chore(deps): bump utils

[dwisiswant0]

Proposed changes

Checklist

• Pull request is created against the dev branch
• All checks passed (lint, unit/integration/regression tests etc.) with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Summary by CodeRabbit

• Chores
  • Bumped a core dependency to a newer version for improved utility behavior.
• Performance / Memory
  • Optimized protocol buffer allocation and pool management to target a new default buffer size.
• Enhancements
  • Standardized HTTP response handling to use new string/byte accessors, improving logging, storage, and event generation efficiency.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Updated a dependency and replaced buffer-size constants; migrated HTTP response accessors to new Bytes/String variants across storage, logging, event generation, and fuzzing paths. No public API signatures changed.

Changes

Cohort / File(s)	Summary
Dependency Update go.mod	Bumped github.com/projectdiscovery/utils from v0.6.1 to v0.7.1.
Buffer Management Refactor pkg/protocols/common/protocolstate/memguardian.go	Replaced httputil.DefaultBytesBufferAlloc comparisons with httputil.DefaultBufferSize in GlobalGuardBytesBufferAlloc and GlobalRestoreBytesBufferAlloc; updated log messages and delta calculation references.
HTTP Response Accessor Migration pkg/protocols/http/request.go	Replaced legacy accessors with new variants across several flows: Body().Bytes() → BodyBytes(), Body().String() → BodyString(), FullResponse().String() → FullResponseString(), Headers().String() → HeadersString() for project file storage, logging, DSL/event creation, fuzzing stats, and downstream logging.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20–25 minutes

• Review attention points:
  • pkg/protocols/http/request.go: verify all call sites accept the new types (string vs. []byte) and no implicit conversions cause allocations or errors.
  • pkg/protocols/common/protocolstate/memguardian.go: confirm buffer-size math and log messages reflect intended limits.
  • Ensure the dependency bump doesn't introduce transitive changes affecting build or CI.

Poem

🐰 A tiny hop, a version climb,
Bytes trade places, tidy and prime.
Buffers tuned, responses sing,
Rabbit refactors everything—
Code carrots crisp for spring. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'chore(deps): bump utils' is vague and doesn't clearly specify which version the utils dependency was bumped to or capture the full scope of changes made in the PR.	Consider using a more specific title like 'chore(deps): bump utils to v0.7.1' or include additional context about the scope of changes affected by this bump.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a75b7c0 and 6d72217.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• go.mod (1 hunks)
• pkg/protocols/common/protocolstate/memguardian.go (2 hunks)
• pkg/protocols/http/request.go (5 hunks)

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

pkg/protocols/http/request.go (1)

951-955: Consistent use of new ResponseChain String/Bytes accessors; minor reuse opportunity

The refactor to BodyBytes(), FullResponseString(), BodyString(), HeadersString(), and FullResponseBytes() is coherent with the updated utils API and preserves the prior semantics for:

• project file storage (BodyBytes()),
• request stats logging (FullResponseString()),
• DSL map construction (full/body/headers strings),
• debug dumping (FullResponseBytes()), and
• fuzz stats (RawResponse as full response string).

One small optimization you might consider: inside the for respChain.Has() loop, cache fullResp := respChain.FullResponseString() (and, if needed, fullRespBytes := respChain.FullResponseBytes()) once per iteration and reuse it for RequestStatsLog, responseToDSLMap, dumpResponse, and RawResponse, assuming these helpers don’t already cache internally. That would avoid repeated conversions on large responses. Not suggesting any extra documentation for this internal accessor swap. Based on learnings, …

Also applies to: 965-966, 1006-1006, 1069-1070, 1083-1084

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2997735 and a75b7c0.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• go.mod (1 hunks)
• pkg/protocols/common/protocolstate/memguardian.go (2 hunks)
• pkg/protocols/http/request.go (5 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-06-30T16:34:42.125Z

Learnt from: dwisiswant0
Repo: projectdiscovery/nuclei PR: 6290
File: pkg/protocols/http/build_request.go:457-464
Timestamp: 2025-06-30T16:34:42.125Z
Learning: In the projectdiscovery/retryablehttp-go package, the Request struct embeds URL fields directly, making req.Scheme, req.Host, and other URL fields accessible directly on the Request object instead of requiring req.URL.Scheme, req.URL.Host, etc.

Applied to files:

• pkg/protocols/http/request.go

📚 Learning: 2025-06-30T16:33:26.746Z

Learnt from: dwisiswant0
Repo: projectdiscovery/nuclei PR: 6290
File: pkg/fuzz/component/path_test.go:43-44
Timestamp: 2025-06-30T16:33:26.746Z
Learning: The user dwisiswant0 declined adding documentation for internal API changes in pkg/fuzz/component/path when the change was from nested URL field access (rebuilt.URL.Path, rebuilt.URL.String()) to direct field access (rebuilt.Path, rebuilt.String()), indicating they don't consider additional documentation necessary for such internal API modifications.

Applied to files:

• pkg/protocols/http/request.go

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Lint

🔇 Additional comments (2)

go.mod (1)

112-112: Utils dependency bump looks consistent; confirm downstream compatibility

Updating github.com/projectdiscovery/utils to v0.7.1 aligns with the new HTTP helpers used elsewhere in this PR. No issues from the mod file alone; just ensure go.sum is updated and the tree still builds and tests pass against the new utils API.

pkg/protocols/common/protocolstate/memguardian.go (1)

99-103: Switch to DefaultBufferSize keeps guard/restore behavior coherent

Using httputil.DefaultBufferSize for both the low‑memory guard check and the restore delta keeps the pool‑size adjustments symmetric and preserves the “only shrink from the default, then restore back to the default” behavior. Locking and delta math look correct.

Please just confirm that DefaultBufferSize in the updated utils version is the canonical default for GetPoolSize() so the equality checks remain valid.

Also applies to: 115-118

[dwisiswant0]

Superseded by #6629.