Bump http from 5.3.1 to 6.0.1

[dependabot]

Bumps http from 5.3.1 to 6.0.1.

Release notes

Sourced from http's releases.

v6.0.1

Full Changelog: httprb/http@v6.0.0...v6.0.1

v6.0.0

What's Changed

• Fixed incorrect link in CHANGES.md by @​daniel-sabourin in httprb/http#738
• Add Connection#finished_request? by @​c960657 in httprb/http#743
• Bump llhttp-ffi (0.5.0) by @​bryanp in httprb/http#744
• Let the instrumenter log exceptions too by @​foca in httprb/http#746
• Run CI against Ruby 3.2 by @​koheisg in httprb/http#742
• Update README.md by @​sandstrom in httprb/http#751
• Downcase Content-Type charset name by @​paul in httprb/http#753
• Add base64 to runtime dependency by @​koic in httprb/http#759
• DummyServer::Servlet#not_found requires two arguments by @​c960657 in httprb/http#761
• fix: close sockets on connection initialize timeout by @​rpeng in httprb/http#762
• Prevent CRLF injection due to broken URL normalizer by @​c960657 in httprb/http#765
• Do more conservative URL normalization by @​c960657 in httprb/http#758
• Handle responses in the reverse order from the requests by @​souk4711 in httprb/http#766
• Add support for the PURGE HTTP method. by @​renchap in httprb/http#757
• Start 6.0.0 version by @​ixti in httprb/http#768
• SECURITY.md: use private vulnerability reporting feature by @​tarcieri in httprb/http#772
• Goodbye Hash rockets... by @​ixti in httprb/http#769
• Fixes comment typo in errors.rb by @​ajsharma in httprb/http#781
• Update base64 dependency version by @​SleepingInsomniac in httprb/http#780
• Add .retriable feature to Http - Rebased by @​tomprats in httprb/http#775
• Bump rubocop to v1.61 by @​tarcieri in httprb/http#788
• Drop depenency on base64 by @​Earlopain in httprb/http#778
• Add more granularity to ConnectionError through more specific error classes by @​omkarmoghe in httprb/http#783
• Cache header normalization to reduce object allocation by @​alexcwatt in httprb/http#789
• New feature: RaiseError by @​c960657 in httprb/http#792
• Correct typo in comments for retriable method by @​hakanensari in httprb/http#794
• Remove circular require by @​hakanensari in httprb/http#795
• Native llhttp for MRI by @​sebyx07 in httprb/http#800
• feat: introduce better error for wrong mime type by @​TheBlackArroVV in httprb/http#805
• chore: Cleanup and update gemspec by @​ixti in httprb/http#806
• fix: Simplify response and headers inspection by @​ixti in httprb/http#810
• feat: Add bin/console for development convenience by @​ixti in httprb/http#811
• Add ruby 3.4 support by @​ixti in httprb/http#808
• Introduce HTTP::Session for thread-safe request building by @​sferik in httprb/http#829
• Remove Headers::Mixin and [] / []= delegators from Request and Response by @​sferik in httprb/http#831
• Refactor cookie API by @​sferik in httprb/http#830
• Instrumentation hooks by @​sferik in httprb/http#832
• Add HTTP.base_uri by @​sferik in httprb/http#833
• Add binary body formatting to the logging feature by @​sferik in httprb/http#834
• Add HTTP caching by @​sferik in httprb/http#835
• Release v6.0.0 by @​ixti in httprb/http#790

New Contributors

• @​daniel-sabourin made their first contribution in httprb/http#738
• @​c960657 made their first contribution in httprb/http#743

... (truncated)

Changelog

Sourced from http's changelog.

[6.0.1] - 2026-03-16

Changed

• Exclude test files from gem package, reducing gem size by 50% (from 175 KB to 87 KB).

[6.0.0] - 2026-03-16

Changed

• Merged http-form_data gem into the main http gem. The HTTP::FormData module (including Part, File, Multipart, Urlencoded, and CompositeIO) is now shipped directly with http instead of being a separate dependency. The public API is unchanged.

Fixed

• Inflater no longer raises Zlib::BufError when a response declares Content-Encoding: gzip (or deflate) but the body is not valid compressed data. This commonly occurred when following redirects with auto_inflate enabled, because the redirect response had a Content-Encoding header but a non-compressed body. (#621)
• Persistent connections now auto-flush unread response bodies before sending the next request, instead of raising StateError. Bodies up to 1 MiB are drained transparently; larger bodies cause the connection to close and reopen. This prevents the silent body clobbering described in #371, where an unread response body would return "" after a subsequent request. (#371)
• Response#content_length now handles duplicate Content-Length headers per RFC 7230 Section 3.3.2. When all values are identical, they are collapsed into a single valid value. When values conflict, nil is returned instead of raising TypeError. (#566)
• HTTP 1xx informational responses (e.g. 100 Continue) are now transparently skipped, returning the final response. This was a regression introduced when the parser was migrated from http-parser to llhttp. (#667)
• Redirect loop detection now considers cookies, so a redirect back to the same URL with different cookies is no longer falsely detected as an endless loop. Fixes cookie-dependent redirect flows where a server sets a cookie on one hop and expects it on the next. (#544)
• Per-operation timeouts (HTTP.timeout(read: n, write: n, connect: n)) no longer default unspecified values to 0.25 seconds. Omitted timeouts now mean no timeout for that operation, matching the behavior when no timeout is configured at all. (#579)
• Per-operation timeout handler now correctly handles :wait_writable from read_nonblock and :wait_readable from write_nonblock on SSL sockets during TLS renegotiation. Previously these symbols were returned as data instead of being waited on. (#358)
• Persistent sessions now follow cross-origin redirects instead of raising StateError. HTTP.persistent returns an HTTP::Session that pools one HTTP::Client per origin, so redirects to a different domain transparently open (and reuse) a separate persistent connection. Cookie management is

... (truncated)

Commits

• 866cb87 Release v6.0.1
• 1ae2a60 Add mutant to default rake task and pass --since main flag
• c39f85f Reduce gem package size by excluding non-essential files
• 26f26c4 Switch gem release to OIDC API key role with JRuby support
• 5d1ff43 Release v6.0.0
• 1dbc20d Merge form_data into http
• e68bddc Override release task to skip gem push (handled by CI)
• 38419ea Convert test suite from Minitest::Spec DSL to Minitest::Test
• 4067339 Ship sig/http.rbs type signatures in the gem
• da374ef Switch mutant operators from light to full and kill surviving mutants
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greptile-apps]

PR author is in the excluded authors list.