http 6.0.0 → 6.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1567381d914309e80e272367711f0e26f48f0123730078e1cde3f6f1eb19447e
-  data.tar.gz: f8b6826b7a57470157a9caa3524bd89b77e3274ae69736f3983ad1e512ae8306
+  metadata.gz: 96efa876d9e4c3e5bb5100ab7862338a66b435d02a93e19075f2755a396acd7b
+  data.tar.gz: 3d91fccfe7a3e616dcb892fe416b6d1cffbadea286c492f524093ba1bfbdcdeb
 SHA512:
-  metadata.gz: 698b3d83287e492df7aced8106af2cd861b196c0691a484a007f8f3d56fff8bdaa278f3b3c860b851b4ec51e18b8f63d00b29242d8e1c7aa79ef590abc5f7ab3
-  data.tar.gz: b853190dabe880ee5232536f716b493e095f888c53a1fef3e7a598a05fce8864444096113de10f2d7e7ded74b08737bd2f50ac19788dd3c8a2b86e29bd6b6e78
+  metadata.gz: de74b67fced0df2fc1093d4eb6969edddd43d2f7da5dec73d1ee54bff44712ac173ac3141e909c0f061ab3323820b9498028e5cebc11b74282feab70ef730d33
+  data.tar.gz: 361e27f92a887ccf3bd220188e60e9feed23cf750b4e13f8acb2085f0b9beddc381f504f3fa7c4bfe1ddb8dada2f0014141a3a3e2cf575681f39e23f39d8ef66

data/http.gemspec

@@ -26,10 +26,10 @@ Gem::Specification.new do |spec|
   spec.metadata["rubygems_mfa_required"] = "true"
 
   spec.files = IO.popen(%w[git ls-files -z], chdir: __dir__, err: IO::NULL) do |ls|
-    extras = %w[CHANGELOG.md CONTRIBUTING.md LICENSE.txt README.md SECURITY.md UPGRADING.md] << File.basename(__FILE__)
+    extras = %w[LICENSE.txt README.md sig/http.rbs] << File.basename(__FILE__)
 
     ls.readlines("\x0", chomp: true).select do |f|
-      f.start_with?("lib/", "test/", "sig/") || extras.include?(f)
+      f.start_with?("lib/") || extras.include?(f)
     end
   end
 

