Bump bandit from 1.3.0 to 1.4.2

[dependabot]

Bumps bandit from 1.3.0 to 1.4.2.

Changelog

Sourced from bandit's changelog.

1.4.2 (2 Apr 2024)

Enhancements

• Support top-level :inet and :inet6 options for Plug.Cowboy compatibility (#337)

1.4.1 (27 Mar 2024)

Changes

• BREAKING CHANGE Move log_protocol_errors configuration option into shared http_options top-level config (and apply it to HTTP/2 errors as well)
• BREAKING CHANGE Remove origin_telemetry_span_context from WebSocket telemetry events
• BREAKING CHANGE Remove stream_id from HTTP/2 telemetry events
• Add conn to the metadata of telemetry start events for HTTP requests
• Stop sending WebSocket upgrade failure reasons to the client (they're still logged)

Fixes

• Return HTTP semantic errors to HTTP/2 clients as protocol errors instead of internal errors

1.4.0 (26 Mar 2024)

[!WARNING] IMPORTANT Phoenix users MUST upgrade to WebSockAdapter 0.5.6 or newer when upgrading to Bandit 1.4.0 or newer as some internal module names have changed

Enhancements

• Complete refactor of HTTP/2. Improved process model is MUCH easier to understand and yields about a 10% performance boost to HTTP/2 requests (#286 / #307)
• Substantial refactor of the HTTP/1 and HTTP/2 stacks to share a common code path for much of their implementations, with the protocol-specific parts being factored out to a minimal Bandit.HTTPTransport protocol internally, which allows each protocol to define its own implementation for the minimal set of things that are different between the two stacks (#297 / #329)

Changes

• BREAKING CHANGE Move configuration options that are common between HTTP/1 and HTTP/2 stacks into a shared http_options top-level config
• BREAKING CHANGE The HTTP/2 header size limit options have been deprecated, and have been replaced with a single max_header_block_size option. The setting defaults to 50k bytes, and refers to the size of the compressed header block as sent on the wire (including any continuation frames)
• BREAKING CHANGE Remove req_line_bytes, req_header_bytes, resp_line_bytes and

... (truncated)

Commits

• 4f15f02 Version bump to 1.4.2
• cca2756 Support top-level :inet and :inet6 options for Plug.Cowboy compatibility (#337)
• 6f5cacc Refine tests to not implicitly capture output (#336)
• 71691ee Version bump to 1.4.1
• 910c8ce Refactor pipeline (#335)
• d31986f More gc test tweaks
• 3886e4a Tweak flaky GC test
• 291660c Add websock_adapter note to changelog
• e5d4262 Version bump to 1.4.0
• 63265f0 Share HTTP semantics between HTTP/1 and 2 (#329)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)