Skip to content

#3567 add test return HTTP 413 with JSON error when request body exceeds size l…#3669

Merged
robfrank merged 1 commit into
mainfrom
fix/3567-http-body-size-413-response
Mar 16, 2026
Merged

#3567 add test return HTTP 413 with JSON error when request body exceeds size l…#3669
robfrank merged 1 commit into
mainfrom
fix/3567-http-body-size-413-response

Conversation

@robfrank

Copy link
Copy Markdown
Collaborator

…imit (#3567)

Undertow's built-in MAX_ENTITY_SIZE silently returned 400 with an empty body. Replace with a handler-level check that returns a proper 413 with a JSON error describing the limit and the config key to adjust it.

What does this PR do?

A brief description of the change being made with this pull request.

Motivation

What inspired you to submit this pull request?

Related issues

A list of issues either fixed, containing architectural discussions, otherwise relevant
for this Pull Request.

Additional Notes

Anything else we should know when reviewing?

Checklist

  • I have run the build using mvn clean package command
  • My unit tests cover both failure and success scenarios

@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

The pull request enhances the ArcadeDB HTTP server's robustness by improving how it handles requests with excessively large bodies. Previously, such requests would result in a vague HTTP 400 error without specific details. This change introduces a dedicated handler that intercepts oversized requests, responds with an appropriate HTTP 413 status code, and provides a clear JSON error message. This message informs the client about the exceeded limit and guides them on how to configure the 'arcadedb.server.httpBodyContentMaxSize' setting, significantly improving the developer experience and API clarity.

Highlights

  • Improved Error Handling for Oversized Request Bodies: Implemented a custom HTTP handler to enforce request body size limits, replacing Undertow's default behavior which previously resulted in a silent HTTP 400 error.
  • Explicit HTTP 413 Response: Changed the server's response for oversized requests from a generic HTTP 400 to an explicit HTTP 413 (Request Entity Too Large).
  • Detailed JSON Error Message: Provided a detailed JSON error message in the 413 response, including the exceeded limit, the actual request size, and the configuration key (arcadedb.server.httpBodyContentMaxSize) for adjustment.
  • New Test Coverage: Added a new test suite (HttpBodySizeLimitTest) to validate the correct handling of both oversized and valid request bodies, ensuring the new error mechanism functions as expected.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog
  • server/src/main/java/com/arcadedb/server/http/HttpServer.java
    • Imported necessary Undertow classes (HttpHandler, HttpServerExchange, Headers, StatusCodes) for custom HTTP handling.
    • Modified the buildUndertowServer method to set UndertowOptions.MAX_ENTITY_SIZE to Long.MAX_VALUE, effectively disabling Undertow's built-in body size check.
    • Integrated a new createBodySizeLimitHandler into the server's handler chain to manage body size limits.
    • Added the createBodySizeLimitHandler method, which checks the request's Content-Length against GlobalConfiguration.SERVER_HTTP_BODY_CONTENT_MAX_SIZE and sends a 413 response with a JSON error if the limit is exceeded.
  • server/src/test/java/com/arcadedb/server/http/HttpBodySizeLimitTest.java
    • Created a new test class HttpBodySizeLimitTest to cover HTTP body size limit scenarios.
    • Implemented onServerConfiguration to set a small SERVER_HTTP_BODY_CONTENT_MAX_SIZE (1KB) for controlled testing.
    • Added requestExceedingBodyLimitReturns413WithJsonError to verify that requests exceeding the configured limit receive an HTTP 413 status and a descriptive JSON error body.
    • Included requestWithinBodyLimitSucceeds to confirm that requests with body sizes within the configured limit are processed successfully with an HTTP 200 status.
    • Provided a helper method readErrorStream to facilitate extracting error messages from HTTP connections during testing.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

Code Review

Good approach overall. A few issues worth addressing.

Critical: Chunked Transfer Encoding Bypass

The check relies solely on the Content-Length header. When a client uses chunked transfer encoding (Transfer-Encoding: chunked), getRequestContentLength() returns -1 and the check is silently skipped. The size limit is therefore trivially bypassed, removing DoS protection for chunked requests — arguably worse than before since Undertow MAX_ENTITY_SIZE handled chunked bodies correctly at the I/O layer. Either reject requests without Content-Length when maxEntitySize > 0, or wrap the exchange input stream to count actual bytes read. At minimum, document this as a known limitation.

