Skip to content

build(deps): bump the http group across 1 directory with 9 updates#1382

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/http-4620b92175
Closed

build(deps): bump the http group across 1 directory with 9 updates#1382
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/http-4620b92175

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2025

Copy link
Copy Markdown
Contributor

Bumps the http group with 9 updates in the / directory:

Package From To
hyper 0.14.32 1.6.0
hyper-util 0.1.11 0.1.14
tower-http 0.5.2 0.6.6
tower 0.3.1 0.5.2
tokio-tungstenite 0.26.2 0.27.0
reqwest 0.12.15 0.12.20
rustls-cng 0.5.3 0.6.0
rustls 0.23.27 0.23.28
openssl 0.10.72 0.10.73

Updates hyper from 0.14.32 to 1.6.0

Release notes

Sourced from hyper's releases.

v1.6.0

Features

  • ext: add ext::on_informational() callback extension (#3818) (8ce1fcfa, closes #2565)
  • server: add http1::Builder::ignore_invalid_headers(bool) option (#3824) (3817a79b)

Bug Fixes

Breaking Changes

  • http2::Builder::max_local_error_reset_streams() now takes &mut self and returns &mut Self. In practice, this shouldn't break almost anyone. It was the wrong receiver and return types. (e981a91e)

New Contributors

Thanks

Full Changelog: hyperium/hyper@v1.5.2...v1.6.0

v1.5.2

Bug Fixes

Features

New Contributors

Thanks

Full Changelog: hyperium/hyper@v1.5.1...v1.5.2

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.6.0 (2025-01-28)

Bug Fixes

Features

  • ext: add ext::on_informational() callback extension (#3818) (8ce1fcfa, closes #2565)
  • server: add http1::Builder::ignore_invalid_headers(bool) option (#3824) (3817a79b)

Breaking Changes

  • http2::Builder::max_local_error_reset_streams() now takes &mut self and returns &mut Self. In practice, this shouldn't break almost anyone. It was the wrong receiver and return types. (e981a91e)

v1.5.2 (2024-12-16)

Bug Fixes

Features

v1.5.1 (2024-11-19)

Bug Fixes

  • http2:
    • pass proper value to h2 max_local_error_reset_streams (4a20147a)
    • improve graceful shutdown during handshake (#3729) (13b05943)

v1.5.0 (2024-10-15)

... (truncated)

Commits
  • 621d8e4 v1.6.0
  • 83f4588 chore(LICENSE): update copyright year
  • 10b09ff fix(server): start http1 header read timeout when conn is idle (#3828)
  • 8ce1fcf feat(ext): add ext::on_informational() callback extension (#3818)
  • de28b0e chore(ci): use msrv aware dependency resolver (#3831)
  • 5baf537 chore(ci): use yq to get rust-version in manifest (#3829)
  • 3817a79 feat(server): add http1::Builder::ignore_invalid_headers(bool) option (#3824)
  • e981a91 fix(server): change max_local_error_reset_streams function to &mut self (...
  • 30f2961 v1.5.2
  • a131111 fix(http1): fix intermitent panic parsing partial headers (#3812)
  • Additional commits viewable in compare view

Updates hyper-util from 0.1.11 to 0.1.14

Release notes

Sourced from hyper-util's releases.

v0.1.13

tl;dr

  • Fix HttpConnector to always prefer IPv6 addresses first, if happy eyeballs is enabled.
  • Fix legacy::Client to return better errors if available on the connection.

What's Changed

New Contributors

Full Changelog: hyperium/hyper-util@v0.1.12...v0.1.13

v0.1.12

tl;dr

  • Add client::legacy::proxy::Tunnel connector that wraps another connector with HTTP tunneling.
  • Add client::legacy::proxy::{SocksV4, SocksV5} connectors that wraps another connector with SOCKS.
  • Add client::proxy::matcher::Matcher type that can use environment variables to match proxy rules.
  • Add server::graceful::Watcher type that can be sent to watch a connection in another task.
  • Add GracefulShutdown::count() method to get number of currently watched connections.
  • Fix missing must_use attributes on Connection futures.
  • Fix tracing span in GAI resolver that can cause panics.

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from hyper-util's changelog.

0.1.14 (2025-06-04)

  • Fix HttpConnector to defer address family order to resolver sort order.
  • Fix proxy::Matcher to find HTTPS system proxies on Windows.

0.1.13 (2025-05-27)

  • Fix HttpConnector to always prefer IPv6 addresses first, if happy eyeballs is enabled.
  • Fix legacy::Client to return better errors if available on the connection.

0.1.12 (2025-05-19)

  • Add client::legacy::proxy::Tunnel connector that wraps another connector with HTTP tunneling.
  • Add client::legacy::proxy::{SocksV4, SocksV5} connectors that wraps another connector with SOCKS.
  • Add client::proxy::matcher::Matcher type that can use environment variables to match proxy rules.
  • Add server::graceful::Watcher type that can be sent to watch a connection in another task.
  • Add GracefulShutdown::count() method to get number of currently watched connections.
  • Fix missing must_use attributes on Connection futures.
  • Fix tracing span in GAI resolver that can cause panics.
Commits
  • 71360e4 v0.1.14
  • ce9248d fix(proxy): set https system proxy on windows (#201)
  • 7400a20 fix(client): prefer resolver order always (#200)
  • 22867bd style(client): Fix some clippy lints (#199)
  • 2ff0ba6 deps: upgrade windows-registry to 0.5 (#198)
  • 2c3c55f v0.1.13
  • a01e6b2 fix(client): improve client errors details if available (#184)
  • fc1d699 refactor(client): add socket addr to ConnectError
  • 0959d46 refactor(client): return the first connect error, not the last
  • 6328823 refactor(client): don't allocate for ConnectError messages
  • Additional commits viewable in compare view

Updates tower-http from 0.5.2 to 0.6.6

Release notes

Sourced from tower-http's releases.

tower-http-0.6.6

Fixed

  • compression: fix panic when looking in vary header (#578)

#578: tower-rs/tower-http#578

New Contributors

Full Changelog: tower-rs/tower-http@tower-http-0.6.5...tower-http-0.6.6

tower-http-0.6.5

Added

  • normalize_path: add append_trailing_slash() mode (#547)

Fixed

  • redirect: remove payload headers if redirect changes method to GET (#575)
  • compression: avoid setting vary: accept-encoding if already set (#572)

#547: tower-rs/tower-http#547 #572: tower-rs/tower-http#572 #575: tower-rs/tower-http#575

New Contributors

Full Changelog: tower-rs/tower-http@tower-http-0.6.4...tower-http-0.6.5

tower-http 0.6.4

Added

  • decompression: Support HTTP responses containing multiple ZSTD frames (#548)
  • The ServiceExt trait for chaining layers onto an arbitrary http service just like ServiceBuilderExt allows for ServiceBuilder (#563)

Fixed

  • Remove unnecessary trait bounds on S::Error for Service impls of RequestBodyTimeout<S> and ResponseBodyTimeout<S> (#533)
  • compression: Respect is_end_stream (#535)
  • Fix a rare panic in fs::ServeDir (#553)
  • Fix invalid content-lenght of 1 in response to range requests to empty files (#556)
  • In AsyncRequireAuthorization, use the original inner service after it is

... (truncated)

Commits

Updates tower from 0.3.1 to 0.5.2

Release notes

Sourced from tower's releases.

tower 0.5.2

Added

  • util: Add BoxCloneSyncService which is a Clone + Send + Sync boxed Service (#777)
  • util: Add BoxCloneSyncServiceLayer which is a Clone + Send + Sync boxed Layer (#802)

tower 0.5.1

  • Fix minimum version of tower-layer dependency (#787)

#787: tower-rs/tower#787

tower 0.5.0

Fixed

  • util: BoxService is now Sync (#702)

Changed

  • util: Removed deprecated ServiceExt::ready_and method and ReadyAnd future (#652)
  • retry: Breaking Change retry::Policy::retry now accepts &mut Req and &mut Res instead of the previous mutable versions. This increases the flexibility of the retry policy. To update, update your method signature to include mut for both parameters. (#584)
  • retry: Breaking Change Change Policy to accept &mut self (#681)
  • retry: Add generic backoff utilities (#685)
  • retry: Add Budget trait. This allows end-users to implement their own budget and bucket implementations. (#703)
  • reconnect: Breaking Change Remove unused generic parameter from Reconnect::new (#755)
  • ready-cache: Allow iteration over ready services (#700)
  • discover: Implement Clone for Change (#701)
  • util: Add a BoxCloneServiceLayer (#708)
  • rng: use a simpler random 2-sampler (#716)
  • filter: Derive Clone for AsyncFilterLayer (#731)
  • general: Update IndexMap (#741)
  • MSRV: Increase MSRV to 1.63.0 (#741)

#702: tower-rs/tower#702 #652: tower-rs/tower#652 #584: tower-rs/tower#584 #681: tower-rs/tower#681 #685: tower-rs/tower#685 #703: tower-rs/tower#703 #755: tower-rs/tower#755 #700: tower-rs/tower#700 #701: tower-rs/tower#701 #708: tower-rs/tower#708 #716: tower-rs/tower#716 #731: tower-rs/tower#731 #741: tower-rs/tower#741

tower 0.4.13

Added

... (truncated)

Commits
  • 7dc533e tower v0.5.2
  • a09fd97 chore: fix dead code warning for 'Sealed' trait and 'sample_floyd2' func (#799)
  • f57e31b Add util::BoxCloneSyncServiceLayer (#802)
  • da24532 Add util::BoxCloneSyncService (#777)
  • 6283f3a Upgrade http and sync_wrapper dependencies (#788)
  • 7155101 Prepare release of v0.5.1 (#791)
  • b2c48b4 Bump dependency on tower-layer (#787)
  • fec9e55 tower-layer: drop versions from dev dependencies (#782)
  • 646804d chore: prepare to release tower-0.5.0, tower-layer-0.3.3, tower-service-0.3.3...
  • 7202cfe chore: fix a few typos (#780)
  • Additional commits viewable in compare view

Updates tokio-tungstenite from 0.26.2 to 0.27.0

Changelog

Sourced from tokio-tungstenite's changelog.

0.27.0

Commits

Updates reqwest from 0.12.15 to 0.12.20

Release notes

Sourced from reqwest's releases.

v0.12.20

Highlights

  • Add ClientBuilder::tcp_user_timeout(Duration) option to set TCP_USER_TIMEOUT.
  • Fix proxy headers only using the first matched proxy.
  • (wasm) Fix re-adding Error::is_status().

What's Changed

New Contributors

Full Changelog: seanmonstar/reqwest@v0.12.19...v0.12.20

v0.12.19

What's Changed

Full Changelog: seanmonstar/reqwest@v0.12.18...v0.12.19

v0.12.18

What's Changed

  • Fix compilation when socks enabled without TLS.

v0.12.17

What's Changed

v0.12.16

Highlights

  • Add ClientBuilder::http3_congestion_bbr() to enable BBR congestion control.
  • Add ClientBuilder::http3_send_grease() to configure whether to send use QUIC grease.
  • Add ClientBuilder::http3_max_field_section_size() to configure the maximum response headers.
  • Add ClientBuilder::tcp_keepalive_interval() to configure TCP probe interval.
  • Add ClientBuilder::tcp_keepalive_retries() to configure TCP probe count.
  • Add Proxy::headers() to add extra headers that should be sent to a proxy.
  • Fix redirect::Policy::limit() which had an off-by-1 error, allowing 1 more redirect than specified.

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.12.20

  • Add ClientBuilder::tcp_user_timeout(Duration) option to set TCP_USER_TIMEOUT.
  • Fix proxy headers only using the first matched proxy.
  • (wasm) Fix re-adding Error::is_status().

v0.12.19

  • Fix redirect that changes the method to GET should remove payload headers.
  • Fix redirect to only check the next scheme if the policy action is to follow.
  • (wasm) Fix compilation error if cookies feature is enabled (by the way, it's a noop feature in wasm).

v0.12.18

  • Fix compilation when socks enabled without TLS.

v0.12.17

  • Fix compilation on macOS.

v0.12.16

  • Add ClientBuilder::http3_congestion_bbr() to enable BBR congestion control.
  • Add ClientBuilder::http3_send_grease() to configure whether to send use QUIC grease.
  • Add ClientBuilder::http3_max_field_section_size() to configure the maximum response headers.
  • Add ClientBuilder::tcp_keepalive_interval() to configure TCP probe interval.
  • Add ClientBuilder::tcp_keepalive_retries() to configure TCP probe count.
  • Add Proxy::headers() to add extra headers that should be sent to a proxy.
  • Fix redirect::Policy::limit() which had an off-by-1 error, allowing 1 more redirect than specified.
  • Fix HTTP/3 to support streaming request bodies.
  • (wasm) Fix null bodies when calling Response::bytes_stream().
Commits

Updates rustls-cng from 0.5.3 to 0.6.0

Commits

Updates rustls from 0.23.27 to 0.23.28

Commits
  • 12fe0c1 Prepare 0.23.28
  • 46ba039 Expose named_groups extension in ClientHello
  • b9a530a ci-bench: low-noise benchmarks with rustls-fuzzing-provider
  • 9b452d2 fuzzing-provider: support no-op ticketer
  • 136e857 fuzzing-provider: make ciphersuites public
  • 96d6656 Only include renegotiation SCSV for TLS1.2 attempts
  • 568b2c6 Use ProtocolName for ALPN protocol pervasively
  • 229dfe2 Allow future customisation of alert sent for InvalidMessage
  • d882860 Return more specific type from outer_hello_ext()
  • 34cdce3 Return more specific type from grease_ext()
  • Additional commits viewable in compare view

Updates openssl from 0.10.72 to 0.10.73

Release notes

Sourced from openssl's releases.

openssl-v0.10.73

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.72...openssl-v0.10.73

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Jun 16, 2025
@dependabot dependabot Bot force-pushed the dependabot/cargo/http-4620b92175 branch from 4f8b52b to 95bfe86 Compare June 16, 2025 21:50
Bumps the http group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [hyper](https://github.com/hyperium/hyper) | `0.14.32` | `1.6.0` |
| [hyper-util](https://github.com/hyperium/hyper-util) | `0.1.11` | `0.1.14` |
| [tower-http](https://github.com/tower-rs/tower-http) | `0.5.2` | `0.6.6` |
| [tower](https://github.com/tower-rs/tower) | `0.3.1` | `0.5.2` |
| [tokio-tungstenite](https://github.com/snapview/tokio-tungstenite) | `0.26.2` | `0.27.0` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.15` | `0.12.20` |
| [rustls-cng](https://github.com/rustls/rustls-cng) | `0.5.3` | `0.6.0` |
| [rustls](https://github.com/rustls/rustls) | `0.23.27` | `0.23.28` |
| [openssl](https://github.com/sfackler/rust-openssl) | `0.10.72` | `0.10.73` |



Updates `hyper` from 0.14.32 to 1.6.0
- [Release notes](https://github.com/hyperium/hyper/releases)
- [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md)
- [Commits](hyperium/hyper@v0.14.32...v1.6.0)

Updates `hyper-util` from 0.1.11 to 0.1.14
- [Release notes](https://github.com/hyperium/hyper-util/releases)
- [Changelog](https://github.com/hyperium/hyper-util/blob/master/CHANGELOG.md)
- [Commits](hyperium/hyper-util@v0.1.11...v0.1.14)

Updates `tower-http` from 0.5.2 to 0.6.6
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](tower-rs/tower-http@tower-http-0.5.2...tower-http-0.6.6)

Updates `tower` from 0.3.1 to 0.5.2
- [Release notes](https://github.com/tower-rs/tower/releases)
- [Commits](tower-rs/tower@tower-0.3.1...tower-0.5.2)

Updates `tokio-tungstenite` from 0.26.2 to 0.27.0
- [Changelog](https://github.com/snapview/tokio-tungstenite/blob/master/CHANGELOG.md)
- [Commits](snapview/tokio-tungstenite@v0.26.2...v0.27.0)

Updates `reqwest` from 0.12.15 to 0.12.20
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](seanmonstar/reqwest@v0.12.15...v0.12.20)

Updates `rustls-cng` from 0.5.3 to 0.6.0
- [Commits](rustls/rustls-cng@v0.5.3...v0.6.0)

Updates `rustls` from 0.23.27 to 0.23.28
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.23.27...v/0.23.28)

Updates `openssl` from 0.10.72 to 0.10.73
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.72...openssl-v0.10.73)

---
updated-dependencies:
- dependency-name: hyper
  dependency-version: 1.6.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: http
- dependency-name: hyper-util
  dependency-version: 0.1.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: http
- dependency-name: tower-http
  dependency-version: 0.6.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: http
- dependency-name: tower
  dependency-version: 0.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: http
- dependency-name: tokio-tungstenite
  dependency-version: 0.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: http
- dependency-name: reqwest
  dependency-version: 0.12.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: http
- dependency-name: rustls-cng
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: http
- dependency-name: rustls
  dependency-version: 0.23.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: http
- dependency-name: openssl
  dependency-version: 0.10.73
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: http
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/http-4620b92175 branch from 95bfe86 to 9f12755 Compare June 23, 2025 13:01
@dependabot @github

dependabot Bot commented on behalf of github Jun 24, 2025

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/cargo/http-4620b92175 branch June 24, 2025 14:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Development

Successfully merging this pull request may close these issues.

1 participant