search

svenstaro / miniserve

🌟 For when you really just want to serve some files over HTTP right now!
MIT License
5.95k stars 289 forks source link

Bump the all-dependencies group across 1 directory with 10 updates #1444

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the all-dependencies group with 10 updates in the / directory:

Package From To
actix-multipart 0.6.2 0.7.2
clap 4.5.8 4.5.9
clap_complete 4.5.7 4.5.8
comrak 0.24.1 0.26.0
if-addrs 0.12.0 0.13.1
rustls 0.23.10 0.23.11
serde 1.0.203 1.0.204
thiserror 1.0.61 1.0.63
tokio 1.38.0 1.38.1
zip 2.1.3 2.1.4

Updates actix-multipart from 0.6.2 to 0.7.2

Release notes

Sourced from actix-multipart's releases.

actix-multipart: v0.7.2

  • Fix re-exported version of actix-multipart-derive.

actix-multipart: v0.7.1

  • Expose LimitExceeded error type.

actix-multipart-derive: v0.7.0

  • Minimum supported Rust version (MSRV) is now 1.72.

actix-multipart: v0.7.0

  • Add MultipartError::ContentTypeIncompatible variant.
  • Add MultipartError::ContentDispositionNameMissing variant.
  • Add Field::bytes() method.
  • Rename MultipartError::{NoContentDisposition => ContentDispositionMissing} variant.
  • Rename MultipartError::{NoContentType => ContentTypeMissing} variant.
  • Rename MultipartError::{ParseContentType => ContentTypeParse} variant.
  • Rename MultipartError::{Boundary => BoundaryMissing} variant.
  • Rename MultipartError::{UnsupportedField => UnknownField} variant.
  • Remove top-level re-exports of test utilities.

actix-files: v0.6.6

  • Update tokio-uring dependency to 0.4.
  • Minimum supported Rust version (MSRV) is now 1.72.

actix-files: v0.6.5

  • Fix handling of special characters in filenames.

actix-files: v0.6.4

  • Fix handling of newlines in filenames.
  • Minimum supported Rust version (MSRV) is now 1.68 due to transitive time dependency.

actix-files: v0.6.3

  • XHTML files now use Content-Disposition: inline instead of attachment. #2903
  • Minimum supported Rust version (MSRV) is now 1.59 due to transitive time dependency.
  • Update tokio-uring dependency to 0.4.

#2903: actix/actix-web#2903

Changelog

Sourced from actix-multipart's changelog.

[0.7.2] - 2018-07-26

Added

  • Add implementation of FromRequest<S> for Option<T> and Result<T, Error>

  • Allow to handle application prefix, i.e. allow to handle /app path for application with /app prefix. Check App::prefix() api doc.

  • Add CookieSessionBackend::http_only method to set HttpOnly directive of cookies

Changed

  • Upgrade to cookie 0.11

  • Removed the timestamp from the default logger middleware

Fixed

  • Missing response header "content-encoding" #421

  • Fix stream draining for http/2 connections #290

[0.7.1] - 2018-07-21

Fixed

  • Fixed default_resource 'not yet implemented' panic #410

[0.7.0] - 2018-07-21

Added

  • Add fs::StaticFileConfig to provide means of customizing static file services. It allows to map mime to Content-Disposition, specify whether to use ETag and Last-Modified and allowed methods.

  • Add .has_prefixed_resource() method to router::ResourceInfo for route matching with prefix awareness

  • Add HttpMessage::readlines() for reading line by line.

  • Add ClientRequestBuilder::form() for sending application/x-www-form-urlencoded requests.

  • Add method to configure custom error handler to Form extractor.

... (truncated)

Commits


Updates clap from 4.5.8 to 4.5.9

Release notes

Sourced from clap's releases.

v4.5.9

[4.5.9] - 2024-07-09

Fixes

  • (error) When defining a custom help flag, be sure to suggest it like we do the built-in one
Changelog

Sourced from clap's changelog.

