build(deps): bump the http group with 13 updates

[dependabot]

Bumps the http group with 13 updates:

Package	From	To
axum	0.7.7	0.7.9
hyper	0.14.31	1.5.0
hyper-util	0.1.9	0.1.10
tower-http	0.5.2	0.6.2
tower	0.3.1	0.5.1
reqwest	0.12.8	0.12.9
axum-extra	0.9.4	0.9.6
rustls-cng	0.5.1	0.6.0
native-tls	0.2.12	0.2.13
rustls	0.23.15	0.23.22
rustls-native-certs	0.8.0	0.8.1
openssl-probe	0.1.5	0.1.6
openssl	0.10.68	0.10.70

Updates axum from 0.7.7 to 0.7.9

Release notes

Sourced from axum's releases.

axum - v0.7.9

• fixed: Avoid setting content-length before middleware (#3031)

#3031:tokio-rs/axum#3031

axum - v0.7.8

• fixed: Skip SSE incompatible chars of serde_json::RawValue in Event::json_data (#2992)
• added: Add method_not_allowed_fallback to set a fallback when a path matches but there is no handler for the given HTTP method (#2903)
• added: Add MethodFilter::CONNECT, routing::connect[_service] and MethodRouter::connect[_service] (#2961)
• added: Add NoContent as a self-described shortcut for StatusCode::NO_CONTENT (#2978)

#2903: tokio-rs/axum#2903 #2961: tokio-rs/axum#2961 #2978: tokio-rs/axum#2978 #2992: tokio-rs/axum#2992

Commits

• 9983bc1 Bump versions
• a8ce6fa axum-extra: Add links to features table (#3030)
• ce3d429 fix: Avoid setting content-length before middleware (#3031)
• 893bb75 CI: allow pin-project-lite in public dependencies (#3020)
• feee742 Bump versions
• da45802 Some documentation fixes (#3027)
• 8bc326c Improve docs regarding state and extensions (#2991)
• b30cdcf Remove unneeded macro usage (#2995)
• 1858043 fix(sse): skip sse incompatible chars of serde_json::RawValue (#2992)
• 43814c1 Fix TSR redirecting to top-level inside nested Router (#2993)
• Additional commits viewable in compare view

Updates hyper from 0.14.31 to 1.5.0

Release notes

Sourced from hyper's releases.

v1.5.0

Features

• client: Add HTTP/2 builder options header_table_size() and max_concurrent_streams() (4c84e8c1)
• rt: add ReadBufCursor methods remaining() and put_slice() (#3700) (5a13041e)

Bug Fixes

• http1:
  • improve performance of parsing sequentially partial messages (#3764) (3900a23)
  • send 'connection: close' when connection is ending (#3725) (c86a6bcb, closes #3720)
  • make date_header effective (#3718) (7de02373)
• http2: strip content-length header in response to CONNECT requests (#3748) (67a4a498)

New Contributors

• @​yinheli made their first contribution in hyperium/hyper#3712
• @​yhx-12243 made their first contribution in hyperium/hyper#3718
• @​friendlyping made their first contribution in hyperium/hyper#3739
• @​WhyNotHugo made their first contribution in hyperium/hyper#3742
• @​fasterthanlime made their first contribution in hyperium/hyper#3745
• @​hongmengning made their first contribution in hyperium/hyper#3753
• @​n1haldev made their first contribution in hyperium/hyper#3702

Thanks!

• @​nox
• @​seanmonstar
• @​tottoto
• @​0x676e67
• @​SabrinaJewson
• @​dndx

Full Changelog: hyperium/hyper@v1.4.1...v1.5.0

v1.4.1

Bug Fixes

• http1: reject final chunked if missing 0 (8e5de1bb)

v1.4.0

Bug Fixes

• http2: stop removing "Trailer" header in HTTP/2 responses as per RFC 9110 (#3648) (a3269f7a)
• server: start header read timeout immediately (#3185) (0eb1b6cf)

Features

• client:

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.5.0 (2024-10-15)

Bug Fixes

• http1:
  • improve performance of parsing sequentially partial messages (#3764) (3900a23)
  • send 'connection: close' when connection is ending (#3725) (c86a6bcb, closes #3720)
  • make date_header effective (#3718) (7de02373)
• http2: strip content-length header in response to CONNECT requests (#3748) (67a4a498)

