Bump io.ktor:ktor-network from 3.4.0 to 3.4.2

[dependabot]

Bumps io.ktor:ktor-network from 3.4.0 to 3.4.2.

Release notes

Sourced from io.ktor:ktor-network's releases.

3.4.2

Published 27 March 2026

Improvements

• KTOR-9327 Curl: The WebSockets maxFrameSize option does not have an effect
• KTOR-9383 CaseInsensitiveString: reduce allocations
• KTOR-9385 Netty: Allocation micro-optimizations
• KTOR-9403 Darwin: Unnecessary ByteArray copy for each received response chunk
• KTOR-9412 KDoc for formFieldLimit documents incorrect default value (64 KB instead of 50 MiB)

Bugfixes

• KTOR-9351 OpenAPI: Incorrect schema generated for nested classes with lists
• KTOR-9361 WebSockets: JsWebSocketSession._closeReason is completed twice
• KTOR-9437 Fix GraalVM Compatibility
• KTOR-9424 Logging: OkHttp format should log the full requested URL
• KTOR-8540 Logging: IllegalStateException is thrown when response is cached and deserialization fails
• KTOR-9370 OpenAPI: NoSuchMethodError - getLOCAL_FUNCTION_FOR_LAMBDA with Kotlin 2.3.20-*
• KTOR-9421 Netty: active SSE connection blocks HTTP/2 response flushing for other requests
• KTOR-3390 JS browser: "Failed to execute 'digest' on 'SubtleCrypto'" error when using digest auth
• KTOR-5977 Compression: The encoders buffer streaming response
• KTOR-9393 Certificate pinning matches against all pins instead of hostname-scoped pins
• KTOR-8751 DI: AmbiguousDependencyException when named dependency is overridden in testApplication
• KTOR-9039 Bearer Auth: Request body transformed with jsonIO isn't sent over again after refreshToken request
• KTOR-9404 Darwin: Memory leak in KtorNSURLSessionDelegate
• KTOR-9399 LinkageError when running Ktor app with development mode inside Spring Boot / Amper fat-JAR
• KTOR-9402 NoSuchMethodError on RawWebSocket after 3.4.0
• KTOR-9372 Frame.Text.readText() causes infinite loop and 100% CPU on Kotlin/Native when WebSocket frame data is malformed or connection drops unexpectedly
• KTOR-9387 ZstdEncoder decode fails when source data is split into multiple Zstd frames

3.4.1

Published 3 March 2026

Improvements

• KTOR-9382 HttpProtocolVersion.parse: fast path for common versions
• KTOR-9381 GMTDate: reduce allocations
• KTOR-8971 Support "operationId" in Kdoc for OpenAPI spec. gen.
• KTOR-9333 WebSockets: Infinite spin and potential OOM vulnerabilities in the Inflater.inflateFully method
• KTOR-5616 Ktor always adds by default an Accept-Charset header
• KTOR-9291 OpenAPI: handle atypical route functions
• KTOR-9293 OpenAPI describe needs defaults
• KTOR-9304 OpenAPI: Order of path parameters is not preserved in the spec
• KTOR-9353 Routing: TailcardSelector missing toString(), which clutters the logs

Bugfixes

• KTOR-9281 OpenApi code inference misses lambda argument bodies
• KTOR-9273 OpenAPI static content path appears in resulting model
• KTOR-9004 OpenAPI: No respective formats detected for serializable types like UUID or Instant
• KTOR-9305 OpenAPI: "No mapping for symbol: VAR FOR_LOOP_VARIABLE" error with codeInferenceEnabled=true
• KTOR-9279 OpenAPI: UnsupportedOperationException for a function with a reified type parameter codeInferenceEnabled = true
• KTOR-9289 OpenAPI: Resource routes are missing inferred and comment-based documentation

... (truncated)

Changelog

Sourced from io.ktor:ktor-network's changelog.

3.4.2

Published 27 March 2026

Improvements

• KTOR-9327 Curl: The WebSockets maxFrameSize option does not have an effect
• KTOR-9383 CaseInsensitiveString: reduce allocations
• KTOR-9385 Netty: Allocation micro-optimizations
• KTOR-9403 Darwin: Unnecessary ByteArray copy for each received response chunk
• KTOR-9412 KDoc for formFieldLimit documents incorrect default value (64 KB instead of 50 MiB)

Bugfixes

• KTOR-9351 OpenAPI: Incorrect schema generated for nested classes with lists
• KTOR-9361 WebSockets: JsWebSocketSession._closeReason is completed twice
• KTOR-9437 Fix GraalVM Compatibility
• KTOR-9424 Logging: OkHttp format should log the full requested URL
• KTOR-8540 Logging: IllegalStateException is thrown when response is cached and deserialization fails
• KTOR-9370 OpenAPI: NoSuchMethodError - getLOCAL_FUNCTION_FOR_LAMBDA with Kotlin 2.3.20-*
• KTOR-9421 Netty: active SSE connection blocks HTTP/2 response flushing for other requests
• KTOR-3390 JS browser: "Failed to execute 'digest' on 'SubtleCrypto'" error when using digest auth
• KTOR-5977 Compression: The encoders buffer streaming response
• KTOR-9393 Certificate pinning matches against all pins instead of hostname-scoped pins
• KTOR-8751 DI: AmbiguousDependencyException when named dependency is overridden in testApplication
• KTOR-9039 Bearer Auth: Request body transformed with jsonIO isn't sent over again after refreshToken request
• KTOR-9404 Darwin: Memory leak in KtorNSURLSessionDelegate
• KTOR-9399 LinkageError when running Ktor app with development mode inside Spring Boot / Amper fat-JAR
• KTOR-9402 NoSuchMethodError on RawWebSocket after 3.4.0
• KTOR-9372 Frame.Text.readText() causes infinite loop and 100% CPU on Kotlin/Native when WebSocket frame data is malformed or connection drops unexpectedly
• KTOR-9387 ZstdEncoder decode fails when source data is split into multiple Zstd frames

3.4.1

Published 3 March 2026

Improvements

• KTOR-9382 HttpProtocolVersion.parse: fast path for common versions
• KTOR-9381 GMTDate: reduce allocations
• KTOR-8971 Support "operationId" in Kdoc for OpenAPI spec. gen.
• KTOR-9333 WebSockets: Infinite spin and potential OOM vulnerabilities in the Inflater.inflateFully method
• KTOR-5616 Ktor always adds by default an Accept-Charset header
• KTOR-9291 OpenAPI: handle atypical route functions
• KTOR-9293 OpenAPI describe needs defaults
• KTOR-9304 OpenAPI: Order of path parameters is not preserved in the spec
• KTOR-9353 Routing: TailcardSelector missing toString(), which clutters the logs

Bugfixes

• KTOR-9281 OpenApi code inference misses lambda argument bodies
• KTOR-9273 OpenAPI static content path appears in resulting model
• KTOR-9004 OpenAPI: No respective formats detected for serializable types like UUID or Instant
• KTOR-9305 OpenAPI: "No mapping for symbol: VAR FOR_LOOP_VARIABLE" error with codeInferenceEnabled=true
• KTOR-9279 OpenAPI: UnsupportedOperationException for a function with a reified type parameter codeInferenceEnabled = true

... (truncated)

Commits

• 245774a Release 3.4.2 (#5493)
• 7c6c33a KTOR-9361 Fix JsWebSocketSession._closeReason completed twice (#5457)
• 453e739 KTOR-9437 Server. Add GraalVM metadata. (#5491)
• 7146fd7 KTOR-9424 Log full URLs with OkHttp format (#5488)
• 52b5981 KTOR-8540 Fix IllegalStateException by creating a new instance of HttpClientC...
• 12de7fb KTOR-9408 Update atomicfu with performance fix
• 58837ad KTOR-9419 Fix vulnerability in swagger endpoint
• 69e55ce Remove CurlWebSocketTests (#5483)
• 5dfbe51 fixup! KTOR-9421 Track streaming responses separately to fix SSE blocking flu...
• e784ed7 fixup! Server. Update KDocs for that may set status. (#5233)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)