Style: Hardcoded Config Key in Error Message

The error message hardcodes the string arcadedb.server.httpBodyContentMaxSize. Use GlobalConfiguration.SERVER_HTTP_BODY_CONTENT_MAX_SIZE.getKey() so the message stays correct if the key is ever renamed.

Style: JSON via String Concatenation

Per CLAUDE.md, JSON should be built with com.arcadedb.serializer.json.JSONObject rather than string concatenation. While long values cannot cause JSON injection here, this violates the project convention.

Minor: Condition Semantics for maxEntitySize

The config doc says -1 means unlimited, but the guard skips enforcement for any value <= 0. A value of 0 therefore silently disables the limit. Worth documenting or aligning with the config description.

Minor: Redundant connect() in Test

In requestWithinBodyLimitSucceeds(), connection.connect() is called after writing to the output stream. Writing already triggers the connection implicitly.

Test: Missing Content-Type Assertion

The 413 test verifies the response body but does not assert Content-Type: application/json even though the handler explicitly sets that header.

Summary: the chunked-encoding bypass is the main concern; the rest are polish. Once addressed this should be in good shape.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a custom Undertow handler to provide a more informative error (HTTP 413 with a JSON body) when a request body exceeds the configured size limit. This is a good improvement over Undertow's default behavior. The added tests correctly verify the new behavior for requests with a Content-Length header. However, I have identified a potential security issue related to requests that use chunked encoding, which bypass the new size check. I've also included a minor suggestion to improve code readability.

Comment on lines +289 to +306
private HttpHandler createBodySizeLimitHandler(final HttpHandler next, final ContextConfiguration configuration) {
return exchange -> {
final long maxEntitySize = configuration.getValueAsLong(GlobalConfiguration.SERVER_HTTP_BODY_CONTENT_MAX_SIZE);
if (maxEntitySize > 0) {
final long contentLength = exchange.getRequestContentLength();
if (contentLength > maxEntitySize) {
exchange.setStatusCode(StatusCodes.REQUEST_ENTITY_TOO_LARGE);
exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "application/json");
exchange.getResponseSender().send(
"{\"error\":\"Request body too large\",\"detail\":\"Request body size (" + contentLength
+ " bytes) exceeds the maximum allowed size of " + maxEntitySize
+ " bytes. Configure 'arcadedb.server.httpBodyContentMaxSize' to increase the limit.\"}");
return;
}
}
next.handleRequest(exchange);
};
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

This handler only checks for requests with a Content-Length header. Requests using chunked encoding (Transfer-Encoding: chunked) will bypass this check because exchange.getRequestContentLength() returns -1 for them. Since UndertowOptions.MAX_ENTITY_SIZE is now set to Long.MAX_VALUE, this could allow an attacker to send an arbitrarily large chunked request, potentially leading to an OutOfMemoryError and a Denial of Service. This is a regression from the previous implementation that used UndertowOptions.MAX_ENTITY_SIZE, which correctly handles all request types. A more robust solution is needed to handle chunked requests as well.

Comment on lines +297 to +300
exchange.getResponseSender().send(
"{\"error\":\"Request body too large\",\"detail\":\"Request body size (" + contentLength
+ " bytes) exceeds the maximum allowed size of " + maxEntitySize
+ " bytes. Configure 'arcadedb.server.httpBodyContentMaxSize' to increase the limit.\"}");

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Manual JSON string concatenation using + is fragile and can be hard to read. Using String.format() would make this code cleaner, more readable, and less prone to concatenation errors.

          exchange.getResponseSender().send(String.format("{\"error\":\"Request body too large\",\"detail\":\"Request body size (%d bytes) exceeds the maximum allowed size of %d bytes. Configure 'arcadedb.server.httpBodyContentMaxSize' to increase the limit.\"}", contentLength, maxEntitySize));

@mergify

mergify Bot commented Mar 16, 2026

Copy link
Copy Markdown
Contributor

🧪 CI Insights

Here's what we observed from your CI run for 8dc0266.

🟢 All jobs passed!

But CI Insights is watching 👀

@codacy-production

Copy link
Copy Markdown

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
Report missing for 6f3e9ef1 100.00%
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (6f3e9ef) Report Missing Report Missing Report Missing
Head commit (499d465) 140644 91775 65.25%

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#3669) 13 13 100.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Footnotes

  1. Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct.

