kjuulh/cibus-backend
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

fix(deps): update rust crate axum to 0.5.17 - autoclosed #5

Closed
kjuulh wants to merge 1 commits from renovate/axum-0.x into main
pull from: renovate/axum-0.x
merge into: kjuulh:main
Conversation 0 Commits 1 Files Changed 2 +7 -5
kjuulh commented 2022-10-26 08:37:25 +02:00
Owner
Copy Link

This PR contains the following updates:

Package Type Update Change
axum dependencies patch 0.5.13 -> 0.5.17

Release Notes

tokio-rs/axum

v0.5.17

Compare Source

  • fixed: Annotate panicking functions with #[track_caller] so the error
    message points to where the user added the invalid router, rather than
    somewhere internally in axum (#​1248)
  • fixed: Make Multipart extractor work with RequestBodyLimit middleware (#​1379)
  • added: Add DefaultBodyLimit::max for changing the default body limit (#​1397)
  • added: Various documentation improvements

v0.5.16

Compare Source

Security

  • breaking: Added default limit to how much data Bytes::from_request will
    consume. Previously it would attempt to consume the entire request body
    without checking its length. This meant if a malicious peer sent an large (or
    infinite) request body your server might run out of memory and crash.

    The default limit is at 2 MB and can be disabled by adding the new
    DefaultBodyLimit::disable() middleware. See its documentation for more
    details.

    This also applies to these extractors which used Bytes::from_request
    internally:

    • Form
    • Json
    • String

    Thanks to Shachar Menashe for reporting this vulnerability.

    (#​1346)

v0.5.15

Compare Source

Note: This is a re-release of 0.5.14 that fixes an accidental breaking change.

  • fixed: Don't expose internal type names in QueryRejection response. (#​1171)
  • fixed: Improve performance of JSON serialization (#​1178)
  • fixed: Improve build times by generating less IR (#​1192)

v0.5.14

Compare Source

Yanked, as it contained an accidental breaking change.

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled due to failing status checks.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [axum](https://github.com/tokio-rs/axum) | dependencies | patch | `0.5.13` -> `0.5.17` | --- ### Release Notes <details> <summary>tokio-rs/axum</summary> ### [`v0.5.17`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.17) [Compare Source](https://github.com/tokio-rs/axum/compare/axum-v0.5.16...axum-v0.5.17) - **fixed:** Annotate panicking functions with `#[track_caller]` so the error message points to where the user added the invalid router, rather than somewhere internally in axum ([#&#8203;1248]) - **fixed:** Make `Multipart` extractor work with `RequestBodyLimit` middleware ([#&#8203;1379]) - **added:** Add `DefaultBodyLimit::max` for changing the default body limit ([#&#8203;1397]) - **added:** Various documentation improvements [#&#8203;1248]: https://github.com/tokio-rs/axum/pull/1248 [#&#8203;1379]: https://github.com/tokio-rs/axum/pull/1379 [#&#8203;1397]: https://github.com/tokio-rs/axum/pull/1397 ### [`v0.5.16`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.16) [Compare Source](https://github.com/tokio-rs/axum/compare/axum-v0.5.15...axum-v0.5.16) #### Security - **breaking:** Added default limit to how much data `Bytes::from_request` will consume. Previously it would attempt to consume the entire request body without checking its length. This meant if a malicious peer sent an large (or infinite) request body your server might run out of memory and crash. The default limit is at 2 MB and can be disabled by adding the new `DefaultBodyLimit::disable()` middleware. See its documentation for more details. This also applies to these extractors which used `Bytes::from_request` internally: - `Form` - `Json` - `String` Thanks to Shachar Menashe for reporting this vulnerability. ([#&#8203;1346]) [#&#8203;1346]: https://github.com/tokio-rs/axum/pull/1346 ### [`v0.5.15`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.15) [Compare Source](https://github.com/tokio-rs/axum/compare/axum-v0.5.14...axum-v0.5.15) Note: This is a re-release of 0.5.14 that fixes an accidental breaking change. - **fixed:** Don't expose internal type names in `QueryRejection` response. ([#&#8203;1171]) - **fixed:** Improve performance of JSON serialization ([#&#8203;1178]) - **fixed:** Improve build times by generating less IR ([#&#8203;1192]) [#&#8203;1171]: https://github.com/tokio-rs/axum/pull/1171 [#&#8203;1178]: https://github.com/tokio-rs/axum/pull/1178 [#&#8203;1192]: https://github.com/tokio-rs/axum/pull/1192 ### [`v0.5.14`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.14) [Compare Source](https://github.com/tokio-rs/axum/compare/axum-v0.5.13...axum-v0.5.14) Yanked, as it contained an accidental breaking change. </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled due to failing status checks. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
kjuulh added 1 commit 2022-10-26 08:37:26 +02:00
fix(deps): update rust crate axum to 0.5.17
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
e97a397cef
kjuulh changed title from fix(deps): update rust crate axum to 0.5.17 to fix(deps): update rust crate axum to 0.5.17 - autoclosed 2022-10-26 18:00:33 +02:00
kjuulh closed this pull request 2022-10-26 18:00:33 +02:00
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: kjuulh/cibus-backend#5
No description provided.
Delete Branch "renovate/axum-0.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?