Re-vendor Mint with larger default HTTP/2 receive windows

Absorbs two new upstream Mint commits on top of the existing vendored
stack:

  * `Raise default HTTP/2 receive windows` — bumps Mint's defaults from
    the spec-mandated 64 KB to 4 MB per stream and 16 MB per connection.
    At typical RTTs (10-150 ms) 64 KB caps throughput far below link
    speed; 4/16 MB unlocks ~40 MB/s transcontinental and stream < conn
    lets ~4 parallel streams run at full rate before the conn pool binds.

  * `Batch HTTP/2 receive-window refills` — gates `WINDOW_UPDATE` on a
    configurable threshold (`:receive_window_update_threshold`, default
    160_000, ~10× the default max frame size) instead of refilling on
    every DATA frame. Mitigates the amplification-DoS shape where a
    malicious server sends many tiny DATA frames to force many
    WINDOW_UPDATE responses.

On the hex side this means the explicit window tuning that the previous
re-vendor added to `Conn.do_connect` (setting `client_settings:
[initial_window_size: 8_000_000]` and calling `set_window_size(conn,
:connection, 8_000_000)`) is now redundant — Mint's 4/16 MB defaults
already cover hex's bulk-tarball workload. Drop the tuning block and the
`maybe_bump_connection_window/1` helper; `do_connect` now just sets
`protocols: [:http1, :http2]` and lets Mint's defaults handle the rest.

Also:
  * Exclude the vendored `lib/hex/mint/**` tree from `.formatter.exs` so
    `mix format --check-formatted` doesn't fight upstream formatting
    every re-vendor.
  * Format drift in `lib/hex/http.ex` and `lib/hex/http/pool.ex` that the
    vendored formatter exclusion surfaced.
  * Update `scripts/vendor_mint.sh` comment block to list the new
    larger-default-windows branch alongside the other pending upstream
    items.

Author: ericmj

.formatter.exs

@@ -1,8 +1,5 @@
 [
-  inputs: [
-    "*.exs",
-    "config/*.exs",
-    "lib/**/*.ex",
-    "test/**/*.{ex,exs}"
-  ]
+  inputs:
+    ["*.exs", "config/*.exs", "test/**/*.{ex,exs}"] ++
+      (Path.wildcard("lib/**/*.ex") -- Path.wildcard("lib/hex/mint/**/*.ex"))
 ]

lib/hex/http/pool.ex

@@ -62,8 +62,7 @@ defmodule Hex.HTTP.Pool do
   defp inet_variant(connect_opts) do
     transport_opts = Keyword.get(connect_opts, :transport_opts, [])
 
-    case {Keyword.get(transport_opts, :inet4, true),
-          Keyword.get(transport_opts, :inet6, false)} do
+    case {Keyword.get(transport_opts, :inet4, true), Keyword.get(transport_opts, :inet6, false)} do
       {true, false} -> :inet
       {false, true} -> :inet6
       _ -> :default

lib/hex/http/pool/conn.ex

@@ -45,7 +45,10 @@ defmodule Hex.HTTP.Pool.Conn do
   def handle_continue(:connect, state), do: do_connect(state)
 
   @impl true
-  def handle_cast({:request, from, method, path, headers, {:stream, fun, offset}}, %{ready: true} = state) do
+  def handle_cast(
+        {:request, from, method, path, headers, {:stream, fun, offset}},
+        %{ready: true} = state
+      ) do
     case MintHTTP.request(state.conn, method, path, headers, :stream) do
       {:ok, conn, ref} ->
         case stream_body(conn, ref, fun, offset) do
@@ -140,65 +143,35 @@ defmodule Hex.HTTP.Pool.Conn do
 
   ## Connect / reconnect
 
-  @receive_window_size 8_000_000
-
   defp do_connect(%{key: {scheme, host, port, _inet}, connect_opts: opts} = state) do
-    # Negotiate HTTP/2 via ALPN when the server supports it; fall back to
-    # HTTP/1. Benchmarked against real hex.pm + repo.hex.pm — with the HTTP/2
-    # window bumps applied below, both protocols are equivalent on
-    # `mix deps.get` wall time, and HTTP/2 uses slightly less CPU (fewer
-    # TLS handshakes).
-    opts =
-      Keyword.merge(
-        [
-          protocols: [:http1, :http2],
-          # Per-stream initial window (SETTINGS). The connection-level window
-          # is bumped via set_window_size/3 immediately below.
-          client_settings: [initial_window_size: @receive_window_size]
-        ],
-        opts
-      )
+    # Negotiate HTTP/2 via ALPN when the server supports it; fall back to HTTP/1.
+    # Both protocols are equivalent on `mix deps.get` wall time and HTTP/2 uses
+    # slightly less CPU (fewer TLS handshakes). Mint's default HTTP/2 receive
+    # windows (4 MB per stream, 16 MB per connection) are already tuned for bulk
+    # downloads, so no extra tuning is needed here.
+    opts = Keyword.merge([protocols: [:http1, :http2]], opts)
 
     case MintHTTP.connect(scheme, host, port, opts) do
       {:ok, conn} ->
-        case maybe_bump_connection_window(conn) do
-          {:ok, conn} ->
-            protocol = MintHTTP.protocol(conn)
-            capacity = compute_capacity(conn, protocol)
-            GenServer.cast(state.host_pid, {:conn_ready, self(), protocol, capacity})
-
-            {:noreply,
-             %{
-               state
-               | conn: conn,
-                 protocol: protocol,
-                 capacity: capacity,
-                 ready: true,
-                 backoff_ms: 0
-             }}
-
-          {:error, _conn, reason} ->
-            schedule_reconnect(reason, %{state | conn: nil, ready: false})
-        end
+        protocol = MintHTTP.protocol(conn)
+        capacity = compute_capacity(conn, protocol)
+        GenServer.cast(state.host_pid, {:conn_ready, self(), protocol, capacity})
+
+        {:noreply,
+         %{
+           state
+           | conn: conn,
+             protocol: protocol,
+             capacity: capacity,
+             ready: true,
+             backoff_ms: 0
+         }}
 
       {:error, reason} ->
         schedule_reconnect(reason, %{state | conn: nil, ready: false})
     end
   end
 
-  # HTTP/2 default per-connection receive window is 64 KB (RFC 7540 §5.2.2),
-  # not tunable via SETTINGS. Hex tarballs are routinely multi-MB and we run
-  # them in parallel sharing one HTTP/2 connection, so without bumping this
-  # the server pauses every ~64 KB waiting for a `WINDOW_UPDATE` round-trip.
-  # HTTP/1 has no concept of a receive window so this is a no-op there —
-  # `set_window_size/3` is only on `Hex.Mint.HTTP2`.
-  defp maybe_bump_connection_window(conn) do
-    case MintHTTP.protocol(conn) do
-      :http2 -> Hex.Mint.HTTP2.set_window_size(conn, :connection, @receive_window_size)
-      :http1 -> {:ok, conn}
-    end
-  end
-
   defp close_and_reconnect(state) do
     if state.conn, do: safe_close(state.conn)
     schedule_reconnect(:closed, %{state | conn: nil, ready: false})

lib/hex/mint/core/conn.ex

@@ -1,4 +1,4 @@
-# Vendored from mint v1.7.1 (74471c9), do not edit manually
+# Vendored from mint v1.7.1 (d30d2cf), do not edit manually
 
 defmodule Hex.Mint.Core.Conn do
   @moduledoc false

lib/hex/mint/core/headers.ex

@@ -1,4 +1,4 @@
-# Vendored from mint v1.7.1 (74471c9), do not edit manually
+# Vendored from mint v1.7.1 (d30d2cf), do not edit manually
 
 defmodule Hex.Mint.Core.Headers do
   @moduledoc false

lib/hex/mint/core/transport.ex

@@ -1,4 +1,4 @@
-# Vendored from mint v1.7.1 (74471c9), do not edit manually
+# Vendored from mint v1.7.1 (d30d2cf), do not edit manually
 
 defmodule Hex.Mint.Core.Transport do
   @moduledoc false

lib/hex/mint/core/transport/ssl.ex

@@ -1,4 +1,4 @@
-# Vendored from mint v1.7.1 (74471c9), do not edit manually
+# Vendored from mint v1.7.1 (d30d2cf), do not edit manually
 
 defmodule Hex.Mint.Core.Transport.SSL do
   @moduledoc false
@@ -603,18 +603,14 @@ defmodule Hex.Mint.Core.Transport.SSL do
   end
 
   defp get_cacertfile(path) do
-    if Application.get_env(:mint, :persistent_term) do
-      case :persistent_term.get({:hex_mint, {:cacertfile, path}}, :error) do
-        {:ok, cacerts} ->
-          cacerts
-
-        :error ->
-          cacerts = decode_cacertfile(path)
-          :persistent_term.put({:hex_mint, {:cacertfile, path}}, {:ok, cacerts})
-          cacerts
-      end
-    else
-      decode_cacertfile(path)
+    case :persistent_term.get({:hex_mint, {:cacertfile, path}}, :error) do
+      {:ok, cacerts} ->
+        cacerts
+
+      :error ->
+        cacerts = decode_cacertfile(path)
+        :persistent_term.put({:hex_mint, {:cacertfile, path}}, {:ok, cacerts})
+        cacerts
     end
   end
 

lib/hex/mint/core/transport/tcp.ex

@@ -1,4 +1,4 @@
-# Vendored from mint v1.7.1 (74471c9), do not edit manually
+# Vendored from mint v1.7.1 (d30d2cf), do not edit manually
 
 defmodule Hex.Mint.Core.Transport.TCP do
   @moduledoc false

lib/hex/mint/core/util.ex

@@ -1,4 +1,4 @@
-# Vendored from mint v1.7.1 (74471c9), do not edit manually
+# Vendored from mint v1.7.1 (d30d2cf), do not edit manually
 
 defmodule Hex.Mint.Core.Util do
   @moduledoc false

lib/hex/mint/http.ex

@@ -1,4 +1,4 @@
-# Vendored from mint v1.7.1 (74471c9), do not edit manually
+# Vendored from mint v1.7.1 (d30d2cf), do not edit manually
 
 defmodule Hex.Mint.HTTP do
   _ = """
@@ -240,6 +240,17 @@ defmodule Hex.Mint.HTTP do
       server. See `Hex.Mint.HTTP2.put_settings/2` for more information. This is only used
       in HTTP/2 connections.
 
+    * `:connection_window_size` - (integer) the initial size of the connection-level
+      HTTP/2 receive window, in bytes. Sent to the server as a `WINDOW_UPDATE` frame
+      on stream 0 as part of the connection preface. Defaults to 16 MB. Can be
+      raised later with `Hex.Mint.HTTP2.set_window_size/3`.
+
+    * `:receive_window_update_threshold` - (integer) the minimum number of bytes of receive
+      window that must remain on a connection or stream before a `WINDOW_UPDATE`
+      frame is sent to refill it. Lower values send more frequent, smaller updates;
+      higher values batch updates into fewer, larger ones. Defaults to 160_000
+      (approximately 10× the default max frame size).
+
   There may be further protocol specific options that only take effect when the corresponding
   connection is established. Check `Hex.Mint.HTTP1.connect/4` and `Hex.Mint.HTTP2.connect/4` for
   details.