…imit (#3567)

Undertow's built-in MAX_ENTITY_SIZE silently returned 400 with an empty body.
Replace with a handler-level check that returns a proper 413 with a JSON error
describing the limit and the config key to adjust it.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@robfrank
robfrank force-pushed the fix/3567-http-body-size-413-response branch from 499d465 to 8dc0266 Compare March 16, 2026 18:55
@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

test

@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

test2

@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

Code Review - Issue 1: Size limit bypass via chunked encoding. Issue 2: Silent IOException in readErrorStream. Issue 3: Redundant connection.connect(). Issue 4: Loose assertion contains error. Issue 5: No response body validation. See detailed review in follow-up comments.

@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

Removing placeholder comments above - full review below.

@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

Code Review

@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

This PR adds a regression test (HttpBodySizeLimitTest) for the HTTP 413 response behaviour introduced by createBodySizeLimitHandler in HttpServer.java. The implementation itself is already on main - the PR is test-only.

@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

Issue 1 - Size limit bypass via chunked encoding: createBodySizeLimitHandler only checks exchange.getRequestContentLength(), which returns -1 when the client omits Content-Length and uses Transfer-Encoding: chunked. A client doing so bypasses the limit entirely. Consider adding a test that sends a chunked request over the limit to document the known limitation or verify a future fix.

@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

Issue 2 - Silent catch in readErrorStream masks assertion failures: If an IOException occurs reading the error stream, the method returns an empty string and the subsequent assertion assertThat(errorBody).contains('error') fails with a misleading 'expected to contain error but was empty' message rather than revealing the true cause. The exception should at minimum be rethrown as an unchecked exception so the test failure is diagnosable.

@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

Issue 3 - Redundant connection.connect() in requestWithinBodyLimitSucceeds: getOutputStream() already implicitly opens the connection, so the explicit connection.connect() call after writing the body is a no-op. Remove it to avoid confusion.

@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

Issue 4 - Test assertions are too loose: assertThat(errorBody).contains('error') would pass for any JSON that mentions the word 'error' (e.g. an unrelated server-side exception). A tighter assertion against the specific message is better - e.g. assertThat(errorBody).contains('Request body too large') - to make the test actually validate the right code path.

@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

Issue 5 - requestWithinBodyLimitSucceeds does not validate the response body: The success test only checks for HTTP 200 but ignores the response body. A lightweight check that the body is well-formed JSON with a 'result' key would make it more meaningful and catch regressions where the request goes through but the query itself fails silently.

@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

Minor / Nits: The test sends raw bytes (x repeated) with Content-Type: application/json - acceptable since the size check fires before body parsing, but a brief comment explaining the intentionally invalid body content would help readers. The PR checklist items ('I have run the build...' and 'My unit tests cover both failure and success scenarios') are unchecked - please verify both before merge.

@claude

claude Bot commented Mar 16, 2026

Copy link
Copy Markdown

Summary: The test covers the primary happy and sad paths for the Content-Length-based limit check and is a valuable regression guard. The two items most worth addressing before merge are: (a) the readErrorStream silent-catch which makes test failures hard to diagnose, and (b) the loose contains('error') assertion. The chunked-encoding bypass is a pre-existing limitation in the implementation, but is worth at least documenting with a comment or a skipped test.

@robfrank robfrank changed the title fix: return HTTP 413 with JSON error when request body exceeds size l… #3567 add test return HTTP 413 with JSON error when request body exceeds size l… Mar 16, 2026
@robfrank
robfrank merged commit 024b303 into main Mar 16, 2026
19 of 23 checks passed
@codacy-production

Copy link
Copy Markdown

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
-9.47%
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (21ba9b7) 109700 81957 74.71%
Head commit (8dc0266) 140644 (+30944) 91750 (+9793) 65.24% (-9.47%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#3669) 0 0 ∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@codecov

codecov Bot commented Mar 17, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 65.82%. Comparing base (21ba9b7) to head (8dc0266).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3669      +/-   ##
==========================================
- Coverage   65.83%   65.82%   -0.01%     
==========================================
  Files        1550     1550              
  Lines      109700   109700              
  Branches    22878    22878              
==========================================
- Hits        72218    72210       -8     
- Misses      27768    27804      +36     
+ Partials     9714     9686      -28     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

robfrank added a commit that referenced this pull request May 12, 2026
mergify Bot added a commit that referenced this pull request May 24, 2026
Bumps [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) from 8.20.0 to 8.21.0.
Changelog

