SpaceAge/space_age_api
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(deps): update dependency hackney to v4.4.5 #51

Merged
Doridian merged 1 commit from renovate/hackney-4.x-lockfile into main 2026-06-18 14:34:08 -07:00
Conversation 0 Commits 1 Files changed 2 +2 -2
MaidFox commented 2026-06-18 14:18:05 -07:00
Member
Copy link

This PR contains the following updates:

Package Type Update Change
hackney (source) prod patch 4.4.24.4.5

Release Notes

benoitc/hackney (hackney)

v4.4.5

Compare Source

Fixed
  • HTTPS: a connection reused over a resumed TLS 1.3 session is no longer
    mislabeled as HTTP/1 when it negotiated HTTP/2. ssl:negotiated_protocol/1
    reports nothing on a resumed session, so hackney now remembers the protocol
    learned on the full handshake (per host and advertised ALPN) and offers
    resumption only once that protocol is known, resolving a resumed session
    against that snapshot. Reused h2 connections take the h2 path instead of
    feeding h2 frames to the HTTP/1 parser.
  • HTTP/1.1: a response that cannot begin an HTTP/1 status line (for example an
    HTTP/2 frame on a mislabeled connection) now fails fast with
    {error, {bad_response, not_http}} instead of spinning the CPU in the
    status-line parser.
  • Connection pooling: Connection: close responses are no longer returned to
    the pool on the sync body path; checkin only pools connections proven
    keep-alive and socket-ready (unknown defaults to close); and a closed pooled
    entry is discarded at checkout instead of being redialed inside the pool
    process (#​888).
  • Connection pooling: stopping a pool while requests are in flight no longer
    leaks the per-host concurrency (load_regulation) slots of the checked-out
    connections. The pool now traps exits so its shutdown releases those slots and
    stops the in-use connections, instead of orphaning them and starving the host's
    concurrency cap node-wide (#​892).

v4.4.3

Compare Source

Fixed
  • HTTP/2: a response that signals end of stream with a trailing HEADERS frame (trailers, or an empty trailing HEADERS as proxies emit for responses without a content-length) no longer hangs the body read until recv_timeout. The trailer event is now treated as end of stream, so reads complete on fresh and reused connections (#​884).
  • HTTP/2: sync reads run under a per-stream recv_timeout watchdog, so a lost frame fails fast with {error, timeout} instead of blocking until the connection dies.
  • HTTP/1.1: a pooled connection that received unsolicited data while idle is dropped at checkout instead of having the bytes discarded, which could strand or corrupt the next read. Healthy idle connections still reuse normally, preserving keep-alive and the issue #​544 stale-connection detection.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [hackney](https://hex.pm/packages/hackney) ([source](https://github.com/benoitc/hackney)) | prod | patch | `4.4.2` → `4.4.5` | --- ### Release Notes <details> <summary>benoitc/hackney (hackney)</summary> ### [`v4.4.5`](https://github.com/benoitc/hackney/releases/tag/4.4.5) [Compare Source](https://github.com/benoitc/hackney/compare/4.4.3...4.4.5) ##### Fixed - HTTPS: a connection reused over a resumed TLS 1.3 session is no longer mislabeled as HTTP/1 when it negotiated HTTP/2. `ssl:negotiated_protocol/1` reports nothing on a resumed session, so hackney now remembers the protocol learned on the full handshake (per host and advertised ALPN) and offers resumption only once that protocol is known, resolving a resumed session against that snapshot. Reused h2 connections take the h2 path instead of feeding h2 frames to the HTTP/1 parser. - HTTP/1.1: a response that cannot begin an HTTP/1 status line (for example an HTTP/2 frame on a mislabeled connection) now fails fast with `{error, {bad_response, not_http}}` instead of spinning the CPU in the status-line parser. - Connection pooling: `Connection: close` responses are no longer returned to the pool on the sync body path; checkin only pools connections proven keep-alive and socket-ready (unknown defaults to close); and a closed pooled entry is discarded at checkout instead of being redialed inside the pool process ([#&#8203;888](https://github.com/benoitc/hackney/issues/888)). - Connection pooling: stopping a pool while requests are in flight no longer leaks the per-host concurrency (`load_regulation`) slots of the checked-out connections. The pool now traps exits so its shutdown releases those slots and stops the in-use connections, instead of orphaning them and starving the host's concurrency cap node-wide ([#&#8203;892](https://github.com/benoitc/hackney/issues/892)). ### [`v4.4.3`](https://github.com/benoitc/hackney/releases/tag/4.4.3) [Compare Source](https://github.com/benoitc/hackney/compare/4.4.2...4.4.3) ##### Fixed - HTTP/2: a response that signals end of stream with a trailing HEADERS frame (trailers, or an empty trailing HEADERS as proxies emit for responses without a content-length) no longer hangs the body read until `recv_timeout`. The trailer event is now treated as end of stream, so reads complete on fresh and reused connections ([#&#8203;884](https://github.com/benoitc/hackney/issues/884)). - HTTP/2: sync reads run under a per-stream `recv_timeout` watchdog, so a lost frame fails fast with `{error, timeout}` instead of blocking until the connection dies. - HTTP/1.1: a pooled connection that received unsolicited data while idle is dropped at checkout instead of having the bytes discarded, which could strand or corrupt the next read. Healthy idle connections still reuse normally, preserving keep-alive and the issue [#&#8203;544](https://github.com/benoitc/hackney/issues/544) stale-connection detection. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjUuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIyNS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
chore(deps): update dependency hackney to v4.4.5
All checks were successful
Lint / Lint (pull_request) Successful in 2m10s
Details
Nix check / check-nix (pull_request) Successful in 3m49s
Details
550322ade4
Doridian deleted branch renovate/hackney-4.x-lockfile 2026-06-18 14:34:09 -07:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
SpaceAge/space_age_api!51
No description provided.