chore(deps): update dependency bandit to v1.6.6

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
bandit (source)	dev	minor	1.5.7 -> 1.6.6

---

Release Notes

mtrudel/bandit (bandit)

v1.6.6

Compare Source

Fixes

• Consider closures during HTTP/1 header reading as a socket error to silence them by default via log_client_closures config flag
• Send connection: close when closing connection on error per RFC9112§9.6

Enhancements

• Add experimental opt-in trace logging to help diagnose hard to reproduce errors
• Move CI to 1.18 & improve tests (#​459, #​461, thanks @​grzuy!)

v1.6.5

Compare Source

Fixes

• Fix regression introduced in 1.6.1 where we would not send headers set by the Plug during WebSocket upgrades (#​458)

Enhancements

• Properly normalize Erlang errors before emitting telemetry and logged crash_reason (#​455, thanks @​grzuy!)

v1.6.4

Compare Source

Fixes

• Fix error in socket setup error handling introduced in 1.6.2 (thanks @​danielspofford!)

v1.6.3

Compare Source

Fixes

• Always close HTTP/1 connection in any case where an error comes out of the plug (#​452, thanks @​zookzook!)
• Fix dialyzer warning introduced by Thousand Island 1.3.9

v1.6.2

Compare Source

Enhancements

• Send telemetry events on Plugs that throw or exit (#​443)
• Improve test robustness & speed (#​446)
• Read a minimal number of bytes when sniffing for protocol (#​449)
• Add plug and websock to logging metadata whenever possible (#​448)
• Add plug and websock to telemetry metadata whenever possible (#​447)
• Silently eat Bandit.TransportError errors during HTTP/1 error fallback handling

Fixes

• Bump hpax to 1.0.2, fixes https://github.com/phoenixframework/phoenix/issues/6020 (thanks @​krainboltgreene!)
• Fix cases where we would desync on pipelined POST requests (#​442)

Changes

• Unwrap Plug.Conn.WrapperErrors raised by Plug and handle the wrapped error per policy
• Surface socket setup errors as Bandit.TransportError for consistency in logging

v1.6.1

Compare Source

Enhancements

• Add deflate support when sending chunked responses (#​429)

Fixes

• Bring in updated HPAX to fix HTTP/2 error cases seen in AWS load balancing
  environments (#​392)
• Improve handle of pipelined HTTP/1.1 requests (#​437)
• Improve error handling when dealing with socket errors (#​433)

Changes

• Use Plug.Call.inform/2 to send websocket upgrades (#​428)

v1.6.0

Compare Source

Enhancements

• Add framework for supporting optimized native code on various hot paths (#​394,
  thanks @​alisinabh!)
• Pass conn and exception data as logger metadata (#​417 & #​420, thanks @​grzuy!)
• Loosen hpax dependency requirements
• Add log_client_closures http option, defaulting to false (#​397, thanks @​goncalotomas!)
• Handle plugs that throw a result (#​411, thanks @​grzuy!)

Fixes

• Improve content-length send logic per RFC9110§8.6/8.7
• Explicitly signal keepalives in HTTP/1.0 requests

Changes

• Fix typo & clarify docs
• Update security policy

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.