BREAKING CHANGE Move log_protocol_errors configuration option into
shared http_options top-level config (and apply it to HTTP/2 errors as well)
BREAKING CHANGE Remove origin_telemetry_span_context from WebSocket
telemetry events
BREAKING CHANGE Remove stream_id from HTTP/2 telemetry events
Add conn to the metadata of telemetry start events for HTTP requests
Stop sending WebSocket upgrade failure reasons to the client (they're still
logged)
Fixes
Return HTTP semantic errors to HTTP/2 clients as protocol errors instead of
internal errors
1.4.0 (26 Mar 2024)
[!WARNING]
IMPORTANT Phoenix users MUST upgrade to WebSockAdapter 0.5.6 or newer when
upgrading to Bandit 1.4.0 or newer as some internal module names have changed
Enhancements
Complete refactor of HTTP/2. Improved process model is MUCH easier to
understand and yields about a 10% performance boost to HTTP/2 requests (#286 /
#307)
Substantial refactor of the HTTP/1 and HTTP/2 stacks to share a common code
path for much of their implementations, with the protocol-specific parts being
factored out to a minimal Bandit.HTTPTransport protocol internally, which
allows each protocol to define its own implementation for the minimal set of
things that are different between the two stacks (#297 / #329)
Changes
BREAKING CHANGE Move configuration options that are common between HTTP/1
and HTTP/2 stacks into a shared http_options top-level config
BREAKING CHANGE The HTTP/2 header size limit options have been deprecated,
and have been replaced with a single max_header_block_size option. The setting
defaults to 50k bytes, and refers to the size of the compressed header block
as sent on the wire (including any continuation frames)
BREAKING CHANGE Remove req_line_bytes, req_header_bytes, resp_line_bytes and
resp_header_bytes from HTTP/1 request telemetry measurements
BREAKING CHANGE Remove status, method and request_target from
telemetry metadata. All of this information can be obtained from the conn
struct attached to most telemetry events
BREAKING CHANGE Re-reading a body that has already been read returns {:ok, "", conn} instead of raising a Bandit.BodyAlreadyReadError
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps bandit from 1.1.3 to 1.4.1.
Changelog
Sourced from bandit's changelog.
... (truncated)
Commits
71691ee
Version bump to 1.4.1910c8ce
Refactor pipeline (#335)d31986f
More gc test tweaks3886e4a
Tweak flaky GC test291660c
Add websock_adapter note to changeloge5d4262
Version bump to 1.4.063265f0
Share HTTP semantics between HTTP/1 and 2 (#329)a77b96f
Coalesce header and body calls together in the common 'plain' body send case ...6b88014
Fix typo in http1 README (#332)0a5c83d
Bump req from 0.4.13 to 0.4.14 (#328)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show