Releases: imroc/req
Releases Β· imroc/req
Release list
v3.59.0 Release
Breaking Changes
- Go 1.25+ required β quic-go v0.60.0 drops Go 1.24 support. The
godirective ingo.modis now1.25.0, and CI tests against Go 1.25.x and 1.26.x. Users on Go 1.24 should stay on v3.58.0.
Dependencies
- Port quic-go v0.60.0 β full sync of all http3 changes from quic-go v0.59.0 β v0.60.0 into req's vendored
internal/http3/:- Fix
QuaterStreamIDβQuarterStreamIDfield rename in qlogDatagramCreated/DatagramParsed(compile error with quic-go v0.60.0). Fixes #500. - Extract
validateHeaderFieldNameAndValue,validateRegularHeaderField,validateTrailerHeaderFieldhelper functions inheaders.go parseTrailers: addsizeLimitparameter with per-field size accounting anderrHeaderTooLargecheck- Add
validExtendedConnectProtocolfunction (RFC 9220) and validate extended CONNECT:protocolinrequest_writer.go - Use
strings.SplitSeqinextractAnnouncedTrailers
- Fix
v3.58.0 Release
New Features
- Add
SetTLSFingerprintSpecfor custom ClientHelloSpec support β accepts a*utls.ClientHelloSpecfor fine-grained TLS fingerprint customization (JA3/JA4). Closes #477, #478. - Add
SensitiveHeadersRedirectPolicyβ strips custom auth headers (e.g.X-API-Key,X-Auth-Token) on cross-domain redirects to prevent credential leakage (CWE-200). Fixes #489. - Port quic-go v0.59.0 β aligns with quic-go v0.59.0 breaking changes: removes deprecated
ConnectionTracingID/ConnectionTracingKey, removes stream hijacking API, replaceshandleUnidirectionalStreamswith per-stream callback, addsRawClientConnfor fine-grained stream control, addsHandleBidirectionalStream(closes conn per RFC 9114), fixesSupportsDatagramsβSupportsDatagrams.Remote. Fixes #482.
Bug Fixes
Unmarshalreturns error on error status codes β now checksIsErrorState()before deserializing, preventing 4xx/5xx response bodies from being deserialized into target structs. Closes #465.- Retry on GOAWAY errors with cached HTTP/2 connections β
RoundTripOnlyCachedConnnow falls through to create a new connection instead of returningerrClientConnGotGoAwaydirectly. Closes #491. SetCookieJarFactoryreturnshttp.CookieJarinterface β changes return type from*cookiejar.Jartohttp.CookieJar, allowing custom cookie jar implementations. Closes #415.- Add
application/jsonto Chrome impersonate accept header β matches Chrome's actual accept header for API requests expecting JSON. Closes #471.
Dependencies
- Upgrade utls to v1.8.2 β security update from v1.8.1. Addresses #459.
Tests
- Add comprehensive unit tests for HTTP/3 frames, headers, transport, and dump.
- Add automated test gate infrastructure.
v3.57.0 Release
- Update go modules.
- Port quic-go v0.57.1 (fix #474)
v3.56.0 Release
- Update go modules
- Port quic-go v0.56.0
v3.55.0 Release
v3.54.2 Release
- Replace go-multierror with errors.Join (#458)
v3.54.1 Release
- Fix data race condition in the Alt-Svc cache(#456)
v3.54.0 Release
v3.53.0 Release
- Upgrade all dependencies to the latest stable version.
- Port quic-go's latest stable version's logic.
- Now it requires go1.24+.
- README: Add
Go Version Compatibility Matrix
v3.52.2 Release
add Do func for client (compatible with http.Client.Do)