Skip to content

chore(deps): Bump httpclient-version from 5.5.2 to 5.6.1#22688

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/httpclient-version-5.6.1
Open

chore(deps): Bump httpclient-version from 5.5.2 to 5.6.1#22688
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/httpclient-version-5.6.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 20, 2026

Bumps httpclient-version from 5.5.2 to 5.6.1.
Updates org.apache.httpcomponents.client5:httpclient5 from 5.5.2 to 5.6.1

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.6.1

This is a maintenance release disables experimental SCRAM auth scheme by default and fixes SCRAM final response handling. The SCRAM auth scheme can be re-enabled by choosing a custom auth scheme preference sequence that explicitly includes SCRAM auth.

Change Log

  • Fix SCRAM final response handling. Contributed by Arturo Bernal

  • Auth challenge parsing code improvement. Contributed by Oleg Kalnichevski

  • Add missing Javadoc for ConnectionConfig (#820). Contributed by Gary Gregory

  • Bug fix: Corrected async message exchange cancellation logic in InternalHttpAsyncExecRuntime. Contributed by Oleg Kalnichevski

  • HTTPCLIENT-2417: Honor TlsConfig attachment in async connect path. Contributed by Arturo Bernal

  • HTTPCLIENT-2414: Fix Basic auth cache scoping across path prefixes (#802). Contributed by Arturo Bernal

  • HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803). Contributed by Arturo Bernal

  • Bug fix: Corrected sleep time calculation in IdleConnectionEvictor; use 1 minute sleep time by default. Contributed by Oleg Kalnichevski

  • DefaultManagedHttpClientConnection: Restore original socket timeout. Contributed by Ryan Schmitt

  • HTTPCLIENT-2411: Use standard HTTP-date format for synthesized Date header (#775). Contributed by Arturo Bernal

  • Fix NPE in connection evictor setup (#774). Contributed by Arturo Bernal

Release 5.6

... (truncated)

Commits
  • 4f86ca6 HttpClient 5.6.1 release
  • 1b2bafe Updated release notes for HttpClient 5.6.1 release
  • 1acf00b Fix SCRAM final response handling
  • 49549ab Auth challenge parsing code improvement
  • fa6b6d7 Add missing Javadoc for ConnectionConfig (#820)
  • 3de8ad5 Fixed DefaultClientTlsStrategy test failures on MacOS
  • c69f38f Bug-fix: corrects message exchange cancellation logic in InternalHttpAsyncExe...
  • 30386d3 HTTPCLIENT-2417 Honor TlsConfig attachment in async connect path
  • 9cc45f6 HTTPCLIENT-2414 - Fix Basic auth cache scoping across path prefixes (#802)
  • 1e01a48 HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803)
  • Additional commits viewable in compare view

Updates org.apache.httpcomponents.client5:httpclient5-fluent from 5.5.2 to 5.6.1

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5-fluent's changelog.

Release 5.6.1

This is a maintenance release disables experimental SCRAM auth scheme by default and fixes SCRAM final response handling. The SCRAM auth scheme can be re-enabled by choosing a custom auth scheme preference sequence that explicitly includes SCRAM auth.

Change Log

  • Fix SCRAM final response handling. Contributed by Arturo Bernal

  • Auth challenge parsing code improvement. Contributed by Oleg Kalnichevski

  • Add missing Javadoc for ConnectionConfig (#820). Contributed by Gary Gregory

  • Bug fix: Corrected async message exchange cancellation logic in InternalHttpAsyncExecRuntime. Contributed by Oleg Kalnichevski

  • HTTPCLIENT-2417: Honor TlsConfig attachment in async connect path. Contributed by Arturo Bernal

  • HTTPCLIENT-2414: Fix Basic auth cache scoping across path prefixes (#802). Contributed by Arturo Bernal

  • HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803). Contributed by Arturo Bernal

  • Bug fix: Corrected sleep time calculation in IdleConnectionEvictor; use 1 minute sleep time by default. Contributed by Oleg Kalnichevski

  • DefaultManagedHttpClientConnection: Restore original socket timeout. Contributed by Ryan Schmitt

  • HTTPCLIENT-2411: Use standard HTTP-date format for synthesized Date header (#775). Contributed by Arturo Bernal

  • Fix NPE in connection evictor setup (#774). Contributed by Arturo Bernal

Release 5.6

... (truncated)

