Skip to content

Commit 2dc8a4c

Browse files
committed
chore: update STATE.md with manual actions log and resolved issues
1 parent dcc8516 commit 2dc8a4c

1 file changed

Lines changed: 30 additions & 65 deletions

File tree

STATE.md

Lines changed: 30 additions & 65 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,7 @@ All loops read from here and write back after execution. State is external, not
66
## Dependency Upgrade Loop
77

88
### Run History
9-
(first run pending)
10-
11-
### Pending
12-
- [ ] First run: scan all upgradable dependencies
9+
(first run pending — cron installed, will run at 02:00 daily)
1310

1411
### Last Run
1512
- Date: N/A
@@ -20,10 +17,7 @@ All loops read from here and write back after execution. State is external, not
2017
## CI Fix Loop
2118

2219
### Run History
23-
(first run pending)
24-
25-
### Pending Human Action
26-
(none)
20+
(first run pending — cron installed, will run at 03:00 daily)
2721

2822
### Last Run
2923
- Date: N/A
@@ -34,7 +28,7 @@ All loops read from here and write back after execution. State is external, not
3428
## Issue Triage Loop
3529

3630
### Run History
37-
(first run pending)
31+
(first run pending — cron installed, will run at 04:00 daily)
3832

3933
### Last Run
4034
- Date: N/A
@@ -45,7 +39,7 @@ All loops read from here and write back after execution. State is external, not
4539
## PR Review Loop
4640

4741
### Run History
48-
(first run pending)
42+
(first run pending — cron installed, will run at 05:00 daily)
4943

5044
### Last Run
5145
- Date: N/A
@@ -58,67 +52,38 @@ All loops read from here and write back after execution. State is external, not
5852
### Current Baselines
5953
- Go stdlib net/http: 2024-09-10 (ad6ee2)
6054
- golang.org/x/net/http2: 2024-09-06 (3c333c)
61-
- quic-go: v0.57.1
55+
- quic-go: v0.59.0
56+
- utls: v1.8.2
6257

6358
### Run History
64-
(first run pending)
59+
(first run pending — cron installed, will run at 01:00 daily)
6560

6661
### Last Run
6762
- Date: N/A
6863
- Result: not run
6964

7065
---
7166

72-
## Issue Analysis Snapshot (manual, 2026-06-27)
73-
74-
### Priority — Needs Immediate Action
75-
76-
| # | Title | Type | Notes |
77-
|---|------|------|------|
78-
| #482 | Adapt to quic-go v0.59.0 (ConnectionTracingID removed) | **modified-code sync·urgent** | quic-go v0.59.0 removed `ConnectionTracingID`/`ConnectionTracingKey`, breaks compilation. PR #485 exists, **review cautiously** — contributor may not understand modified-code implications. Affects `internal/http3/transport.go`, `client.go`, `conn.go`. Cannot merge directly |
79-
| #489 | Security: custom auth header leak on cross-domain redirect | **security·high** | `SetCommonHeader` auth headers (X-API-Key etc.) not stripped on cross-domain redirect. CWE-200, CVSS 7.4. Root cause: `middleware.go:528-540`, `client.go:334` |
80-
| #485 | PR: upgrade quic-go to v0.59.0 | **PR review·caution** | Corresponds to #482. 260+/124- lines. Removes deprecated API, replaces hijacker callbacks with RawClientConn, fixes SupportsDatagrams check. **Must manually verify modified-code compatibility** |
81-
82-
### quic-go Related (Caution Required)
83-
84-
| # | Title | Notes |
85-
|---|------|------|
86-
| #460 | Suggest using x/net quic instead of quic-go | Author replied: switch when stdlib matures. Long-term tracking |
87-
| #457 | HTTP/3 AddConn and RoundTrip race | `internal/http3/transport.go` `t.newClientConn` init race, panic under high concurrency. Has repro stacktrace and fix suggestion |
88-
| #372 | Does http3 support SetTLSFingerprint? | Feature question, involves HTTP/3 + TLS fingerprint |
89-
90-
### Bug/Performance
91-
92-
| # | Title | Notes |
93-
|---|------|------|
94-
| #495 | dialConn memory overusage | Unlimited connection pool, suggest MaxConnsPerHost default |
95-
| #433 | Large file upload buffers entire file in memory | `middleware.go:122-123` multipart CreatePart triggers full buffering, 670MB file uses 1.7GB |
96-
| #397 | concurrent map read and map write | `middleware.go:537` parseRequestHeader concurrent read/write of client headers map |
97-
| #436 | Retry limit reached but no error returned | Unexpected behavior |
98-
| #419 | Keep-alive long connection SetTimeout incorrectly disconnects | |
99-
| #416 | ParallelDownload does not close output file | |
100-
| #376 | HTTP/2 frequent errors | 9 comments, may involve modified `internal/http2/` |
101-
102-
### Feature Requests
103-
104-
| # | Title | Notes |
105-
|---|------|------|
106-
| #475 | Read retryOption in middleware | |
107-
| #473 | Socks4 proxy support | |
108-
| #459/#454 | utls fingerprint update to 133 / Chrome133, Firefox133/135 | utls version upgrade |
109-
| #431 | jsonrpc2 support | |
110-
| #425 | zstd content encoding support | |
111-
| #406 | Response body size limit | |
112-
| #404 | Generate cURL debug code | |
113-
| #394 | GraphQL request support | |
114-
| #369 | SSE (Server-Sent Events) support | |
115-
116-
### Pending PR Review (non-quic-go)
117-
118-
| PR | Title | Notes |
119-
|----|------|------|
120-
| #491 | fix: retry on GOAWAY errors (HTTP/2 cached conn) | Involves modified HTTP/2, verify |
121-
| #486 | fix: SetCookieJarFactory return http.CookieJar | Corresponds to #415 |
122-
| #478/#477 | JA3 support / ClientHelloSpec setting | TLS fingerprint related |
123-
| #472 | chrome headers accept add application/json | Corresponds to #471, small change |
124-
| #465 | Unmarshal should check error by status-code |
67+
## Manual Actions Log (2026-06-27)
68+
69+
### Resolved
70+
- #482: quic-go v0.59.0 ported (commit 8b018a5, 29f0e6d)
71+
- #489: SensitiveHeadersRedirectPolicy added (commit b144240)
72+
- #471/#472: Chrome accept header add application/json (commit 1e34ab9)
73+
- #415/#486: SetCookieJarFactory returns http.CookieJar (commit d702aad)
74+
- #491: GOAWAY retry on cached HTTP/2 connections (commit 5754208)
75+
- #459: utls upgraded to v1.8.2 security update (commit dcc8516)
76+
- PR #485 closed (superseded by 8b018a5)
77+
- PR #472 closed (merged as 1e34ab9)
78+
- PR #486 closed (merged as d702aad)
79+
- PR #491 closed (merged as 5754208)
80+
81+
### Still Open
82+
- PR #478/#477: JA3 / ClientHelloSpec support — needs careful review, TLS fingerprint changes
83+
- PR #465: Unmarshal status-code check — needs review
84+
- #495: dialConn memory overusage — consider default MaxConnsPerHost
85+
- #433: Large file upload memory buffering — middleware.go fix needed
86+
- #397: concurrent map read/write in parseRequestHeader — needs locking
87+
- #457: HTTP/3 AddConn/RoundTrip race condition
88+
- #376: HTTP/2 frequent errors (9 comments)
89+
- 50 open issues total, mostly feature requests and usage questions

0 commit comments

Comments
 (0)