dependabot[bot] commented 2 weeks ago

Bumps org.apache.httpcomponents.core5:httpcore5 from 5.2.4 to 5.2.5.

Changelog

Sourced from org.apache.httpcomponents.core5:httpcore5's changelog.

Release 5.2.5

This is a maintenance release that corrects several minor defects discovered since release 5.2.4.

Change Log

Minor performance optimization of response out of sequence check. Contributed by Oleg Kalnichevski

Bug fix: Corrected exception type thrown in case of an unexpected connection termination. Contributed by Oleg Kalnichevski

Bug fix: HTTP/1.1 server-side stream handler to validate the request message before the request routing and handler resolution. Contributed by Oleg Kalnichevski

HPackDecoder incorrectly calculates required buffer length causing G1 Humongous Allocation and OOM (#465). Contributed by crazylulululu 42406448+crazylulululu@users.noreply.github.com

Performance optimization: HttpVersion#get is called in the critical execution path of the HTTP/1.1 protocol. Contributed by Oleg Kalnichevski

HTTPCORE-763: remove checks that assert a path does not start with "//" Contributed by Marco Bungart marco.bungart@googlemail.com

Fix: URIBuilder#getFirstQueryParam(String) throws NPE when query is empty (#449). Contributed by Konstantin Sorokin skssxf@gmail.com

Commits

4afa071 HttpCore 5.2.5 release
7b2271a Updated release notes for HttpCore 5.2.5 release
29b0173 Minor performance optimization of response out of sequence check
939d4b2 Bug fix: corrected exception type thrown in case of unexpected connection ter...
1255be4 Bug fix: HTTP/1.1 server side stream handler to validate the request message...
0a4d381 HPackDecoder incorrectly calculates required buffer length causing G1 Humongo...
0e90a70 Removed Java 8 (MacOS) from Maven build matrix
3c17053 Disable Conscrypt integration tests on MacOS
c68ce90 Mention HttpStatus and StatusCode in JavaDoc in more places (#454)
30b3a20 Performance optimization: HttpVersion#get is called in the critical execution...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

github-actions[bot] commented 2 weeks ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA c3a43fef1a20449eecd433b6a688184f4550c394.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.