Bump req from 0.3.9 to 0.4.8

[dependabot[bot]]

Bumps req from 0.3.9 to 0.4.8.

Release notes

Sourced from req's releases.

v0.4.0

Req v0.4.0 changes headers to be maps, adds request & response streaming, and improves steps.

Change Headers to be Maps

Previously headers were lists of name/value tuples, e.g.:

[{"content-type", "text/html"}]

This is a standard across the ecosystem (with minor difference that some Erlang libraries use charlists instead of binaries.)

There are some problems with this particular choice though:

• We cannot use headers[name]
• We cannot use pattern matching

In short, this representation isn't very ergonomic to use.

Now headers are maps of string names and lists of values, e.g.:

%{"content-type" => ["text/html"]}

This allows headers[name] usage:

response.headers["content-type"]
#=> ["text/html"]

and pattern matching:

case Req.request!(req) do
  %{headers: %{"content-type" => ["application/json" <> _]}} ->
    # handle JSON response
end

This is a major breaking change. If you cannot easily update your app or your dependencies, do:

# config/config.exs
config :req, legacy_headers_as_lists: true

This legacy fallback will be removed on Req 1.0.

... (truncated)

Changelog

Sourced from req's changelog.

v0.4.8 (2023-12-11)

• [put_plug]: Fix response streaming. Previously we were relying on unreleased Plug features (which may never get released). Now, Plug adapter will emit the entire response body as one chunk. Thus, plug: plug, into: fn ... -> {:halt, acc} end is not yet supported as it requires Plug changes that are still being discussed. On the flip side, we should have much more stable Plug integration regardless of this small limitation.

v0.4.7 (2023-12-11)

• [put_plug]: Don't crash if plug is not installed and :plug is not used

v0.4.6 (2023-12-11)

• New step: [checksum]
• [put_plug]: Fix response streaming when plug uses send_resp or send_file
• [retry]: Retry on :closed

v0.4.5 (2023-10-27)

• decompress_body: Remove content-length header

• auth: Deprecate auth: {user, pass} in favour of auth: {:basic, "user:pass"}

• Req.Request: Allow steps to be {mod, fun, args}

v0.4.4 (2023-10-05)

• compressed: Check for optional depenedencies brotli and ezstd only at compile-time. (backported from v0.3.12.)

• decode_body: Check for optional depenedency nimble_csv at compile-time. (backported from v0.3.12.)

• run_finch: Add :finch_private option

v0.4.3 (2023-09-13)

• [Req.new/1]: Fix setting :redact_auth

• [Req.Request]: Add Req.Request.get_option_lazy/3

• [Req.Request]: Add Req.Request.drop_options/2

v0.4.2 (2023-09-04)

• [put_plug]: Handle response streaming on Plug 1.15+.

... (truncated)

Commits

• 6549765 Release v0.4.8
• e2c3a98 put_plug: Fix response streaming
• 8ffc84b Fix receive timeout test
• 89d93ed Ensure we can compile without optional deps
• 83082c3 Release v0.4.7
• 99512ad put_plug: Don't crash if plug is not installed and :plug is not used
• 515bb89 Release v0.4.6
• b052d47 Fix doctest
• 5df76b3 retry: Retry on :closed
• aa11de1 Fix Req.Request.t and Req.Response.t types
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot[bot]]

Superseded by #105.