Features

• client: Add HTTP/2 builder options header_table_size() and max_concurrent_streams() (4c84e8c1)
• rt: add ReadBufCursor methods remaining() and put_slice() (#3700) (5a13041e)

v1.4.1 (2024-07-09)

Bug Fixes

• http1: reject final chunked if missing 0 (8e5de1bb)

v1.4.0 (2024-07-01)

Bug Fixes

• http2: stop removing "Trailer" header in HTTP/2 responses as per RFC 9110 (#3648) (a3269f7a)
• server: start header read timeout immediately (#3185) (0eb1b6cf)

Features

• client:
  • add SendRequest::try_send_request() method (#3691) (4ffaad53)
  • remove Send +Sync bounds requirement of http2::Connection executor (#3682) (56c3cd56)
  • remove 'static lifetime bound on http1/2 client IO (#3667) (9580b357)
• http1: add support for receiving trailer fields (#3637) (ac84af6b, closes #2703)
• server: add Builder::auto_date_header(bool) to allow disabling Date headers (721785ef)
• service: implement Service for reference types (#3607) (eade122d)

v1.3.1 (2024-04-16)

Bug Fixes

... (truncated)

Commits

• c68d424 v1.5.0
• 3900a23 perf(http1): improve parsing of sequentially partial messages
• c86a6bc fix(http1): send 'connection: close' when connection is ending (#3725)
• 4c4de90 docs(rt): Link to Read and Write traits from Upgraded doc comment (#3761)
• bb51c81 docs(examples): add HTTP/2 server example (#3702)
• e3e707e chore(typo): fix typo (#3713)
• 945c142 chore(rt): delete the unnessary symbol in the comments (#3753)
• e844616 chore(ci): use tokio-util 0.7.11 in msrv job (#3754)
• 67a4a49 fix(http2): strip content-length header in response to CONNECT requests (#3748)
• b990031 docs(changelog): typo Must not => Must now (#3745)
• Additional commits viewable in compare view

Updates hyper-util from 0.1.9 to 0.1.10

Release notes

Sourced from hyper-util's releases.

v0.1.10

What's Changed

• Add http2_max_header_list_size(num) option to legacy client builder.
• Add set_tcp_user_timeout(dur) option to legacy HttpConnector.

New Contributors

• @​guillaumebort made their first contribution in hyperium/hyper-util#152
• @​DSharifi made their first contribution in hyperium/hyper-util#154
• @​gretchenfrage made their first contribution in hyperium/hyper-util#155

Full Changelog: hyperium/hyper-util@v0.1.9...v0.1.10

Changelog

Sourced from hyper-util's changelog.

0.1.10 (2024-10-28)

• Add http2_max_header_list_size(num) option to legacy client builder.
• Add set_tcp_user_timeout(dur) option to legacy HttpConnector.

Commits

• a636037 v0.1.10
• 05b13f4 chore: Fix test warning (#155)
• 30f38c8 feat(client): Expose http2::builder::max_header_list_size in the client bui...
• aa90ce5 refactor: allow resolve span to be disabled (#153)
• 4dda024 feat(client): Add a new config to set TCP_USER_TIMEOUT (#152)
• See full diff in compare view

Updates tower-http from 0.5.2 to 0.6.2

Release notes

Sourced from tower-http's releases.

tower-http-0.6.2

Changed:

• CompressionBody<B> now propagates B's size hint in its http_body::Body implementation, if compression is disabled (#531)
  • this allows a content-length to be included in an HTTP message with this body for those cases

#531: tower-rs/tower-http#531

New Contributors

• @​musicinmybrain made their first contribution in tower-rs/tower-http#524
• @​SabrinaJewson made their first contribution in tower-rs/tower-http#531

Full Changelog: tower-rs/tower-http@tower-http-0.6.1...tower-http-0.6.2

v0.6.1

Fixed

• decompression: reuse scratch buffer to significantly reduce allocations and improve performance (#521)

#521: tower-rs/tower-http#521

New Contributors

• @​magurotuna made their first contribution in tower-rs/tower-http#521

v0.6.0

Changed:

• body module is disabled except for catch-panic, decompression-*, fs, or limit features (BREAKING) (#477)
• Update to tower 0.5 (#503)

Fixed

• fs: Precompression of static files now supports files without a file extension (#507)

#477: tower-rs/tower-http#477 #503: tower-rs/tower-http#503 #507: tower-rs/tower-http#507

Commits

• 3789c0c v0.6.2
• d1e4731 Set size_hint for identity compession bodies
• 66dd321 Update brotli dev-dependency from 6 to 7 (#524)
• 4bca529 v0.6.1
• 9fdf0eb (de)compression: reduce memory allocation to improve performance (#521)
• aeca262 Release tower-http v0.6.0 (#518)
• 95e28bf fs: Fix serving precompressed files without an extension (#507)
• c999623 Fix -Zminimal-versions build (#514)
• e526894 Rename default_features to default-features (#513)
• 0138f9e Fix CI (#517)
• Additional commits viewable in compare view

Updates tower from 0.3.1 to 0.5.1

Release notes

Sourced from tower's releases.

tower 0.5.1

• Fix minimum version of tower-layer dependency (#787)

#787: tower-rs/tower#787

tower 0.5.0

Fixed

• util: BoxService is now Sync (#702)

Changed

• util: Removed deprecated ServiceExt::ready_and method and ReadyAnd future (#652)
• retry: Breaking Change retry::Policy::retry now accepts &mut Req and &mut Res instead of the previous mutable versions. This increases the flexibility of the retry policy. To update, update your method signature to include mut for both parameters. (#584)
• retry: Breaking Change Change Policy to accept &mut self (#681)
• retry: Add generic backoff utilities (#685)
• retry: Add Budget trait. This allows end-users to implement their own budget and bucket implementations. (#703)
• reconnect: Breaking Change Remove unused generic parameter from Reconnect::new (#755)
• ready-cache: Allow iteration over ready services (#700)
• discover: Implement Clone for Change (#701)
• util: Add a BoxCloneServiceLayer (#708)
• rng: use a simpler random 2-sampler (#716)
• filter: Derive Clone for AsyncFilterLayer (#731)
• general: Update IndexMap (#741)
• MSRV: Increase MSRV to 1.63.0 (#741)

#702: tower-rs/tower#702 #652: tower-rs/tower#652 #584: tower-rs/tower#584 #681: tower-rs/tower#681 #685: tower-rs/tower#685 #703: tower-rs/tower#703 #755: tower-rs/tower#755 #700: tower-rs/tower#700 #701: tower-rs/tower#701 #708: tower-rs/tower#708 #716: tower-rs/tower#716 #731: tower-rs/tower#731 #741: tower-rs/tower#741

tower 0.4.13

Added

• load_shed: Public constructor for Overloaded error (#661)

Fixed

• util: Fix hang with call_all when the Stream of requests is pending

... (truncated)

Commits

• 7155101 Prepare release of v0.5.1 (#791)
• b2c48b4 Bump dependency on tower-layer (#787)
• fec9e55 tower-layer: drop versions from dev dependencies (#782)
• 646804d chore: prepare to release tower-0.5.0, tower-layer-0.3.3, tower-service-0.3.3...
• 7202cfe chore: fix a few typos (#780)
• 85080a5 use workspace dependencies for tower (#778)
• 88a7d3e fix warnings found when running check/doc commands (#779)
• a6e98a7 chore: update GitHub Actions CI (#740)
• 74e925d chore: fix spelling errors (#775)
• 89ac74f feat: Make new functions const when possible (#760)
• Additional commits viewable in compare view

Updates reqwest from 0.12.8 to 0.12.9

Release notes

Sourced from reqwest's releases.

v0.12.9

What's Changed

• Add tls::CertificateRevocationLists support (by @​ksenia-vazhdaeva in seanmonstar/reqwest#2433)
• Add crate features to enable webpki roots without selecting a rustls provider (by @​stevefan1999-personal in seanmonstar/reqwest#2447)
• Fix multipart::Part::file() to automatically include content-length (by @​Mr-Pine in seanmonstar/reqwest#2459)
• Fix proxy to internally no longer cache system proxy settings (by @​lanyeeee in seanmonstar/reqwest#2442)
• Fix connection_verbose() to output read logs (by @​seanmonstar in seanmonstar/reqwest#2454)

New Contributors

• @​lanyeeee made their first contribution in seanmonstar/reqwest#2442
• @​ksenia-vazhdaeva made their first contribution in seanmonstar/reqwest#2433
• @​Mr-Pine made their first contribution in seanmonstar/reqwest#2459
• @​stevefan1999-personal made their first contribution in seanmonstar/reqwest#2447

Full Changelog: seanmonstar/reqwest@v0.12.8...v0.12.9

Changelog

Sourced from reqwest's changelog.

v0.12.9

• Add tls::CertificateRevocationLists support.
• Add crate features to enable webpki roots without selecting a rustls provider.
• Fix connection_verbose() to output read logs.
• Fix multipart::Part::file() to automatically include content-length.
• Fix proxy to internally no longer cache system proxy settings.

Commits

• 797df2b v0.12.9
• 64aa7d1 add webpki roots option for rustls no provider setup (#2447)
• 598f857 Add content length to async_impl::multipart file streams (#2459)
• d99e90d fix: re-enable verbose connection read logs (#2454)
• aba01ff feat: Add support for Certificate Revocation Lists (#2433)
• 3ad6e02 refactor: remove internal proxy sys cache (#2442)
• See full diff in compare view

Updates axum-extra from 0.9.4 to 0.9.6

Release notes

Sourced from axum-extra's releases.

axum-extra - v0.9.6

• docs: Add links to features table (#3030)

#3030: tokio-rs/axum#3030

axum-extra - v0.9.5

• added: Add RouterExt::typed_connect (#2961)
• added: Add json! for easy construction of JSON responses (#2962)

#2961: tokio-rs/axum#2961 #2962: tokio-rs/axum#2962

Commits

• 9983bc1 Bump versions
• a8ce6fa axum-extra: Add links to features table (#3030)
• ce3d429 fix: Avoid setting content-length before middleware (#3031)
• 893bb75 CI: allow pin-project-lite in public dependencies (#3020)
• feee742 Bump versions
• da45802 Some documentation fixes (#3027)
• 8bc326c Improve docs regarding state and extensions (#2991)
• b30cdcf Remove unneeded macro usage (#2995)
• 1858043 fix(sse): skip sse incompatible chars of serde_json::RawValue (#2992)
• 43814c1 Fix TSR redirecting to top-level inside nested Router (#2993)
• Additional commits viewable in compare view

Updates rustls-cng from 0.5.1 to 0.6.0

Commits

• c96b7fa Removed unused early-data feature
• 0ae70b2 Added support for silent flag
• c377b43 address comments
• 5c3a9fb cargo fmt change
• 24a8398 modify as_chain_der()
• 0a6098b revert back as_chain_der() parameter change
• c54087a added local machine and no-root supprot for as_chain_der()
• 130765e cargo fmt change
• a5a3544 use BCryptHash in hash()
• 6dd8cd7 added sha256 support
• Additional commits viewable in compare view

Updates native-tls from 0.2.12 to 0.2.13

Release notes

Sourced from native-tls's releases.

v0.2.13

What's Changed

• chore: Bump openssl and openssl-sys by @​rkrishn7 in sfackler/rust-native-tls#304
• Stop using deprecated openssl-probe APIs by @​sfackler in sfackler/rust-native-tls#316

New Contributors

• @​rkrishn7 made their first contribution in sfackler/rust-native-tls#304

Full Changelog: sfackler/rust-native-tls@v0.2.12...v0.2.13

Changelog

Sourced from native-tls's changelog.

Change Log

[Unreleased]

Commits

• e861c7c Release v0.2.13
• 55aff8e Merge pull request #316 from sfackler/verify-locations
• 4a88faf use released version
• a35127a Stop using deprecated openssl-probe APIs
• a0e6f18 Merge pull request #304 from rkrishn7/master
• 989116e Merge pull request #1 from rkrishn7/chore/bump-openssl-req
• 2424bc5 chore: Bump openssl and openssl-sys
• See full diff in compare view

Updates rustls from 0.23.15 to 0.23.22

Commits

• 784b873 Further defend ChunkVecBuffer::prefix_used invariant
• 200d566 Re-privatize ChunkVecBuffer::consume() and defend misuse
• a5d8a6b Detect ChunkVecBuffer::consume larger than length
• d978e2f chore(deps): update rust crate x509-parser to 0.17
• 43c2336 Detect illegal HRR if X25519 offered as secondary kx
• 2551558 Increase accuracy of when to include second keyshare
• 50d1acd Add X25519MLKEM768 to features documentation
• bf663b6 Move crypto::aws_lc_rs::pq docs into manual
• e883143 Bump rustls 0.23.22, rustls-post-quantum 0.2.2
• c7a86de Add post-quantum key exchange algorithm to defaults
• Additional commits viewable in compare view

Updates rustls-native-certs from 0.8.0 to 0.8.1

Release notes

Sourced from rustls-native-certs's releases.

0.8.1

We are bumping the MSRV to 1.71 across the rustls project to accomodate newer Rust features and dependencies.

What's Changed

• fix load_native_certs() error return, fix smoke tests by @​cpu in rustls/rustls-native-certs#132
• Clarify environment path handling code by @​djc in rustls/rustls-native-certs#134
• Rework README to point users to rustls-platform-verifier by @​djc in rustls/rustls-native-certs#141
• Use PEM decoding from rustls-pki-types directly by @​djc in rustls/rustls-native-certs#145
• Update dependencies & bump MSRV by @​djc in rustls/rustls-native-certs#152

Commits

• 7331138 build(deps): bump schannel in the crates-io group across 1 directory
• 7afbcda Bump version to 0.8.1
• 72217dc Upgrade to security-framework 3
• 6b453de Update semver-compatible dependencies
• c7a3395 Remove old release history from README
• 13df7ca Bump MSRV to 1.71
• 3147a4f build(deps): bump rustls from 0.23.15 to 0.23.16 in the crates-io group
• c407a37 build(deps): bump rustls from 0.23.14 to 0.23.15 in the crates-io group
• 79dc22e Use PEM decoding from rustls-pki-types directly
• c44c331 Tweak Display impl for Error
• Additional commits viewable in compare view

Updates openssl-probe from 0.1.5 to 0.1.6

Commits

• 4221247 Merge pull request #35 from alexcrichton/bump
• 433e5a0 Bump to 0.1.6
• a0e4ef7 Merge pull request #34 from alexcrichton/expose-cert-iterator
• 28428e5 Go ahead and publish &Path iterator function
• 3cef693 Merge pull request #33 from alexcrichton/add-unsafe-functions
• 9e937c0 Hide old functions from docs
• 3ea7c1a Deprecate env-var-writing functions
• a9a9f3e Merge pull request #32 from alexcrichton/modernize
• 87b3910 Add some basic CI and metadata
• 5b4b622 Merge pull request #31 from ctz/master
• Additional commits viewable in compare view

Updates openssl from 0.10.68 to 0.10.70

Release notes

Sourced from openssl's releases.

openssl v0.10.70

What's Changed

• Attempt to fix CI by pinning to the Ubuntu 22.04 image by @​alex in sfackler/rust-openssl#2357
• Remove EC_METHOD and EC_GROUP_new for LibreSSL 4.1 by @​botovq in sfackler/rust-openssl#2356
• Test against 3.4.0 final release by @​alex in sfackler/rust-openssl#2359
• Expose SslMethod::{dtls_client,dtls_server} by @​alex in sfackler/rust-openssl#2358
• Fix lifetimes in ssl::select_next_proto by @​sfackler in sfackler/rust-openssl#2360

Full Changelog: sfackler/rust-openssl@openssl-v0.10.69...openssl-v0.10.70

openssl v0.10.69

What's Changed

• build(deps): Update openssl-macro to version 0.1.1 by @​caspermeijn in sfackler/rust-openssl#2324
• Enable set_alpn_select_callback for BoringSSL by @​ViktoriiaKovalova in sfackler/rust-openssl#2327
• Switch the test to use prime256v1 based key by @​dcermak in sfackler/rust-openssl#2330
• Expose EVP_DigestSqueeze from Hasher by @​initsecret in sfackler/rust-openssl#2275
• Expose SSL_CTX_load_verify_locations by @​sfackler in sfackler/rust-openssl#2353

New Contributors

• @​caspermeijn made their first contribution in sfackler/rust-openssl#2324
• @​ViktoriiaKovalova made their first contribution in sfackler/rust-openssl#2327

Full Changelog: sfackler/rust-openssl@openssl-v0.10.68...openssl-v0.10.69

Commits

• a4d399b Release openssl v0.10.70
• c9a33e2 Release openssl-sys v0.9.105
• f014afb Merge pull request #2360 from sfackler/fix-alpn-lifetimes
• 8e6e30b Fix lifetimes in ssl::select_next_proto
• 1aff280 Merge pull request #2358 from alex/expose-dlts
• 16ca5b2 Merge pull request #2359 from sfackler/alex-patch-1
• 4c9fbb0 Test against 3.4.0 final release
• 5ecb31d Update openssl/src/ssl/mod.rs
• 4830f5b Expose SslMethod::{dtls_client,dtls_server}
• bab03c4 Merge pull request #2356 from botovq/rm-ec-method
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml