dependabot[bot] opened a new pull request, #1313: URL: https://github.com/apache/cxf/pull/1313
Bumps [httpcore5](https://github.com/apache/httpcomponents-core) from 5.2.1 to 5.2.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/apache/httpcomponents-core/blob/master/RELEASE_NOTES.txt">httpcore5's changelog</a>.</em></p> <blockquote> <h2>Release 5.2.2</h2> <p>This is a maintenance release that corrects several defects discovered since release 5.2.1 including a major defect that can cause HTTP/2 connections allocate excessive amount of memory for their output frame buffer if the opposite endpoint transmits a high value of MAX_FRAME_SIZE in its settings.</p> <h2>Change Log</h2> <ul> <li> <p>HTTPCORE-752: I/O reactor fails to initialize socket timeout for TLS connections correctly resulting in infinite (no timeout) by default. Contributed by Oleg Kalnichevski <!-- raw HTML omitted --></p> </li> <li> <p>HTTPCORE-751: H2 protocol handler always resizes the output frame buffer to the remove MAX_FRAME_SIZE instead of doing so only then the remote MAX_FRAME_SIZE is lesser than the current MAX_FRAME_SIZE (partially reverts HTTPCORE-707). Contributed by Oleg Kalnichevski <!-- raw HTML omitted --></p> </li> <li> <p>HTTPCORE-750: Fixed a defect causing AbstractIOSessionPool to create multiple connections under high load at initialization time due to a race condition. Contributed by Oleg Kalnichevski <!-- raw HTML omitted --></p> </li> <li> <p>Handle UnsupportedOperationException in getApplicationProtocol. Contributed by Arturo Bernal <!-- raw HTML omitted --></p> </li> <li> <p>HTTPCORE-742: BasicHttpRequest#setUri does not correctly reset internal state. Contributed by Oleg Kalnichevski <!-- raw HTML omitted --></p> </li> <li> <p>HTTPCORE-733: BasicAsyncEntityProducer sends an extra trailing 0 with UTF-8 encoded content Contributed by Oleg Kalnichevski <!-- raw HTML omitted --></p> </li> <li> <p>Do not duplicate the HttpMessage instance variable slot in subclasses of AbstractMessageWrapper. Contributed by Gary Gregory <!-- raw HTML omitted --></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/httpcomponents-core/commit/8cd0f0146c48308d76c0290c7882d5ecdb4a2cdb"><code>8cd0f01</code></a> HttpCore 5.2.2 release</li> <li><a href="https://github.com/apache/httpcomponents-core/commit/f73dd56b30ab04c7c9728a4d13dca8525881ae22"><code>f73dd56</code></a> Updated release notes for HttpCore 5.2.2 release</li> <li><a href="https://github.com/apache/httpcomponents-core/commit/6f82d1c3d785cf3392fd3843c1b0b1f5e39eb8c9"><code>6f82d1c</code></a> HTTPCORE-752: I/O reactor fails to initialize socket timeout for TLS connecti...</li> <li><a href="https://github.com/apache/httpcomponents-core/commit/4f5bbaf152fb14998f59a8fade01667c905a3556"><code>4f5bbaf</code></a> Bump rxjava from 3.1.5 to 3.1.6</li> <li><a href="https://github.com/apache/httpcomponents-core/commit/3ab9d95da1a828da32246facd03aec44f30a7201"><code>3ab9d95</code></a> HTTPCORE-751: H2 protocol handler always resizes the output frame buffer to t...</li> <li><a href="https://github.com/apache/httpcomponents-core/commit/a091322f7fb5292d63609855596403cc00376eff"><code>a091322</code></a> HTTPCORE-750: Fixed a defect causing AbstractIOSessionPool to create multiple...</li> <li><a href="https://github.com/apache/httpcomponents-core/commit/1b9871c6fee8d251dcad078792dcd0d643493420"><code>1b9871c</code></a> Handle UnsupportedOperationException in getApplicationProtocol.</li> <li><a href="https://github.com/apache/httpcomponents-core/commit/9f8cdb17c85defb267fc814d6094bfda3c8ff1a7"><code>9f8cdb1</code></a> [HTTPCORE-745] ContentType.create(String, NameValuePair...) should make (<a href="https://redirect.github.com/apache/httpcomponents-core/issues/404">#404</a>)</li> <li><a href="https://github.com/apache/httpcomponents-core/commit/0311043310c46a702e7c09700814f3ecc92ac9a9"><code>0311043</code></a> Bump junit-bom from 5.9.1 to 5.9.3</li> <li><a href="https://github.com/apache/httpcomponents-core/commit/73763379b9185aa0a472ff83ec97e684acd7b8c6"><code>7376337</code></a> HTTPCORE-742: BasicHttpRequest#setUri does not correctly reset internal state</li> <li>Additional commits viewable in <a href="https://github.com/apache/httpcomponents-core/compare/rel/v5.2.1...rel/v5.2.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.httpcomponents.core5:httpcore5&package-manager=maven&previous-version=5.2.1&new-version=5.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org