Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency io.ktor:ktor-client-core-jvm to v3.0.0 [security] - autoclosed #130

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 5, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
io.ktor:ktor-client-core-jvm 3.0.0-beta-1 -> 3.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-49580

Improper caching in JetBrains Ktor before 3.0.0 in the HttpCache Plugin could lead to response information disclosure.


Release Notes

ktorio/ktor (io.ktor:ktor-client-core-jvm)

v3.0.0

Compare Source

Published 9 October 2024

Bugfixes
  • Darwin: The maxFrameSize option has no effect (KTOR-6963)
  • KotlinReflectionInternalError (createClientPlugin) when running release APK on Android (KTOR-7479)
  • Netty: UnsupportedOperationException is thrown when responding in CallSetup and CORS plugin is installed (KTOR-4433)
  • MicrometerMetrics: Prometheus meter registry 1.13.0 generates configuration warning (KTOR-7035)
  • Websockets/Auth: ProtocolException when requesting protected WebSockets endpoint (KTOR-7363)
  • Data truncated in receiveParameters and receiveMultipart (KTOR-7201)
  • The pathSegments returns empty strings for trailing slashes (KTOR-4402)
  • HttpRequestRetry: exponential delay doesn't work for delays <= 1 second (KTOR-7294)
  • JS browser: "Error: HttpClientCall expected" on HTTP request when targeting es2015 (KTOR-6882)
  • Incomplete write using io.ktor.util.cio.FileChannelsKt#writeChannel (KTOR-1618)
  • response.content.copyAndClose(targetFile.writeChannel()) sometimes loses some bytes (KTOR-3003)
  • ByteWriteChannel.flush is not Waiting Until Flushing the Internal Buffer to the Destination (KTOR-3102)
  • CORS check fails when the Origin header has a value without trailing slash (KTOR-5936)
  • Closing socket and selector leaks descriptor on native (KTOR-7255)
  • ConnectionUtilsNative leaks descriptors on error (KTOR-6977)
  • withTimeout doesn't cancel socket connection on native (KTOR-5289)
  • MockEngine: the ability to set dispatcher is removed (KTOR-6417)
Improvements
  • Misleading readBytes method name (KTOR-6596)
  • Remove reflection utils used only on JVM target from common source set (KTOR-7540)
  • Weak security algorithm (MD5) in FileCacheStorage (KTOR-6589)
  • Missing constants for AcceptEncoding (KTOR-6412)
  • Add respondFile overload with Path parameters (KTOR-7202)
  • MalformedInputException confusingly is a Throwable but not an Exception (KTOR-7316)
  • CSRF: The allowOrigin method enables the Origin Header validation (KTOR-6695)
  • Auth: Drop marker interface requirements (KTOR-7323)
  • Routing: Support accessing the request body in RouteSelector (KTOR-7084)
  • Make Cookie class Serializable (KTOR-6258)
  • Make the internal Route.swaggerUI method public (KTOR-6491)
  • Ktor clients and servers should use Dispatchers.IO.limitedParallelism(...) wherever possible (KTOR-6462)
Features
  • Support androidNative targets (KTOR-7289)
  • Provide the API that simplifies disabling CORS for testing purposes (KTOR-3329)
  • Add support for mingw to ktor-network in order to make server and client work on windows (KTOR-4080)

v3.0.0-rc-2

Compare Source

Published 2 October 2024

Bugfixes
  • Sessions: custom SessionSerializer is no longer supported (KTOR-7442)
  • Multipart/form-data: Request timeout when receiving FileItem with 3.0.0-rc-1 (KTOR-7484)
  • MultiPartData.readPart does not return null when stream ends (KTOR-7500)
  • Multipart/form-data: Form limit applied for binary and file items (KTOR-7356)
  • Autoreload not working by default under Windows (KTOR-3031)
  • HttpCache: Cache collision in the plugin when Authorization header is used (KTOR-7483)
  • Gradle sync issue with kotlin-serialization 1.7.2 on 3.0.0-rc-1 (KTOR-7477)
  • The ApplicationStopping event isn't raised when application is terminated with SIGINT (KTOR-7448)
  • respondOutputStream reads entire contents into memory before returning response (KTOR-7461)
  • UninitializedPropertyAccessException for request property when using MonitoringEvent(RoutingCallStarted) (KTOR-7449)
  • Preconfigured NSURLSession causes requests to hang (KTOR-7355)
  • Failures after upgrading Ktor in test server (KTOR-7431)
  • InputStream.toByteReadChannel creates unattached job (KTOR-7012)
  • Maven builds not working (KTOR-7425)
Improvements
  • Breaking change Deprecate withTestApplication APIs with ERROR and migrate to testApplication (KTOR-7284)
  • Breaking change Replace java.time options in Websockets plugin (KTOR-7446)
  • Ktor doesn't read System properties from jvm (KTOR-7492)
  • Redirect dependencies from ktor-server-test-base (KTOR-7393)
  • Include relocation notes for old Ktor modules (KTOR-6826)
  • ByteReadChannel.readFully(dst: ByteArray, offset: Int, length: Int) is missing since 3.0.0-beta-2 (KTOR-7427)
  • ByteChannel.readUtf8Line() backwards compatibility (KTOR-7474)
  • Kotlinx-io response extension (KTOR-7504)
Features

v3.0.0-rc-1

Compare Source

Published 9 September 2024

Bugfixes
  • Bytecode incompatibility in AttributeKey (KTOR-7334)
  • ContentEncoding: request hangs when using 3.0.0-beta-2 (KTOR-7265)
  • Revert Routing API changes from Route to Routing (KTOR-7238)
  • IOException: startIndex (0) > endIndex (-1) when making concurrent requests via thread pool (KTOR-7254)
  • ByteReadChannel.copyTo sometimes throws "IllegalArgumentException: Buffer is empty" (KTOR-7220)
  • Redirect dependencies from ktor-server-test-base (KTOR-7393)
  • CIO: EmbeddedServer.stop always blocks for shutdownGracePeriod (KTOR-7360)
  • SSE: the plugin doesn't follow the spec when multiline data is sent (KTOR-7391)
  • Infinite creation of CancellableContinuationImpl on ByteChannel.flush (KTOR-7324)
Improvements
  • Include relocation notes for old Ktor modules (KTOR-6826)
  • Deprecate old jetty / tomcat / servlet engines (KTOR-7315)
  • Backwards compatibility for monitor (KTOR-7264)
  • ApplicationProperties naming is confusing (KTOR-7270)
Features
  • staticZip: Support watching for changes and reloading of zip files (KTOR-7243)

v3.0.0-beta-2

Compare Source

Published 15 July 2024

Bugfixes
  • io.ktor.util.TextKt.chomp doesn't work on strings with more than one character (KTOR-7209)
  • DefaultRequest plugin overwrites http protocol (KTOR-5586)
  • Ktor build problem; cannot compile native targets (KTOR-6666)
  • SSEException is thrown instead of JobCancellationException when coroutine's job is cancelled (KTOR-6571)
  • SSE request drops request body (KTOR-6659)
  • SSE: UnsupportedContentTypeException when sending POST request using OKHttp engine (KTOR-6911)
  • SSE: NoTransformationFoundException when Logging plugin with LogLevel.ALL is used (KTOR-6912)
  • Installing SSE breaks GET/POST functionality (KTOR-6614)
  • Cookies with a long Max-Age incorrectly expire in AcceptAllCookiesStorage (KTOR-6646)
  • Some dependency versions not tracked (KTOR-7123)
  • CSRF: false positive originMatchesHost validation when default port is explicitly defined (KTOR-6701)
  • Double Transfer-Encoding header while using respondOutputStream on Tomcat (KTOR-6574)
Improvements
  • HttpCalValidatorConfig class name is misspelled (KTOR-6625)
  • CallLogging: package is misspelled (KTOR-4273)
  • Ambiguous coroutineContext warning in routing handler (KTOR-5181)
  • Tracing: allow changing log level at runtime for routing (KTOR-7193)
  • io.ktor.network.tls.TLSException has internal visibility (KTOR-6767)
  • Auth: Make refreshToken of BearerTokens class nullable (KTOR-6928)
  • Ktor test application library references internal module (KTOR-6668)
  • CSRF: Confusing error message when Origin validation is enabled and only Referrer header is sent (KTOR-6702)
  • CSRF: validations probably shouldn't be applied to GET/HEAD/OPTIONS requests (KTOR-6698)
  • CSRF: Empty onFailure option is misleading (KTOR-6687)
  • Misleading assertion message in the testEmbeddedServerCancellation test (KTOR-6657)
  • Allow setting "Secure" flag for cookies on localhost (KTOR-6593)
  • SSE: Unable to access response headers (KTOR-6660)
  • SSE: Improve support for testing (KTOR-3290)
  • OAuth handler does not propagate redirection errors to the caller (KTOR-6605)
  • HttpTimeoutTest.testConnect are flaky (KTOR-1583)
Features
  • Migrate to new kotlinx.io library (KTOR-6030)
  • Change default session serializer to the one that uses kotlinx-serializaion (KTOR-6175)
  • Replace custom withTimeout implementation using WeakTimeoutQueue with coroutines.withTimeout (KTOR-3658)
  • Add Url capability: parsing/validating url strings (KTOR-360)
  • SSE: Support handling HTTP failures (KTOR-6808)
  • Ktor client for Kotlin/Wasm (KTOR-5587)
  • CSRF protection feature (KTOR-2910)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/maven-io.ktor-ktor-client-core-jvm-vulnerability branch 3 times, most recently from dc834cf to 2bba99b Compare November 29, 2024 06:37
@renovate renovate bot force-pushed the renovate/maven-io.ktor-ktor-client-core-jvm-vulnerability branch from 2bba99b to 7a32e0c Compare December 1, 2024 16:18
@renovate renovate bot changed the title fix(deps): update dependency io.ktor:ktor-client-core-jvm to v3.0.0 [security] fix(deps): update dependency io.ktor:ktor-client-core-jvm to v3.0.0 [security] - autoclosed Dec 6, 2024
@renovate renovate bot closed this Dec 6, 2024
@renovate renovate bot deleted the renovate/maven-io.ktor-ktor-client-core-jvm-vulnerability branch December 6, 2024 19:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants