From 549ea34d0cb814595b79cd64af5a31238d374da1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 02:52:24 +0530 Subject: [PATCH 01/30] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.33 to 10.1.34 (#2044) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.33 to 10.1.34.
Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | org.apache.tomcat.embed:tomcat-embed-core | [>= 11.a0, < 12] |
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.33&new-version=10.1.34)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index 58dcd0aad..b2e551d5a 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.33 + 10.1.34 2.18.0 4.11.0 3.0 From 6c6c8125ec59cf4e1bfbae9fa4ef224d91c77add Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 22:56:10 +0530 Subject: [PATCH 02/30] Bump brotli4j.version from 1.17.0 to 1.18.0 (#2045) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `brotli4j.version` from 1.17.0 to 1.18.0. Updates `com.aayushatharva.brotli4j:brotli4j` from 1.17.0 to 1.18.0
Release notes

Sourced from com.aayushatharva.brotli4j:brotli4j's releases.

Brotli4j v1.18.0 Release

What's Changed

New Contributors

Full Changelog: https://github.com/hyperxpro/Brotli4j/compare/v1.17.0...v1.18.0

Commits

Updates `com.aayushatharva.brotli4j:native-linux-x86_64` from 1.17.0 to 1.18.0 Updates `com.aayushatharva.brotli4j:native-linux-aarch64` from 1.17.0 to 1.18.0 Updates `com.aayushatharva.brotli4j:native-linux-riscv64` from 1.17.0 to 1.18.0 Updates `com.aayushatharva.brotli4j:native-osx-x86_64` from 1.17.0 to 1.18.0 Updates `com.aayushatharva.brotli4j:native-osx-aarch64` from 1.17.0 to 1.18.0 Updates `com.aayushatharva.brotli4j:native-windows-x86_64` from 1.17.0 to 1.18.0 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d02f7c7ee..7845d63e4 100644 --- a/pom.xml +++ b/pom.xml @@ -47,7 +47,7 @@ 4.1.115.Final 0.0.25.Final - 1.17.0 + 1.18.0 2.0.16 1.5.6-8 2.0.1 From a3fd14e4069b2252ceb4c95e0ee7416740bc9597 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Dec 2024 19:11:09 +0530 Subject: [PATCH 03/30] Bump netty.version from 4.1.115.Final to 4.1.116.Final (#2049) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `netty.version` from 4.1.115.Final to 4.1.116.Final. Updates `io.netty:netty-buffer` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-http` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-socks` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler-proxy` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-common` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-resolver-dns` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-epoll` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-kqueue` from 4.1.115.Final to 4.1.116.Final
Commits
  • 2a58b07 [maven-release-plugin] prepare release netty-4.1.116.Final
  • a739efa Adaptive: Add assert to guard against bugs related to chunk pooling (#14590)
  • 22cb4ec Fix race and leaks introduced in tests by a16f8aaf2ff101567a526916b46… (#14588)
  • ad104c6 Correctly gard aginst failure when running on systems with 1 core
  • a16f8aa Allow PcapWriteHandler to output PCAP files larger than 2GB (#14478)
  • dccfcc8 Adapt: Ensure Chunks from the central Queue are re-used even if there… (#14586)
  • fdc10c4 chore: use readRetainedSlice to avoid copy in SpdyFrameDecoder (#14573)
  • 46b11cc Adapt: Don't fail when we run on a host with 1 core (#14582) (#14584)
  • 6138a5a Adapt: Only add Chunk to central Queue if unused (#14580) (#14583)
  • 6c3041f Adaptive: Correctly restore allocatedBytes value on failure (#14577) (#14578)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7845d63e4..338c5cd02 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 11 UTF-8 - 4.1.115.Final + 4.1.116.Final 0.0.25.Final 1.18.0 2.0.16 From ab89c7c4c26ca4aab803d49bff1f5c92aa66dd7d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 20:56:32 +0530 Subject: [PATCH 04/30] Bump io.netty.incubator:netty-incubator-transport-native-io_uring from 0.0.25.Final to 0.0.26.Final (#2052) Bumps [io.netty.incubator:netty-incubator-transport-native-io_uring](https://github.com/netty/netty-incubator-transport-io_uring) from 0.0.25.Final to 0.0.26.Final.
Commits
  • 83607a9 [maven-release-plugin] prepare release netty-incubator-transport-parent-io_ur...
  • 360fc05 Update to netty 4.1.116.Final (#767) (#262)
  • 385823d Bump dawidd6/action-download-artifact from 3.0.0 to 6 in /.github/workflows (...
  • 2796864 Update dependencies (#259)
  • c2962b7 Explicit specify the platform for Docker files (#258)
  • 0e9c440 Add devcontainers for Linux (#257)
  • 6a3704b Update to netty 4.1.114.Final (#256)
  • 65b4234 Upgrade netty and netty-tcnative-boringssl-static (#255)
  • 4b74bc1 Upload hidden files for staging (#254)
  • b05fe91 Replace docker-compose with docker compose (#253)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.netty.incubator:netty-incubator-transport-native-io_uring&package-manager=maven&previous-version=0.0.25.Final&new-version=0.0.26.Final)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 338c5cd02..c01de9918 100644 --- a/pom.xml +++ b/pom.xml @@ -46,7 +46,7 @@ UTF-8 4.1.116.Final - 0.0.25.Final + 0.0.26.Final 1.18.0 2.0.16 1.5.6-8 From 998f15c18c5b19f2f065617e2852cc159d792a0a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 01:38:47 +0530 Subject: [PATCH 05/30] Bump com.uber.nullaway:nullaway from 0.12.1 to 0.12.3 (#2055) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [com.uber.nullaway:nullaway](https://github.com/uber/NullAway) from 0.12.1 to 0.12.3.
Release notes

Sourced from com.uber.nullaway:nullaway's releases.

NullAway 0.12.3

  • Remove InferredJARModelsHandler (#1079)
  • Fix crash with annotation on enum (#1097)
  • Handle case null in switch statements (#1100)
  • Don't report errors for writes to @​NullUnmarked fields (#1102)
  • Support primitive static final fields as constant args in access paths (#1105)
  • Fix issue with annotations in module-info.java files (#1109)
  • Report error for @​nullable synchronized block expression (#1106)
  • Add support for parameter types with wildcards for JarInfer (#1107)
  • Properly handle nested generics and multiple wildcard type args in JarInfer (#1114)
  • Proper checking of vararg overrides with JSpecify annotations (#1116)
  • Add flag to indicate only @​NullMarked code should be checked (#1117)
  • Add support for static fields in contracts (#1118)
  • Maintenance
    • Fix comment positions (#1098)
    • [refactoring] Wrap calls to Types.subst and Types.memberType (#1115)
    • Build latest Caffeine on CI (#1111)

NullAway 0.12.2

  • Fix reading of JSpecify @​nullable annotations from varargs parameter in bytecode (#1089)
  • Fix JarInfer handling of generic types (#1078)
  • Fix another JSpecify mode crash involving raw types (#1086)
  • Fix bugs in handling of valueOf calls for map keys (#1085)
  • Suggest correct fix when array component of non-nullable array is made null. (#1087)
  • Substitute type arguments when checking type parameter nullability at call site (#1070)
  • Fix JarInfer parameter indexes for instance methods (#1071)
  • JSpecify mode: initial support for generic methods (with explicit type arguments at calls) (#1053)
  • Maintenance
    • Update to latest Error Prone and Error Prone Gradle plugin (#1064)
    • Refactor serialization adapter retrieval by version (#1066)
    • Remove fixes.tsv serialization from NullAway serialization service (#1063)
    • Enable javac -parameters flag (#1069)
    • Update to Gradle 8.11 (#1073)
    • Add test for issue 1035 (#1074)
    • remove use of deprecated Gradle API (#1076)
    • Update to Error Prone 2.36.0 (#1077)
Changelog

Sourced from com.uber.nullaway:nullaway's changelog.

Version 0.12.3

  • Remove InferredJARModelsHandler (#1079)
  • Fix crash with annotation on enum (#1097)
  • Handle case null in switch statements (#1100)
  • Don't report errors for writes to @​NullUnmarked fields (#1102)
  • Support primitive static final fields as constant args in access paths (#1105)
  • Fix issue with annotations in module-info.java files (#1109)
  • Report error for @​nullable synchronized block expression (#1106)
  • Add support for parameter types with wildcards for JarInfer (#1107)
  • Properly handle nested generics and multiple wildcard type args in JarInfer (#1114)
  • Proper checking of vararg overrides with JSpecify annotations (#1116)
  • Add flag to indicate only @​NullMarked code should be checked (#1117)
  • Add support for static fields in contracts (#1118)
  • Maintenance
    • Fix comment positions (#1098)
    • [refactoring] Wrap calls to Types.subst and Types.memberType (#1115)
    • Build latest Caffeine on CI (#1111)

Version 0.12.2

  • Fix reading of JSpecify @​nullable annotations from varargs parameter in bytecode (#1089)
  • Fix JarInfer handling of generic types (#1078)
  • Fix another JSpecify mode crash involving raw types (#1086)
  • Fix bugs in handling of valueOf calls for map keys (#1085)
  • Suggest correct fix when array component of non-nullable array is made null. (#1087)
  • Substitute type arguments when checking type parameter nullability at call site (#1070)
  • Fix JarInfer parameter indexes for instance methods (#1071)
  • JSpecify mode: initial support for generic methods (with explicit type arguments at calls) (#1053)
  • Maintenance
    • Update to latest Error Prone and Error Prone Gradle plugin (#1064)
    • Refactor serialization adapter retrieval by version (#1066)
    • Remove fixes.tsv serialization from NullAway serialization service (#1063)
    • Enable javac -parameters flag (#1069)
    • Update to Gradle 8.11 (#1073)
    • Add test for issue 1035 (#1074)
    • remove use of deprecated Gradle API (#1076)
    • Update to Error Prone 2.36.0 (#1077)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.uber.nullaway:nullaway&package-manager=maven&previous-version=0.12.1&new-version=0.12.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c01de9918..8a442dd59 100644 --- a/pom.xml +++ b/pom.xml @@ -327,7 +327,7 @@ com.uber.nullaway nullaway - 0.12.1 + 0.12.3 From f75dfbe8c2c7d20743dd98707d21eafeed48525e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 01:39:01 +0530 Subject: [PATCH 06/30] Bump ch.qos.logback:logback-classic from 1.5.12 to 1.5.16 (#2054) Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.12 to 1.5.16.
Commits
  • 74c9ebd prepare release 1.5.16
  • 9308a58 javadocs structure changed
  • 8935470 adapt test to SLF4J version 2.0.16
  • cb60369 addded StubEventEvaluator as default class for evaluator element so as to dir...
  • 1da2f17 bump jxr version
  • 5bde644 bump slf4j version to 2.0.16
  • aa2ebae remove stax related code
  • 80db86b fix issues/860
  • a8a2303 start work on 1.5.16-SNAPSHOT
  • bf14c2c minor javadoc update
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ch.qos.logback:logback-classic&package-manager=maven&previous-version=1.5.12&new-version=1.5.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8a442dd59..8dfad9c98 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ 2.0.16 1.5.6-8 2.0.1 - 1.5.12 + 1.5.16 26.0.1 From bf63baf04ca17e2a94adb356bcc42f2acbc51847 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 01:39:14 +0530 Subject: [PATCH 07/30] Bump org.junit:junit-bom from 5.11.3 to 5.11.4 (#2046) Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.11.3 to 5.11.4.
Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.11.4 = Platform 1.11.4 + Jupiter 5.11.4 + Vintage 5.11.4

See Release Notes.

Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.3...r5.11.4

Commits
  • 6430ba4 Release 5.11.4
  • d093121 Finalize 5.11.4 release notes
  • 0444353 Fix Maven integration tests on JDK 24
  • b5c7f4e Move #4153 to 5.11.4 release notes
  • b20c4e2 Ensure the XMLStreamWriter is closed after use
  • 6376f0a Configure Git username and email
  • 2b485c4 Set reference repo URI
  • 500b5a0 Inject username and password via new DSL
  • d671961 Update plugin gitPublish to v5
  • 3d11279 Add JAVA_25 to JRE enum
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit:junit-bom&package-manager=maven&previous-version=5.11.3&new-version=5.11.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8dfad9c98..c83b5794a 100644 --- a/pom.xml +++ b/pom.xml @@ -105,7 +105,7 @@ org.junit junit-bom - 5.11.3 + 5.11.4 pom import From 86c2176dfb8cb93f246ff8a134906afac6982d74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 2 Feb 2025 03:54:12 +0530 Subject: [PATCH 08/30] Bump org.jetbrains:annotations from 26.0.1 to 26.0.2 (#2058) Bumps [org.jetbrains:annotations](https://github.com/JetBrains/java-annotations) from 26.0.1 to 26.0.2.
Release notes

Sourced from org.jetbrains:annotations's releases.

26.0.2

  • Fixed missing klibs for apple artifacts.
Changelog

Sourced from org.jetbrains:annotations's changelog.

Version 26.0.2

  • Fixed missing klibs for apple artifacts.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jetbrains:annotations&package-manager=maven&previous-version=26.0.1&new-version=26.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c83b5794a..52d768182 100644 --- a/pom.xml +++ b/pom.xml @@ -52,7 +52,7 @@ 1.5.6-8 2.0.1 1.5.16 - 26.0.1 + 26.0.2 From 390c26b0890ca381b8865295801156e8e945ca98 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 2 Feb 2025 03:54:19 +0530 Subject: [PATCH 09/30] Bump com.github.luben:zstd-jni from 1.5.6-8 to 1.5.6-9 (#2057) Bumps [com.github.luben:zstd-jni](https://github.com/luben/zstd-jni) from 1.5.6-8 to 1.5.6-9.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.luben:zstd-jni&package-manager=maven&previous-version=1.5.6-8&new-version=1.5.6-9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 52d768182..71240c309 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 0.0.26.Final 1.18.0 2.0.16 - 1.5.6-8 + 1.5.6-9 2.0.1 1.5.16 26.0.2 From eef8d9374b411d2bf0f42bf6452ee3b0333915c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 2 Feb 2025 03:54:26 +0530 Subject: [PATCH 10/30] Bump netty.version from 4.1.116.Final to 4.1.117.Final (#2056) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps `netty.version` from 4.1.116.Final to 4.1.117.Final. Updates `io.netty:netty-buffer` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-http` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-socks` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler-proxy` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-common` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-resolver-dns` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-epoll` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-kqueue` from 4.1.116.Final to 4.1.117.Final
Commits
  • 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
  • 28a81c6 Update java versions (#14660)
  • 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
  • ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
  • cd3dfe9 Update maven to 3.9.9 (#14654)
  • 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
  • 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
  • d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
  • b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
  • 9f0b38b Reentrant close in EmbeddedChannel (#14642)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 71240c309..9dfe832a7 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 11 UTF-8 - 4.1.116.Final + 4.1.117.Final 0.0.26.Final 1.18.0 2.0.16 From a4a3746b6461181221513870dded579cb041e4bc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Feb 2025 03:23:19 +0530 Subject: [PATCH 11/30] Bump netty.version from 4.1.117.Final to 4.1.118.Final (#2060) Bumps `netty.version` from 4.1.117.Final to 4.1.118.Final. Updates `io.netty:netty-buffer` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-http` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-socks` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler-proxy` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-common` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-resolver-dns` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-epoll` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-kqueue` from 4.1.117.Final to 4.1.118.Final
Commits
  • 36f95cf [maven-release-plugin] prepare release netty-4.1.118.Final
  • 87f4072 Merge commit from fork
  • d1fbda6 Merge commit from fork
  • f844d78 Upgrade netty-tcnative to 2.0.70.Final (#14790)
  • 8afb5d9 Only run 2 jobs with leak detection to minimize build times (#14784)
  • f2c27da AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...
  • 8d387ff Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...
  • 1cfd3a6 Fix possible buffer leak when stream can't be mapped (#14746)
  • 8f9eadb Fix AccessControlException in GlobalEventExecutor (#14743)
  • 6fcd3e6 KQueueEventLoop leaks memory on shutdown. (#14745)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9dfe832a7..68d95dc04 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 11 UTF-8 - 4.1.117.Final + 4.1.118.Final 0.0.26.Final 1.18.0 2.0.16 From 6fa2efd3f9af636bf192a452698044a9829cf8ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Feb 2025 03:23:35 +0530 Subject: [PATCH 12/30] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.34 to 10.1.35 (#2061) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.34 to 10.1.35.
Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | org.apache.tomcat.embed:tomcat-embed-core | [>= 11.a0, < 12] |
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.34&new-version=10.1.35)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index b2e551d5a..f035ac57c 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.34 + 10.1.35 2.18.0 4.11.0 3.0 From 6c2cc553201581eb5a0ec348f67b064ae32c770f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Feb 2025 03:23:45 +0530 Subject: [PATCH 13/30] Bump io.github.nettyplus:netty-leak-detector-junit-extension from 0.0.5 to 0.0.6 (#2062) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [io.github.nettyplus:netty-leak-detector-junit-extension](https://github.com/nettyplus/netty-leak-detector-junit-extension) from 0.0.5 to 0.0.6.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.github.nettyplus:netty-leak-detector-junit-extension&package-manager=maven&previous-version=0.0.5&new-version=0.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 68d95dc04..8ea2684ca 100644 --- a/pom.xml +++ b/pom.xml @@ -112,7 +112,7 @@ io.github.nettyplus netty-leak-detector-junit-extension - 0.0.5 + 0.0.6 From 3972890fbb63ae96faafc7e1892416915b619fd6 Mon Sep 17 00:00:00 2001 From: sullis Date: Thu, 13 Feb 2025 14:05:52 -0800 Subject: [PATCH 14/30] netty leak detector 0.0.6 (#2059) Co-authored-by: Aayush Atharva From 11a15c388a930515eefc93f03fd0997200481b7d Mon Sep 17 00:00:00 2001 From: sullis Date: Sat, 15 Feb 2025 21:34:21 -0800 Subject: [PATCH 15/30] enable leak detection in AutomaticDecompressionTest (#2064) use Netty Leak Detector JUnit extension in AutomaticDecompressionTest ``` https://github.com/nettyplus/netty-leak-detector-junit-extension ``` --- .../java/org/asynchttpclient/AutomaticDecompressionTest.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java b/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java index dfd0a9446..0f9843af1 100644 --- a/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java +++ b/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java @@ -22,6 +22,7 @@ import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpHandler; import com.sun.net.httpserver.HttpServer; +import io.github.nettyplus.leakdetector.junit.NettyLeakDetectorExtension; import io.netty.handler.codec.compression.Brotli; import org.junit.jupiter.api.AfterAll; import org.junit.jupiter.api.BeforeAll; @@ -35,9 +36,11 @@ import java.util.List; import java.util.stream.Collectors; import java.util.zip.GZIPOutputStream; +import org.junit.jupiter.api.extension.ExtendWith; import static org.junit.jupiter.api.Assertions.assertEquals; +@ExtendWith(NettyLeakDetectorExtension.class) public class AutomaticDecompressionTest { private static final String UNCOMPRESSED_PAYLOAD = "a".repeat(500); From 182ab1b36b603eeebe85ee05da269f18c710278b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 16 Feb 2025 11:04:37 +0530 Subject: [PATCH 16/30] Bump com.github.luben:zstd-jni from 1.5.6-9 to 1.5.6-10 (#2063) Bumps [com.github.luben:zstd-jni](https://github.com/luben/zstd-jni) from 1.5.6-9 to 1.5.6-10.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.luben:zstd-jni&package-manager=maven&previous-version=1.5.6-9&new-version=1.5.6-10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8ea2684ca..18c754452 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 0.0.26.Final 1.18.0 2.0.16 - 1.5.6-9 + 1.5.6-10 2.0.1 1.5.16 26.0.2 From 600520c9810052c1c80925ed6041795a48e22a18 Mon Sep 17 00:00:00 2001 From: sullis Date: Mon, 17 Feb 2025 08:58:39 -0800 Subject: [PATCH 17/30] use larger payload in AutomaticDecompressionTest (#2065) --- .../java/org/asynchttpclient/AutomaticDecompressionTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java b/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java index 0f9843af1..8f57ffb88 100644 --- a/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java +++ b/client/src/test/java/org/asynchttpclient/AutomaticDecompressionTest.java @@ -42,7 +42,7 @@ @ExtendWith(NettyLeakDetectorExtension.class) public class AutomaticDecompressionTest { - private static final String UNCOMPRESSED_PAYLOAD = "a".repeat(500); + private static final String UNCOMPRESSED_PAYLOAD = "a".repeat(50_000); private static HttpServer HTTP_SERVER; From f19415223262b3333212652aeae47040dc006919 Mon Sep 17 00:00:00 2001 From: Jason Joo Date: Mon, 10 Mar 2025 03:09:46 +0800 Subject: [PATCH 18/30] fix: inappropriate connection reuse when using HTTP proxy if the initial CONNECT failed (#2072) # What This MR Resolves A CONNECT request is needed to sent to the HTTP proxy first before the actual client request to establish the tunnel on the proxy. A `HTTP/1.1 200 Connection established` is expected for the initial CONNECT request. Only when the CONNECT is successful, the client continues sending the actual request through the "tunnel". And when CONNECT failed, the connection remains the initial state `unconnected`. There are following circumstances that a CONNECT fails under but not limited to following situations: - The destination is not whitelisted. - The dest domain can't be resolved(timeout/SERVFAIL/NX/etc.). - The dest IP can't be connected(timeout/unreachable/etc.). There could be 2 following strategies to deal with CONNECT failures on the client side: 1. Close the connection before return to the caller. 2. Mark this connection "unconnected" and put it into the pool. Then retry the CONNECT next time it's picked out of the pool. The 2nd one needs to add extra state to Channel in the manager which brings bigger change to the code. This MR employs the 1st strategy to resolve it. The issue is described in #2071 . # Readings The CONNECT is documented in `Section 5.3` in RFC2871: https://www.ietf.org/rfc/rfc2817.txt The proxy won't actively terminate the connection if the CONNECT failed if keep-alive is enabled. Unless the tunnel is established and there is any communication failures in the middle. Therefore the client needs to deal with this error by its own. Signed-off-by: Jason Joo --- .../netty/handler/HttpHandler.java | 11 +++-- .../asynchttpclient/proxy/HttpsProxyTest.java | 45 ++++++++++++++++++- 2 files changed, 52 insertions(+), 4 deletions(-) diff --git a/client/src/main/java/org/asynchttpclient/netty/handler/HttpHandler.java b/client/src/main/java/org/asynchttpclient/netty/handler/HttpHandler.java index 06ec46a2b..99a23c7e9 100755 --- a/client/src/main/java/org/asynchttpclient/netty/handler/HttpHandler.java +++ b/client/src/main/java/org/asynchttpclient/netty/handler/HttpHandler.java @@ -21,6 +21,7 @@ import io.netty.handler.codec.DecoderResultProvider; import io.netty.handler.codec.http.HttpContent; import io.netty.handler.codec.http.HttpHeaders; +import io.netty.handler.codec.http.HttpMethod; import io.netty.handler.codec.http.HttpRequest; import io.netty.handler.codec.http.HttpResponse; import io.netty.handler.codec.http.LastHttpContent; @@ -32,6 +33,7 @@ import org.asynchttpclient.netty.NettyResponseStatus; import org.asynchttpclient.netty.channel.ChannelManager; import org.asynchttpclient.netty.request.NettyRequestSender; +import org.asynchttpclient.util.HttpConstants.ResponseStatusCodes; import java.io.IOException; import java.net.InetSocketAddress; @@ -43,8 +45,11 @@ public HttpHandler(AsyncHttpClientConfig config, ChannelManager channelManager, super(config, channelManager, requestSender); } - private static boolean abortAfterHandlingStatus(AsyncHandler handler, NettyResponseStatus status) throws Exception { - return handler.onStatusReceived(status) == State.ABORT; + private static boolean abortAfterHandlingStatus(AsyncHandler handler, HttpMethod httpMethod, NettyResponseStatus status) throws Exception { + // For non-200 response of a CONNECT request, it's still unconnected. + // We need to either close the connection or reuse it but send CONNECT request again. + // The former one is easier or we have to attach more state to Channel. + return handler.onStatusReceived(status) == State.ABORT || httpMethod == HttpMethod.CONNECT && status.getStatusCode() != ResponseStatusCodes.OK_200; } private static boolean abortAfterHandlingHeaders(AsyncHandler handler, HttpHeaders responseHeaders) throws Exception { @@ -61,7 +66,7 @@ private void handleHttpResponse(final HttpResponse response, final Channel chann HttpHeaders responseHeaders = response.headers(); if (!interceptors.exitAfterIntercept(channel, future, handler, response, status, responseHeaders)) { - boolean abort = abortAfterHandlingStatus(handler, status) || abortAfterHandlingHeaders(handler, responseHeaders); + boolean abort = abortAfterHandlingStatus(handler, httpRequest.method(), status) || abortAfterHandlingHeaders(handler, responseHeaders); if (abort) { finishUpdate(future, channel, true); } diff --git a/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java b/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java index 6c4109aec..011f15d78 100644 --- a/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java +++ b/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java @@ -13,14 +13,21 @@ package org.asynchttpclient.proxy; import io.github.artsok.RepeatedIfExceptionsTest; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; + import org.asynchttpclient.AbstractBasicTest; import org.asynchttpclient.AsyncHttpClient; import org.asynchttpclient.AsyncHttpClientConfig; import org.asynchttpclient.RequestBuilder; import org.asynchttpclient.Response; +import org.asynchttpclient.proxy.ProxyServer.Builder; import org.asynchttpclient.request.body.generator.ByteArrayBodyGenerator; import org.asynchttpclient.test.EchoHandler; +import org.asynchttpclient.util.HttpConstants; import org.eclipse.jetty.proxy.ConnectHandler; +import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; import org.eclipse.jetty.server.handler.AbstractHandler; @@ -37,6 +44,8 @@ import static org.asynchttpclient.test.TestUtils.addHttpsConnector; import static org.junit.jupiter.api.Assertions.assertEquals; +import java.io.IOException; + /** * Proxy usage tests. */ @@ -46,7 +55,7 @@ public class HttpsProxyTest extends AbstractBasicTest { @Override public AbstractHandler configureHandler() throws Exception { - return new ConnectHandler(); + return new ProxyHandler(); } @Override @@ -142,4 +151,38 @@ public void testPooledConnectionsWithProxy() throws Exception { assertEquals(200, response2.getStatusCode()); } } + + @RepeatedIfExceptionsTest(repeats = 5) + public void testFailedConnectWithProxy() throws Exception { + try (AsyncHttpClient asyncHttpClient = asyncHttpClient(config().setFollowRedirect(true).setUseInsecureTrustManager(true).setKeepAlive(true))) { + Builder proxyServer = proxyServer("localhost", port1); + proxyServer.setCustomHeaders(r -> r.getHeaders().add(ProxyHandler.HEADER_FORBIDDEN, "1")); + RequestBuilder rb = get(getTargetUrl2()).setProxyServer(proxyServer); + + Response response1 = asyncHttpClient.executeRequest(rb.build()).get(); + assertEquals(403, response1.getStatusCode()); + + Response response2 = asyncHttpClient.executeRequest(rb.build()).get(); + assertEquals(403, response2.getStatusCode()); + + Response response3 = asyncHttpClient.executeRequest(rb.build()).get(); + assertEquals(403, response3.getStatusCode()); + } + } + + public static class ProxyHandler extends ConnectHandler { + final static String HEADER_FORBIDDEN = "X-REJECT-REQUEST"; + + @Override + public void handle(String s, Request r, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { + if (HttpConstants.Methods.CONNECT.equalsIgnoreCase(request.getMethod())) { + if (request.getHeader(HEADER_FORBIDDEN) != null) { + response.setStatus(HttpServletResponse.SC_FORBIDDEN); + r.setHandled(true); + return; + } + } + super.handle(s, r, request, response); + } + } } From c06dcab48c85bb84f071124a97898d56130dbcc6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Mar 2025 00:40:16 +0530 Subject: [PATCH 19/30] Bump org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.14.0 (#2069) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.13.0 to 3.14.0.
Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.14.0

