Bump akka.http.version from 10.0.11 to 10.1.8

[dependabot-preview]

Bumps akka.http.version from 10.0.11 to 10.1.8.

Updates akka-http-core_2.11 from 10.0.11 to 10.1.8

Release notes

Sourced from akka-http-core_2.11's releases.

v10.1.8

See the announcement, release notes and the 10.1.8 milestone for more information.

v10.1.7

See the announcement, release notes and the 10.1.7 milestone for more information.

v10.1.6

See the announcement, release notes and the 10.1.6 milestone for more information.

v10.1.5

10.1.5 is the sixth release in the 10.1.x series of Akka HTTP.

It is mainly a mitigation for the DoS vulnerability when using decodeRequest

Migration Notes

To avoid excessive memory usage we introduced two new limits that apply per default:

• akka.http.routing.decode-max-size: This limit applies when you use decodeRequest to limit the amount of decompressed data. The default limit is 8 megabytes.
• akka.http.parsing.max-to-strict-bytes: This limit applies when you use HttpEntity.toStrict or the toStrictEntity directive (and related directives). It will only collect up to the given amount data and fail otherwise. The default limit is 8 megabytes.

Depending on your application requirements, you may want to change these settings.

Changes since 10.1.4

For a full overview you can also see the 10.1.5 milestone:

• Restrict the maximum size of a request entity after uncompressing it with decodeRequest #2137
• Restrict the maximum size of a request entity when reading it into memory with toStrict #2186
• Correctly set a default parallelism value when none is specified for HTTP/2 #2165
• Avoid matching an empty pattern when using PathMatcher.repeat #2097
• Add ServerSentEvent.heartbeat() to the Java DSL #2187

v10.1.4

10.1.4 is the fifth release in the 10.1.x series of Akka HTTP.

Among many other things, this release includes a fix for handling early responses in the client, HTTP/2 improvements and many updates to the documentation.

Changes since 10.1.3

For a full overview you can also see the 10.1.4 milestone:

Fixes in akka-http-core

• Support for scheme ending in digit in Uri.from (#2080)
• Allow MediaTypes in Sets (#2144)
• Allow creating an unencrypted HTTP/2 server from Java (#2110)
• Fix a bug in handling chunked responses in the new connection pool (#2138)

Improvements in akka-http-core

... (truncated)

Commits

• 601c238 Fix 2 links
• c43d3be 10.1.8 release notes (#2476)
• d53c0a7 Update ScalaTest to a binary compatible with 3.0.X series version (#2475)
• a0c619d add new option to close connections after a period of time #1768 (#2016)
• bb3e6e0 Clean up ALPN when the stream is stopped (#2471)
• a81f46a Akka-paradox theme 0.18 (#2470)
• 441f73b Allow (but ignore) RST and WindowUpdate frames on closed HTTP/2 streams (#2457)
• e6d2343 Merge pull request #2469 from ennru/canonical
• 62f9285 Merge pull request #2449 from jrudolph/jr/add-server-jmh-benchmark-final
• 9d910d1 Latest Paradox template; add canonical URL and description
• Additional commits viewable in compare view

Updates akka-http-testkit_2.11 from 10.0.11 to 10.1.8

Release notes

Sourced from akka-http-testkit_2.11's releases.

v10.1.8

See the announcement, release notes and the 10.1.8 milestone for more information.

v10.1.7

See the announcement, release notes and the 10.1.7 milestone for more information.

v10.1.6

See the announcement, release notes and the 10.1.6 milestone for more information.

v10.1.5

10.1.5 is the sixth release in the 10.1.x series of Akka HTTP.

It is mainly a mitigation for the DoS vulnerability when using decodeRequest

Migration Notes

To avoid excessive memory usage we introduced two new limits that apply per default:

• akka.http.routing.decode-max-size: This limit applies when you use decodeRequest to limit the amount of decompressed data. The default limit is 8 megabytes.
• akka.http.parsing.max-to-strict-bytes: This limit applies when you use HttpEntity.toStrict or the toStrictEntity directive (and related directives). It will only collect up to the given amount data and fail otherwise. The default limit is 8 megabytes.

Depending on your application requirements, you may want to change these settings.

Changes since 10.1.4

For a full overview you can also see the 10.1.5 milestone:

• Restrict the maximum size of a request entity after uncompressing it with decodeRequest #2137
• Restrict the maximum size of a request entity when reading it into memory with toStrict #2186
• Correctly set a default parallelism value when none is specified for HTTP/2 #2165
• Avoid matching an empty pattern when using PathMatcher.repeat #2097
• Add ServerSentEvent.heartbeat() to the Java DSL #2187

v10.1.4

10.1.4 is the fifth release in the 10.1.x series of Akka HTTP.

Among many other things, this release includes a fix for handling early responses in the client, HTTP/2 improvements and many updates to the documentation.

Changes since 10.1.3

For a full overview you can also see the 10.1.4 milestone:

Fixes in akka-http-core

• Support for scheme ending in digit in Uri.from (#2080)
• Allow MediaTypes in Sets (#2144)
• Allow creating an unencrypted HTTP/2 server from Java (#2110)
• Fix a bug in handling chunked responses in the new connection pool (#2138)

Improvements in akka-http-core

... (truncated)

Commits

• 601c238 Fix 2 links
• c43d3be 10.1.8 release notes (#2476)
• d53c0a7 Update ScalaTest to a binary compatible with 3.0.X series version (#2475)
• a0c619d add new option to close connections after a period of time #1768 (#2016)
• bb3e6e0 Clean up ALPN when the stream is stopped (#2471)
• a81f46a Akka-paradox theme 0.18 (#2470)
• 441f73b Allow (but ignore) RST and WindowUpdate frames on closed HTTP/2 streams (#2457)
• e6d2343 Merge pull request #2469 from ennru/canonical
• 62f9285 Merge pull request #2449 from jrudolph/jr/add-server-jmh-benchmark-final
• 9d910d1 Latest Paradox template; add canonical URL and description
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.