camel icon indicating copy to clipboard operation
camel copied to clipboard
verified publisher icon apache

chore(deps): Bump httpclient-version from 5.4.4 to 5.5

Open dependabot[bot] opened this issue 7 months ago • 6 comments

Bumps httpclient-version from 5.4.4 to 5.5. Updates org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.5

This is the first GA release in the 5.5 release series. This release finalizes the 5.5 APIs and adds several experimental features and improvements, such as request multiplexing over a shared HTTP/2 connection and the Classic API facade acting as a compatibility bridge between classic I/O client services and the asynchronous message transport used internally.

Notable changes and features included in the 5.5 series:

  • Improved conformance to RFC 7616 (HTTP Digest Access Authentication).

  • The connection pool implementation acts as a caching facade in front of a standard managed connection pool and shares already leased connections to multiplex message exchanges over active HTTP/2 connections. Experimental.

  • Extended Auth API and improved authentication protocol logic to support mutual authentication.

  • The Classic API facade now acts as a compatibility bridge between the classic I/O client services (based on the standard InputStream / OutputStream model) and the asynchronous message transport used internally. This is experimental.

  • HTTP/2 support for the Fluent Facade (via Classic API facade). This is experimental.

Compatibility notes:

  • As of this release, HttpClient does not automatically execute redirects if the original request manually added headers that are considered sensitive.

Change Log

  • HTTPCLIENT-2367: Fixed NPE in InternalAbstractHttpAsyncClient by adding a null check for resolvedTarget (#634). Contributed by Arturo Bernal

  • Fixed case of Cookie#HTTP_ONLY_ATTR Contributed by Finn Petersen [email protected]

  • Simplified ProtocolSwitchStrategy by leveraging ProtocolVersionParser (#627). Contributed by Arturo Bernal

  • HTTPCLIENT-2364: Fixed incorrect re-binding of the upgraded SSL socket to the HTTP connection by the #upgrade method of the DefaultHttpClientConnectionOperator. Contributed by Oleg Kalnichevski

... (truncated)

Commits
  • b42e73c HttpClient 5.5 release
  • 3061c34 Updated release notes for HttpClient 5.5 release
  • 14a9208 Updated NOTICE to 2025
  • 4021b7c Link text adjustment
  • be441c1 Update the GitHub Security page with a link to the new HttpComponents
  • f5f9ae8 HTTPCLIENT-2367 - Fix NPE in InternalAbstractHttpAsyncClient by adding null c...
  • 19c0278 Bump org.junit:junit-bom from 5.12.1 to 5.12.2 #632
  • ef06a27 Bump org.junit:junit-bom from 5.12.1 to 5.12.2 (#632)
  • 9bae302 Fix case of Cookie.HTTP_ONLY_ATTR
  • 0ba6102 Simplify ProtocolSwitchStrategy by Leveraging ProtocolVersionParser (#627)
  • Additional commits viewable in compare view

Updates org.apache.httpcomponents.client5:httpclient5-fluent from 5.4.4 to 5.5

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5-fluent's changelog.

Release 5.5

This is the first GA release in the 5.5 release series. This release finalizes the 5.5 APIs and adds several experimental features and improvements, such as request multiplexing over a shared HTTP/2 connection and the Classic API facade acting as a compatibility bridge between classic I/O client services and the asynchronous message transport used internally.

Notable changes and features included in the 5.5 series:

  • Improved conformance to RFC 7616 (HTTP Digest Access Authentication).

  • The connection pool implementation acts as a caching facade in front of a standard managed connection pool and shares already leased connections to multiplex message exchanges over active HTTP/2 connections. Experimental.

  • Extended Auth API and improved authentication protocol logic to support mutual authentication.

  • The Classic API facade now acts as a compatibility bridge between the classic I/O client services (based on the standard InputStream / OutputStream model) and the asynchronous message transport used internally. This is experimental.

  • HTTP/2 support for the Fluent Facade (via Classic API facade). This is experimental.

Compatibility notes:

  • As of this release, HttpClient does not automatically execute redirects if the original request manually added headers that are considered sensitive.

Change Log

  • HTTPCLIENT-2367: Fixed NPE in InternalAbstractHttpAsyncClient by adding a null check for resolvedTarget (#634). Contributed by Arturo Bernal

  • Fixed case of Cookie#HTTP_ONLY_ATTR Contributed by Finn Petersen [email protected]

  • Simplified ProtocolSwitchStrategy by leveraging ProtocolVersionParser (#627). Contributed by Arturo Bernal

  • HTTPCLIENT-2364: Fixed incorrect re-binding of the upgraded SSL socket to the HTTP connection by the #upgrade method of the DefaultHttpClientConnectionOperator. Contributed by Oleg Kalnichevski

... (truncated)

Commits
  • b42e73c HttpClient 5.5 release
  • 3061c34 Updated release notes for HttpClient 5.5 release
  • 14a9208 Updated NOTICE to 2025
  • 4021b7c Link text adjustment
  • be441c1 Update the GitHub Security page with a link to the new HttpComponents
  • f5f9ae8 HTTPCLIENT-2367 - Fix NPE in InternalAbstractHttpAsyncClient by adding null c...
  • 19c0278 Bump org.junit:junit-bom from 5.12.1 to 5.12.2 #632
  • ef06a27 Bump org.junit:junit-bom from 5.12.1 to 5.12.2 (#632)
  • 9bae302 Fix case of Cookie.HTTP_ONLY_ATTR
  • 0ba6102 Simplify ProtocolSwitchStrategy by Leveraging ProtocolVersionParser (#627)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar May 23 '25 07:05 dependabot[bot]

:star2: Thank you for your contribution to the Apache Camel project! :star2:

:robot: CI automation will test this PR automatically.

:camel: Apache Camel Committers, please review the following items:

  • First-time contributors require MANUAL approval for the GitHub Actions to run

  • You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot.

  • You can label PRs using build-all, build-dependents, skip-tests and test-dependents to fine-tune the checks executed by this PR.

  • Build and test logs are available in the Summary page. Only Apache Camel committers have access to the summary.

  • :warning: Be careful when sharing logs. Review their contents before sharing them publicly.

github-actions[bot] avatar May 23 '25 07:05 github-actions[bot]

We should wait with this as SB and other libraries are likely on 5.4.x still

davsclaus avatar May 23 '25 07:05 davsclaus

Let's see if it pass, so we know we are fine on camel side.

oscerd avatar May 23 '25 07:05 oscerd

/component-test camel-http

Result :white_check_mark: The tests passed successfully

davsclaus avatar May 23 '25 07:05 davsclaus

:robot: The Apache Camel test robot will run the tests for you :+1:

github-actions[bot] avatar May 23 '25 07:05 github-actions[bot]

lets make this draft as this also requires tests in other components that uses http client indirectly

davsclaus avatar May 23 '25 09:05 davsclaus

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot] avatar Jul 09 '25 10:07 dependabot[bot]