data/lib/http/version.rb

@@ -2,5 +2,5 @@
 
 module HTTP
   # Current library version
-  VERSION = "6.0.0"
+  VERSION = "6.0.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: http
 version: !ruby/object:Gem::Version
-  version: 6.0.0
+  version: 6.0.1
 platform: ruby
 authors:
 - Tony Arcieri
@@ -48,12 +48,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- CHANGELOG.md
-- CONTRIBUTING.md
 - LICENSE.txt
 - README.md
-- SECURITY.md
-- UPGRADING.md
 - http.gemspec
 - lib/http.rb
 - lib/http/base64.rb
@@ -116,87 +112,16 @@ files:
 - lib/http/uri/normalizer.rb
 - lib/http/uri/parsing.rb
 - lib/http/version.rb
-- sig/deps.rbs
 - sig/http.rbs
-- test/http/base64_test.rb
-- test/http/client_test.rb
-- test/http/connection_test.rb
-- test/http/content_type_test.rb
-- test/http/errors_test.rb
-- test/http/feature_test.rb
-- test/http/features/auto_deflate_test.rb
-- test/http/features/auto_inflate_test.rb
-- test/http/features/caching_test.rb
-- test/http/features/digest_auth_test.rb
-- test/http/features/instrumentation_test.rb
-- test/http/features/logging_test.rb
-- test/http/features/normalize_uri_test.rb
-- test/http/features/raise_error_test.rb
-- test/http/form_data/composite_io_test.rb
-- test/http/form_data/file_test.rb
-- test/http/form_data/fixtures/the-http-gem.info
-- test/http/form_data/multipart_test.rb
-- test/http/form_data/part_test.rb
-- test/http/form_data/urlencoded_test.rb
-- test/http/form_data_test.rb
-- test/http/headers/normalizer_test.rb
-- test/http/headers_test.rb
-- test/http/mime_type/json_test.rb
-- test/http/mime_type_test.rb
-- test/http/options/base_uri_test.rb
-- test/http/options/body_test.rb
-- test/http/options/features_test.rb
-- test/http/options/form_test.rb
-- test/http/options/headers_test.rb
-- test/http/options/json_test.rb
-- test/http/options/merge_test.rb
-- test/http/options/new_test.rb
-- test/http/options/proxy_test.rb
-- test/http/options_test.rb
-- test/http/redirector_test.rb
-- test/http/request/body_test.rb
-- test/http/request/builder_test.rb
-- test/http/request/writer_test.rb
-- test/http/request_test.rb
-- test/http/response/body_test.rb
-- test/http/response/parser_test.rb
-- test/http/response/status_test.rb
-- test/http/response_test.rb
-- test/http/retriable/delay_calculator_test.rb
-- test/http/retriable/errors_test.rb
-- test/http/retriable/performer_test.rb
-- test/http/session_test.rb
-- test/http/timeout/global_test.rb
-- test/http/timeout/null_test.rb
-- test/http/timeout/per_operation_test.rb
-- test/http/uri/normalizer_test.rb
-- test/http/uri_test.rb
-- test/http/version_test.rb
-- test/http_test.rb
-- test/regression_tests.rb
-- test/support/capture_warning.rb
-- test/support/dummy_server.rb
-- test/support/dummy_server/encoding_routes.rb
-- test/support/dummy_server/routes.rb
-- test/support/dummy_server/servlet.rb
-- test/support/fakeio.rb
-- test/support/http_handling_shared.rb
-- test/support/http_handling_shared/connection_reuse_tests.rb
-- test/support/http_handling_shared/timeout_tests.rb
-- test/support/proxy_server.rb
-- test/support/servers/runner.rb
-- test/support/simplecov.rb
-- test/support/ssl_helper.rb
-- test/test_helper.rb
 homepage: https://github.com/httprb/http
 licenses:
 - MIT
 metadata:
   homepage_uri: https://github.com/httprb/http
-  source_code_uri: https://github.com/httprb/http/tree/v6.0.0
+  source_code_uri: https://github.com/httprb/http/tree/v6.0.1
   bug_tracker_uri: https://github.com/httprb/http/issues
-  changelog_uri: https://github.com/httprb/http/blob/v6.0.0/CHANGELOG.md
-  documentation_uri: https://www.rubydoc.info/gems/http/6.0.0
+  changelog_uri: https://github.com/httprb/http/blob/v6.0.1/CHANGELOG.md
+  documentation_uri: https://www.rubydoc.info/gems/http/6.0.1
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:

data/CHANGELOG.md

@@ -1,267 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [6.0.0] - 2026-03-16
-
-### Changed
-
-- Merged `http-form_data` gem into the main `http` gem. The `HTTP::FormData`
-  module (including `Part`, `File`, `Multipart`, `Urlencoded`, and `CompositeIO`)
-  is now shipped directly with `http` instead of being a separate dependency.
-  The public API is unchanged.
-
-### Fixed
-
-- `Inflater` no longer raises `Zlib::BufError` when a response declares
-  `Content-Encoding: gzip` (or deflate) but the body is not valid compressed
-  data. This commonly occurred when following redirects with `auto_inflate`
-  enabled, because the redirect response had a `Content-Encoding` header but a
-  non-compressed body. ([#621])
-- Persistent connections now auto-flush unread response bodies before sending
-  the next request, instead of raising `StateError`. Bodies up to 1 MiB are
-  drained transparently; larger bodies cause the connection to close and reopen.
-  This prevents the silent body clobbering described in [#371], where an unread
-  response body would return `""` after a subsequent request. ([#371])
-- `Response#content_length` now handles duplicate `Content-Length` headers per
-  RFC 7230 Section 3.3.2. When all values are identical, they are collapsed into
-  a single valid value. When values conflict, `nil` is returned instead of
-  raising `TypeError`. ([#566])
-- HTTP 1xx informational responses (e.g. `100 Continue`) are now transparently
-  skipped, returning the final response. This was a regression introduced when
-  the parser was migrated from http-parser to llhttp. ([#667])
-- Redirect loop detection now considers cookies, so a redirect back to the
-  same URL with different cookies is no longer falsely detected as an endless
-  loop. Fixes cookie-dependent redirect flows where a server sets a cookie on
-  one hop and expects it on the next. ([#544])
-- Per-operation timeouts (`HTTP.timeout(read: n, write: n, connect: n)`) no
-  longer default unspecified values to 0.25 seconds. Omitted timeouts now mean
-  no timeout for that operation, matching the behavior when no timeout is
-  configured at all. ([#579])
-- Per-operation timeout handler now correctly handles `:wait_writable` from
-  `read_nonblock` and `:wait_readable` from `write_nonblock` on SSL sockets
-  during TLS renegotiation. Previously these symbols were returned as data
-  instead of being waited on. ([#358])
-- Persistent sessions now follow cross-origin redirects instead of raising
-  `StateError`. `HTTP.persistent` returns an `HTTP::Session` that pools one
-  `HTTP::Client` per origin, so redirects to a different domain transparently
-  open (and reuse) a separate persistent connection. Cookie management is
-  preserved across all hops. ([#557])
-- Chaining configuration methods (`.headers`, `.auth`, `.cookies`, etc.) on a
-  persistent session no longer breaks connection reuse. Child sessions created
-  by chaining now share the parent's connection pool, so
-  `HTTP.persistent(host).headers(...).get(path)` reuses the same underlying
-  TCP connection across calls. ([#372])
-
-### Changed
-
-- **BREAKING** `HTTP.persistent` now returns an `HTTP::Session` instead of an
-  `HTTP::Client`. The session pools persistent clients per origin and exposes
-  the same chainable API (`get`, `post`, `headers`, `follow`, etc.) plus a
-  `close` method that shuts down all pooled connections. Code that called
-  `HTTP::Client`-only methods on the return value will need updating. ([#557])
-- **BREAKING** Convert options hash parameters to explicit keyword arguments
-  across the public API. Methods like `HTTP.get(url, body: "data")` continue to
-  work, but passing an explicit hash (e.g., `HTTP.get(url, {body: "data"})`) is
-  no longer supported, and unrecognized keyword arguments now raise
-  `ArgumentError`. Affected methods: all HTTP verb methods (`get`, `post`,
-  etc.), `request`, `follow`, `retriable`, `URI.new`, `Request.new`,
-  `Response.new`, `Redirector.new`, `Retriable::Performer.new`,
-  `Retriable::DelayCalculator.new`, and `Timeout::Null.new` (and subclasses).
-  `HTTP::URI.new` also no longer accepts `Addressable::URI` objects.
-- **BREAKING** `addressable` is no longer a runtime dependency. It is now
-  lazy-loaded only when parsing non-ASCII (IRI) URIs or normalizing
-  internationalized hostnames. Install the `addressable` gem if you need
-  non-ASCII URI support. ASCII-only URIs use Ruby's stdlib `URI` parser
-  exclusively.
-- **BREAKING** Extract request building into `HTTP::Request::Builder`. The
-  `build_request` method has been removed from `Client`, `Session`, and the
-  top-level `HTTP` module. Use `HTTP::Request::Builder.new(options).build(verb, uri)`
-  to construct requests without executing them.
-
-### Added
-
-- Block form for verb methods and `request` that auto-closes the connection
-  after the block returns. `HTTP.get(url) { |response| response.status }` yields
-  the response, closes the underlying connection, and returns the block's value.
-  Works with all verb methods and chained options. ([#270])
-- HTTP caching feature (`HTTP.use(:caching)`) that stores and reuses responses
-  according to RFC 7234. Supports `Cache-Control` (`max-age`, `no-cache`,
-  `no-store`), `Expires`, `ETag` / `If-None-Match`, and
-  `Last-Modified` / `If-Modified-Since` for freshness checks and conditional
-  revalidation. Ships with a default in-memory store; custom stores can be
-  passed via `store:` option. Only GET and HEAD responses are cached. ([#223])
-- `HTTP.digest_auth(user:, pass:)` for HTTP Digest Authentication (RFC 2617 /
-  RFC 7616). Automatically handles 401 challenges with digest credentials,
-  supporting MD5, SHA-256, MD5-sess, and SHA-256-sess algorithms with
-  quality-of-protection negotiation. Works as a chainable feature:
-  `HTTP.digest_auth(user: "admin", pass: "secret").get(url)` ([#448])
-- Happy Eyeballs (RFC 8305) support via Ruby 3.4's native `TCPSocket`
-  implementation. Connection attempts now try multiple addresses (IPv6 and
-  IPv4) concurrently, improving reliability on dual-stack networks. Connect
-  timeouts are passed natively to `TCPSocket` instead of using
-  `Timeout.timeout`, avoiding `Thread.raise` interference with the Happy
-  Eyeballs state machine. ([#739])
-- `HTTP.base_uri` for setting a base URI that resolves relative request paths
-  per RFC 3986. Supports chaining (`HTTP.base_uri("https://api.example.com/v1")
-  .get("users")`), and integrates with `persistent` connections by deriving the
-  host when omitted ([#519], [#512], [#493])
-- `Request::Body#loggable?` and `Response::Body#loggable?` predicates, and a
-  `binary_formatter` option for the logging feature. Binary bodies
-  (IO/Enumerable request sources, binary-encoded request strings, and
-  binary-encoded responses) are now formatted instead of dumped raw,
-  preventing unreadable log output when transferring files like images or
-  audio. Available formatters: `:stats` (default, logs byte count),
-  `:base64` (logs base64-encoded content), or a custom `Proc`. Invalid
-  formatter values raise `ArgumentError` ([#784])
-- `Feature#on_request` and `Feature#around_request` lifecycle hooks, called
-  before/around each request attempt (including retries), for per-attempt side
-  effects like instrumentation spans and circuit breakers ([#826])
-- Pattern matching support (`deconstruct_keys`) for Response, Response::Status,
-  Headers, ContentType, and URI ([#642])
-- Combined global and per-operation timeouts: global and per-operation timeouts
-  are no longer mutually exclusive. Use
-  `HTTP.timeout(global: 60, read: 30, write: 30, connect: 5)` to set both a
-  global request timeout and individual operation limits ([#773])
-
-### Fixed
-
-- `HTTP::URI.form_encode` now encodes newlines as `%0A` instead of
-  `%0D%0A` ([#449])
-- Thread-safety: `Headers::Normalizer` cache is now per-thread via
-  `Thread.current`, eliminating a potential race condition when multiple
-  threads share a normalizer instance
-- Instrumentation feature now correctly starts a new span for each retry
-  attempt, fixing `NoMethodError` with `ActiveSupport::Notifications` when
-  using `.retriable` with the instrumentation feature ([#826])
-- Raise `HTTP::URI::InvalidError` for malformed or schemeless URIs and
-  `ArgumentError` for nil or empty URIs, instead of confusing
-  `UnsupportedSchemeError` or `Addressable::URI::InvalidURIError` ([#565])
-- Strip `Authorization` and `Cookie` headers when following redirects to a
-  different origin (scheme, host, or port) to prevent credential leakage
-  ([#516], [#770])
-- AutoInflate now preserves the response charset encoding instead of
-  defaulting to `Encoding::BINARY` ([#535])
-- `LocalJumpError` when using instrumentation with instrumenters that
-  unconditionally yield in `#instrument` (e.g., `ActiveSupport::Notifications`)
-  ([#673])
-- Logging feature no longer eagerly consumes the response body at debug level;
-  body chunks are now logged as they are streamed, preserving
-  `response.body.each` ([#785])
-
-### Removed
-
-- `HTTP::URI` setter methods (`scheme=`, `user=`, `password=`, `authority=`,
-  `origin=`, `port=`, `request_uri=`, `fragment=`) and normalized accessors
-  (`normalized_user`, `normalized_password`, `normalized_port`,
-  `normalized_path`, `normalized_query`) that were delegated to
-  `Addressable::URI` but never used internally
-- `HTTP::URI#origin` is no longer delegated to `Addressable::URI`. The new
-  implementation follows RFC 6454, normalizing scheme and host to lowercase
-  and excluding user info from the origin string
-- `HTTP::URI#request_uri` is no longer delegated to `Addressable::URI`
-- `HTTP::URI#omit` is no longer delegated to `Addressable::URI` and now
-  returns `HTTP::URI` instead of `Addressable::URI` ([#491])
-- `HTTP::URI#query_values` and `HTTP::URI#query_values=` delegations to
-  `Addressable::URI`. Query parameter merging now uses stdlib
-  `URI.decode_www_form`/`URI.encode_www_form`
-- `HTTP::URI` delegations for `normalized_scheme`, `normalized_authority`,
-  `normalized_fragment`, and `authority` to `Addressable::URI`. The URI
-  normalizer now inlines these operations directly
-- `HTTP::URI#join` is no longer delegated to `Addressable::URI` and now
-  returns `HTTP::URI` instead of `Addressable::URI`. Uses stdlib `URI.join`
-  with automatic percent-encoding of non-ASCII characters ([#491])
-- `HTTP::URI.form_encode` no longer delegates to `Addressable::URI`. Uses
-  stdlib `URI.encode_www_form` instead
-
-### Changed
-
-- **BREAKING** `HTTP::Response::Status` no longer inherits from `Delegator`.
-  It now uses `Comparable` and `Forwardable` instead, providing `to_i`,
-  `to_int`, and `<=>` for numeric comparisons and range matching. Code that
-  called `__getobj__`/`__setobj__` or relied on implicit delegation of
-  arbitrary `Integer` methods (e.g., `status.even?`) will need to be updated
-  to use `status.code` instead
-- **BREAKING** Chainable option methods (`.headers`, `.timeout`, `.cookies`,
-  `.auth`, `.follow`, `.via`, `.use`, `.encoding`, `.nodelay`, `.basic_auth`,
-  `.accept`) now return a thread-safe `HTTP::Session` instead of `HTTP::Client`.
-  `Session` creates a new `Client` for each request, making it safe to share a
-  configured session across threads. `HTTP.persistent` still returns
-  `HTTP::Client` since persistent connections require mutable state. Code that
-  calls HTTP verb methods (`.get`, `.post`, etc.) or accesses `.default_options`
-  is unaffected. Code that checks `is_a?(HTTP::Client)` on the return value of
-  chainable methods will need to be updated to check for `HTTP::Session`
-- **BREAKING** `.retriable` now returns `HTTP::Session` instead of
-  `HTTP::Retriable::Client`. Retry is a session-level option: it flows through
-  `HTTP::Options` into `HTTP::Client#perform`, eliminating the need for
-  separate `Retriable::Client` and `Retriable::Session` classes
-- Improved error message when request body size cannot be determined to suggest
-  setting `Content-Length` explicitly or using chunked `Transfer-Encoding` ([#560])
-- **BREAKING** `Connection#readpartial` now raises `EOFError` instead of
-  returning `nil` at end-of-stream, and supports an `outbuf` parameter,
-  conforming to the `IO#readpartial` API. `Body#readpartial` and
-  `Inflater#readpartial` also raise `EOFError` ([#618])
-- **BREAKING** Stricter timeout options parsing: `.timeout()` with a Hash now
-  rejects unknown keys, non-numeric values, string keys, and empty hashes ([#754])
-- Bumped min llhttp dependency version
-- **BREAKING** Handle responses in the reverse order from the requests ([#776])
-- **BREAKING** `Response#cookies` now returns `Array<HTTP::Cookie>` instead of
-  `HTTP::CookieJar`. The `cookies` option has been removed from `Options`;
-  `Chainable#cookies` now sets the `Cookie` header directly with no implicit
-  merging — the last `.cookies()` call wins ([#536])
-- Cookie jar management during redirects moved from `Redirector` to `Session`.
-  `Redirector` is now a pure redirect-following engine with no cookie
-  awareness; `Session#request` manages cookies across redirect hops
-- **BREAKING** `HTTP::Options.new`, `HTTP::Client.new`, and `HTTP::Session.new`
-  now accept keyword arguments instead of an options hash. For example,
-  `HTTP::Options.new(response: :body)` continues to work, but
-  `HTTP::Options.new({response: :body})` must be updated to
-  `HTTP::Options.new(**options)`. Invalid option names now raise
-  `ArgumentError` automatically ([#447])
-
-### Removed
-
-- **BREAKING** Drop Ruby 2.x support
-- **BREAKING** Remove `Headers::Mixin` and the `[]`/`[]=` delegators on
-  `Request` and `Response`. Use `request.headers["..."]` and
-  `response.headers["..."]` instead ([#537])
-
-[#270]: https://github.com/httprb/http/issues/270
-[#223]: https://github.com/httprb/http/issues/223
-[#358]: https://github.com/httprb/http/issues/358
-[#371]: https://github.com/httprb/http/issues/371
-[#372]: https://github.com/httprb/http/issues/372
-[#447]: https://github.com/httprb/http/issues/447
-[#448]: https://github.com/httprb/http/issues/448
-[#449]: https://github.com/httprb/http/issues/449
-[#491]: https://github.com/httprb/http/issues/491
-[#493]: https://github.com/httprb/http/pull/493
-[#512]: https://github.com/httprb/http/issues/512
-[#516]: https://github.com/httprb/http/issues/516
-[#519]: https://github.com/httprb/http/issues/519
-[#535]: https://github.com/httprb/http/issues/535
-[#536]: https://github.com/httprb/http/issues/536
-[#537]: https://github.com/httprb/http/issues/537
-[#544]: https://github.com/httprb/http/issues/544
-[#557]: https://github.com/httprb/http/issues/557
-[#560]: https://github.com/httprb/http/pull/560
-[#565]: https://github.com/httprb/http/issues/565
-[#566]: https://github.com/httprb/http/issues/566
-[#579]: https://github.com/httprb/http/issues/579
-[#618]: https://github.com/httprb/http/pull/618
-[#621]: https://github.com/httprb/http/issues/621
-[#642]: https://github.com/httprb/http/issues/642
-[#667]: https://github.com/httprb/http/issues/667
-[#673]: https://github.com/httprb/http/issues/673
-[#739]: https://github.com/httprb/http/issues/739
-[#754]: https://github.com/httprb/http/pull/754
-[#770]: https://github.com/httprb/http/issues/770
-[#773]: https://github.com/httprb/http/issues/773
-[#776]: https://github.com/httprb/http/issues/776
-[#784]: https://github.com/httprb/http/issues/784
-[#785]: https://github.com/httprb/http/issues/785
-[#826]: https://github.com/httprb/http/issues/826
-[unreleased]: https://github.com/httprb/http/compare/v5.3.0...main

data/CONTRIBUTING.md

@@ -1,26 +0,0 @@
-# Help and Discussion
-
-If you need help or just want to talk about the http.rb,
-visit the http.rb Google Group:
-
-https://groups.google.com/forum/#!forum/httprb
-
-You can join by email by sending a message to:
-
-[httprb+subscribe@googlegroups.com](mailto:httprb+subscribe@googlegroups.com)
-
-
-# Reporting bugs
-
-The best way to report a bug is by providing a reproduction script. A half
-working script with comments for the parts you were unable to automate is still
-appreciated.
-
-In any case, specify following info in description of your issue:
-
-- What you're trying to accomplish
-- What you expected to happen
-- What actually happened
-- The exception backtrace(s), if any
-- Version of gem or commit ref you are using
-- Version of ruby you are using

data/SECURITY.md

@@ -1,17 +0,0 @@
-# Security Policy
-
-## Supported Versions
-
-Security updates are applied only to the most recent release.
-
-## Reporting a Vulnerability
-
-If you have discovered a security vulnerability in this project, please report
-it privately. **Do not disclose it as a public issue.** This gives us time to
-work with you to fix the issue before public exposure, reducing the chance that
-the exploit will be used before a patch is released.
-
-Please disclose it at [security advisory](https://github.com/httprb/http/security/advisories/new).
-
-This project is maintained by a team of volunteers on a reasonable-effort basis.
-As such, please give us at least 90 days to work on a fix before public exposure.