build(deps): bump the http group across 1 directory with 8 updates

[dependabot]

Bumps the http group with 8 updates in the / directory:

Package	From	To
axum	0.7.9	0.8.3
hyper	0.14.32	1.6.0
tower-http	0.5.2	0.6.2
tower	0.3.1	0.5.2
tokio-tungstenite	0.24.0	0.26.2
axum-extra	0.9.6	0.10.1
rustls-cng	0.5.3	0.6.0
openssl	0.10.71	0.10.72

Updates axum from 0.7.9 to 0.8.3

Release notes

Sourced from axum's releases.

axum v0.8.3

• added: Implement From<Bytes> for Message (#3273)
• added: Implement OptionalFromRequest for Json (#3142)
• added: Implement OptionalFromRequest for Extension (#3157)
• added: Allow setting the read buffer capacity of WebSocketUpgrade (#3178)
• changed: Improved code size / compile time of dependent crates (#3285, #3294)

#3273: tokio-rs/axum#3273 #3142: tokio-rs/axum#3142 #3157: tokio-rs/axum#3157 #3178: tokio-rs/axum#3178 #3285: tokio-rs/axum#3285 #3294: tokio-rs/axum#3294

axum v0.8.2

Yanked from crates.io due to unforeseen breaking change, see #3190 for details

---

• added: Implement OptionalFromRequest for Json (#3142)
• added: Implement OptionalFromRequest for Extension (#3157)
• changed: Make the status function of rejections a const function, such as JsonRejection, QueryRejection and PathRejection (#3168)

#3142: tokio-rs/axum#3142 #3157: tokio-rs/axum#3157 #3168: tokio-rs/axum#3168

axum-extra - v0.8.0

• breaking: Update to prost 0.12. Used for the Protobuf extractor (#2224)

#2224: tokio-rs/axum#2224

axum v0.8.0

since rc.1

• breaking: axum::extract::ws::Message now uses Bytes in place of Vec<u8>, and a new Utf8Bytes type in place of String, for its variants (#3078)
• breaking: Remove OptionalFromRequestParts impl for Query (#3088)
• changed: Upgraded tokio-tungstenite to 0.26 (#3078)
• changed: Query/Form: Use serde_path_to_error to report fields that failed to parse (#3081)

full changelog

You can also read the blog post on tokio

... (truncated)

Commits

• b150ac0 Release axum 0.8.3 and related crates
• a9638f7 Update changelog
• 7b3143b Replace map_response(IntoResponse::into_response) with custom service wrapper
• 902a394 Remove useless into_response calls
• 0194d1d Delete unused module
• 2f2bb99 Run into_parts eagerly in more places
• ee4727b Add macro to compile time check if a path is valid (#3288)
• 62470bd Bring back no-op async-stream feature for axum-extra (#3293)
• 3525a13 Revert "Make status a const function in rejection handling" (#3287)
• 2b6ae09 Simplify Handler async blocks (#3285)
• Additional commits viewable in compare view

Updates hyper from 0.14.32 to 1.6.0

Release notes

Sourced from hyper's releases.

v1.6.0

Features

• ext: add ext::on_informational() callback extension (#3818) (8ce1fcfa, closes #2565)
• server: add http1::Builder::ignore_invalid_headers(bool) option (#3824) (3817a79b)

Bug Fixes

• server:
  • start http1 header read timeout when conn is idle (#3828) (10b09ffc, closes #3780, #3781)
  • change max_local_error_reset_streams function to &mut self (#3820) (e981a91e)

Breaking Changes

• http2::Builder::max_local_error_reset_streams() now takes &mut self and returns &mut Self. In practice, this shouldn't break almost anyone. It was the wrong receiver and return types. (e981a91e)

New Contributors

• @​finnbear made their first contribution in hyperium/hyper#3820

Thanks

• @​GlenDC
• @​tottoto
• @​seanmonstar

Full Changelog: hyperium/hyper@v1.5.2...v1.6.0

v1.5.2

Bug Fixes

• http1:
  • fix intermitent panic parsing partial headers (#3812) (a131111f, closes #3811)
  • skip debug assertion of content length for HEAD responses (#3795) (eaf2267c, closes #3794)

Features

• ffi: (unstable) add cargo-c support (#3787) (7f4a6826, closes #3786)

New Contributors

• @​23doors made their first contribution in hyperium/hyper#3795
• @​ionionascu made their first contribution in hyperium/hyper#3799
• @​linyihai made their first contribution in hyperium/hyper#3800
• @​suzp1984 made their first contribution in hyperium/hyper#3807

Thanks

• @​seanmonstar

Full Changelog: hyperium/hyper@v1.5.1...v1.5.2

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.6.0 (2025-01-28)

Bug Fixes

• server:
  • start http1 header read timeout when conn is idle (#3828) (10b09ffc, closes #3780, #3781)
  • change max_local_error_reset_streams function to &mut self (#3820) (e981a91e)

Features

• ext: add ext::on_informational() callback extension (#3818) (8ce1fcfa, closes #2565)
• server: add http1::Builder::ignore_invalid_headers(bool) option (#3824) (3817a79b)

Breaking Changes

• http2::Builder::max_local_error_reset_streams() now takes &mut self and returns &mut Self. In practice, this shouldn't break almost anyone. It was the wrong receiver and return types. (e981a91e)

v1.5.2 (2024-12-16)

Bug Fixes

• http1:
  • fix intermitent panic parsing partial headers (#3812) (a131111f, closes #3811)
  • skip debug assertion of content length for HEAD responses (#3795) (eaf2267c, closes #3794)

Features

• ffi: add cargo-c support (#3787) (7f4a6826, closes #3786)

v1.5.1 (2024-11-19)

Bug Fixes

• http2:
  • pass proper value to h2 max_local_error_reset_streams (4a20147a)
  • improve graceful shutdown during handshake (#3729) (13b05943)

v1.5.0 (2024-10-15)

... (truncated)

Commits

• 621d8e4 v1.6.0
• 83f4588 chore(LICENSE): update copyright year
• 10b09ff fix(server): start http1 header read timeout when conn is idle (#3828)
• 8ce1fcf feat(ext): add ext::on_informational() callback extension (#3818)
• de28b0e chore(ci): use msrv aware dependency resolver (#3831)
• 5baf537 chore(ci): use yq to get rust-version in manifest (#3829)
• 3817a79 feat(server): add http1::Builder::ignore_invalid_headers(bool) option (#3824)
• e981a91 fix(server): change max_local_error_reset_streams function to &mut self (...
• 30f2961 v1.5.2
• a131111 fix(http1): fix intermitent panic parsing partial headers (#3812)
• Additional commits viewable in compare view

Updates tower-http from 0.5.2 to 0.6.2

Release notes

Sourced from tower-http's releases.

tower-http-0.6.2

Changed:

• CompressionBody<B> now propagates B's size hint in its http_body::Body implementation, if compression is disabled (#531)
  • this allows a content-length to be included in an HTTP message with this body for those cases

#531: tower-rs/tower-http#531

New Contributors

• @​musicinmybrain made their first contribution in tower-rs/tower-http#524
• @​SabrinaJewson made their first contribution in tower-rs/tower-http#531

Full Changelog: tower-rs/tower-http@tower-http-0.6.1...tower-http-0.6.2

v0.6.1

Fixed

• decompression: reuse scratch buffer to significantly reduce allocations and improve performance (#521)

#521: tower-rs/tower-http#521

New Contributors

• @​magurotuna made their first contribution in tower-rs/tower-http#521

v0.6.0

Changed:

• body module is disabled except for catch-panic, decompression-*, fs, or limit features (BREAKING) (#477)
• Update to tower 0.5 (#503)

Fixed

• fs: Precompression of static files now supports files without a file extension (#507)

#477: tower-rs/tower-http#477 #503: tower-rs/tower-http#503 #507: tower-rs/tower-http#507

Commits

• 3789c0c v0.6.2
• d1e4731 Set size_hint for identity compession bodies
• 66dd321 Update brotli dev-dependency from 6 to 7 (#524)
• 4bca529 v0.6.1
• 9fdf0eb (de)compression: reduce memory allocation to improve performance (#521)
• aeca262 Release tower-http v0.6.0 (#518)
• 95e28bf fs: Fix serving precompressed files without an extension (#507)
• c999623 Fix -Zminimal-versions build (#514)
• e526894 Rename default_features to default-features (#513)
• 0138f9e Fix CI (#517)
• Additional commits viewable in compare view

Updates tower from 0.3.1 to 0.5.2

Release notes

Sourced from tower's releases.

tower 0.5.2

Added

• util: Add BoxCloneSyncService which is a Clone + Send + Sync boxed Service (#777)
• util: Add BoxCloneSyncServiceLayer which is a Clone + Send + Sync boxed Layer (#802)

tower 0.5.1

• Fix minimum version of tower-layer dependency (#787)

#787: tower-rs/tower#787

tower 0.5.0

Fixed

• util: BoxService is now Sync (#702)

Changed

• util: Removed deprecated ServiceExt::ready_and method and ReadyAnd future (#652)
• retry: Breaking Change retry::Policy::retry now accepts &mut Req and &mut Res instead of the previous mutable versions. This increases the flexibility of the retry policy. To update, update your method signature to include mut for both parameters. (#584)
• retry: Breaking Change Change Policy to accept &mut self (#681)
• retry: Add generic backoff utilities (#685)
• retry: Add Budget trait. This allows end-users to implement their own budget and bucket implementations. (#703)
• reconnect: Breaking Change Remove unused generic parameter from Reconnect::new (#755)
• ready-cache: Allow iteration over ready services (#700)
• discover: Implement Clone for Change (#701)
• util: Add a BoxCloneServiceLayer (#708)
• rng: use a simpler random 2-sampler (#716)
• filter: Derive Clone for AsyncFilterLayer (#731)
• general: Update IndexMap (#741)
• MSRV: Increase MSRV to 1.63.0 (#741)

#702: tower-rs/tower#702 #652: tower-rs/tower#652 #584: tower-rs/tower#584 #681: tower-rs/tower#681 #685: tower-rs/tower#685 #703: tower-rs/tower#703 #755: tower-rs/tower#755 #700: tower-rs/tower#700 #701: tower-rs/tower#701 #708: tower-rs/tower#708 #716: tower-rs/tower#716 #731: tower-rs/tower#731 #741: tower-rs/tower#741

tower 0.4.13

Added

... (truncated)

Commits

• 7dc533e tower v0.5.2
• a09fd97 chore: fix dead code warning for 'Sealed' trait and 'sample_floyd2' func (#799)
• f57e31b Add util::BoxCloneSyncServiceLayer (#802)
• da24532 Add util::BoxCloneSyncService (#777)
• 6283f3a Upgrade http and sync_wrapper dependencies (#788)
• 7155101 Prepare release of v0.5.1 (#791)
• b2c48b4 Bump dependency on tower-layer (#787)
• fec9e55 tower-layer: drop versions from dev dependencies (#782)
• 646804d chore: prepare to release tower-0.5.0, tower-layer-0.3.3, tower-service-0.3.3...
• 7202cfe chore: fix a few typos (#780)
• Additional commits viewable in compare view

Updates tokio-tungstenite from 0.24.0 to 0.26.2

Changelog

Sourced from tokio-tungstenite's changelog.

0.26.2

• Update tungstenite, see changes here.

0.26.1

• Update tungstenite to address an issue that might cause UB in certain cases.

0.26.0

• Update tungstenite to 0.26.0 (breaking changes).

0.25.0

• Update tungstenite to 0.25.0 (important updates!).

Commits

• a8d9f19 Bump version
• aafb2f9 Bump version
• 0eefa27 Bump version
• 2d23077 Update to new tungstenite and bump version
• 015e00d Add a note regarding rustls panic to the README
• See full diff in compare view

Updates axum-extra from 0.9.6 to 0.10.1

Release notes

Sourced from axum-extra's releases.

axum-extra v0.10.1

• fixed: Fix a broken link in the documentation of ErasedJson (#3186)
• added: Add vpath! for compile time path verification on static paths. (#3288)

#3186: tokio-rs/axum#3186 #3288: tokio-rs/axum#3288

axum-extra v0.10.0

since rc.1

• breaking: Remove OptionalFromRequestParts impl for Query (#3088)
• changed: Query/Form: Use serde_path_to_error to report fields that failed to parse (#3081)

#3088: tokio-rs/axum#3088

full changelog

• breaking: Update to prost 0.13. Used for the Protobuf extractor (#2829)
• changed: Update minimum rust version to 1.75 (#2943)
• changed: Deprecated OptionalPath<T> (#2475)
• changed: Query/Form: Use serde_path_to_error to report fields that failed to parse (#3081)
• changed: The multipart feature is no longer on by default (#3058)
• fixed: Host extractor includes port number when parsing authority (#2242)
• added: Add RouterExt::typed_connect (#2961)
• added: Add json! for easy construction of JSON responses (#2962)
• added: Add InternalServerError response for logging an internal error and returning HTTP 500 in a convenient way. (#3010)
• added: Add FileStream for easy construction of file stream responses (#3047)
• added: Add Scheme extractor (#2507)

#3081: tokio-rs/axum#3081 #2242: tokio-rs/axum#2242 #2475: tokio-rs/axum#2475 #3058: tokio-rs/axum#3058 #2961: tokio-rs/axum#2961 #2962: tokio-rs/axum#2962 #3010: tokio-rs/axum#3010 #3047: tokio-rs/axum#3047 #2507: tokio-rs/axum#2507 #2829: tokio-rs/axum#2829 #2943: tokio-rs/axum#2943

axum-extra v0.10.0-rc.1

Since v0.10.0-alpha.1:

• breaking: Option<Query<T>> no longer swallows all error conditions, instead rejecting the request in many cases; see its documentation for details (#2475)

... (truncated)

Commits

• b150ac0 Release axum 0.8.3 and related crates
• a9638f7 Update changelog
• 7b3143b Replace map_response(IntoResponse::into_response) with custom service wrapper
• 902a394 Remove useless into_response calls
• 0194d1d Delete unused module
• 2f2bb99 Run into_parts eagerly in more places
• ee4727b Add macro to compile time check if a path is valid (#3288)
• 62470bd Bring back no-op async-stream feature for axum-extra (#3293)
• 3525a13 Revert "Make status a const function in rejection handling" (#3287)
• 2b6ae09 Simplify Handler async blocks (#3285)
• Additional commits viewable in compare view

Updates rustls-cng from 0.5.3 to 0.6.0

Commits

• c96b7fa Removed unused early-data feature
• 0ae70b2 Added support for silent flag
• c377b43 address comments
• 5c3a9fb cargo fmt change
• 24a8398 modify as_chain_der()
• 0a6098b revert back as_chain_der() parameter change
• c54087a added local machine and no-root supprot for as_chain_der()
• 130765e cargo fmt change
• a5a3544 use BCryptHash in hash()
• 6dd8cd7 added sha256 support
• See full diff in compare view

Updates openssl from 0.10.71 to 0.10.72

Release notes

Sourced from openssl's releases.

openssl-v0.10.72

What's Changed

• make set_rsa_oaep_md visible to boringssl config by @​frncs-rss in sfackler/rust-openssl#2372
• Fix typo in openssl-sys build script by @​rushilmehra in sfackler/rust-openssl#2375
• Unify the two BoringSSL codepaths a bit and simplify init by @​davidben in sfackler/rust-openssl#2377
• pkey_ctx: Fix link to the corresponding OpenSSL function by @​Jakuje in sfackler/rust-openssl#2378
• fix test on MSRV by @​alex in sfackler/rust-openssl#2383
• Add support for AWS-LC to openssl and openssl-sys crates by @​skmcgrail in sfackler/rust-openssl#1805
• Enable additional capabilities for AWS-LC by @​skmcgrail in sfackler/rust-openssl#2386
• Use --experimental with bindgen-cli with aws-lc build by @​skmcgrail in sfackler/rust-openssl#2389
• Fixed two UAFs and bumped versions for release by @​alex in sfackler/rust-openssl#2390

New Contributors

• @​Jakuje made their first contribution in sfackler/rust-openssl#2378
• @​skmcgrail made their first contribution in sfackler/rust-openssl#1805

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.71...openssl-v0.10.72

Commits

• 87085bd Merge pull request #2390 from alex/uaf-fix
• d1a12e2 Fixed two UAFs and bumped versions for release
• 7c7b2e6 Merge pull request #2389 from skmcgrail/aws-lc-follow-up
• 34a477b Use --experimental with bindgen-cli with aws-lc build
• d4bf071 Merge pull request #2386 from skmcgrail/aws-lc-follow-up
• a86bf67 Remove comment
• 705dbfb Fix test
• e0df413 Skip final call for LibreSSL 4.1.0 for CCM mode
• 2f1164b Enable additional capabilities for AWS-LC
• dde9ffb Merge pull request #1805 from skmcgrail/aws-lc-support-final
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml