kjuulh/scel
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

Update Rust crate axum to 0.5.17 - autoclosed #10

Closed
kjuulh wants to merge 1 commits from renovate/axum-0.x into main
pull from: renovate/axum-0.x
merge into: kjuulh:main
Conversation 0 Commits 1 Files Changed 2 +7 -5
kjuulh commented 2022-10-26 10:04:24 +02:00
Owner
Copy Link

This PR contains the following updates:

Package Type Update Change
axum dependencies patch 0.5.6 -> 0.5.17

Release Notes

tokio-rs/axum

v0.5.17

  • fixed: Annotate panicking functions with #[track_caller] so the error
    message points to where the user added the invalid router, rather than
    somewhere internally in axum (#​1248)
  • fixed: Make Multipart extractor work with RequestBodyLimit middleware (#​1379)
  • added: Add DefaultBodyLimit::max for changing the default body limit (#​1397)
  • added: Various documentation improvements

v0.5.16

Security

  • breaking: Added default limit to how much data Bytes::from_request will
    consume. Previously it would attempt to consume the entire request body
    without checking its length. This meant if a malicious peer sent an large (or
    infinite) request body your server might run out of memory and crash.

    The default limit is at 2 MB and can be disabled by adding the new
    DefaultBodyLimit::disable() middleware. See its documentation for more
    details.

    This also applies to these extractors which used Bytes::from_request
    internally:

    • Form
    • Json
    • String

    Thanks to Shachar Menashe for reporting this vulnerability.

    (#​1346)

v0.5.15

Note: This is a re-release of 0.5.14 that fixes an accidental breaking change.

  • fixed: Don't expose internal type names in QueryRejection response. (#​1171)
  • fixed: Improve performance of JSON serialization (#​1178)
  • fixed: Improve build times by generating less IR (#​1192)

v0.5.14

Yanked, as it contained an accidental breaking change.

v0.5.13

  • fixed: If WebSocketUpgrade cannot upgrade the connection it will return a
    WebSocketUpgradeRejection::ConnectionNotUpgradable rejection (#​1135)
  • changed: WebSocketUpgradeRejection has a new variant ConnectionNotUpgradable
    variant (#​1135)

v0.5.12

  • added: Added debug_handler which is an attribute macro that improves
    type errors when applied to handler function. It is re-exported from
    axum-macros (#​1144)

v0.5.11

  • added: Implement TryFrom<http:: Method> for MethodFilter and use new
    NoMatchingMethodFilter error in case of failure (#​1130)
  • added: Document how to run extractors from middleware (#​1140)

v0.5.10

  • fixed: Make Router cheaper to clone (#​1123)
  • fixed: Fix possible panic when doing trailing slash redirect (#​1124)

v0.5.9

  • fixed: Fix compile error when the headers is enabled and the form
    feature is disabled (#​1107)

v0.5.8

  • added: Support resolving host name via Forwarded header in Host
    extractor (#​1078)
  • added: Implement IntoResponse for Form (#​1095)
  • change: axum's MSRV is now 1.56 (#​1098)

v0.5.7

  • added: Implement Default for Extension (#​1043)
  • fixed: Support deserializing Vec<(String, String)> in extract::Path<_> to get vector of
    key/value pairs (#​1059)
  • added: Add extract::ws::close_code which contains constants for close codes (#​1067)
  • fixed: Use impl IntoResponse less in docs (#​1049)

