chore(deps): update rust dependencies#27
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
8af4aa7 to
08d8075
Compare
08d8075 to
48ee73b
Compare
48ee73b to
78841a8
Compare
78841a8 to
df8dbc9
Compare
df8dbc9 to
544db2c
Compare
544db2c to
f4968d4
Compare
f4968d4 to
f160eb6
Compare
f160eb6 to
54bb8a5
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.0.102→1.0.1030.15.23→0.15.252.3.1→2.4.00.10.1→0.10.28.11.0→8.12.00.6→0.71.23.3→1.23.5Release Notes
dtolnay/anyhow (anyhow)
v1.0.103Compare Source
Error::downcast_mut(#451, #452)rust-cli/config-rs (config)
v0.15.25Compare Source
Fixes
u64, and not justi64v0.15.24Compare Source
Fixes
u64, and not justi64feed-rs/feed-rs (feed-rs)
v2.4.0Compare Source
What's Changed
Motivated by RUSTSEC-2026-0194 and RUSTSEC-2026-0195, this release upgrades quick-xml and other dependencies.
It also bumps the MSRV to 1.96.1 per freedesktop-sdk's dependencies.
Thanks to @gebruder for raising the issue and @adam-symbolica for the fix.
Full Changelog: feed-rs/feed-rs@v2.3.1...v2.4.0
rust-random/rand (rand)
v0.10.2Compare Source
Fixes
UniformCharfrom bad source (#1790)Changes
partial_shuffleand apply#[must_use](#1769)unsafein contexts where non-local memory corruption could invalidate contract (#1791)tower-rs/tower-http (tower-http)
v0.7.0Compare Source
Changes since 0.6.11
Added
csrf: add cross-site request forgery (CSRF) protection middleware, porting the cross-origin protection scheme introduced in Go 1.25 (#699)timeout: addDeadlineBodyfor non-resetting body timeouts, applied via the newRequestBodyDeadlineLayerandResponseBodyDeadlineLayer(#688)Unlike
TimeoutBody, which resets its deadline on every frame,DeadlineBodycaps the total time of a body transfer. A slow client trickling one byte at a time never trips an idle timeout but will trip a deadline.fs: add strongETagsupport toServeDir, includingIf-MatchandIf-None-Matchprecondition handling per RFC 9110.304 Not Modifiedresponses now carry theETagandLast-Modifiedvalidators (#691)fs: add aBackendtrait to makeServeDirwork with non-filesystem sources (e.g. embedded assets or object storage). The defaultTokioBackendpreserves existing behavior. UseServeDir::with_backend()to plug in custom implementations (#684)fs: addhtml_as_default_extensionoption toServeDir, appending.htmlwhen the request path has no extension (#519)fs: addredirect_path_prefixoption toServeDir, prepending a prefix on trailing-slash redirects so the service can be mounted under a sub-path (#486)validate-request: addValidateRequestHeaderLayer::has_header_value()to reject requests when a header does not have an expected value (#360)body:UnsyncBoxBody::new()constructor andFrom<ServeFileSystemResponseBody>conversion to avoid double-boxing when combiningServeDirresponses with other body types (#537)limit: implementDefaultforlimit::ResponseBodywhen the wrapped body also implementsDefault(#679)Changed
breaking:
compression: the middleware now handles the*wildcard andidentity;q=0in Accept-Encoding per RFC 9110 §12.5.3. Requests that previously fell back to identity (e.g.*;q=0oridentity;q=0with no other acceptable encoding) now receive a 406 Not Acceptable response. Clients that explicitly reject all encodings without listing an alternative will see different behavior. (#693)breaking:
compression: upgrade theSizeAbovepredicate threshold fromu16tou64, allowing minimum sizes above 64 KiB (#704)breaking: remove the implicit no-op
tokioandasync-compressionfeatures. These were kept as no-op features in 0.6.x for backwards compatibility after the switch todep:syntax in #642. Downstream crates that activatetower-http/tokioortower http/async-compressionshould remove those feature entries; the underlying dependencies are still pulled in transitively by the features that need them (e.g.compression-gzip,fs,timeout). (#628)breaking:
trace/classify: include the gRPC error message in tracing output.GrpcCodeandGrpcFailureClassare now#[non_exhaustive], andGrpcStatusis exported from theclassifymodule (#422)breaking:
follow-redirect:FollowRedirectnow forwards requestExtensionsto redirected requests instead of dropping them. TheStandardpolicy drops extensions on cross-origin redirections (same-origin keeps them). Opt out withFollowRedirectLayer::preserve_extensions(false); keep specific types withFilterCredentials::allow_extension::<T>()or all of them withkeep_all_extensions(). (#706)breaking:
follow-redirect: header and extension filtering is now cumulative. A value a policy drops on one hop is no longer replayed on later hops, soFilterCredentialsno longer re-sendsCookie/Authorizationto a same-origin target reached after cross-origin hop. CustomPolicy::on_requestimpls now see the previous hop's filtered request, not the original. (#706)trace:DefaultOnRequest,DefaultOnResponse,DefaultOnFailure, andDefaultOnEosnow explicitly parent their tracing events to the request span rather than relying on the ambient span context. This fixes intermittent cases where events could appear without their request span attached (#690)cors: relax theVaryheader defaults (#674)MSRV bumped from 1.64 to 1.65 (#684)
Fixed
fs:ServeDirandServeFilenow emit aVary: Accept-Encodingresponseheader when precompressed serving is configured, ensuring caches correctly
distinguish between compressed and uncompressed variants (#692)
services: reject a trailing slash for file paths. File requests with a trailing slash now return404 Not Foundinstead of serving the file (#678)fs: fixServeDirstripping the file extension when serving with identity encoding (#686)compression: forward trailers from the inner body after compression finishes, fixing dropped gRPC status trailers (#685)trace: fireon_eoswhen the inner body reportsis_end_streamwith a precise content-length (#687)on-early-drop: suppress the early-drop guard whenis_end_streamis reported after a data frame (#687)set-header: makeSetMultipleRequestHeadersandSetMultipleResponseHeadersClonefor non-CloneHTTP bodies (#703)Thanks
New Contributors
uuid-rs/uuid (uuid)
v1.23.5Compare Source
What's Changed
New Contributors
Full Changelog: uuid-rs/uuid@v1.23.4...v1.23.5
v1.23.4Compare Source
What's Changed
New Contributors
Full Changelog: uuid-rs/uuid@v1.23.3...v1.23.4
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.