Update Rust crate axum to 0.5.17 - autoclosed #10

Closed

kjuulh wants to merge 1 commits from renovate/axum-0.x into main

pull from: renovate/axum-0.x

merge into: kjuulh:main

Conversation 0 Commits 1 Files Changed 2 +7 -5

kjuulh commented 2022-10-26 10:04:24 +02:00

Owner

Copy Link

This PR contains the following updates:

Package	Type	Update	Change
axum	dependencies	patch	0.5.6 -> 0.5.17

---

Release Notes

tokio-rs/axum

v0.5.17

• fixed: Annotate panicking functions with #[track_caller] so the error
  message points to where the user added the invalid router, rather than
  somewhere internally in axum (#​1248)
• fixed: Make Multipart extractor work with RequestBodyLimit middleware (#​1379)
• added: Add DefaultBodyLimit::max for changing the default body limit (#​1397)
• added: Various documentation improvements

v0.5.16

Security

• breaking: Added default limit to how much data Bytes::from_request will
  consume. Previously it would attempt to consume the entire request body
  without checking its length. This meant if a malicious peer sent an large (or
  infinite) request body your server might run out of memory and crash.

  The default limit is at 2 MB and can be disabled by adding the new
  DefaultBodyLimit::disable() middleware. See its documentation for more
  details.

  This also applies to these extractors which used Bytes::from_request
  internally:

  • Form
  • Json
  • String

  Thanks to Shachar Menashe for reporting this vulnerability.

  (#​1346)

v0.5.15

Note: This is a re-release of 0.5.14 that fixes an accidental breaking change.

• fixed: Don't expose internal type names in QueryRejection response. (#​1171)
• fixed: Improve performance of JSON serialization (#​1178)
• fixed: Improve build times by generating less IR (#​1192)

v0.5.14

Yanked, as it contained an accidental breaking change.

v0.5.13

• fixed: If WebSocketUpgrade cannot upgrade the connection it will return a
  WebSocketUpgradeRejection::ConnectionNotUpgradable rejection (#​1135)
• changed: WebSocketUpgradeRejection has a new variant ConnectionNotUpgradable
  variant (#​1135)

v0.5.12

• added: Added debug_handler which is an attribute macro that improves
  type errors when applied to handler function. It is re-exported from
  axum-macros (#​1144)

v0.5.11

• added: Implement TryFrom<http:: Method> for MethodFilter and use new
  NoMatchingMethodFilter error in case of failure (#​1130)
• added: Document how to run extractors from middleware (#​1140)

v0.5.10

• fixed: Make Router cheaper to clone (#​1123)
• fixed: Fix possible panic when doing trailing slash redirect (#​1124)

v0.5.9

• fixed: Fix compile error when the headers is enabled and the form
  feature is disabled (#​1107)

v0.5.8

• added: Support resolving host name via Forwarded header in Host
  extractor (#​1078)
• added: Implement IntoResponse for Form (#​1095)
• change: axum's MSRV is now 1.56 (#​1098)

v0.5.7

• added: Implement Default for Extension (#​1043)
• fixed: Support deserializing Vec<(String, String)> in extract::Path<_> to get vector of
  key/value pairs (#​1059)
• added: Add extract::ws::close_code which contains constants for close codes (#​1067)
• fixed: Use impl IntoResponse less in docs (#​1049)