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [axum](https://github.com/tokio-rs/axum) | dependencies | patch | `0.5.6` -> `0.5.17` | --- ### Release Notes <details> <summary>tokio-rs/axum</summary> ### [`v0.5.17`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.17) - **fixed:** Annotate panicking functions with `#[track_caller]` so the error message points to where the user added the invalid router, rather than somewhere internally in axum ([#&#8203;1248]) - **fixed:** Make `Multipart` extractor work with `RequestBodyLimit` middleware ([#&#8203;1379]) - **added:** Add `DefaultBodyLimit::max` for changing the default body limit ([#&#8203;1397]) - **added:** Various documentation improvements [#&#8203;1248]: https://github.com/tokio-rs/axum/pull/1248 [#&#8203;1379]: https://github.com/tokio-rs/axum/pull/1379 [#&#8203;1397]: https://github.com/tokio-rs/axum/pull/1397 ### [`v0.5.16`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.16) #### Security - **breaking:** Added default limit to how much data `Bytes::from_request` will consume. Previously it would attempt to consume the entire request body without checking its length. This meant if a malicious peer sent an large (or infinite) request body your server might run out of memory and crash. The default limit is at 2 MB and can be disabled by adding the new `DefaultBodyLimit::disable()` middleware. See its documentation for more details. This also applies to these extractors which used `Bytes::from_request` internally: - `Form` - `Json` - `String` Thanks to Shachar Menashe for reporting this vulnerability. ([#&#8203;1346]) [#&#8203;1346]: https://github.com/tokio-rs/axum/pull/1346 ### [`v0.5.15`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.15) Note: This is a re-release of 0.5.14 that fixes an accidental breaking change. - **fixed:** Don't expose internal type names in `QueryRejection` response. ([#&#8203;1171]) - **fixed:** Improve performance of JSON serialization ([#&#8203;1178]) - **fixed:** Improve build times by generating less IR ([#&#8203;1192]) [#&#8203;1171]: https://github.com/tokio-rs/axum/pull/1171 [#&#8203;1178]: https://github.com/tokio-rs/axum/pull/1178 [#&#8203;1192]: https://github.com/tokio-rs/axum/pull/1192 ### [`v0.5.14`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.14) Yanked, as it contained an accidental breaking change. ### [`v0.5.13`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.13) - **fixed:** If `WebSocketUpgrade` cannot upgrade the connection it will return a `WebSocketUpgradeRejection::ConnectionNotUpgradable` rejection ([#&#8203;1135]) - **changed:** `WebSocketUpgradeRejection` has a new variant `ConnectionNotUpgradable` variant ([#&#8203;1135]) [#&#8203;1135]: https://github.com/tokio-rs/axum/pull/1135 ### [`v0.5.12`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.12) - **added:** Added `debug_handler` which is an attribute macro that improves type errors when applied to handler function. It is re-exported from `axum-macros` ([#&#8203;1144]) [#&#8203;1144]: https://github.com/tokio-rs/axum/pull/1144 ### [`v0.5.11`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.11) - **added:** Implement `TryFrom<http:: Method>` for `MethodFilter` and use new `NoMatchingMethodFilter` error in case of failure ([#&#8203;1130]) - **added:** Document how to run extractors from middleware ([#&#8203;1140]) [#&#8203;1130]: https://github.com/tokio-rs/axum/pull/1130 [#&#8203;1140]: https://github.com/tokio-rs/axum/pull/1140 ### [`v0.5.10`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.10) - **fixed:** Make `Router` cheaper to clone ([#&#8203;1123]) - **fixed:** Fix possible panic when doing trailing slash redirect ([#&#8203;1124]) [#&#8203;1123]: https://github.com/tokio-rs/axum/pull/1123 [#&#8203;1124]: https://github.com/tokio-rs/axum/pull/1124 ### [`v0.5.9`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.9) - **fixed:** Fix compile error when the `headers` is enabled and the `form` feature is disabled ([#&#8203;1107]) [#&#8203;1107]: https://github.com/tokio-rs/axum/pull/1107 ### [`v0.5.8`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.8) - **added:** Support resolving host name via `Forwarded` header in `Host` extractor ([#&#8203;1078]) - **added:** Implement `IntoResponse` for `Form` ([#&#8203;1095]) - **change:** axum's MSRV is now 1.56 ([#&#8203;1098]) [#&#8203;1078]: https://github.com/tokio-rs/axum/pull/1078 [#&#8203;1095]: https://github.com/tokio-rs/axum/pull/1095 [#&#8203;1098]: https://github.com/tokio-rs/axum/pull/1098 ### [`v0.5.7`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.7) - **added:** Implement `Default` for `Extension` ([#&#8203;1043]) - **fixed:** Support deserializing `Vec<(String, String)>` in `extract::Path<_>` to get vector of key/value pairs ([#&#8203;1059]) - **added:** Add `extract::ws::close_code` which contains constants for close codes ([#&#8203;1067]) - **fixed:** Use `impl IntoResponse` less in docs ([#&#8203;1049]) [#&#8203;1043]: https://github.com/tokio-rs/axum/pull/1043 [#&#8203;1049]: https://github.com/tokio-rs/axum/pull/1049 [#&#8203;1059]: https://github.com/tokio-rs/axum/pull/1059 [#&#8203;1067]: https://github.com/tokio-rs/axum/pull/1067 </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
kjuulh added 1 commit 2022-10-26 10:04:24 +02:00
kjuulh changed title from Update Rust crate axum to 0.5.17 to Update Rust crate axum to 0.5.17 - autoclosed 2022-10-27 08:31:00 +02:00
kjuulh closed this pull request 2022-10-27 08:31:00 +02:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: kjuulh/scel#10
No description provided.
Delete Branch "renovate/axum-0.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?