[4.5.9] - 2024-07-09

Fixes

  • (error) When defining a custom help flag, be sure to suggest it like we do the built-in one
Commits
  • 3a2fb25 Merge pull request #5547 from tesuji/fish-list
  • 1e3681b refactor: Pass list to __fish_seen_subcommand_from
  • b1a0508 refactor: Rewrite iterator for followup changes
  • 5cc44bb Merge pull request #5548 from tesuji/fish-escape-tab
  • 181b9e0 test: Ensure optional_value runs
  • 0724b7b chore: Remove tarpaulin support
  • 8024254 chore: Update deps to fix nightly
  • b16f987 style: Escaping tab as \t for more readability for fish
  • cf151fd Merge pull request #5542 from casey/exit-without-flushing
  • 5da658c Merge pull request #5541 from rustco/master
  • Additional commits viewable in compare view


Updates clap_complete from 4.5.7 to 4.5.8

Release notes

Sourced from clap_complete's releases.

v4.5.8

[4.5.8] - 2024-06-28

Fixes

  • Reduce extra flushes
Changelog

Sourced from clap_complete's changelog.

[4.5.8] - 2024-06-28

Fixes

  • Reduce extra flushes
Commits


Updates comrak from 0.24.1 to 0.26.0

Release notes

Sourced from comrak's releases.

v0.26.0

  • Restore inline sourcepos as experimental. by @​kivikakk in kivikakk/comrak#444
    • This is needed by some downstream users, so we re-introduce it, with a clearly labelled option.

Diff: https://github.com/kivikakk/comrak/compare/v0.25.0...v0.26.0

v0.25.0

  • Discord-flavored Markdown by @​Meow and @​liamwhite in kivikakk/comrak#421
    • Three new extensions and two render options are added:
      • extension.underline adds support for __underlined__ text.
      • extension.spoiler adds support for ||spoiler|| text.
      • extension.greentext adds support for image board-style >greentext, which isn't transformed into a blockquote.
      • render.ignore_setext disables parsing setext-style headings.
      • render.ignore_empty_links causes links with no text (like [](https://github.com/kivikakk/comrak/blob/HEAD/xyz)) to remain in the text as-is.
  • nodes: add From impls for AstNode. by @​kivikakk in kivikakk/comrak#424
    • Back by popular demand: AstNode::from(NodeValue).
    • Also added is AstNode::from(Ast), if you have sourcepos.
  • AST validation by @​yannham in kivikakk/comrak#425
    • The AST is validated when formatting a document as CommonMark in debug builds.
  • Address autolink edge cases. by @​kivikakk in kivikakk/comrak#426
    • Autolinks had many edge cases where output differed from upstream cmark-gfm. These have been fixed by following upstream's parser design closely.
  • shortcodes: capture all known aliases. by @​kivikakk in kivikakk/comrak#427
    • We didn't parse shortcodes containing numbers or +. We do now.
  • Support both upstream CommonMark and GFM's differences in the base spec. by @​kivikakk in kivikakk/comrak#428
    • GFM modifies even base CommonMark output somewhat. We now support and validate against both.
  • cm: count ol items from start of each list. by @​kivikakk in kivikakk/comrak#429
    • Ordered list item numbers are normalised on formatting back to CommonMark.
  • arena_tree: panic if iterator invalidation causes trouble. by @​kivikakk in kivikakk/comrak#437
    • arena_tree would silently stop iteration when trying to proceed from a child that had lost its parent. It now panics instead, as the old behaviour is incorrect and impossible to notice.
  • broken reflink callback updates & big cleanup. by @​kivikakk in kivikakk/comrak#438
    • The broken reference link callback has been moved into ParseOptions (which now takes a lifetime, meaning Options does too).
    • The callback now takes a struct containing both the normalised reference, and the original text, and the return value has changed from a 2-tuple to a struct for clarity.
    • parse_document_with_broken_link_callback has been marked deprecated.
  • Inline sourcepos fixes. by @​kivikakk in kivikakk/comrak#439
    • Inline sourcepos was provided on a best-effort basis, but there are multiple correctness issues which can't be fixed without significant work.
    • Inline sourcepos is no longer reported in HTML output. It remains in the AST and in XML output, but it is not reliable. See the PR for details.
    • Link sourcepos is slightly better than it was when it spans multiple lines.

New Contributors

Diff: https://github.com/kivikakk/comrak/compare/v0.24.1...v0.25.0

Changelog

Sourced from comrak's changelog.

[v0.26.0] - 12-07-2024

  • Restore inline sourcepos as experimental. by @​kivikakk in kivikakk/comrak#444
    • This is needed by some downstream users, so we re-introduce it, with a clearly labelled option.

Diff: https://github.com/kivikakk/comrak/compare/v0.25.0...v0.26.0

[v0.25.0] - 12-07-2024

  • Discord-flavored Markdown by @​Meow and @​liamwhite in kivikakk/comrak#421
    • Three new extensions and two render options are added:
      • extension.underline adds support for __underlined__ text.
      • extension.spoiler adds support for ||spoiler|| text.
      • extension.greentext adds support for image board-style >greentext, which isn't transformed into a blockquote.
      • render.ignore_setext disables parsing setext-style headings.
      • render.ignore_empty_links causes links with no text (like [](https://github.com/kivikakk/comrak/blob/main/xyz)) to remain in the text as-is.
  • nodes: add From impls for AstNode. by @​kivikakk in kivikakk/comrak#424
    • Back by popular demand: AstNode::from(NodeValue).
    • Also added is AstNode::from(Ast), if you have sourcepos.
  • AST validation by @​yannham in kivikakk/comrak#425
    • The AST is validated when formatting a document as CommonMark in debug builds.
  • Address autolink edge cases. by @​kivikakk in kivikakk/comrak#426
    • Autolinks had many edge cases where output differed from upstream cmark-gfm. These have been fixed by following upstream's parser design closely.
  • shortcodes: capture all known aliases. by @​kivikakk in kivikakk/comrak#427
    • We didn't parse shortcodes containing numbers or +. We do now.
  • Support both upstream CommonMark and GFM's differences in the base spec. by @​kivikakk in kivikakk/comrak#428
    • GFM modifies even base CommonMark output somewhat. We now support and validate against both.
  • cm: count ol items from start of each list. by @​kivikakk in kivikakk/comrak#429
    • Ordered list item numbers are normalised on formatting back to CommonMark.
  • arena_tree: panic if iterator invalidation causes trouble. by @​kivikakk in kivikakk/comrak#437
    • arena_tree would silently stop iteration when trying to proceed from a child that had lost its parent. It now panics instead, as the old behaviour is incorrect and impossible to notice.
  • broken reflink callback updates & big cleanup. by @​kivikakk in kivikakk/comrak#438
    • The broken reference link callback has been moved into ParseOptions (which now takes a lifetime, meaning Options does too).
    • The callback now takes a struct containing both the normalised reference, and the original text, and the return value has changed from a 2-tuple to a struct for clarity.
    • parse_document_with_broken_link_callback has been marked deprecated.
  • Inline sourcepos fixes. by @​kivikakk in kivikakk/comrak#439
    • Inline sourcepos was provided on a best-effort basis, but there are multiple correctness issues which can't be fixed without significant work.

... (truncated)

Commits
  • 415f527 Merge pull request #445 from kivikakk/release/v0.26.0
  • 0c62d39 changelog.txt: update.
  • ed7113c [skip test] update changelog
  • 6b268f9 Cargo.toml: v0.26.0.
  • 0de8251 Merge pull request #444 from kivikakk/experimental-inline-sourcepos
  • 1dc3fed html: only show inline sourcepos when asked for.
  • c5f5f2d Revert "html: don't report sourcepos on inlines."
  • ae113bf Merge pull request #440 from kivikakk/release/v0.25.0
  • 83e90b2 changelog.txt: elaborate on 0.25.0, and clean up.
  • 17c02a2 [skip test] update changelog
  • Additional commits viewable in compare view


Updates if-addrs from 0.12.0 to 0.13.1

Release notes

Sourced from if-addrs's releases.

v0.13.1

What's Changed

New Contributors

Full Changelog: https://github.com/messense/if-addrs/compare/v0.13.0...v0.13.1

v0.13.0

What's Changed

New Contributors

Full Changelog: https://github.com/messense/if-addrs/compare/v0.12.0...v0.13.0

Commits
  • 5948a71 Bump version to 0.13.1
  • fec7d73 Add possible fallable conversion to libc::suseconds_t (#40)
  • d0656e4 Bump version to 0.13.0
  • f948092 Merge pull request #38 from mon/more-changes
  • 4b1ea8d Fix some IfChangeNotifier docs
  • adca042 Use latest stable Xcode
  • c6d61ac Merge pull request #36 from mon/network-change-notify
  • d4a0b5d Update examples/detect_interface_changes.rs
  • cabec36 Rework if notifier to give changed interfaces, persist structures
  • badbfdf Remove from_raw_fd, not stabilised til rustc 1.66
  • Additional commits viewable in compare view