Commits
  • 4f86ca6 HttpClient 5.6.1 release
  • 1b2bafe Updated release notes for HttpClient 5.6.1 release
  • 1acf00b Fix SCRAM final response handling
  • 49549ab Auth challenge parsing code improvement
  • fa6b6d7 Add missing Javadoc for ConnectionConfig (#820)
  • 3de8ad5 Fixed DefaultClientTlsStrategy test failures on MacOS
  • c69f38f Bug-fix: corrects message exchange cancellation logic in InternalHttpAsyncExe...
  • 30386d3 HTTPCLIENT-2417 Honor TlsConfig attachment in async connect path
  • 9cc45f6 HTTPCLIENT-2414 - Fix Basic auth cache scoping across path prefixes (#802)
  • 1e01a48 HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Apr 20, 2026
@apupier
Copy link
Copy Markdown
Contributor

apupier commented Apr 20, 2026

previous PR to bump to 5.6 was closed by @davsclaus #20581

@github-actions
Copy link
Copy Markdown
Contributor

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

  • First-time contributors require MANUAL approval for the GitHub Actions to run
  • You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
  • You can label PRs using skip-tests and test-dependents to fine-tune the checks executed by this PR.
  • Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

davsclaus
davsclaus previously approved these changes Apr 20, 2026
@davsclaus
Copy link
Copy Markdown
Contributor

we are now on SB4 so we can upgrade

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 20, 2026

🧪 CI tested the following changed modules:

  • components/camel-http
  • parent

ℹ️ Dependent modules were not tested because the total number of affected modules exceeded the threshold (50). Use the test-dependents label to force testing all dependents.

POM dependency changes: targeted tests included

Changed properties: httpclient-version

Modules affected by dependency changes (20)
  • :camel-as2-api
  • :camel-box
  • :camel-cm-sms
  • :camel-cxf-rest
  • :camel-cxf-soap
  • :camel-cxf-spring-rest
  • :camel-cxf-spring-soap
  • :camel-geocoder
  • :camel-graphql
  • :camel-http
  • :camel-itest
  • :camel-jetty
  • :camel-keycloak
  • :camel-launcher
  • :camel-oaipmh
  • :camel-oauth
  • :camel-splunk-hec
  • :camel-weather
  • :camel-wordpress
  • :camel-workday

⚠️ Some tests are disabled on GitHub Actions (@DisabledIfSystemProperty(named = "ci.env.name")) and require manual verification:

  • components/camel-http: 1 test(s) disabled on GitHub Actions
Build reactor — dependencies compiled but only changed modules were tested (21 modules)
  • Camel :: AS2 :: API
  • Camel :: Box :: Component
  • Camel :: CM SMS
  • Camel :: CXF :: REST
  • Camel :: CXF :: REST :: Spring
  • Camel :: CXF :: SOAP
  • Camel :: CXF :: SOAP :: Spring
  • Camel :: Geocoder
  • Camel :: GraphQL
  • Camel :: HTTP
  • Camel :: Integration Tests
  • Camel :: Jetty
  • Camel :: Keycloak
  • Camel :: Launcher
  • Camel :: OAIPMH
  • Camel :: OAuth
  • Camel :: Parent
  • Camel :: Splunk HEC
  • Camel :: Weather
  • Camel :: Wordpress
  • Camel :: Workday

⚙️ View full build and test results

@davsclaus
Copy link
Copy Markdown
Contributor

HttpCompressionTest needs manual fix/update

Copy link
Copy Markdown
Contributor

@apupier apupier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[camel-http] [ERROR] Tests run: 1, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.015 s <<< FAILURE! -- in org.apache.camel.component.http.HttpCompressionTest
[camel-http] [ERROR] org.apache.camel.component.http.HttpCompressionTest.compressedHttpPost -- Time elapsed: 0.013 s <<< FAILURE!
org.opentest4j.AssertionFailedError: expected: <camel rocks!> but was: <null>
	at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:158)
	at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:139)
	at org.junit.jupiter.api.AssertEquals.failNotEqual(AssertEquals.java:201)
	at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:184)
	at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:179)
	at org.junit.jupiter.api.Assertions.assertEquals(Assertions.java:1188)
	at org.apache.camel.component.http.BaseHttpTest.assertBody(BaseHttpTest.java:53)
	at org.apache.camel.component.http.HttpCompressionTest.compressedHttpPost(HttpCompressionTest.java:105)

@apupier apupier self-assigned this Apr 20, 2026
@apupier
Copy link
Copy Markdown
Contributor

apupier commented Apr 20, 2026

there is a swallowed exception:

java.util.zip.ZipException: Not in GZIP format
	at java.base/java.util.zip.GZIPInputStream.readHeader(GZIPInputStream.java:197)
	at java.base/java.util.zip.GZIPInputStream.<init>(GZIPInputStream.java:81)
	at java.base/java.util.zip.GZIPInputStream.<init>(GZIPInputStream.java:112)
	at org.apache.camel.support.GZIPHelper.uncompressGzip(GZIPHelper.java:41)
	at org.apache.camel.component.http.HttpProducer.extractResponseBody(HttpProducer.java:536)
	at org.apache.camel.component.http.HttpProducer.populateResponse(HttpProducer.java:361)
	at org.apache.camel.component.http.HttpProducer.lambda$2(HttpProducer.java:275)
	at org.apache.camel.component.http.HttpProducer.executeMethod(HttpProducer.java:493)
	at org.apache.camel.component.http.HttpProducer.process(HttpProducer.java:251)
	at org.apache.camel.support.AsyncProcessorConverterHelper$ProcessorToAsyncProcessorBridge.process(AsyncProcessorConverterHelper.java:65)
	at org.apache.camel.impl.engine.SharedCamelInternalProcessor.processNonTransacted(SharedCamelInternalProcessor.java:156)
	at org.apache.camel.impl.engine.SharedCamelInternalProcessor.process(SharedCamelInternalProcessor.java:133)
	at org.apache.camel.impl.engine.SharedCamelInternalProcessor$1.process(SharedCamelInternalProcessor.java:89)
	at org.apache.camel.impl.engine.DefaultAsyncProcessorAwaitManager.process(DefaultAsyncProcessorAwaitManager.java:81)
	at org.apache.camel.impl.engine.SharedCamelInternalProcessor.process(SharedCamelInternalProcessor.java:86)
	at org.apache.camel.support.cache.DefaultProducerCache.send(DefaultProducerCache.java:180)
	at org.apache.camel.impl.engine.DefaultProducerTemplate.send(DefaultProducerTemplate.java:175)
	at org.apache.camel.impl.engine.DefaultProducerTemplate.send(DefaultProducerTemplate.java:171)
	at org.apache.camel.impl.engine.DefaultProducerTemplate.request(DefaultProducerTemplate.java:366)
	at org.apache.camel.component.http.HttpCompressionTest.compressedHttpPost(HttpCompressionTest.java:90)

@apupier
Copy link
Copy Markdown
Contributor

apupier commented Apr 20, 2026

Note that there is a note in changelog of httpclient that compression mechanism has been modified and now severzl libraries are optional and called by reflction but in theory the gzip format should still be available by default https://github.com/apache/httpcomponents-client/pull/737/changes#diff-a3be7429ae1a366fee7c16707e733d3afd4c5784661985706a77685cdd8be0e3R54

also not that adding commons-compress is not fixing the issue

@apupier
Copy link
Copy Markdown
Contributor

apupier commented Apr 20, 2026

very likely due to this kind of change

https://issues.apache.org/jira/browse/HTTPCLIENT-2409 where the content is ungzipped automatically in some cases

(currently readign and tryign to understand it to see what we shoudl do on our side)

Bumps `httpclient-version` from 5.5.2 to 5.6.1.

We were previously basing actions to ungzip and content encoding on
headers of the response. It was possible because these headers were
previously removed by the client automatically. it is no more the case
as the headers are supposed to reflect what the opposite endpoint sent,
not the actual current state in httpclient. To know the current state,
we need to look to the entity.

most important details in
https://issues.apache.org/jira/browse/HTTPCLIENT-2409?focusedCommentId=18047208&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-18047208
and reading teh whoel discussion can help

Updates `org.apache.httpcomponents.client5:httpclient5` from 5.5.2 to
5.6.1
- [Changelog](https://github.com/apache/httpcomponents-client/blob/rel/v5.6.1/RELEASE_NOTES.txt)
- [Commits](apache/httpcomponents-client@rel/v5.5.2...rel/v5.6.1)

Updates `org.apache.httpcomponents.client5:httpclient5-fluent` from
5.5.2 to 5.6.1
- [Changelog](https://github.com/apache/httpcomponents-client/blob/rel/v5.6.1/RELEASE_NOTES.txt)
- [Commits](apache/httpcomponents-client@rel/v5.5.2...rel/v5.6.1)

---
updated-dependencies:
- dependency-name: org.apache.httpcomponents.client5:httpclient5
  dependency-version: 5.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.apache.httpcomponents.client5:httpclient5-fluent
  dependency-version: 5.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Aurélien Pupier <apupier@ibm.com>
@apupier apupier force-pushed the dependabot/maven/httpclient-version-5.6.1 branch from a0b7238 to 8d46dbb Compare April 20, 2026 13:28
@apupier
Copy link
Copy Markdown
Contributor

apupier commented Apr 20, 2026

We were previously basing actions to ungzip and content encoding on
headers of the response. It was possible because these headers were
previously removed by the client automatically. it is no more the case
as the headers are supposed to reflect what the opposite endpoint sent,
not the actual current state in httpclient. To know the current state,
we need to look to the entity.

@apupier apupier requested review from apupier and davsclaus April 20, 2026 14:06
@apupier apupier dismissed their stale review April 20, 2026 14:06

test failure adressed

@apupier apupier removed their request for review April 20, 2026 14:06
@apupier apupier dismissed davsclaus’s stale review April 20, 2026 14:29

important changes provided since approval

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

components core-build-and-dependencies dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants