1.1.5
(fix): Prevent additional_headers in request options from overriding
SDK-set headers such as Authorization, Content-Type, and SDK
metadata. Headers set by the SDK or the API definition are now
protected (case-insensitively) and silently filtered from
additional_headers.
(fix): Reject HTTP URLs for non-localhost hosts. Requests to http://
URLs now raise ArgumentError unless the host is localhost,
127.0.0.1, or [::1], preventing accidental transmission of
authentication credentials in plaintext.
(fix): Explicitly set verify_mode = OpenSSL::SSL::VERIFY_PEER on
HTTPS connections. This was already the Ruby default but is now
stated in code to satisfy security audits.
