Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency bandit to v1.6.3 #105

Merged
merged 1 commit into from
Jan 13, 2025
Merged

chore(deps): update dependency bandit to v1.6.3 #105

merged 1 commit into from
Jan 13, 2025

Conversation

btkostner-jumar[bot]
Copy link
Contributor

This PR contains the following updates:

Package Type Update Change
bandit (source) prod minor 1.5.7 -> 1.6.3

Release Notes

mtrudel/bandit (bandit)

v1.6.3

Compare Source

Fixes
  • Always close HTTP/1 connection in any case where an error comes out of the plug (#​452, thanks @​zookzook!)
  • Fix dialyzer warning introduced by Thousand Island 1.3.9

v1.6.2

Compare Source

Enhancements
  • Send telemetry events on Plugs that throw or exit (#​443)
  • Improve test robustness & speed (#​446)
  • Read a minimal number of bytes when sniffing for protocol (#​449)
  • Add plug and websock to logging metadata whenever possible (#​448)
  • Add plug and websock to telemetry metadata whenever possible (#​447)
  • Silently eat Bandit.TransportError errors during HTTP/1 error fallback handling
Fixes
Changes
  • Unwrap Plug.Conn.WrapperErrors raised by Plug and handle the wrapped error per policy
  • Surface socket setup errors as Bandit.TransportError for consistency in logging

v1.6.1

Compare Source

Enhancements
  • Add deflate support when sending chunked responses (#​429)
Fixes
  • Bring in updated HPAX to fix HTTP/2 error cases seen in AWS load balancing
    environments (#​392)
  • Improve handle of pipelined HTTP/1.1 requests (#​437)
  • Improve error handling when dealing with socket errors (#​433)
Changes
  • Use Plug.Call.inform/2 to send websocket upgrades (#​428)

v1.6.0

Compare Source

Enhancements
Fixes
  • Improve content-length send logic per RFC9110§8.6/8.7
  • Explicitly signal keepalives in HTTP/1.0 requests
Changes
  • Fix typo & clarify docs
  • Update security policy

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@btkostner-jumar btkostner-jumar bot requested a review from btkostner January 10, 2025 05:29
@btkostner-jumar
Copy link
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@btkostner btkostner merged commit 29bab8c into main Jan 13, 2025
20 checks passed
@btkostner btkostner deleted the renovate/bandit-1.x-lockfile branch January 13, 2025 18:12
@github-actions github-actions bot mentioned this pull request Dec 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@btkostner btkostner btkostner approved these changes

Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@btkostner