*Sourced from [pg's changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md).*

> pg@8.21.0
> ---------
>
> * Handle [SASL SCRAM](https://redirect.github.com/brianc/node-postgres/pull/3521) server error responses properly.
> * Add support for [node@26](https://redirect.github.com/brianc/node-postgres/pull/3667).
> * Add `scramMaxIterations` [config option](https://redirect.github.com/brianc/node-postgres/pull/3677).
> * Add `client.getTransactionStatus()` [method](https://redirect.github.com/brianc/node-postgres/pull/3645).


Commits

* [`544b1ce`](brianc/node-postgres@544b1ce) Publish
* [`cc03fa5`](brianc/node-postgres@cc03fa5) Add scramMaxIterations option to limit SCRAM iteration count ([#3677](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3677))
* [`f776327`](brianc/node-postgres@f776327) Remove compatibility code for unsupported versions of Node (<16) ([#3678](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3678))
* [`f252870`](brianc/node-postgres@f252870) cleanup: pg utils ([#3675](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3675))
* [`c8da6ab`](brianc/node-postgres@c8da6ab) Assorted test cleanup ([#3673](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3673))
* [`fa47e73`](brianc/node-postgres@fa47e73) fix: `Client#end` callback being called multiple times when first is no-op (#...
* [`88a7e60`](brianc/node-postgres@88a7e60) cleanup: Move declaration to more natural place
* [`2095247`](brianc/node-postgres@2095247) cleanup: Combine duplicated code in `Client#query` and avoid unneeded early n...
* [`0ac3edd`](brianc/node-postgres@0ac3edd) fix: apply SASLprep (RFC 4013) to passwords before SCRAM-SHA-256 PBKDF2 ([#3669](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3669))
* [`be880d4`](brianc/node-postgres@be880d4) Assorted test fixes and cleanup ([#3672](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3672))
* Additional commits viewable in [compare view](https://github.com/brianc/node-postgres/commits/pg@8.21.0/packages/pg)
  
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=pg&package-manager=npm\_and\_yarn&previous-version=8.20.0&new-version=8.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
tae898 pushed a commit to humemai/arcadedb-embedded-python that referenced this pull request Jun 28, 2026
…[skip ci]

Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito) from 5.18.0 to 5.19.0.
Release notes

*Sourced from [org.mockito:mockito-core's releases](https://github.com/mockito/mockito/releases).*

> v5.19.0
> -------
>
> *Changelog generated by [Shipkit Changelog Gradle Plugin](https://github.com/shipkit/shipkit-changelog)*
>
> #### 5.19.0
>
> * 2025-08-15 - [37 commit(s)](mockito/mockito@v5.18.0...v5.19.0) by Adrian-Kim, Tim van der Lippe, Tran Ngoc Nhan, dependabot[bot], juyeop
> * feat: Add support for JDK21 Sequenced Collections. [([ArcadeData#3708](https://redirect.github.com/mockito/mockito/issues/3708))]([mockito/mockito#3708](https://redirect.github.com/mockito/mockito/pull/3708))
> * Bump actions/checkout from 4 to 5 [([ArcadeData#3707](https://redirect.github.com/mockito/mockito/issues/3707))]([mockito/mockito#3707](https://redirect.github.com/mockito/mockito/pull/3707))
> * build: Allow overriding 'Created-By' for reproducible builds [([ArcadeData#3704](https://redirect.github.com/mockito/mockito/issues/3704))]([mockito/mockito#3704](https://redirect.github.com/mockito/mockito/pull/3704))
> * Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 [([ArcadeData#3703](https://redirect.github.com/mockito/mockito/issues/3703))]([mockito/mockito#3703](https://redirect.github.com/mockito/mockito/pull/3703))
> * Bump androidx.test:runner from 1.6.2 to 1.7.0 [([ArcadeData#3697](https://redirect.github.com/mockito/mockito/issues/3697))]([mockito/mockito#3697](https://redirect.github.com/mockito/mockito/pull/3697))
> * Bump org.junit.platform:junit-platform-launcher from 1.13.3 to 1.13.4 [([ArcadeData#3694](https://redirect.github.com/mockito/mockito/issues/3694))]([mockito/mockito#3694](https://redirect.github.com/mockito/mockito/pull/3694))
> * Bump com.diffplug.spotless:spotless-plugin-gradle from 7.1.0 to 7.2.1 [([ArcadeData#3693](https://redirect.github.com/mockito/mockito/issues/3693))]([mockito/mockito#3693](https://redirect.github.com/mockito/mockito/pull/3693))
> * Bump junit-jupiter from 5.13.3 to 5.13.4 [([ArcadeData#3691](https://redirect.github.com/mockito/mockito/issues/3691))]([mockito/mockito#3691](https://redirect.github.com/mockito/mockito/pull/3691))
> * Bump com.gradle.develocity from 4.0.2 to 4.1 [([ArcadeData#3689](https://redirect.github.com/mockito/mockito/issues/3689))]([mockito/mockito#3689](https://redirect.github.com/mockito/mockito/pull/3689))
> * Bump com.google.googlejavaformat:google-java-format from 1.27.0 to 1.28.0 [([ArcadeData#3688](https://redirect.github.com/mockito/mockito/issues/3688))]([mockito/mockito#3688](https://redirect.github.com/mockito/mockito/pull/3688))
> * Bump com.google.googlejavaformat:google-java-format from 1.25.2 to 1.27.0 [([ArcadeData#3686](https://redirect.github.com/mockito/mockito/issues/3686))]([mockito/mockito#3686](https://redirect.github.com/mockito/mockito/pull/3686))
> * Bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.4 to 7.1.0 [([ArcadeData#3685](https://redirect.github.com/mockito/mockito/issues/3685))]([mockito/mockito#3685](https://redirect.github.com/mockito/mockito/pull/3685))
> * Bump junit-jupiter from 5.13.2 to 5.13.3 [([ArcadeData#3684](https://redirect.github.com/mockito/mockito/issues/3684))]([mockito/mockito#3684](https://redirect.github.com/mockito/mockito/pull/3684))
> * Bump org.shipkit:shipkit-auto-version from 2.1.0 to 2.1.2 [([ArcadeData#3683](https://redirect.github.com/mockito/mockito/issues/3683))]([mockito/mockito#3683](https://redirect.github.com/mockito/mockito/pull/3683))
> * Bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.2 to 7.0.4 [([ArcadeData#3682](https://redirect.github.com/mockito/mockito/issues/3682))]([mockito/mockito#3682](https://redirect.github.com/mockito/mockito/pull/3682))
> * Only run release after both Java and Android tests have finished
>   [([ArcadeData#3681](https://redirect.github.com/mockito/mockito/issues/3681))]([mockito/mockito#3681](https://redirect.github.com/mockito/mockito/pull/3681))
> * Bump org.junit.platform:junit-platform-launcher from 1.12.2 to 1.13.3 [([ArcadeData#3680](https://redirect.github.com/mockito/mockito/issues/3680))]([mockito/mockito#3680](https://redirect.github.com/mockito/mockito/pull/3680))
> * Bump org.codehaus.groovy:groovy from 3.0.24 to 3.0.25 [([ArcadeData#3679](https://redirect.github.com/mockito/mockito/issues/3679))]([mockito/mockito#3679](https://redirect.github.com/mockito/mockito/pull/3679))
> * Bump org.eclipse.platform:org.eclipse.osgi from 3.23.0 to 3.23.100 [([ArcadeData#3678](https://redirect.github.com/mockito/mockito/issues/3678))]([mockito/mockito#3678](https://redirect.github.com/mockito/mockito/pull/3678))
> * Can no longer publish snapshot releases [([ArcadeData#3677](https://redirect.github.com/mockito/mockito/issues/3677))]([mockito/mockito#3677](https://redirect.github.com/mockito/mockito/issues/3677))
> * Update Gradle to 8.14.2 [([ArcadeData#3676](https://redirect.github.com/mockito/mockito/issues/3676))]([mockito/mockito#3676](https://redirect.github.com/mockito/mockito/pull/3676))
> * Bump errorprone from 2.23.0 to 2.39.0 [([ArcadeData#3674](https://redirect.github.com/mockito/mockito/issues/3674))]([mockito/mockito#3674](https://redirect.github.com/mockito/mockito/pull/3674))
> * Correct Junit docs link [([ArcadeData#3672](https://redirect.github.com/mockito/mockito/issues/3672))]([mockito/mockito#3672](https://redirect.github.com/mockito/mockito/pull/3672))
> * Bump net.ltgt.gradle:gradle-errorprone-plugin from 4.1.0 to 4.3.0 [([ArcadeData#3670](https://redirect.github.com/mockito/mockito/issues/3670))]([mockito/mockito#3670](https://redirect.github.com/mockito/mockito/pull/3670))
> * Bump junit-jupiter from 5.13.1 to 5.13.2 [([ArcadeData#3669](https://redirect.github.com/mockito/mockito/issues/3669))]([mockito/mockito#3669](https://redirect.github.com/mockito/mockito/pull/3669))
> * Bump bytebuddy from 1.17.5 to 1.17.6 [([ArcadeData#3668](https://redirect.github.com/mockito/mockito/issues/3668))]([mockito/mockito#3668](https://redirect.github.com/mockito/mockito/pull/3668))
> * Bump junit-jupiter from 5.12.2 to 5.13.1 [([ArcadeData#3666](https://redirect.github.com/mockito/mockito/issues/3666))]([mockito/mockito#3666](https://redirect.github.com/mockito/mockito/pull/3666))
> * Bump org.jetbrains.kotlin:kotlin-stdlib from 2.0.21 to 2.2.0 [([ArcadeData#3665](https://redirect.github.com/mockito/mockito/issues/3665))]([mockito/mockito#3665](https://redirect.github.com/mockito/mockito/pull/3665))
> * Bump org.gradle.toolchains.foojay-resolver-convention from 0.9.0 to 1.0.0 [([ArcadeData#3661](https://redirect.github.com/mockito/mockito/issues/3661))]([mockito/mockito#3661](https://redirect.github.com/mockito/mockito/pull/3661))
> * Bump org.junit.platform:junit-platform-launcher from 1.11.4 to 1.12.2 [([ArcadeData#3660](https://redirect.github.com/mockito/mockito/issues/3660))]([mockito/mockito#3660](https://redirect.github.com/mockito/mockito/pull/3660))
> * Add JDK21 sequenced collections for ReturnsEmptyValues [([ArcadeData#3659](https://redirect.github.com/mockito/mockito/issues/3659))]([mockito/mockito#3659](https://redirect.github.com/mockito/mockito/issues/3659))
> * Bump com.gradle.develocity from 3.19.1 to 4.0.2 [([ArcadeData#3658](https://redirect.github.com/mockito/mockito/issues/3658))]([mockito/mockito#3658](https://redirect.github.com/mockito/mockito/pull/3658))
> * Bump ru.vyarus:gradle-animalsniffer-plugin from 1.7.2 to 2.0.1 [([ArcadeData#3657](https://redirect.github.com/mockito/mockito/issues/3657))]([mockito/mockito#3657](https://redirect.github.com/mockito/mockito/pull/3657))
> * Bump org.eclipse.platform:org.eclipse.osgi from 3.22.0 to 3.23.0 [([ArcadeData#3656](https://redirect.github.com/mockito/mockito/issues/3656))]([mockito/mockito#3656](https://redirect.github.com/mockito/mockito/pull/3656))
> * Bump org.codehaus.groovy:groovy from 3.0.23 to 3.0.24 [([ArcadeData#3655](https://redirect.github.com/mockito/mockito/issues/3655))]([mockito/mockito#3655](https://redirect.github.com/mockito/mockito/pull/3655))
> * Bump junit-jupiter from 5.11.4 to 5.12.2 [([ArcadeData#3653](https://redirect.github.com/mockito/mockito/issues/3653))]([mockito/mockito#3653](https://redirect.github.com/mockito/mockito/pull/3653))
> * Reproducible Build: need to inject JDK distribution details to rebuild [([ArcadeData#3563](https://redirect.github.com/mockito/mockito/issues/3563))]([mockito/mockito#3563](https://redirect.github.com/mockito/mockito/issues/3563))


Commits

* [`144751b`](mockito/mockito@144751b) Add support for JDK21 Sequenced Collections. ([ArcadeData#3708](https://redirect.github.com/mockito/mockito/issues/3708))
* [`b275c7d`](mockito/mockito@b275c7d) Bump actions/checkout from 4 to 5 ([ArcadeData#3707](https://redirect.github.com/mockito/mockito/issues/3707))
* [`ad6ae2f`](mockito/mockito@ad6ae2f) Allow overriding 'Created-By' for reproducible builds ([ArcadeData#3704](https://redirect.github.com/mockito/mockito/issues/3704))
* [`096ee9f`](mockito/mockito@096ee9f) Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 ([ArcadeData#3703](https://redirect.github.com/mockito/mockito/issues/3703))
* [`aa7be27`](mockito/mockito@aa7be27) Bump androidx.test:runner from 1.6.2 to 1.7.0 ([ArcadeData#3697](https://redirect.github.com/mockito/mockito/issues/3697))
* [`c8a698b`](mockito/mockito@c8a698b) Remove unused tests
* [`ea45979`](mockito/mockito@ea45979) Bump errorprone from 2.39.0 to 2.41.0
* [`9c8eb23`](mockito/mockito@9c8eb23) Bump org.junit.platform:junit-platform-launcher from 1.13.3 to 1.13.4 ([ArcadeData#3694](https://redirect.github.com/mockito/mockito/issues/3694))
* [`f05e44d`](mockito/mockito@f05e44d) Bump com.diffplug.spotless:spotless-plugin-gradle from 7.1.0 to 7.2.1 ([ArcadeData#3693](https://redirect.github.com/mockito/mockito/issues/3693))
* [`9d32dfe`](mockito/mockito@9d32dfe) Bump junit-jupiter from 5.13.3 to 5.13.4 ([ArcadeData#3691](https://redirect.github.com/mockito/mockito/issues/3691))
* Additional commits viewable in [compare view](mockito/mockito@v5.18.0...v5.19.0)
  
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=org.mockito:mockito-core&package-manager=maven&previous-version=5.18.0&new-version=5.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
tae898 pushed a commit to humemai/arcadedb-embedded-python that referenced this pull request Jun 28, 2026
… 2.63.0 to 2.63.1 [skip ci]

Bumps [com.google.api.grpc:proto-google-common-protos](https://github.com/googleapis/sdk-platform-java) from 2.63.0 to 2.63.1.
Changelog

*Sourced from [com.google.api.grpc:proto-google-common-protos's changelog](https://github.com/googleapis/sdk-platform-java/blob/main/CHANGELOG.md).*

> Changelog
> =========
>
> [2.64.1](googleapis/sdk-platform-java@v2.64.0...v2.64.1) (2025-11-07)
> ------------------------------------------------------------------------------------------------
>
> ### Dependencies
>
> * bump opentelemetry.version to 1.52.0 ([ArcadeData#3979](https://redirect.github.com/googleapis/sdk-platform-java/issues/3979)) ([764778c](googleapis/sdk-platform-java@764778c))
>
> [2.64.0](googleapis/sdk-platform-java@v2.63.0...v2.64.0) (2025-10-31)
> ------------------------------------------------------------------------------------------------
>
> ### Features
>
> * [common-protos] Add `Carousel` widget ([1e4a7e5](googleapis/sdk-platform-java@1e4a7e5))
> * **librariangen:** add generate package ([ArcadeData#3952](https://redirect.github.com/googleapis/sdk-platform-java/issues/3952)) ([2f6c75d](googleapis/sdk-platform-java@2f6c75d))
> * **librariangen:** generate grpc stubs and resource helpers ([ArcadeData#3967](https://redirect.github.com/googleapis/sdk-platform-java/issues/3967)) ([452d703](googleapis/sdk-platform-java@452d703))
>
> ### Dependencies
>
> * Bump grpc-java to v1.76.0 ([ArcadeData#3942](https://redirect.github.com/googleapis/sdk-platform-java/issues/3942)) ([ffb557c](googleapis/sdk-platform-java@ffb557c))


Commits

* [`4aaea1e`](googleapis/sdk-platform-java@4aaea1e) chore(main): release 2.55.1 ([ArcadeData#3695](https://redirect.github.com/googleapis/sdk-platform-java/issues/3695))
* [`2725744`](googleapis/sdk-platform-java@2725744) deps: revert "deps: update arrow.version to v18.2.0" ([ArcadeData#3694](https://redirect.github.com/googleapis/sdk-platform-java/issues/3694))
* [`3d06ab7`](googleapis/sdk-platform-java@3d06ab7) chore(main): release 2.55.1-SNAPSHOT ([ArcadeData#3692](https://redirect.github.com/googleapis/sdk-platform-java/issues/3692))
* [`a38020a`](googleapis/sdk-platform-java@a38020a) chore(main): release 2.55.0 ([ArcadeData#3669](https://redirect.github.com/googleapis/sdk-platform-java/issues/3669))
* [`8fd7b62`](googleapis/sdk-platform-java@8fd7b62) build(deps): update dependency com.google.cloud:google-cloud-shared-config to...
* [`2562a7d`](googleapis/sdk-platform-java@2562a7d) chore: update googleapis commit at Thu Feb 27 02:27:38 UTC 2025 ([ArcadeData#3666](https://redirect.github.com/googleapis/sdk-platform-java/issues/3666))
* [`542d98d`](googleapis/sdk-platform-java@542d98d) chore: add aliases to generate command options. ([ArcadeData#3689](https://redirect.github.com/googleapis/sdk-platform-java/issues/3689))
* [`5192426`](googleapis/sdk-platform-java@5192426) chore: add java 8 compatibility check ([ArcadeData#3688](https://redirect.github.com/googleapis/sdk-platform-java/issues/3688))
* [`25d3101`](googleapis/sdk-platform-java@25d3101) chore: fix logback-classic version for testing ([ArcadeData#3686](https://redirect.github.com/googleapis/sdk-platform-java/issues/3686))
* [`0932605`](googleapis/sdk-platform-java@0932605) test: Reduce the LRO timeout value in Showcase tests ([ArcadeData#3684](https://redirect.github.com/googleapis/sdk-platform-java/issues/3684))
* Additional commits viewable in [compare view](googleapis/sdk-platform-java@v2.63.0...gax/v2.63.1)
  
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=com.google.api.grpc:proto-google-common-protos&package-manager=maven&previous-version=2.63.0&new-version=2.63.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
tae898 pushed a commit to humemai/arcadedb-embedded-python that referenced this pull request Jun 28, 2026
tae898 pushed a commit to humemai/arcadedb-embedded-python that referenced this pull request Jun 28, 2026
Bumps [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) from 8.20.0 to 8.21.0.
Changelog

*Sourced from [pg's changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md).*

> pg@8.21.0
> ---------
>
> * Handle [SASL SCRAM](https://redirect.github.com/brianc/node-postgres/pull/3521) server error responses properly.
> * Add support for [node@26](https://redirect.github.com/brianc/node-postgres/pull/3667).
> * Add `scramMaxIterations` [config option](https://redirect.github.com/brianc/node-postgres/pull/3677).
> * Add `client.getTransactionStatus()` [method](https://redirect.github.com/brianc/node-postgres/pull/3645).


Commits

* [`544b1ce`](brianc/node-postgres@544b1ce) Publish
* [`cc03fa5`](brianc/node-postgres@cc03fa5) Add scramMaxIterations option to limit SCRAM iteration count ([ArcadeData#3677](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3677))
* [`f776327`](brianc/node-postgres@f776327) Remove compatibility code for unsupported versions of Node (<16) ([ArcadeData#3678](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3678))
* [`f252870`](brianc/node-postgres@f252870) cleanup: pg utils ([ArcadeData#3675](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3675))
* [`c8da6ab`](brianc/node-postgres@c8da6ab) Assorted test cleanup ([ArcadeData#3673](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3673))
* [`fa47e73`](brianc/node-postgres@fa47e73) fix: `Client#end` callback being called multiple times when first is no-op (#...
* [`88a7e60`](brianc/node-postgres@88a7e60) cleanup: Move declaration to more natural place
* [`2095247`](brianc/node-postgres@2095247) cleanup: Combine duplicated code in `Client#query` and avoid unneeded early n...
* [`0ac3edd`](brianc/node-postgres@0ac3edd) fix: apply SASLprep (RFC 4013) to passwords before SCRAM-SHA-256 PBKDF2 ([ArcadeData#3669](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3669))
* [`be880d4`](brianc/node-postgres@be880d4) Assorted test fixes and cleanup ([ArcadeData#3672](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3672))
* Additional commits viewable in [compare view](https://github.com/brianc/node-postgres/commits/pg@8.21.0/packages/pg)
  
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=pg&package-manager=npm\_and\_yarn&previous-version=8.20.0&new-version=8.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@lvca
lvca deleted the fix/3567-http-body-size-413-response branch July 3, 2026 20:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant