Bump io.netty:netty-codec-http from 4.1.129.Final to 4.1.133.Final by dependabot[bot] · Pull Request #101 · evervault/evervault-android

dependabot · 2026-05-14T17:12:07Z

Bumps io.netty:netty-codec-http from 4.1.129.Final to 4.1.133.Final.

Release notes

Sourced from io.netty:netty-codec-http's releases.

netty-4.1.133.Final

CVEs Fixed

CVE-2026-42586 (netty-codec-redis)

CVE-2026-42578 (netty-handler-proxy)

CVE-2026-42587 (netty-codec-http, netty-codec-http2)

CVE-2026-41417 (netty-codec-http)

CVE-2026-42581 (netty-codec-http)

CVE-2026-42580 (netty-codec-http)

CVE-2026-42585 (netty-codec-http)

CVE-2026-42579 (netty-codec-dns)

CVE-2026-42582 (netty-codec-http3)

CVE-2026-42583 (netty-codec, netty-codec-compression)

CVE-2026-42584 (netty-codec-http)

CVE-2026-44248 (netty-codec-mqtt)

What's Changed

Fix IndexOutOfBoundsException in StompSubframeDecoder on heartbeat by @daguimu in netty/netty#16539

Auto-port 4.1: Fix implementation of strerror_r_xsi for GNU by @netty-project-bot in netty/netty#16561

Auto-port 4.1: Replace usage of strerror with thread-safe alternative by @netty-project-bot in netty/netty#16555

Auto-port 4.1: Kqueue: sendfile EINTR doesn't advance offset — data duplication by @netty-project-bot in netty/netty#16554

Auto-port 4.1: Avoid leak in PemReader on OutOfDirectMemoryError by @netty-project-bot in netty/netty#16576

Auto-port 4.1: Native DNS resolver: Guard against malloc failures by @netty-project-bot in netty/netty#16584

Auto-port 4.1: Include user properties and subscription IDs in MqttProperties#isEmpty by @netty-project-bot in netty/netty#16582

Auto-port 4.1: Fix parsing HTTP chunks with multiple extensions by @netty-project-bot in netty/netty#16588

Auto-port 4.1: Stabilize read-only toStringMultipleThreads1 by @netty-project-bot in netty/netty#16610

Auto-port 4.1: Epoll: Cleanup code to always return negative value on failure by @netty-project-bot in netty/netty#16601

Auto-port 4.1: Stabilize more AbstractByteBufTests by @netty-project-bot in netty/netty#16613

Auto-port 4.1: Stabilize testSessionInvalidate for Conscrypt by @netty-project-bot in netty/netty#16616

Auto-port 4.1: Native transports: Correctly create pipe when pipe2 is not supported by @netty-project-bot in netty/netty#16598

Use stream error for maxContentLength exceeded in InboundHttp2ToHttpAdapter by @daguimu in netty/netty#16558

Fix shutdownInput bug in kqueue for empty recv buffer (#16630) by @normanmaurer in netty/netty#16638

Auto-port 4.1: Kqueue: Fix usage of LOCAL_PEERPID by @netty-project-bot in netty/netty#16646

Auto-port 4.1: HTTP2: Ensure HTTP2 preface is always send as first message by @netty-project-bot in netty/netty#16642

Auto-port 4.1: Propagate exceptions from inner threads in buffer tests by @netty-project-bot in netty/netty#16652

Auto-port 4.1: Add maxFrameLength support to ProtobufVarint32FrameDecoder by @netty-project-bot in netty/netty#16658

Auto-port 4.1: Bump up netty-tcnative to 2.0.76.Final by @netty-project-bot in netty/netty#16672

HTTP2: Ensure HTTP2 preface is always send as first message (also on … by @chrisvest in netty/netty#16675

Improve flaky NioSocketChannelTest (#16679) by @normanmaurer in netty/netty#16681

Deprecate ObjectCleaner and remove usage (#16685) by @chrisvest in netty/netty#16694

Auto-port 4.1: Update to netty-tcnative 2.0.77.Final by @netty-project-bot in netty/netty#16695

Avoid NPE in JdkSslServerContext when TrustManagerFactory returns null by @daguimu in netty/netty#16691

Avoid NPE in JdkSslClientContext when TrustManagerFactory returns null by @daguimu in netty/netty#16690

Auto-port 4.1: Avoid TCPFastOpen in KQueueCompositeBufferGatheringWriteTest by @netty-project-bot in netty/netty#16699

Auto-port 4.1: SCTP: Correctly handle SO_BACKLOG by @netty-project-bot in netty/netty#16715

Fix DiscardClient hang under -Dssl by using a client SSL context by @daguimu in netty/netty#16717

Auto-port 4.1: Consolidate fake exceptions in HTTP/2 tests into Http2TestUtil by @netty-project-bot in netty/netty#16725

Auto-port 4.1: Activate noPrintGC by default by @netty-project-bot in netty/netty#16735

Merge commit from fork by @normanmaurer in netty/netty#16742

New Contributors

... (truncated)

Commits

fb13125 [maven-release-plugin] prepare release netty-4.1.133.Final
815f71a Fix compilation after multiple backports
1986c38 Merge commit from fork
6f69dc9 Merge commit from fork
bf78040 Fix BrotliDecoder not forwarding all decompressed chunks
387bbd0 Merge commit from fork
417ebaa Fix codec-dns tests
3c091ab Merge commit from fork
5d60b87 Fix checkstyle in HttpObjectDecoder
485f11d Merge commit from fork
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [io.netty:netty-codec-http](https://github.com/netty/netty) from 4.1.129.Final to 4.1.133.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.129.Final...netty-4.1.133.Final) --- updated-dependencies: - dependency-name: io.netty:netty-codec-http dependency-version: 4.1.133.Final dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

changeset-bot · 2026-05-14T17:12:12Z

⚠️ No Changeset found

Latest commit: 8849d54

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels May 14, 2026

dependabot Bot mentioned this pull request May 14, 2026

Bump io.netty:netty-codec-http from 4.1.129.Final to 4.1.132.Final #98

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump io.netty:netty-codec-http from 4.1.129.Final to 4.1.133.Final#101

Bump io.netty:netty-codec-http from 4.1.129.Final to 4.1.133.Final#101
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/io.netty-netty-codec-http-4.1.133.Final

dependabot Bot commented on behalf of github May 14, 2026

Uh oh!

changeset-bot Bot commented May 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 14, 2026

netty-4.1.133.Final

CVEs Fixed

What's Changed

New Contributors

Uh oh!

changeset-bot Bot commented May 14, 2026

⚠️ No Changeset found

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

0 participants