[ruby-talk:444383] [ANN] httpx 1.2.0 released

httpx 1.2.0 has been released.


HTTPX is an HTTP client library for the Ruby programming language.

Among its features, it supports:

* HTTP/2 and HTTP/1.x protocol versions
* Concurrent requests by default
* Simple and chainable API
* Proxy Support (HTTP(S), CONNECT tunnel, Socks4/4a/5)
* Simple Timeout System
* Lightweight by default (require what you need)

And also:

* Compression (gzip, deflate, brotli)
* Streaming Requests
* Authentication (Basic Auth, Digest Auth, AWS Sigv4)
* Expect 100-continue
* Multipart Requests
* Cookies
* HTTP/2 Server Push
* H2C Upgrade
* Automatic follow redirects
* International Domain Names
* Circuit breaker
* WebDAV
* SSRF Filter
* Datadog integration
* Faraday integration
* Webmock integration
* Sentry integration

Here are the updates since the last release:

# 1.2.0

## Features

### `:ssrf_filter` plugin

The `:ssrf_filter` plugin prevents server-side request forgery attacks, by
blocking requests to the internal network. This is useful when the URLs
used to perform requests aren’t under the developer control (such as when
they are inserted via a web application form).

http = HTTPX.plugin(:ssrf_filter)

# this works
response = http.get("https://example.com")

# this doesn't
response = http.get("http://localhost:3002")
response = http.get("http://[::1]:3002")
response = http.get("")

More info under Ssrf Filter · honeyryder

### `:callbacks` plugin

The session callbacks introduced in v0.24.0 are in its own plugin. Older
code will still work and emit a deprecation warning.

More info under Callbacks · honeyryder

### `:redirect_on` option for `:follow_redirects` plugin

This option allows passing a callback which, when returning `false`, can
interrupt the redirect loop.

http = HTTPX.plugin(:follow_redirects).with(redirect_on: ->(location_uri) {
BLACKLIST_HOSTS.include?(location_uri.host) ]

### `:close_on_handshake_timeout` timeout

A new `:timeout` option, `:close_handshake_timeout`, is added, which
monitors connection readiness when performing HTTP/2 connection termination

## Improvements

* Internal "eden connections" concept was removed, and connection objects
are now kept-and-reused during the lifetime of a session, even when closed.
This simplified connectio pool implementation and improved performance.
* request using `:proxy` and `:retries` plugin enabled sessions will now
retry on proxy connection establishment related errors.

## Bugfixes

* webmock adapter: mocked responses storing decoded payloads won't try to
decode them again (fixes vcr/webmock integrations).
* webmock adapter: fix issue related with making real requests over
webmock-enabled connection.

# 1.1.5

## improvements

* pattern matching support for responses has been backported to ruby 2.7 as

## bugfixes

* `stream` plugin: fix for `HTTPX::StreamResponse#each_line` not yielding
the last line of the payload when not delimiter-terminated.
* `stream` plugin: fix `webmock` adapter integration when methods calls
would happen in the `HTTPX::StreamResponse#each` block.
* `stream` plugin: fix `:follow_redirects` plugin integration which was
caching the redirect response and using it for method calls inside the
`HTTPX::StreamResponse#each` block.
* "103 early hints" responses will be ignored when processing the response
(it was causing the response returned by sesssions to hold its headers,
instead of the following 200 response, while keeping the 200 response body).

# 1.1.4

## bugfixes

* datadog adapter: use `Gem::Version` to invoke the correct configuration
* stream plugin: do not preempt request enqueuing (this was making
integration with the `:follow_redirects` plugin fail when set up with

# 1.1.3

## improvements

## security

* when using `:follow_redirects` plugin, the "authorization" header will be
removed when following redirect responses to a different origin.

## bugfixes

* fixed `:stream` plugin not following redirect responses when used with
the `:follow_redirects` plugin.
* fixed `:stream` plugin not doing content decoding when responses were
p.ex. gzip-compressed.
* fixed bug preventing usage of IPv6 loopback or link-local addresses in
the request URL in systems with no IPv6 internet connectivity (the request
was left hanging).
* protect all code which may initiate a new connection from abrupt errors
(such as internet turned off), as it was done on the initial request call.

## chore

internal usage of `mutex_m` has been removed (`mutex_m` is going to be
deprecated in ruby 3.3).

# 1.1.2

## improvements

* only moving eden connections to idle when they're recycled.

## bugfixes

* skip closing a connection which is already closed during reset.
* sentry adapter: fixed `super` call which didn't have a super method (this
prevented usinng sentry-enabled sessions with the `:retries` plugin).
* sentry adapter: fixing registering of sentry config.
* sentry adapter: do not propagate traces when relevant sdk options are
disabled (such as `propagate_traces`).

# 1.1.1

## improvements

* (Re-)enabling default retries in DNS name queries; this had been disabled
as a result of revamping timeouts, and resulted in queries only being sent
once, which is very little for UDP-related traffic, and breaks if using DNs
rate-limiting software. Retries the query just once, for now.

## bugfixes

* reset timers when adding new intervals, as these may be added as a result
on after-select connection handling, and must wait for the next tick cycle
(before the patch, they were triggering too soon).
* fixed "on close" callback leak on connection reuse, which caused linear
performance regression in benchmarks performing one request per connection.
* fixed hanging connection when an HTTP/1.1 emitted a "connection: close"
header but the server would not emit one (it closes the connection now).
* fixed recursive dns cached lookups which may have already expired, and
created nil entries in the returned address list.
* dns system resolver is now able to retry on failure.

## chore

* remove duplicated callback unregistering connections.