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

👻 Maintenance

🔧 Build

Commits
  • b5e7d9b [maven-release-plugin] prepare release maven-compiler-plugin-3.14.0
  • 9134f12 Enable GitHub Issues
  • 19b8b12 Update scm tag according to branch
  • 09dce4e [MCOMPILER-579] allow module-version configuration (#273)
  • f7c3c5f Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.4.0
  • 764a54b [MNGSITE-529] Rename "Goals" to "Plugin Documentation"
  • cfacbc1 PR Automation only on close event
  • 5c26bba Use JUnit version from parent
  • 5449407 [MCOMPILER-529] Update docs about version schema (Maven 3)
  • 01d5b88 Bump mavenVersion from 3.6.3 to 3.9.9 (#283)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-compiler-plugin&package-manager=maven&previous-version=3.13.0&new-version=3.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 18c754452..6393a3ac5 100644 --- a/pom.xml +++ b/pom.xml @@ -293,7 +293,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.13.0 + 3.14.0 11 11 From 8f314527ffa7fa091f8cb115f7012ae01b9cc7f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Mar 2025 00:40:29 +0530 Subject: [PATCH 20/30] Bump com.github.luben:zstd-jni from 1.5.6-10 to 1.5.7-1 (#2067) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [com.github.luben:zstd-jni](https://github.com/luben/zstd-jni) from 1.5.6-10 to 1.5.7-1.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.luben:zstd-jni&package-manager=maven&previous-version=1.5.6-10&new-version=1.5.7-1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6393a3ac5..bc92eb92e 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 0.0.26.Final 1.18.0 2.0.16 - 1.5.6-10 + 1.5.7-1 2.0.1 1.5.16 26.0.2 From 8189c92e5ab1e2a34d326cdc13d66de02b99ce67 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Mar 2025 00:40:43 +0530 Subject: [PATCH 21/30] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.35 to 10.1.36 (#2066) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.35 to 10.1.36.
Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | org.apache.tomcat.embed:tomcat-embed-core | [>= 11.a0, < 12] |
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.35&new-version=10.1.36)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index f035ac57c..826ee0db8 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.35 + 10.1.36 2.18.0 4.11.0 3.0 From a9a3a7eb5a1df87fb2a5b5fd23eeb7519435ab4a Mon Sep 17 00:00:00 2001 From: Jason Joo Date: Sat, 15 Mar 2025 01:50:47 +0800 Subject: [PATCH 22/30] fix: send CONNECT first when recovering a HTTPS request (#2077) # Issue description AHC has retry mechanism enabled with up to 5 attempts by default. But the initial CONNECT is omitted when recovering the HTTPS requests with IO exceptions. This MR fixes this issue and guarantees the proper workflow in retries. It's related to #2071 and fixes a different failing case. # How the issue is fixed * For any new connections, make sure there is an initial CONNECT for WebSocket/HTTPS request. * For the condition check that a CONNECT has been sent, make sure the connection the current future attaches is reusable/active. # Unit test IOException has various reasons but in the unit test, we emulate it by closing the connection after receiving the CONNECT request. The internal recovery process will retry another 4 times, and through an IOException eventually. Signed-off-by: Jason Joo --- .../netty/request/NettyRequestSender.java | 29 +++++++++++++----- .../asynchttpclient/proxy/HttpsProxyTest.java | 30 +++++++++++++++++-- 2 files changed, 50 insertions(+), 9 deletions(-) diff --git a/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestSender.java b/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestSender.java index 9fff868b2..b66dd713d 100755 --- a/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestSender.java +++ b/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestSender.java @@ -97,6 +97,13 @@ public NettyRequestSender(AsyncHttpClientConfig config, ChannelManager channelMa requestFactory = new NettyRequestFactory(config); } + // needConnect returns true if the request is secure/websocket and a HTTP proxy is set + private boolean needConnect(final Request request, final ProxyServer proxyServer) { + return proxyServer != null + && proxyServer.getProxyType().isHttp() + && (request.getUri().isSecured() || request.getUri().isWebSocket()); + } + public ListenableFuture sendRequest(final Request request, final AsyncHandler asyncHandler, NettyResponseFuture future) { if (isClosed()) { throw new IllegalStateException("Closed"); @@ -106,9 +113,7 @@ public ListenableFuture sendRequest(final Request request, final AsyncHan ProxyServer proxyServer = getProxyServer(config, request); // WebSockets use connect tunneling to work with proxies - if (proxyServer != null && proxyServer.getProxyType().isHttp() && - (request.getUri().isSecured() || request.getUri().isWebSocket()) && - !isConnectAlreadyDone(request, future)) { + if (needConnect(request, proxyServer) && !isConnectAlreadyDone(request, future)) { // Proxy with HTTPS or WebSocket: CONNECT for sure if (future != null && future.isConnectAllowed()) { // Perform CONNECT @@ -125,6 +130,8 @@ public ListenableFuture sendRequest(final Request request, final AsyncHan private static boolean isConnectAlreadyDone(Request request, NettyResponseFuture future) { return future != null + // If the channel can't be reused or closed, a CONNECT is still required + && future.isReuseChannel() && Channels.isChannelActive(future.channel()) && future.getNettyRequest() != null && future.getNettyRequest().getHttpRequest().method() == HttpMethod.CONNECT && !request.getMethod().equals(CONNECT); @@ -137,11 +144,19 @@ private static boolean isConnectAlreadyDone(Request request, NettyResponseFuture */ private ListenableFuture sendRequestWithCertainForceConnect(Request request, AsyncHandler asyncHandler, NettyResponseFuture future, ProxyServer proxyServer, boolean performConnectRequest) { - NettyResponseFuture newFuture = newNettyRequestAndResponseFuture(request, asyncHandler, future, proxyServer, performConnectRequest); Channel channel = getOpenChannel(future, request, proxyServer, asyncHandler); - return Channels.isChannelActive(channel) - ? sendRequestWithOpenChannel(newFuture, asyncHandler, channel) - : sendRequestWithNewChannel(request, proxyServer, newFuture, asyncHandler); + if (Channels.isChannelActive(channel)) { + NettyResponseFuture newFuture = newNettyRequestAndResponseFuture(request, asyncHandler, future, + proxyServer, performConnectRequest); + return sendRequestWithOpenChannel(newFuture, asyncHandler, channel); + } else { + // A new channel is not expected when performConnectRequest is false. We need to + // revisit the condition of sending + // the CONNECT request to the new channel. + NettyResponseFuture newFuture = newNettyRequestAndResponseFuture(request, asyncHandler, future, + proxyServer, needConnect(request, proxyServer)); + return sendRequestWithNewChannel(request, proxyServer, newFuture, asyncHandler); + } } /** diff --git a/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java b/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java index 011f15d78..9bd5ca911 100644 --- a/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java +++ b/client/src/test/java/org/asynchttpclient/proxy/HttpsProxyTest.java @@ -13,6 +13,7 @@ package org.asynchttpclient.proxy; import io.github.artsok.RepeatedIfExceptionsTest; +import io.netty.handler.codec.http.DefaultHttpHeaders; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; @@ -43,8 +44,10 @@ import static org.asynchttpclient.test.TestUtils.addHttpConnector; import static org.asynchttpclient.test.TestUtils.addHttpsConnector; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrowsExactly; import java.io.IOException; +import java.util.concurrent.ExecutionException; /** * Proxy usage tests. @@ -156,7 +159,7 @@ public void testPooledConnectionsWithProxy() throws Exception { public void testFailedConnectWithProxy() throws Exception { try (AsyncHttpClient asyncHttpClient = asyncHttpClient(config().setFollowRedirect(true).setUseInsecureTrustManager(true).setKeepAlive(true))) { Builder proxyServer = proxyServer("localhost", port1); - proxyServer.setCustomHeaders(r -> r.getHeaders().add(ProxyHandler.HEADER_FORBIDDEN, "1")); + proxyServer.setCustomHeaders(r -> new DefaultHttpHeaders().set(ProxyHandler.HEADER_FORBIDDEN, "1")); RequestBuilder rb = get(getTargetUrl2()).setProxyServer(proxyServer); Response response1 = asyncHttpClient.executeRequest(rb.build()).get(); @@ -170,16 +173,39 @@ public void testFailedConnectWithProxy() throws Exception { } } + @RepeatedIfExceptionsTest(repeats = 5) + public void testClosedConnectionWithProxy() throws Exception { + try (AsyncHttpClient asyncHttpClient = asyncHttpClient( + config().setFollowRedirect(true).setUseInsecureTrustManager(true).setKeepAlive(true))) { + Builder proxyServer = proxyServer("localhost", port1); + proxyServer.setCustomHeaders(r -> new DefaultHttpHeaders().set(ProxyHandler.HEADER_FORBIDDEN, "2")); + RequestBuilder rb = get(getTargetUrl2()).setProxyServer(proxyServer); + + assertThrowsExactly(ExecutionException.class, () -> asyncHttpClient.executeRequest(rb.build()).get()); + assertThrowsExactly(ExecutionException.class, () -> asyncHttpClient.executeRequest(rb.build()).get()); + assertThrowsExactly(ExecutionException.class, () -> asyncHttpClient.executeRequest(rb.build()).get()); + } + } + public static class ProxyHandler extends ConnectHandler { final static String HEADER_FORBIDDEN = "X-REJECT-REQUEST"; @Override public void handle(String s, Request r, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { if (HttpConstants.Methods.CONNECT.equalsIgnoreCase(request.getMethod())) { - if (request.getHeader(HEADER_FORBIDDEN) != null) { + String headerValue = request.getHeader(HEADER_FORBIDDEN); + if (headerValue == null) { + headerValue = ""; + } + switch (headerValue) { + case "1": response.setStatus(HttpServletResponse.SC_FORBIDDEN); r.setHandled(true); return; + case "2": + r.getHttpChannel().getConnection().close(); + r.setHandled(true); + return; } } super.handle(s, r, request, response); From 4bd02df8668dc03ee9d09805faaaeefca97a038b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 23:21:27 +0530 Subject: [PATCH 23/30] Bump netty.version from 4.1.118.Final to 4.1.119.Final (#2076) Bumps `netty.version` from 4.1.118.Final to 4.1.119.Final. Updates `io.netty:netty-buffer` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-codec-http` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-codec` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-codec-socks` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-handler-proxy` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-common` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-transport` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-handler` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-resolver-dns` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-transport-native-epoll` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-transport-native-kqueue` from 4.1.118.Final to 4.1.119.Final
Commits
  • fb7c786 [maven-release-plugin] prepare release netty-4.1.119.Final
  • f0a546d Use initialized BouncyCastle providers when available (#14855)
  • 7fc6a23 Add QueryStringDecoder option to leave '+' alone (#14850)
  • 8f3dd2f Consistently add channel info in HTTP/2 logs (#14829)
  • bd08643 Bump BlockHound version to 1.0.11.RELEASE (#14814)
  • 0138f23 SslHandler: Fix possible NPE when executor is used for delegating (#14830)
  • 84120a7 Fix NPE when upgrade message fails to aggregate (#14816)
  • dc6b051 Replace SSL assertion with explicit record length check (#14810)
  • 34011b5 chore: Sync the id when DefaultHttp2FrameStream's stream is updated. (#14803)
  • f3311e5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index bc92eb92e..d280fa329 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 11 UTF-8 - 4.1.118.Final + 4.1.119.Final 0.0.26.Final 1.18.0 2.0.16 From 0fe2036be2941886d4582878c20f7846f82b24f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 23:21:54 +0530 Subject: [PATCH 24/30] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.36 to 10.1.39 (#2073) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.36 to 10.1.39.
Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | org.apache.tomcat.embed:tomcat-embed-core | [>= 11.a0, < 12] |
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.36&new-version=10.1.39)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index 826ee0db8..7cc99b940 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.36 + 10.1.39 2.18.0 4.11.0 3.0 From acdacfb0701ec62949439b5dad78581ea0b0cf2f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:11:30 +0530 Subject: [PATCH 25/30] Bump crazy-max/ghaction-import-gpg from 6.2.0 to 6.3.0 (#2084) Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 6.2.0 to 6.3.0.
Release notes

Sourced from crazy-max/ghaction-import-gpg's releases.

v6.3.0

Full Changelog: https://github.com/crazy-max/ghaction-import-gpg/compare/v6.2.0...v6.3.0

Commits
  • e89d409 Merge pull request #215 from crazy-max/dependabot/npm_and_yarn/openpgp-6.1.0
  • 9239589 fix README
  • 177db9d chore: update generated content
  • 78b11f3 build(deps): bump openpgp from 5.11.2 to 6.1.0
  • bc96911 Merge pull request #218 from crazy-max/bake-v6
  • b70aa9b ci: update bake-action to v6
  • d690cc9 Merge pull request #212 from crazy-max/dependabot/npm_and_yarn/cross-spawn-7.0.6
  • 9e887f4 Merge pull request #211 from crazy-max/dependabot/github_actions/codecov/code...
  • 442980b ci: fix deprecated codecov input
  • a0098b6 Merge pull request #217 from crazy-max/gha-perms
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crazy-max/ghaction-import-gpg&package-manager=github_actions&previous-version=6.2.0&new-version=6.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a462dc99..b175fa865 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,7 +37,7 @@ jobs: }] - name: Import GPG - uses: crazy-max/ghaction-import-gpg@v6.2.0 + uses: crazy-max/ghaction-import-gpg@v6.3.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.GPG_PASSPHRASE }} From 96840692decab2541c8f13d2dbfbbca35311890f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:11:34 +0530 Subject: [PATCH 26/30] Bump com.uber.nullaway:nullaway from 0.12.3 to 0.12.6 (#2082) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [com.uber.nullaway:nullaway](https://github.com/uber/NullAway) from 0.12.3 to 0.12.6.
Release notes

Sourced from com.uber.nullaway:nullaway's releases.

NullAway 0.12.6

  • JSpecify: view type as super in generic method inference (#1177)
  • Infer @​Nullable type arguments for type variables from unmarked code (#1181)
  • Convert android-jar.py to Python 3 (#1175)
  • Suggest castToNonNull fix for unboxing error (#1182)

NullAway 0.12.5

Version 0.12.4

Better @​MonotonicNonNull support (#1149) Add support for local variables for arrays. (#1146) Ignore Spring Framework 6.2 @​MockitoBean, @​MockitoSpyBean fields (#1147) JSpecify: preserve explicit nullability annotations on type variables when performing substitutions (#1143) Always acknowledge restrictive annotations in JSpecify mode (#1144) Fix printing of array types in JSpecify errors (#1145) Remove need to use JSpecify's @​Nullable annotation (#1142) Handle calls to generic constructors in JSpecify mode (#1141) Properly handle conditional expression within parens as RHS of assignment (#1140) Skip checks involving wildcard generic type arguments (#1137) Update to Gradle 8.12.1 (#1133)

Changelog

Sourced from com.uber.nullaway:nullaway's changelog.

Version 0.12.6

  • JSpecify: view type as super in generic method inference (#1177)
  • Infer @​Nullable type arguments for type variables from unmarked code (#1181)
  • Convert android-jar.py to Python 3 (#1175)
  • Suggest castToNonNull fix for unboxing error (#1182)

Version 0.12.5

Version 0.12.4

  • Better @MonotonicNonNull support (#1149)
  • Add support for local variables for arrays. (#1146)
  • Ignore Spring Framework 6.2 @MockitoBean, @MockitoSpyBean fields (#1147)
  • JSpecify: preserve explicit nullability annotations on type variables when performing substitutions (#1143)
  • Always acknowledge restrictive annotations in JSpecify mode (#1144)
  • Fix printing of array types in JSpecify errors (#1145)
  • Remove need to use JSpecify's @​Nullable annotation (#1142)
  • Handle calls to generic constructors in JSpecify mode (#1141)
  • Properly handle conditional expression within parens as RHS of assignment (#1140)
  • Skip checks involving wildcard generic type arguments (#1137)
  • Update to Gradle 8.12.1 (#1133)
Commits
  • 649f25a Prepare for release 0.12.6.
  • 9369704 Suggest castToNonNull fix for unboxing error (#1182)
  • f1aca1b Convert android-jar.py to Python 3 (#1175)
  • 33588de Infer @Nullable type arguments for type variables from unmarked code (#1181)
  • dd0fe71 JSpecify: view type as super in generic method inference (#1177)
  • 2c8049c Prepare next development version.
  • 9613fb7 Prepare for release 0.12.5.
  • b84feb7 Don't treat @ParametricNullness as @Nullable in JSpecify mode (#1174)
  • 3da2c82 Use proper name for constructors in JarInfer (#1167)
  • 685065a Update to Error Prone 2.37.0 (#1169)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.uber.nullaway:nullaway&package-manager=maven&previous-version=0.12.3&new-version=0.12.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d280fa329..20b284dc0 100644 --- a/pom.xml +++ b/pom.xml @@ -327,7 +327,7 @@ com.uber.nullaway nullaway - 0.12.3 + 0.12.6 From 5977cd39acf22326ae5a8313987e27117c8ffbc0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:11:47 +0530 Subject: [PATCH 27/30] Bump com.github.luben:zstd-jni from 1.5.7-1 to 1.5.7-2 (#2078) Bumps [com.github.luben:zstd-jni](https://github.com/luben/zstd-jni) from 1.5.7-1 to 1.5.7-2.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.luben:zstd-jni&package-manager=maven&previous-version=1.5.7-1&new-version=1.5.7-2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 20b284dc0..9b48a8c0d 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 0.0.26.Final 1.18.0 2.0.16 - 1.5.7-1 + 1.5.7-2 2.0.1 1.5.16 26.0.2 From 1f642ba712f04b8385171107efefae2a44df72fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:11:55 +0530 Subject: [PATCH 28/30] Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.18 (#2080) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.16 to 1.5.18.
Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.18

2025-03-18 Release of logback version 1.5.18

• Added support for XZ compression for archived log files. Note that XZ compression requires Tukaani project's XZ library for Java. In case XZ compression is requested but the XZ library is missing, then logback will substitute GZ compression as a fallback. This feature was requested in issues/755.

• Removed references to java.security.AccessController class. This class has been deprecated for some time and is slated for removal in future JDK versions.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit b2a02f065379a9b1ba5ff837fc08913b744774bc associated with the tag v_1.5.18. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.17

2025-02-25 Release of logback version 1.5.17

• Fixed Jansi 2.4.0 color-coded output not working on Windows CMD.exe console when the default terminal application is set to "Windows Console Host". This problem was reported in issues/753 by Michael Lyubkin.

• Fixed race condition occurring in case MDC class is initialized while org.slf4j.LoggerFactory is initializing logback-classic's LoggerContext. When this race conditions occurs, the MDCAdapter instance used by MDC does not match the instance used by logback-classic. This issue was reported in SLF4J issues/450. While logback-classic version 1.5.17 remains compatible with SLF4J versions in the 2.0.x series, fixing this particular MDC issue requires SLF4J version 2.0.17.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 10358724ed723b3745c010aa40cb02a2dfed4593 associated with the tag v_1.5.17. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • b2a02f0 prepare release 1.5.18
  • 991de58 remove references to AccessController marked for deletion in the JDK
  • f54ab16 If compression mode is XZ but the XZ library is missing, then fallback to GZ ...
  • fb45971 add support for XZ compression
  • 31c1f55 add xz compression support with tests
  • 8968d0f introduce strategy based compression
  • 834059c start work on 1.5.18-SNAPSHOT
  • 1035872 prepare release 1.5.17
  • 2e6984d bump to slf4j version 2.0.17
  • 1009952 use a new LoggerContert instance when running LogbackListenerTest. This shoul...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ch.qos.logback:logback-classic&package-manager=maven&previous-version=1.5.16&new-version=1.5.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9b48a8c0d..98e816c79 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ 2.0.16 1.5.7-2 2.0.1 - 1.5.16 + 1.5.18 26.0.2 From 4fea3f747700475af5abc96e2eaa1b7cb6185366 Mon Sep 17 00:00:00 2001 From: Aayush Atharva Date: Mon, 31 Mar 2025 18:24:04 +0530 Subject: [PATCH 29/30] Disable Dependabot (#2085) Dependabot creates a separate PR for each dependency, which has broken the final release builds many times. It will be disabled for the time being until a better way to manage dependency upgrades is implemented, --- .github/dependabot.yml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index f4538d3c7..000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,17 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file - -version: 2 -updates: - - package-ecosystem: "maven" - directories: - - "/" - schedule: - interval: "daily" - - package-ecosystem: "github-actions" - directories: - - "/" - schedule: - interval: "daily" From 3f1de314d7e340a90929ef7d422eeaed2253b33c Mon Sep 17 00:00:00 2001 From: Aayush Atharva Date: Mon, 31 Mar 2025 19:28:09 +0530 Subject: [PATCH 30/30] Release v3.0.2 (#2086) --- README.md | 4 ++-- client/pom.xml | 2 +- pom.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 4ae651b75..0272134ed 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Maven: org.asynchttpclient async-http-client - 3.0.1 + 3.0.2 ``` @@ -28,7 +28,7 @@ Maven: Gradle: ```groovy dependencies { - implementation 'org.asynchttpclient:async-http-client:3.0.1' + implementation 'org.asynchttpclient:async-http-client:3.0.2' } ``` diff --git a/client/pom.xml b/client/pom.xml index 7cc99b940..749a98ddb 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -19,7 +19,7 @@ org.asynchttpclient async-http-client-project - 3.0.1 + 3.0.2 4.0.0 diff --git a/pom.xml b/pom.xml index 98e816c79..70d09ac53 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ org.asynchttpclient async-http-client-project - 3.0.1 + 3.0.2 pom AHC/Project