build(deps-dev): bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5 #7403

dependabot · 2025-05-23T05:30:10Z

Bumps org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5.

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.5

This is the first GA release in the 5.5 release series. This release finalizes the 5.5 APIs and adds several experimental features and improvements, such as request multiplexing over a shared HTTP/2 connection and the Classic API facade acting as a compatibility bridge between classic I/O client services and the asynchronous message transport used internally.

Notable changes and features included in the 5.5 series:

Improved conformance to RFC 7616 (HTTP Digest Access Authentication).

The connection pool implementation acts as a caching facade in front of a standard managed connection pool and shares already leased connections to multiplex message exchanges over active HTTP/2 connections. Experimental.

Extended Auth API and improved authentication protocol logic to support mutual authentication.

The Classic API facade now acts as a compatibility bridge between the classic I/O client services (based on the standard InputStream / OutputStream model) and the asynchronous message transport used internally. This is experimental.

HTTP/2 support for the Fluent Facade (via Classic API facade). This is experimental.

Compatibility notes:

As of this release, HttpClient does not automatically execute redirects if the original request manually added headers that are considered sensitive.

Change Log

HTTPCLIENT-2367: Fixed NPE in InternalAbstractHttpAsyncClient by adding a null check for resolvedTarget (#634). Contributed by Arturo Bernal

Fixed case of Cookie#HTTP_ONLY_ATTR Contributed by Finn Petersen fp7@posteo.net

Simplified ProtocolSwitchStrategy by leveraging ProtocolVersionParser (#627). Contributed by Arturo Bernal

HTTPCLIENT-2364: Fixed incorrect re-binding of the upgraded SSL socket to the HTTP connection by the #upgrade method of the DefaultHttpClientConnectionOperator. Contributed by Oleg Kalnichevski

... (truncated)

Commits

b42e73c HttpClient 5.5 release
3061c34 Updated release notes for HttpClient 5.5 release
14a9208 Updated NOTICE to 2025
4021b7c Link text adjustment
be441c1 Update the GitHub Security page with a link to the new HttpComponents
f5f9ae8 HTTPCLIENT-2367 - Fix NPE in InternalAbstractHttpAsyncClient by adding null c...
19c0278 Bump org.junit:junit-bom from 5.12.1 to 5.12.2 #632
ef06a27 Bump org.junit:junit-bom from 5.12.1 to 5.12.2 (#632)
9bae302 Fix case of Cookie.HTTP_ONLY_ATTR
0ba6102 Simplify ProtocolSwitchStrategy by Leveraging ProtocolVersionParser (#627)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.4.4 to 5.5. - [Changelog](https://github.com/apache/httpcomponents-client/blob/master/RELEASE_NOTES.txt) - [Commits](apache/httpcomponents-client@rel/v5.4.4...rel/v5.5) --- updated-dependencies: - dependency-name: org.apache.httpcomponents.client5:httpclient5 dependency-version: '5.5' dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-05-23T05:30:32Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 23b7f4c.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package

Version

Score

Details

maven/org.apache.httpcomponents.client5:httpclient5

5.5

🟢 7.4

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 2	Found 7/26 approved changesets -- score normalized to 2
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	28 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	🟢 10	project is fuzzed
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

Scanned Files

citizen-intelligence-agency/pom.xml

sonarqubecloud · 2025-05-23T05:31:26Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

dependabot bot added dependencies java Pull requests that update Java code labels May 23, 2025

dependabot bot requested a review from pethers as a code owner May 23, 2025 05:30

dependabot bot added dependencies java Pull requests that update Java code labels May 23, 2025

pull-request-size bot added the size/XS label May 23, 2025

pethers merged commit 1ad694c into master May 23, 2025
8 checks passed

pethers deleted the dependabot/maven/org.apache.httpcomponents.client5-httpclient5-5.5 branch May 23, 2025 06:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps-dev): bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5 #7403

build(deps-dev): bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5 #7403

Uh oh!

dependabot bot commented on behalf of github May 23, 2025

Uh oh!

github-actions bot commented May 23, 2025

Uh oh!

sonarqubecloud bot commented May 23, 2025

Uh oh!

Uh oh!

Uh oh!

build(deps-dev): bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5 #7403

build(deps-dev): bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5 #7403

Uh oh!

Conversation

dependabot bot commented on behalf of github May 23, 2025

Release 5.5

Change Log

Uh oh!

github-actions bot commented May 23, 2025

Dependency Review

Snapshot Warnings

OpenSSF Scorecard

Scanned Files

Uh oh!

sonarqubecloud bot commented May 23, 2025

Quality Gate passed

Uh oh!

Uh oh!

Uh oh!