Backport of 'Upgrade http and llhttp-ffi'
What does this MR do and why?
This MR upgrades the http gem from 5.1.1 to 5.3.1 and its dependency llhttp-ffi from 0.4.0 to 0.5.1 to fix a bug where all Geo blob replication fails with an HPE_USER Span callback error in on_header_field error on Ubuntu 24.04 instances running kernel 6.17. This only affects Blob replication because the BlobDownloader class uses the http gem.
The bug can be witnessed on https://gitlab.18-10-stable-security-get.env.release.gitlab.net/admin/geo/sites, where looking at the secondary shows failures for blobs like CI Job Artifacts, Merge Requests Diffs, etc.
Gem diffs
http version 5.1.1 --> 5.3.1: https://github.com/httprb/http/compare/v5.1.1...v5.3.1
llhttp-ffi version 0.4.0 --> 0.5.1: https://github.com/bryanp/llhttp/compare/2021-09-09...2025-03-11
References
- Issue: #595139
- Original MR: !229530 (merged)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
- This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch.
- The MR that fixed the bug on the default branch has been deployed to GitLab.com (not applicable for documentation or spec changes).
- The MR title is descriptive (e.g. "Backport of 'title of default branch MR'"). This is important, since the title will be copied to the patch blog post.
- Required labels have been applied to this merge request
- severity label and bug subtype labels (if applicable)
- If this MR fixes a bug that affects customers, the customer label has been applied.
- This MR has been approved by a maintainer (only one approval is required).
- Ensure the
e2e:test-on-omnibus-eejob has succeeded, or if it has failed, investigate the failures. If you determine the failures are unrelated, you may proceed. If you need assistance investigating, reach out to a Software Engineer in Test in #s_developer_experience.
Note to the merge request author and maintainer
If you have questions about the patch release process, please:
- Refer to the patch release runbook for engineers and maintainers for guidance.
- Ask questions on the
#releasesSlack channel (internal only). - Once the backport has been merged, the commit changes will be automatically deployed to a release environment that can be used for manual validation. See after merging runbook for details.