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [axum](https://github.com/tokio-rs/axum) | dependencies | patch | `0.5.6` -> `0.5.17` | --- ### Release Notes <details> <summary>tokio-rs/axum</summary> ### [`v0.5.17`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.17) - **fixed:** Annotate panicking functions with `#[track_caller]` so the error message points to where the user added the invalid router, rather than somewhere internally in axum ([#&#8203;1248]) - **fixed:** Make `Multipart` extractor work with `RequestBodyLimit` middleware ([#&#8203;1379]) - **added:** Add `DefaultBodyLimit::max` for changing the default body limit ([#&#8203;1397]) - **added:** Various documentation improvements [#&#8203;1248]: https://github.com/tokio-rs/axum/pull/1248 [#&#8203;1379]: https://github.com/tokio-rs/axum/pull/1379 [#&#8203;1397]: https://github.com/tokio-rs/axum/pull/1397 ### [`v0.5.16`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.16) #### Security - **breaking:** Added default limit to how much data `Bytes::from_request` will consume. Previously it would attempt to consume the entire request body without checking its length. This meant if a malicious peer sent an large (or infinite) request body your server might run out of memory and crash. The default limit is at 2 MB and can be disabled by adding the new `DefaultBodyLimit::disable()` middleware. See its documentation for more details. This also applies to these extractors which used `Bytes::from_request` internally: - `Form` - `Json` - `String` Thanks to Shachar Menashe for reporting this vulnerability. ([#&#8203;1346]) [#&#8203;1346]: https://github.com/tokio-rs/axum/pull/1346 ### [`v0.5.15`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.15) Note: This is a re-release of 0.5.14 that fixes an accidental breaking change. - **fixed:** Don't expose internal type names in `QueryRejection` response. ([#&#8203;1171]) - **fixed:** Improve performance of JSON serialization ([#&#8203;1178]) - **fixed:** Improve build times by generating less IR ([#&#8203;1192]) [#&#8203;1171]: https://github.com/tokio-rs/axum/pull/1171 [#&#8203;1178]: https://github.com/tokio-rs/axum/pull/1178 [#&#8203;1192]: https://github.com/tokio-rs/axum/pull/1192 ### [`v0.5.14`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.14) Yanked, as it contained an accidental breaking change. ### [`v0.5.13`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.13) - **fixed:** If `WebSocketUpgrade` cannot upgrade the connection it will return a `WebSocketUpgradeRejection::ConnectionNotUpgradable` rejection ([#&#8203;1135]) - **changed:** `WebSocketUpgradeRejection` has a new variant `ConnectionNotUpgradable` variant ([#&#8203;1135]) [#&#8203;1135]: https://github.com/tokio-rs/axum/pull/1135 ### [`v0.5.12`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.12) - **added:** Added `debug_handler` which is an attribute macro that improves type errors when applied to handler function. It is re-exported from `axum-macros` ([#&#8203;1144]) [#&#8203;1144]: https://github.com/tokio-rs/axum/pull/1144 ### [`v0.5.11`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.11) - **added:** Implement `TryFrom<http:: Method>` for `MethodFilter` and use new `NoMatchingMethodFilter` error in case of failure ([#&#8203;1130]) - **added:** Document how to run extractors from middleware ([#&#8203;1140]) [#&#8203;1130]: https://github.com/tokio-rs/axum/pull/1130 [#&#8203;1140]: https://github.com/tokio-rs/axum/pull/1140 ### [`v0.5.10`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.10) - **fixed:** Make `Router` cheaper to clone ([#&#8203;1123]) - **fixed:** Fix possible panic when doing trailing slash redirect ([#&#8203;1124]) [#&#8203;1123]: https://github.com/tokio-rs/axum/pull/1123 [#&#8203;1124]: https://github.com/tokio-rs/axum/pull/1124 ### [`v0.5.9`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.9) - **fixed:** Fix compile error when the `headers` is enabled and the `form` feature is disabled ([#&#8203;1107]) [#&#8203;1107]: https://github.com/tokio-rs/axum/pull/1107 ### [`v0.5.8`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.8) - **added:** Support resolving host name via `Forwarded` header in `Host` extractor ([#&#8203;1078]) - **added:** Implement `IntoResponse` for `Form` ([#&#8203;1095]) - **change:** axum's MSRV is now 1.56 ([#&#8203;1098]) [#&#8203;1078]: https://github.com/tokio-rs/axum/pull/1078 [#&#8203;1095]: https://github.com/tokio-rs/axum/pull/1095 [#&#8203;1098]: https://github.com/tokio-rs/axum/pull/1098 ### [`v0.5.7`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.5.7) - **added:** Implement `Default` for `Extension` ([#&#8203;1043]) - **fixed:** Support deserializing `Vec<(String, String)>` in `extract::Path<_>` to get vector of key/value pairs ([#&#8203;1059]) - **added:** Add `extract::ws::close_code` which contains constants for close codes ([#&#8203;1067]) - **fixed:** Use `impl IntoResponse` less in docs ([#&#8203;1049]) [#&#8203;1043]: https://github.com/tokio-rs/axum/pull/1043 [#&#8203;1049]: https://github.com/tokio-rs/axum/pull/1049 [#&#8203;1059]: https://github.com/tokio-rs/axum/pull/1059 [#&#8203;1067]: https://github.com/tokio-rs/axum/pull/1067 </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

kjuulh added 1 commit 2022-10-26 10:04:24 +02:00

Update Rust crate axum to 0.5.17 5717ee4c11

kjuulh changed title from Update Rust crate axum to 0.5.17 to Update Rust crate axum to 0.5.17 - autoclosed 2022-10-27 08:31:00 +02:00

kjuulh closed this pull request 2022-10-27 08:31:00 +02:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kjuulh/scel#10

No description provided.