient asyncHttpClient = asyncHttpClient( + config().setFollowRedirect(true).setUseInsecureTrustManager(true).setKeepAlive(true))) { + Builder proxyServer = proxyServer("localhost", port1); + proxyServer.setCustomHeaders(r -> new DefaultHttpHeaders().set(ProxyHandler.HEADER_FORBIDDEN, "2")); + RequestBuilder rb = get(getTargetUrl2()).setProxyServer(proxyServer); + + assertThrowsExactly(ExecutionException.class, () -> asyncHttpClient.executeRequest(rb.build()).get()); + assertThrowsExactly(ExecutionException.class, () -> asyncHttpClient.executeRequest(rb.build()).get()); + assertThrowsExactly(ExecutionException.class, () -> asyncHttpClient.executeRequest(rb.build()).get()); + } + } + public static class ProxyHandler extends ConnectHandler { final static String HEADER_FORBIDDEN = "X-REJECT-REQUEST"; @Override public void handle(String s, Request r, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { if (HttpConstants.Methods.CONNECT.equalsIgnoreCase(request.getMethod())) { - if (request.getHeader(HEADER_FORBIDDEN) != null) { + String headerValue = request.getHeader(HEADER_FORBIDDEN); + if (headerValue == null) { + headerValue = ""; + } + switch (headerValue) { + case "1": response.setStatus(HttpServletResponse.SC_FORBIDDEN); r.setHandled(true); return; + case "2": + r.getHttpChannel().getConnection().close(); + r.setHandled(true); + return; } } super.handle(s, r, request, response); From 4bd02df8668dc03ee9d09805faaaeefca97a038b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 23:21:27 +0530 Subject: [PATCH 38/51] Bump netty.version from 4.1.118.Final to 4.1.119.Final (#2076) Bumps `netty.version` from 4.1.118.Final to 4.1.119.Final. Updates `io.netty:netty-buffer` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-codec-http` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-codec` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-codec-socks` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-handler-proxy` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-common` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-transport` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-handler` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-resolver-dns` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-transport-native-epoll` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-transport-native-kqueue` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index bc92eb92e..d280fa329 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 11 UTF-8 - 4.1.118.Final + 4.1.119.Final 0.0.26.Final 1.18.0 2.0.16 From 0fe2036be2941886d4582878c20f7846f82b24f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 23:21:54 +0530 Subject: [PATCH 39/51] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.36 to 10.1.39 (#2073) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.36 to 10.1.39.
Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | org.apache.tomcat.embed:tomcat-embed-core | [>= 11.a0, < 12] |
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.36&new-version=10.1.39)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index 826ee0db8..7cc99b940 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.36 + 10.1.39 2.18.0 4.11.0 3.0 From acdacfb0701ec62949439b5dad78581ea0b0cf2f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:11:30 +0530 Subject: [PATCH 40/51] Bump crazy-max/ghaction-import-gpg from 6.2.0 to 6.3.0 (#2084) Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 6.2.0 to 6.3.0.
Release notes

Sourced from crazy-max/ghaction-import-gpg's releases.

v6.3.0

Full Changelog: https://github.com/crazy-max/ghaction-import-gpg/compare/v6.2.0...v6.3.0

Commits
  • e89d409 Merge pull request #215 from crazy-max/dependabot/npm_and_yarn/openpgp-6.1.0
  • 9239589 fix README
  • 177db9d chore: update generated content
  • 78b11f3 build(deps): bump openpgp from 5.11.2 to 6.1.0
  • bc96911 Merge pull request #218 from crazy-max/bake-v6
  • b70aa9b ci: update bake-action to v6
  • d690cc9 Merge pull request #212 from crazy-max/dependabot/npm_and_yarn/cross-spawn-7.0.6
  • 9e887f4 Merge pull request #211 from crazy-max/dependabot/github_actions/codecov/code...
  • 442980b ci: fix deprecated codecov input
  • a0098b6 Merge pull request #217 from crazy-max/gha-perms
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crazy-max/ghaction-import-gpg&package-manager=github_actions&previous-version=6.2.0&new-version=6.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a462dc99..b175fa865 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,7 +37,7 @@ jobs: }] - name: Import GPG - uses: crazy-max/ghaction-import-gpg@v6.2.0 + uses: crazy-max/ghaction-import-gpg@v6.3.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.GPG_PASSPHRASE }} From 96840692decab2541c8f13d2dbfbbca35311890f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:11:34 +0530 Subject: [PATCH 41/51] Bump com.uber.nullaway:nullaway from 0.12.3 to 0.12.6 (#2082) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [com.uber.nullaway:nullaway](https://github.com/uber/NullAway) from 0.12.3 to 0.12.6.
Release notes

Sourced from com.uber.nullaway:nullaway's releases.

NullAway 0.12.6

  • JSpecify: view type as super in generic method inference (#1177)
  • Infer @​Nullable type arguments for type variables from unmarked code (#1181)
  • Convert android-jar.py to Python 3 (#1175)
  • Suggest castToNonNull fix for unboxing error (#1182)

NullAway 0.12.5

Version 0.12.4

Better @​MonotonicNonNull support (#1149) Add support for local variables for arrays. (#1146) Ignore Spring Framework 6.2 @​MockitoBean, @​MockitoSpyBean fields (#1147) JSpecify: preserve explicit nullability annotations on type variables when performing substitutions (#1143) Always acknowledge restrictive annotations in JSpecify mode (#1144) Fix printing of array types in JSpecify errors (#1145) Remove need to use JSpecify's @​Nullable annotation (#1142) Handle calls to generic constructors in JSpecify mode (#1141) Properly handle conditional expression within parens as RHS of assignment (#1140) Skip checks involving wildcard generic type arguments (#1137) Update to Gradle 8.12.1 (#1133)

Changelog

Sourced from com.uber.nullaway:nullaway's changelog.

Version 0.12.6

  • JSpecify: view type as super in generic method inference (#1177)
  • Infer @​Nullable type arguments for type variables from unmarked code (#1181)
  • Convert android-jar.py to Python 3 (#1175)
  • Suggest castToNonNull fix for unboxing error (#1182)

Version 0.12.5

Version 0.12.4

  • Better @MonotonicNonNull support (#1149)
  • Add support for local variables for arrays. (#1146)
  • Ignore Spring Framework 6.2 @MockitoBean, @MockitoSpyBean fields (#1147)
  • JSpecify: preserve explicit nullability annotations on type variables when performing substitutions (#1143)
  • Always acknowledge restrictive annotations in JSpecify mode (#1144)
  • Fix printing of array types in JSpecify errors (#1145)
  • Remove need to use JSpecify's @​Nullable annotation (#1142)
  • Handle calls to generic constructors in JSpecify mode (#1141)
  • Properly handle conditional expression within parens as RHS of assignment (#1140)
  • Skip checks involving wildcard generic type arguments (#1137)
  • Update to Gradle 8.12.1 (#1133)
Commits
  • 649f25a Prepare for release 0.12.6.
  • 9369704 Suggest castToNonNull fix for unboxing error (#1182)
  • f1aca1b Convert android-jar.py to Python 3 (#1175)
  • 33588de Infer @Nullable type arguments for type variables from unmarked code (#1181)
  • dd0fe71 JSpecify: view type as super in generic method inference (#1177)
  • 2c8049c Prepare next development version.
  • 9613fb7 Prepare for release 0.12.5.
  • b84feb7 Don't treat @ParametricNullness as @Nullable in JSpecify mode (#1174)
  • 3da2c82 Use proper name for constructors in JarInfer (#1167)
  • 685065a Update to Error Prone 2.37.0 (#1169)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.uber.nullaway:nullaway&package-manager=maven&previous-version=0.12.3&new-version=0.12.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d280fa329..20b284dc0 100644 --- a/pom.xml +++ b/pom.xml @@ -327,7 +327,7 @@ com.uber.nullaway nullaway - 0.12.3 + 0.12.6 From 5977cd39acf22326ae5a8313987e27117c8ffbc0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:11:47 +0530 Subject: [PATCH 42/51] Bump com.github.luben:zstd-jni from 1.5.7-1 to 1.5.7-2 (#2078) Bumps [com.github.luben:zstd-jni](https://github.com/luben/zstd-jni) from 1.5.7-1 to 1.5.7-2.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.luben:zstd-jni&package-manager=maven&previous-version=1.5.7-1&new-version=1.5.7-2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 20b284dc0..9b48a8c0d 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 0.0.26.Final 1.18.0 2.0.16 - 1.5.7-1 + 1.5.7-2 2.0.1 1.5.16 26.0.2 From 1f642ba712f04b8385171107efefae2a44df72fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:11:55 +0530 Subject: [PATCH 43/51] Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.18 (#2080) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.16 to 1.5.18.
Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.18

2025-03-18 Release of logback version 1.5.18

• Added support for XZ compression for archived log files. Note that XZ compression requires Tukaani project's XZ library for Java. In case XZ compression is requested but the XZ library is missing, then logback will substitute GZ compression as a fallback. This feature was requested in issues/755.

• Removed references to java.security.AccessController class. This class has been deprecated for some time and is slated for removal in future JDK versions.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit b2a02f065379a9b1ba5ff837fc08913b744774bc associated with the tag v_1.5.18. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.17

2025-02-25 Release of logback version 1.5.17

• Fixed Jansi 2.4.0 color-coded output not working on Windows CMD.exe console when the default terminal application is set to "Windows Console Host". This problem was reported in issues/753 by Michael Lyubkin.

• Fixed race condition occurring in case MDC class is initialized while org.slf4j.LoggerFactory is initializing logback-classic's LoggerContext. When this race conditions occurs, the MDCAdapter instance used by MDC does not match the instance used by logback-classic. This issue was reported in SLF4J issues/450. While logback-classic version 1.5.17 remains compatible with SLF4J versions in the 2.0.x series, fixing this particular MDC issue requires SLF4J version 2.0.17.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 10358724ed723b3745c010aa40cb02a2dfed4593 associated with the tag v_1.5.17. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • b2a02f0 prepare release 1.5.18
  • 991de58 remove references to AccessController marked for deletion in the JDK
  • f54ab16 If compression mode is XZ but the XZ library is missing, then fallback to GZ ...
  • fb45971 add support for XZ compression
  • 31c1f55 add xz compression support with tests
  • 8968d0f introduce strategy based compression
  • 834059c start work on 1.5.18-SNAPSHOT
  • 1035872 prepare release 1.5.17
  • 2e6984d bump to slf4j version 2.0.17
  • 1009952 use a new LoggerContert instance when running LogbackListenerTest. This shoul...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ch.qos.logback:logback-classic&package-manager=maven&previous-version=1.5.16&new-version=1.5.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9b48a8c0d..98e816c79 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ 2.0.16 1.5.7-2 2.0.1 - 1.5.16 + 1.5.18 26.0.2 From 4fea3f747700475af5abc96e2eaa1b7cb6185366 Mon Sep 17 00:00:00 2001 From: Aayush Atharva Date: Mon, 31 Mar 2025 18:24:04 +0530 Subject: [PATCH 44/51] Disable Dependabot (#2085) Dependabot creates a separate PR for each dependency, which has broken the final release builds many times. It will be disabled for the time being until a better way to manage dependency upgrades is implemented, --- .github/dependabot.yml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index f4538d3c7..000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,17 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file - -version: 2 -updates: - - package-ecosystem: "maven" - directories: - - "/" - schedule: - interval: "daily" - - package-ecosystem: "github-actions" - directories: - - "/" - schedule: - interval: "daily" From 3f1de314d7e340a90929ef7d422eeaed2253b33c Mon Sep 17 00:00:00 2001 From: Aayush Atharva Date: Mon, 31 Mar 2025 19:28:09 +0530 Subject: [PATCH 45/51] Release v3.0.2 (#2086) --- README.md | 4 ++-- client/pom.xml | 2 +- pom.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 4ae651b75..0272134ed 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Maven: org.asynchttpclient async-http-client - 3.0.1 + 3.0.2 ``` @@ -28,7 +28,7 @@ Maven: Gradle: ```groovy dependencies { - implementation 'org.asynchttpclient:async-http-client:3.0.1' + implementation 'org.asynchttpclient:async-http-client:3.0.2' } ``` diff --git a/client/pom.xml b/client/pom.xml index 7cc99b940..749a98ddb 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -19,7 +19,7 @@ org.asynchttpclient async-http-client-project - 3.0.1 + 3.0.2 4.0.0 diff --git a/pom.xml b/pom.xml index 98e816c79..70d09ac53 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ org.asynchttpclient async-http-client-project - 3.0.1 + 3.0.2 pom AHC/Project From 14ee30acf476d52831f7048bf861a4752bb13a08 Mon Sep 17 00:00:00 2001 From: sullis Date: Wed, 2 Apr 2025 12:58:01 -0700 Subject: [PATCH 46/51] netty leak detector 0.0.8 (#2087) https://github.com/nettyplus/netty-leak-detector-junit-extension --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 70d09ac53..4dbe02c1d 100644 --- a/pom.xml +++ b/pom.xml @@ -112,7 +112,7 @@ io.github.nettyplus netty-leak-detector-junit-extension - 0.0.6 + 0.0.8 From 73911ebe4c464588fb10c211a43caeec394d97ca Mon Sep 17 00:00:00 2001 From: Pratik Katti <90851204+pratt4@users.noreply.github.com> Date: Fri, 9 May 2025 23:14:39 +0530 Subject: [PATCH 47/51] Fix NPE race in NettyResponseFuture.cancel (#2042) (#2088) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #2042 This is a typical TOCTOU (time-of-check/time-of-use) race https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use. The NPE was occurring because the channel field could be set to null by another thread between the check and its use: if (channel != null) { // time-of-check Channels.setDiscard(channel); // time-of-use Channels.silentlyCloseChannel(channel); } By copying channel into a local variable in one atomic read, we ensure that—even if another thread changes the field—the local reference remains valid. P.S. It is hard to write a deterministic test that fails consistently, so this PR only includes the code fix. --------- Co-authored-by: prat --- .../org/asynchttpclient/netty/NettyResponseFuture.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/src/main/java/org/asynchttpclient/netty/NettyResponseFuture.java b/client/src/main/java/org/asynchttpclient/netty/NettyResponseFuture.java index c5e4a97d0..c29c0f33d 100755 --- a/client/src/main/java/org/asynchttpclient/netty/NettyResponseFuture.java +++ b/client/src/main/java/org/asynchttpclient/netty/NettyResponseFuture.java @@ -187,10 +187,10 @@ public boolean cancel(boolean force) { return false; } - // cancel could happen before channel was attached - if (channel != null) { - Channels.setDiscard(channel); - Channels.silentlyCloseChannel(channel); + final Channel ch = channel; //atomic read, so that it won't end up in TOCTOU + if (ch != null) { + Channels.setDiscard(ch); + Channels.silentlyCloseChannel(ch); } if (ON_THROWABLE_CALLED_FIELD.getAndSet(this, 1) == 0) { From 6ac1cccad93bf617200f6a87f9790de273529256 Mon Sep 17 00:00:00 2001 From: Aayush Atharva Date: Sun, 11 May 2025 04:58:54 +0530 Subject: [PATCH 48/51] Add japicmp (#2091) --- .github/workflows/builds.yml | 26 +++++++++++++++++++++----- pom.xml | 28 ++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 5 deletions(-) diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index 6a59bde6c..2586cf3c6 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -5,34 +5,50 @@ on: - cron: '0 12 * * *' jobs: + Verify: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Grant Permission + run: chmod +x ./mvnw + - uses: actions/setup-java@v4 + with: + distribution: 'corretto' + java-version: '11' + - name: Verify + run: ./mvnw -B -ntp clean verify -DskipTests -Dgpg.skip=true + RunOnLinux: runs-on: ubuntu-latest + needs: Verify steps: - uses: actions/checkout@v4 - name: Grant Permission - run: sudo chmod +x ./mvnw + run: chmod +x ./mvnw - uses: actions/setup-java@v4 with: distribution: 'corretto' java-version: '11' - name: Run Tests - run: ./mvnw -B -ntp clean test + run: ./mvnw -B -ntp test RunOnMacOs: runs-on: macos-latest + needs: Verify steps: - uses: actions/checkout@v4 - name: Grant Permission - run: sudo chmod +x ./mvnw + run: chmod +x ./mvnw - uses: actions/setup-java@v4 with: distribution: 'corretto' java-version: '11' - name: Run Tests - run: ./mvnw -B -ntp clean test + run: ./mvnw -B -ntp test RunOnWindows: runs-on: windows-latest + needs: Verify steps: - uses: actions/checkout@v4 - uses: actions/setup-java@v4 @@ -40,4 +56,4 @@ jobs: distribution: 'corretto' java-version: '11' - name: Run Tests - run: ./mvnw.cmd -B -ntp clean test + run: ./mvnw.cmd -B -ntp test diff --git a/pom.xml b/pom.xml index 4dbe02c1d..ee1c2308c 100644 --- a/pom.xml +++ b/pom.xml @@ -422,10 +422,38 @@ --pinentry-mode loopback + false + + + com.github.siom79.japicmp + japicmp-maven-plugin + 0.23.1 + + + RELEASE + ${project.version} + + + true + true + true + false + public + + + + + + cmp + + verify + + + From fb50dc26717f0e6aaaef58e2a01924a56aab2021 Mon Sep 17 00:00:00 2001 From: Aayush Atharva Date: Sun, 11 May 2025 05:00:47 +0530 Subject: [PATCH 49/51] Feature: Add Option to Strip Authorization Header on Redirect (#2090) Closes #1884 --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../AsyncHttpClientConfig.java | 7 ++ .../DefaultAsyncHttpClientConfig.java | 16 ++++ .../intercept/Redirect30xInterceptor.java | 9 +- .../DefaultAsyncHttpClientConfigTest.java | 30 ++++++ .../StripAuthorizationOnRedirectHttpTest.java | 95 +++++++++++++++++++ 5 files changed, 153 insertions(+), 4 deletions(-) create mode 100644 client/src/test/java/org/asynchttpclient/DefaultAsyncHttpClientConfigTest.java create mode 100644 client/src/test/java/org/asynchttpclient/StripAuthorizationOnRedirectHttpTest.java diff --git a/client/src/main/java/org/asynchttpclient/AsyncHttpClientConfig.java b/client/src/main/java/org/asynchttpclient/AsyncHttpClientConfig.java index 12dc93d7d..954628b3d 100644 --- a/client/src/main/java/org/asynchttpclient/AsyncHttpClientConfig.java +++ b/client/src/main/java/org/asynchttpclient/AsyncHttpClientConfig.java @@ -375,6 +375,13 @@ public interface AsyncHttpClientConfig { int getIoThreadsCount(); + /** + * Indicates whether the Authorization header should be stripped during redirects to a different domain. + * + * @return true if the Authorization header should be stripped, false otherwise. + */ + boolean isStripAuthorizationOnRedirect(); + enum ResponseBodyPartFactory { EAGER { diff --git a/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClientConfig.java b/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClientConfig.java index e72235c17..1c7dbf37f 100644 --- a/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClientConfig.java +++ b/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClientConfig.java @@ -127,6 +127,7 @@ public class DefaultAsyncHttpClientConfig implements AsyncHttpClientConfig { private final boolean keepEncodingHeader; private final ProxyServerSelector proxyServerSelector; private final boolean validateResponseHeaders; + private final boolean stripAuthorizationOnRedirect; // websockets private final boolean aggregateWebSocketFrameFragments; @@ -219,6 +220,7 @@ private DefaultAsyncHttpClientConfig(// http boolean validateResponseHeaders, boolean aggregateWebSocketFrameFragments, boolean enablewebSocketCompression, + boolean stripAuthorizationOnRedirect, // timeouts Duration connectTimeout, @@ -307,6 +309,7 @@ private DefaultAsyncHttpClientConfig(// http this.keepEncodingHeader = keepEncodingHeader; this.proxyServerSelector = proxyServerSelector; this.validateResponseHeaders = validateResponseHeaders; + this.stripAuthorizationOnRedirect = stripAuthorizationOnRedirect; // websocket this.aggregateWebSocketFrameFragments = aggregateWebSocketFrameFragments; @@ -564,6 +567,11 @@ public boolean isValidateResponseHeaders() { return validateResponseHeaders; } + @Override + public boolean isStripAuthorizationOnRedirect() { + return stripAuthorizationOnRedirect; + } + // ssl @Override public boolean isUseOpenSsl() { @@ -800,6 +808,7 @@ public static class Builder { private boolean useProxySelector = defaultUseProxySelector(); private boolean useProxyProperties = defaultUseProxyProperties(); private boolean validateResponseHeaders = defaultValidateResponseHeaders(); + private boolean stripAuthorizationOnRedirect = false; // default value // websocket private boolean aggregateWebSocketFrameFragments = defaultAggregateWebSocketFrameFragments(); @@ -891,6 +900,7 @@ public Builder(AsyncHttpClientConfig config) { keepEncodingHeader = config.isKeepEncodingHeader(); proxyServerSelector = config.getProxyServerSelector(); validateResponseHeaders = config.isValidateResponseHeaders(); + stripAuthorizationOnRedirect = config.isStripAuthorizationOnRedirect(); // websocket aggregateWebSocketFrameFragments = config.isAggregateWebSocketFrameFragments(); @@ -1079,6 +1089,11 @@ public Builder setUseProxyProperties(boolean useProxyProperties) { return this; } + public Builder setStripAuthorizationOnRedirect(boolean value) { + stripAuthorizationOnRedirect = value; + return this; + } + // websocket public Builder setAggregateWebSocketFrameFragments(boolean aggregateWebSocketFrameFragments) { this.aggregateWebSocketFrameFragments = aggregateWebSocketFrameFragments; @@ -1444,6 +1459,7 @@ public DefaultAsyncHttpClientConfig build() { validateResponseHeaders, aggregateWebSocketFrameFragments, enablewebSocketCompression, + stripAuthorizationOnRedirect, connectTimeout, requestTimeout, readTimeout, diff --git a/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java b/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java index e60495f80..40628a7e5 100644 --- a/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java +++ b/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java @@ -35,7 +35,6 @@ import org.slf4j.LoggerFactory; import java.util.HashSet; -import java.util.List; import java.util.Set; import static io.netty.handler.codec.http.HttpHeaderNames.AUTHORIZATION; @@ -73,11 +72,13 @@ public class Redirect30xInterceptor { private final AsyncHttpClientConfig config; private final NettyRequestSender requestSender; private final MaxRedirectException maxRedirectException; + private final boolean stripAuthorizationOnRedirect; Redirect30xInterceptor(ChannelManager channelManager, AsyncHttpClientConfig config, NettyRequestSender requestSender) { this.channelManager = channelManager; this.config = config; this.requestSender = requestSender; + stripAuthorizationOnRedirect = config.isStripAuthorizationOnRedirect(); // New flag maxRedirectException = unknownStackTrace(new MaxRedirectException("Maximum redirect reached: " + config.getMaxRedirects()), Redirect30xInterceptor.class, "exitAfterHandlingRedirect"); } @@ -127,7 +128,7 @@ public boolean exitAfterHandlingRedirect(Channel channel, NettyResponseFuture } } - requestBuilder.setHeaders(propagatedHeaders(request, realm, keepBody)); + requestBuilder.setHeaders(propagatedHeaders(request, realm, keepBody, stripAuthorizationOnRedirect)); // in case of a redirect from HTTP to HTTPS, future // attributes might change @@ -180,7 +181,7 @@ public boolean exitAfterHandlingRedirect(Channel channel, NettyResponseFuture return false; } - private static HttpHeaders propagatedHeaders(Request request, Realm realm, boolean keepBody) { + private static HttpHeaders propagatedHeaders(Request request, Realm realm, boolean keepBody, boolean stripAuthorization) { HttpHeaders headers = request.getHeaders() .remove(HOST) .remove(CONTENT_LENGTH); @@ -189,7 +190,7 @@ private static HttpHeaders propagatedHeaders(Request request, Realm realm, boole headers.remove(CONTENT_TYPE); } - if (realm != null && realm.getScheme() == AuthScheme.NTLM) { + if (stripAuthorization || (realm != null && realm.getScheme() == AuthScheme.NTLM)) { headers.remove(AUTHORIZATION) .remove(PROXY_AUTHORIZATION); } diff --git a/client/src/test/java/org/asynchttpclient/DefaultAsyncHttpClientConfigTest.java b/client/src/test/java/org/asynchttpclient/DefaultAsyncHttpClientConfigTest.java new file mode 100644 index 000000000..1548d6812 --- /dev/null +++ b/client/src/test/java/org/asynchttpclient/DefaultAsyncHttpClientConfigTest.java @@ -0,0 +1,30 @@ +package org.asynchttpclient; + +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; + +class DefaultAsyncHttpClientConfigTest { + @Test + void testStripAuthorizationOnRedirect_DefaultIsFalse() { + DefaultAsyncHttpClientConfig config = new DefaultAsyncHttpClientConfig.Builder().build(); + assertFalse(config.isStripAuthorizationOnRedirect(), "Default should be false"); + } + + @Test + void testStripAuthorizationOnRedirect_SetTrue() { + DefaultAsyncHttpClientConfig config = new DefaultAsyncHttpClientConfig.Builder() + .setStripAuthorizationOnRedirect(true) + .build(); + assertTrue(config.isStripAuthorizationOnRedirect(), "Should be true when set"); + } + + @Test + void testStripAuthorizationOnRedirect_SetFalse() { + DefaultAsyncHttpClientConfig config = new DefaultAsyncHttpClientConfig.Builder() + .setStripAuthorizationOnRedirect(false) + .build(); + assertFalse(config.isStripAuthorizationOnRedirect(), "Should be false when set to false"); + } +} diff --git a/client/src/test/java/org/asynchttpclient/StripAuthorizationOnRedirectHttpTest.java b/client/src/test/java/org/asynchttpclient/StripAuthorizationOnRedirectHttpTest.java new file mode 100644 index 000000000..08c150c08 --- /dev/null +++ b/client/src/test/java/org/asynchttpclient/StripAuthorizationOnRedirectHttpTest.java @@ -0,0 +1,95 @@ +package org.asynchttpclient; + +import com.sun.net.httpserver.HttpExchange; +import com.sun.net.httpserver.HttpHandler; +import com.sun.net.httpserver.HttpServer; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; + +import java.net.InetSocketAddress; +import java.util.concurrent.TimeUnit; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; + +public class StripAuthorizationOnRedirectHttpTest { + private static HttpServer server; + private static int port; + private static volatile String lastAuthHeader; + + @BeforeAll + public static void startServer() throws Exception { + server = HttpServer.create(new InetSocketAddress(0), 0); + port = server.getAddress().getPort(); + server.createContext("/redirect", new RedirectHandler()); + server.createContext("/final", new FinalHandler()); + server.start(); + } + + @AfterAll + public static void stopServer() { + server.stop(0); + } + + static class RedirectHandler implements HttpHandler { + @Override + public void handle(HttpExchange exchange) { + String auth = exchange.getRequestHeaders().getFirst("Authorization"); + lastAuthHeader = auth; + exchange.getResponseHeaders().add("Location", "http://localhost/" + port + "/final"); + try { + exchange.sendResponseHeaders(302, -1); + } catch (Exception ignored) { + } + exchange.close(); + } + } + + static class FinalHandler implements HttpHandler { + @Override + public void handle(HttpExchange exchange) { + String auth = exchange.getRequestHeaders().getFirst("Authorization"); + lastAuthHeader = auth; + try { + exchange.sendResponseHeaders(200, 0); + exchange.getResponseBody().close(); + } catch (Exception ignored) { + } + exchange.close(); + } + } + + @Test + void testAuthHeaderPropagatedByDefault() throws Exception { + DefaultAsyncHttpClientConfig config = new DefaultAsyncHttpClientConfig.Builder() + .setFollowRedirect(true) + .build(); + try (DefaultAsyncHttpClient client = new DefaultAsyncHttpClient(config)) { + lastAuthHeader = null; + client.prepareGet("http://localhost/" + port + "/redirect") + .setHeader("Authorization", "Bearer testtoken") + .execute() + .get(5, TimeUnit.SECONDS); + // By default, Authorization header is propagated to /final + assertEquals("Bearer testtoken", lastAuthHeader, "Authorization header should be present on redirect by default"); + } + } + + @Test + void testAuthHeaderStrippedWhenEnabled() throws Exception { + DefaultAsyncHttpClientConfig config = new DefaultAsyncHttpClientConfig.Builder() + .setFollowRedirect(true) + .setStripAuthorizationOnRedirect(true) + .build(); + try (DefaultAsyncHttpClient client = new DefaultAsyncHttpClient(config)) { + lastAuthHeader = null; + client.prepareGet("http://localhost/" + port + "/redirect") + .setHeader("Authorization", "Bearer testtoken") + .execute() + .get(5, TimeUnit.SECONDS); + // When enabled, Authorization header should be stripped on /final + assertNull(lastAuthHeader, "Authorization header should be stripped on redirect when enabled"); + } + } +} From 41b1eec767ded1c2dcf9e7c690a4b8b6e0145e83 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 18 May 2025 22:24:59 +0530 Subject: [PATCH 50/51] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.39 to 10.1.40 in /client (#2092) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.39 to 10.1.40. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.39&new-version=10.1.40)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AsyncHttpClient/async-http-client/network/alerts).
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index 749a98ddb..733f20b51 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.39 + 10.1.40 2.18.0 4.11.0 3.0 From c8cc6e82e633e4f5d8e71646a9432e6e1d5b41a3 Mon Sep 17 00:00:00 2001 From: sullis Date: Thu, 22 May 2025 12:50:25 -0700 Subject: [PATCH 51/51] netty leak detector extension 0.2.0 (#2095) https://github.com/nettyplus/netty-leak-detector-junit-extension --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ee1c2308c..e55fe8a26 100644 --- a/pom.xml +++ b/pom.xml @@ -112,7 +112,7 @@ io.github.nettyplus netty-leak-detector-junit-extension - 0.0.8 + 0.2.0