Bump bandit from 1.5.7 to 1.6.5

[dependabot]

Bumps bandit from 1.5.7 to 1.6.5.

Changelog

Sourced from bandit's changelog.

1.6.5 (15 Jan 2025)

Fixes

• Fix regression introduced in 1.6.1 where we would not send headers set by the Plug during WebSocket upgrades (#458)

Enhancements

• Properly normalize Erlang errors before emitting telemetry and logged crash_reason (#455, thanks @​grzuy!)

1.6.4 (11 Jan 2025)

Fixes

• Fix error in socket setup error handling introduced in 1.6.2 (thanks @​danielspofford!)

1.6.3 (8 Jan 2025)

Fixes

• Always close HTTP/1 connection in any case where an error comes out of the plug (#452, thanks @​zookzook!)
• Fix dialyzer warning introduced by Thousand Island 1.3.9

1.6.2 (4 Jan 2025)

Enhancements

• Send telemetry events on Plugs that throw or exit (#443)
• Improve test robustness & speed (#446)
• Read a minimal number of bytes when sniffing for protocol (#449)
• Add plug and websock to logging metadata whenever possible (#448)
• Add plug and websock to telemetry metadata whenever possible (#447)
• Silently eat Bandit.TransportError errors during HTTP/1 error fallback handling

Fixes

• Bump hpax to 1.0.2, fixes phoenixframework/phoenix#6020 (thanks @​krainboltgreene!)
• Fix cases where we would desync on pipelined POST requests (#442)

Changes

• Unwrap Plug.Conn.WrapperErrors raised by Plug and handle the wrapped error per policy
• Surface socket setup errors as Bandit.TransportError for consistency in logging

1.6.1 (6 Dec 2024)

Enhancements

• Add deflate support when sending chunked responses (#429)

... (truncated)

Commits

• bffad96 Version bump to 1.6.5
• 41bb3d8 Send any headers already queued in the plug when upgrading websocket (#458)
• 1ddeb34 fix: properly normalize erlang errors before emitting telemetry and logged cr...
• 177b053 Version bump to 1.6.4
• 7168c5f Fix typo on hard to repro TransportError
• b8b5651 Version bump to 1.6.3
• 24f2d84 Always close HTTP/1 connection in any case where an error comes out of the pl...
• 01f8fa4 Add missing matches to HTTPTransport implementations
• 0eebc2c Bump thousand island to 1.3.9
• 6adcbf8 Add note about Phoenix to README
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #63.