chore(deps): bump io.ktor:ktor-client-cio from 3.3.3 to 3.4.1

[dependabot]

Bumps io.ktor:ktor-client-cio from 3.3.3 to 3.4.1.

Release notes

Sourced from io.ktor:ktor-client-cio's releases.

3.4.0

Published 22 January 2026

Features

• KTOR-8316 Support OpenAPI specification for the Ktor Client and Server Application
  • KTOR-9085 Read OpenAPI security details from authentication plugin
  • KTOR-8993 Use runtime-generated spec for OpenAPI / Swagger plugins
  • KTOR-9086 Read OpenAPI default content type information from ContentNegotiation plugin
  • KTOR-8859 Routing documentation compiler plugin
  • KTOR-8936 Routing documentation runtime API
  • KTOR-9087 Generate JSON schema for type references when using Jackson and Gson
• KTOR-7075 Zstd support
• KTOR-9209 Support Jackson 3
• KTOR-9198 Auth/Bearer: Make BearerAuthProvider detect disguised Bearer scheme
• KTOR-8927 Support for respondResource
• KTOR-9162 Auth API key plugin
• KTOR-7882 Support HTTP QUERY method
• KTOR-8195 Partial HTML response
• KTOR-8985 EngineMain: Support reading trust store settings from the configuration
• KTOR-9066 Add duplex streaming for OkHttpClient
• KTOR-8180 Auth: Provide control over tokens to user code
• KTOR-8273 iOS native interop for WebRTC client
• KTOR-8956 DI: Allow file configuration
• KTOR-9157 Support SIGINT on web and SIGTERM on Native

Improvements

• KTOR-8890 Rename target jsAndWasmShared to web
• KTOR-9242 Upgrade to Kotlin 2.3
• KTOR-9243 Update libcurl to 8.18.0
• KTOR-9014 Deprecate DarwinLegacy engine
• KTOR-8931 Test iOS target of the WebRTC Client in Ktor-Chat
• KTOR-9199 Make HttpHeaders strings const
• KTOR-9208 Expose plusIsSpace in parseUrlEncodedParameters
• KTOR-2404 Ktor Oauth2 feature sends 401 response when the client secret is invalid
• KTOR-9097 Java: Use HTTP/2 by default
• KTOR-8740 HTMX: Missing DSL for some attributes
• KTOR-9171 Redesign ByteReadChannel.readUTF8Line API
• KTOR-4219 Make readUTF8LineTo return number of read symbols instead of boolean
• KTOR-6761 Apache5: Simplify configuration of ConnectionManager
• KTOR-9037 Multipart/form-data: Make formData's block inline
• KTOR-9126 Missing function ByteReadChannel.readTo(sink: RawSink, byteCount: Long)
• KTOR-9026 Introduce/reuse interfaces for logging selectors
• KTOR-6766 Deprecate Apache 4 engine
• KTOR-8642 Excessive memory allocations while writing bytes into write channel of TCP/IP socket
• KTOR-9137 ByteReadChannel.readUTF8Line is inefficient for long lines
• KTOR-8657 Remove kotlinx-datetime from ktor-server-default-headers dependencies
• KTOR-8941 Add override DI conflict policy

Bugfixes

... (truncated)

Changelog

Sourced from io.ktor:ktor-client-cio's changelog.

3.4.1

Published 3 March 2026

Improvements

• KTOR-9382 HttpProtocolVersion.parse: fast path for common versions
• KTOR-9381 GMTDate: reduce allocations
• KTOR-8971 Support "operationId" in Kdoc for OpenAPI spec. gen.
• KTOR-9333 WebSockets: Infinite spin and potential OOM vulnerabilities in the Inflater.inflateFully method
• KTOR-5616 Ktor always adds by default an Accept-Charset header
• KTOR-9291 OpenAPI: handle atypical route functions
• KTOR-9293 OpenAPI describe needs defaults
• KTOR-9304 OpenAPI: Order of path parameters is not preserved in the spec
• KTOR-9353 Routing: TailcardSelector missing toString(), which clutters the logs

Bugfixes

• KTOR-9281 OpenApi code inference misses lambda argument bodies
• KTOR-9273 OpenAPI static content path appears in resulting model
• KTOR-9004 OpenAPI: No respective formats detected for serializable types like UUID or Instant
• KTOR-9305 OpenAPI: "No mapping for symbol: VAR FOR_LOOP_VARIABLE" error with codeInferenceEnabled=true
• KTOR-9279 OpenAPI: UnsupportedOperationException for a function with a reified type parameter codeInferenceEnabled = true
• KTOR-9289 OpenAPI: Resource routes are missing inferred and comment-based documentation
• KTOR-9330 OpenAPI: Cannot override kotlinx.serialization module
• KTOR-9320 OpenAPI: jsonSchema() does not unwrap Kotlin value classes (inline classes)
• KTOR-9352 Authentication: Creating JWT verifier fails for JWK with kty=EC and alg=null
• KTOR-9344 Flow invariant error happens after update to Ktor 3.4.0
• KTOR-9362 testApplication: Race condition in timeout coroutine when response is streaming
• KTOR-9274 Curl: Undefined symbol errors when linking on Linux since 3.4.0
• KTOR-8782 NodeJS CIO: "Module 'os' could not be imported" error on resolving WORKING_DIRECTORY_PATH with es2015 target
• KTOR-9348 String.decodeBase64String fails to decode when the input has no padding since 3.4.0
• KTOR-9318 CIO engine rejects valid certificates with unsupported signature algorithms
• KTOR-9331 Curl: Segfaults when working with WebSockets
• KTOR-9334 Coroutines in route handlers are dispatched with Dispatchers.Unconfined since 3.2.0
• KTOR-9339 StreamResetException is not propagated to the caller of StreamRequestBody.writeTo since 3.4.0
• KTOR-9329 HTMX: "on" attributes extension not working
• KTOR-9316 WasmJS bad get and set implementations for Uint8Array and ArrayLike
• KTOR-9272 JSON schema inference does not recognize unsigned types
• KTOR-9211 SendCountExceedException when request is sent twice with maxRetries = 0 since 3.3.2
• KTOR-9285 RateLimit: Milliseconds in the Retry-After header are truncated
• KTOR-7512 JWT: Docs for validate method claim that it's optional, but it isn't
• KTOR-9269 Incorrect dependency declaration in swagger / openapi

3.4.0

Published 22 January 2026

Features

• KTOR-8316 Support OpenAPI specification for the Ktor Client and Server Application
  • KTOR-9085 Read OpenAPI security details from authentication plugin
  • KTOR-8993 Use runtime-generated spec for OpenAPI / Swagger plugins

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud