Update Rust crate salvo to 0.94#9568
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.93→0.94Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
salvo-rs/salvo (salvo)
v0.94.0Compare Source
v0.94.0
Salvo 0.94.0 focuses on security hardening, OpenAPI 3.1 correctness, lower runtime overhead in core routing/dispatch paths, and API naming cleanup. This release also raises the Rust MSRV to 1.94.
Highlights
1.94.Server::max_connections,ConnCtrl, improved graceful/forceful shutdown behavior, and safer default connection fuse protection.jsonSchemaDialect, webhooks, reusable components, PathItem refs, parameter content/examples/allowEmptyValue, and stricter required path parameters.Json<T>now replaces previously buffered body bytes because JSON is a complete document.salvo-tusexposes storage/locking types, addsTus::storage_root, and addsTus::absolute_locationfor safe absolute Location URLs.Migration Guide
Rust
Update your toolchain to Rust 1.94 or newer.
Core API naming
Several old names remain as deprecated aliases, but new code should use the clearer names:
Depot::inject(value)Depot::insert_typed(value)Depot::obtain::<T>()Depot::get_typed::<T>()Depot::obtain_mut::<T>()Depot::get_typed_mut::<T>()Depot::contains::<T>()Depot::contains_typed::<T>()Depot::scrape::<T>()Depot::remove_typed::<T>()Depot::delete(key)Depot::remove(key).is_some()Response::stuff(status, value)Response::render_with_status(status, value)Server::stop_forcible()Server::stop_forceful()ServerHandle::stop_forcible()ServerHandle::stop_forceful()SchemeFilter::lack(...)SchemeFilter::fallback(...)HostFilter::lack(...)HostFilter::fallback(...)PortFilter::lack(...)PortFilter::fallback(...)StatusError::request_header_fields_toolarge()StatusError::request_header_fields_too_large()StatusError::unavailable_for_legalreasons()StatusError::unavailable_for_legal_reasons()AcmeListener::get_directory(...)AcmeListener::directory(...)Depotnow has separate named and type-keyed storage. Useinsert/get/removefor string keys andinsert_typed/get_typed/remove_typedfor type keys. Capacity andinner()refer to named storage.Response body rendering
Response::write_bodyappends to buffered bodies.Json<T>now replaces existing buffered bytes instead of appending, because concatenated JSON documents are invalid. If you intentionally emit NDJSON or another appendable format, serialize each record yourself and callwrite_body.salvo-tus builder methods
The tus builder API was aligned with Rust API naming guidelines. Update call sites:
with_store(...)store(...)with_locker(...)locker(...)with_upload_id_naming_function(...)upload_id_naming_function(...)with_generate_url_function(...)generate_url_function(...)with_on_incoming_request(...)on_incoming_request(...)with_on_incoming_request_sync(...)on_incoming_request_sync(...)with_on_upload_create(...)on_upload_create(...)with_on_upload_finish(...)on_upload_finish(...)Also prefer
MaybeUploadIdover the deprecatedUploadIdalias.TusOptions::extract_file_id_from_requestreplaces the old file-id helper naming.For absolute tus
Locationheaders, prefer:Avoid
relative_location(false)without a canonical origin on public services, because that derives absolute URLs from request host/forwarded headers.OpenAPI changes
$schemaoutput was corrected tojsonSchemaDialectfor OpenAPI 3.1.Parameter::parameter_in(...)is deprecated; useParameter::location(...).ToParametersnow defaults generated parameters to query location, so required query parameters are represented correctly.required: true.#[derive(Extractible)]now rejects#[serde(flatten)]on fields. Use#[salvo(extract(flatten))]for Salvo request extraction flattening.CORS, proxy, JWT/OIDC, and cookies
Access-Control-Allow-Credentials: truewith wildcard CORS response headers. Use explicit allowed origins, headers, and methods for credentialed APIs.ForwardedHeaderIssueris deprecated because it trusts client-controlled forwarded headers unconditionally. UseTrustedProxyIssuer::new([...])behind known proxies, orRemoteIpIssuerfor direct client IPs.Proxynow uses the standards-compliant host header getter by default, including non-default upstream ports. If you need the old bare-host behavior, configuredefault_host_header_getter.kty: "oct"/ HS*) are rejected by default. Opt in withallow_symmetric_jwks(true)only for issuers that intentionally publish trusted symmetric keys.SecureCookiePolicyis available for CSRF, flash, and session cookies. If TLS terminates before Salvo and the request scheme appears as HTTP, force secure cookies with the relevantsecure_cookie(true)or policy API.Notable Changes
Core and server
Server::max_connectionsto bound concurrent accepted connections.ConnCtrlto the prelude and public exports.OpenAPI
$refsupport.content,examples, andallowEmptyValue.Extractiblebounds, number equality, macro diagnostics, and several user-triggerable macro panics.Security hardening
Fixes
Set-Cookieparsing/round-tripping and tower-compatible response conversion.RequestId, caching headers, basic auth multi-header fallthrough, and logging path/address behavior.Performance
Acceptparsing,text_nonce, andwrite_body.Contributors
Thanks to everyone who contributed to this release:
FlowCtrlperformance (#1608),auto_alt_svc_headerforquinn::Builder(#1585), code quality cleanups (#1544, #1524),salvo-corsrefactor (#1525), anddocs.rsbuild fixes (#1523)New Contributors
Full Changelog: salvo-rs/salvo@v0.93.0...v0.94.0
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.