Updates rustls from 0.23.10 to 0.23.11

Commits
  • 7b521da roadmap: reflect 0.23.11
  • cd9be0d Prepare 0.23.11
  • f781276 x509.rs: move asn1_wrap below callers
  • bc1e543 ring::sign: tidy up pkcs8 conversion
  • b5895c7 Add public_key() for all built-in SigningKeys
  • 20fdce6 Call CertifiedKey::keys_match from ConfigBuilder::with_single_cert*
  • 54b3b5e Refactor AlwaysResolvesChain to take existing CertifiedKey
  • 0e2d2ac chore(deps): lock file maintenance
  • 8b8d5dc Refactor and explain bulk total_data behaviour
  • fefc057 Hoist Arc into make_client/server_config return type
  • Additional commits viewable in compare view


Updates serde from 1.0.203 to 1.0.204

Release notes

Sourced from serde's releases.

v1.0.204

  • Apply #[diagnostic::on_unimplemented] attribute on Rust 1.78+ to suggest adding serde derive or enabling a "serde" feature flag in dependencies (#2767, thanks @​weiznich)
Commits
  • 18dcae0 Release 1.0.204
  • 58c307f Alphabetize list of rustc-check-cfg
  • 8cc4809 Merge pull request #2769 from dtolnay/onunimpl
  • 1179158 Update ui test with diagnostic::on_unimplemented from PR 2767
  • 91aa40e Add ui test of unsatisfied serde trait bound
  • 595019e Cut test_suite from workspace members in old toolchain CI jobs
  • b0d7917 Pull in trybuild 'following types implement trait' fix
  • 8e6637a Merge pull request #2767 from weiznich/feature/diagnostic_on_unimplemented
  • 694fe05 Use the #[diagnostic::on_unimplemented] attribute when possible
  • f3dfd2a Suppress dead code warning in test of unit struct remote derive
  • Additional commits viewable in compare view


Updates thiserror from 1.0.61 to 1.0.63

Release notes

Sourced from thiserror's releases.

1.0.63

  • Documentation improvements

1.0.62

  • Support referring to nested tuple struct fields inside #[error("…", …)] attribute (#309)
Commits
  • 915c75e Release 1.0.63
  • 3d5ec25 Merge pull request #312 from dtolnay/backtracedoc
  • de8a1e5 Update documentation of #[from] and #[backtrace] attributes
  • 0bf6e3d Release 1.0.62
  • 4977932 Merge pull request #310 from dtolnay/nestedtuple
  • 40a7779 Support .0.0 nested tuple index
  • f1ca210 Add regression test for issue 309
  • 479744e No need for dead code if struct fields are public
  • 4db08b1 Ignore warning on unused struct in test
  • f2824ae Fill in ignore reasons in all #[ignore] attributes
  • See full diff in compare view


Updates tokio from 1.38.0 to 1.38.1

Release notes

Sourced from tokio's releases.

Tokio v1.38.1

1.38.1 (July 16th, 2024)

This release fixes the bug identified as (#6682), which caused timers not to fire when they should.

Fixed

  • time: update wake_up while holding all the locks of sharded time wheels (#6683)

#6682: tokio-rs/tokio#6682 #6683: tokio-rs/tokio#6683

Commits


Updates zip from 2.1.3 to 2.1.4

Release notes

Sourced from zip's releases.

v2.1.4

🐛 Bug Fixes

  • fix(#215): Upgrade to deflate64 0.1.9
  • Panic when reading a file truncated in the middle of an XZ block header
  • Some archives with over u16::MAX files were handled incorrectly or slowly (#189)
  • Check number of files when deciding whether a CDE is the real one
  • Could still select a fake CDE over a real one in some cases
  • May have to consider multiple CDEs before filtering for validity
  • We now keep searching for a real CDE header after read an invalid one from the file comment
  • Always search for data start when opening an archive for append, and reject the header if data appears to start after central directory
  • deep_copy_file no longer allows overwriting an existing file, to match the behavior of shallow_copy_file
  • File start position was wrong when extra data was present
  • Abort file if central extra data is too large
  • Overflow panic when central directory extra data is too large
  • ZIP64 header was being written twice when copying a file
  • ZIP64 header was being written to central header twice
  • Start position was incorrect when file had no extra data
  • Allow all reserved headers we can create
  • Fix a bug where alignment padding interacts with other extra-data fields
  • Fix bugs involving alignment padding and Unicode extra fields
  • Incorrect header when adding AES-encrypted files
  • Parse the extra field and reject it if invalid
  • Incorrect behavior following a rare combination of merge_archive, abort_file and deep_copy_file. As well, we now return an error when a file is being copied to itself.
  • path_to_string now properly handles the case of an empty path
  • Implement Debug for ZipWriter even when it's not implemented for the inner writer's type
  • Fix an issue where the central directory could be incorrectly detected
  • finish_into_readable() would corrupt the archive if the central directory had moved

🚜 Refactor

  • Verify with debug assertions that no FixedSizeBlock expects a multi-byte alignment (#198)
  • Use new do_or_abort_file method

⚡ Performance

  • Speed up CRC when encrypting small files
  • Limit the number of extra fields
  • Refactor extra-data validation
  • Store extra data in plain vectors until after validation
  • Only build one IndexMap after choosing among the possible valid headers
  • Simplify validation of empty extra-data fields
  • Validate automatic extra-data fields only once, even if several are present
  • Remove redundant validate_extra_data() call
  • Skip searching for the ZIP32 header if a valid ZIP64 header is present (#189)

⚙️ Miscellaneous Tasks

  • Fix a bug introduced by c934c824
  • Fix a failing unit test
  • Fix build errors on older Rust versions
  • Fix build
  • Fix another fuzz failure
  • Switch to ok_or_abort_file, and inline when that fails borrow checker

... (truncated)

Changelog

Sourced from zip's changelog.

2.1.4 - 2024-07-18

🐛 Bug Fixes

  • fix(#215): Upgrade to deflate64 0.1.9
  • Panic when reading a file truncated in the middle of an XZ block header
  • Some archives with over u16::MAX files were handled incorrectly or slowly (#189)
  • Check number of files when deciding whether a CDE is the real one
  • Could still select a fake CDE over a real one in some cases
  • May have to consider multiple CDEs before filtering for validity
  • We now keep searching for a real CDE header after read an invalid one from the file comment
  • Always search for data start when opening an archive for append, and reject the header if data appears to start after central directory
  • deep_copy_file no longer allows overwriting an existing file, to match the behavior of shallow_copy_file
  • File start position was wrong when extra data was present
  • Abort file if central extra data is too large
  • Overflow panic when central directory extra data is too large
  • ZIP64 header was being written twice when copying a file
  • ZIP64 header was being written to central header twice
  • Start position was incorrect when file had no extra data
  • Allow all reserved headers we can create
  • Fix a bug where alignment padding interacts with other extra-data fields
  • Fix bugs involving alignment padding and Unicode extra fields
  • Incorrect header when adding AES-encrypted files
  • Parse the extra field and reject it if invalid
  • Incorrect behavior following a rare combination of merge_archive, abort_file and deep_copy_file. As well, we now return an error when a file is being copied to itself.
  • path_to_string now properly handles the case of an empty path
  • Implement Debug for ZipWriter even when it's not implemented for the inner writer's type
  • Fix an issue where the central directory could be incorrectly detected
  • finish_into_readable() would corrupt the archive if the central directory had moved

🚜 Refactor

  • Verify with debug assertions that no FixedSizeBlock expects a multi-byte alignment (#198)
  • Use new do_or_abort_file method

⚡ Performance

  • Speed up CRC when encrypting small files
  • Limit the number of extra fields
  • Refactor extra-data validation
  • Store extra data in plain vectors until after validation
  • Only build one IndexMap after choosing among the possible valid headers
  • Simplify validation of empty extra-data fields
  • Validate automatic extra-data fields only once, even if several are present
  • Remove redundant validate_extra_data() call
  • Skip searching for the ZIP32 header if a valid ZIP64 header is present (#189)

⚙️ Miscellaneous Tasks

  • Fix a bug introduced by c934c824
  • Fix a failing unit test
  • Fix build errors on older Rust versions
  • Fix build
  • Fix another fuzz failure

... (truncated)

Commits
  • 9caa3b6 Merge pull request #194 from zip-rs/release-plz-2024-06-15T04-17-17Z
  • 8b11361 chore: release
  • 55c2c64 ci(fuzz): Set max length closer to current corpus entries' length
  • 193bbe1 fix(#215): Upgrade to deflate64 0.1.9
  • 4e971d0 Commit unfinished corpus
  • c149868 Fix divergence from origin/master
  • 81b5fb6 Update fuzz_write corpus to use only smaller entries
  • 6106a2b Merge pull request #201 from nichmor/fix/soft-links-should-remain-the-same
  • 03dd557 Merge pull request #218 from zip-rs/fuzz-write-no-feat-40m
  • e48686a ci(fuzz): Run fuzz_write_with_no_features only 40m times
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 1 month ago

Looks like these dependencies are no longer updatable, so this is no longer needed.