What's Changed
- fix: backport upstream bug fixes across forked crates by @deedy5 in #149
- perf: avoid Arc clones in root cert store paths and Safari emulator by @deedy5 in #150
Release v1.3.1 details
✨ Security
- fix(reqwest): Add scheme check to remove_sensitive_headers — prevents credential leakage on https→http same-host:port redirects
🐛 Fixes
- fix(h2): Backport 8 upstream fixes — missing notify_send() in set_reset, goaway stream filtering, connection flow control release after GOAWAY, guard for informational responses, dropping buffered DATA on scheduled reset, RFC 9113 idle stream frame rejection, capacity exhaustion handling
- fix(hyper): Backport 5 upstream fixes — SenderDropGuard for mid-body drop data loss, missed write wakeup deadlock in H1 dispatch, H2 capacity reservation deadlock, NO_ERROR handling in poll_trailers, 32-bit overflow in body size calculation
- fix(reqwest): Backport 3 upstream fixes — URL context in JSON decode errors, Hickory DNS init error propagation (no more panics), Google DNS fallback
- fix(primp-python): Resolve redirect race by applying policy on cloned client; RAII temp file cleanup
⚡ Performance
- perf(safari): Cache emulators per OS (iOS/macOS) to avoid Arc::make_mut deep clones on every build_safari_settings call
- perf(reqwest): default_root_store_arc() returns Arc so callers share the cached store via refcount instead of cloning
🏗️ Refactors & Chores
- chore(hyper-util): Sync upstream through v0.1.20 — modernize to std::future::poll_fn, std::task::ready, std::pin::pin!, drop futures-core dep, add RPITIT bounds, update system-configuration to ≥0.7
Full Changelog: v1.3.0...v1.3.1