fix(deps): update dependencies (non-major)

clank-bot commented

2026-05-15 15:20:39 +00:00

Member

This PR contains the following updates:

Package	Type	Update	Change
axum-extra	dependencies	minor	`0.10` -> `0.12`
http	dependencies	patch	`1.4.0` -> `1.4.1`
reqwest	dependencies	minor	`0.12` -> `0.13`
serde_json	dependencies	patch	`1.0.149` -> `1.0.150`
tokio (source)	dependencies	patch	`1.52.1` -> `1.52.3`
tower-http	dependencies	patch	`0.6.10` -> `0.6.11`

Release Notes

tokio-rs/axum (axum-extra)

`v0.12.6`

Compare Source

fixed: Escape backslashes and double quotes in Content-Disposition filenames to prevent header parameter injection in Attachment and FileStream (#3664)
vpath! macro now stops the compilation if your path is using deprecated path variables in the old 107 format, such as :var and *var. the only allowed way now is {var}. (#3618)
fixed: Return specific error message when multipart body limit is exceeded (#3611)

`v0.12.3`: axum-extra v0.12.3

Compare Source

changed: Make the typed-routing feature enable the routing feature (#3514)
changed: Add trailing newline to ErasedJson::pretty response bodies (#3526)
fixed: Fix integer underflow in FileStream::try_range_response for empty files (#3566)

`v0.12.2`: axum-extra v0.12.2

Make it easier to visually scan for default features (#3550)

`v0.12.0`: axum-extra v0.12.0

Compare Source

breaking: Remove unused async-stream feature, which was accidentally
introduced as an implicit feature through an optional dependency which was no
longer being used (#3298)
breaking: option_layer now maps the Response body type to axum::body::Body (#3469)
breaking: Some new features are added which need to be opted in (#3485).
- Cached extractor requires cached feature.
- The handler utilities require handler feature.
- The middleware utilities require middleware feature.
- OptionalPath extractor requires optional-path feature.
- The routing utilities require routing feature.
- WithRejection extractor requires with-rejection feature.
breaking: Upgraded prost dependency to v0.14. (#3517)

`v0.11.0`: axum-extra v0.11.0

Compare Source

Yanked from crates.io due to unforeseen breaking change, see #3190 for details

breaking: Remove unused async-stream feature, which was accidentally
introduced as an implicit feature through an optional dependency which was no
longer being used (#3145)
fixed: Fix a broken link in the documentation of ErasedJson (#3186)
changed: Make the status function of rejections a const function, such
as FormRejection, QueryRejection and MultipartRejection (#3168)

hyperium/http (http)

`v1.4.1`

Compare Source

Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.
Fix Extend for HeaderMap to clamp max size hint and not overflow.
Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.
Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

seanmonstar/reqwest (reqwest)

`v0.13.4`

Compare Source

Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
Add ClientBuilder::http2_keep_alive_* options for the blocking client.
Add TLS 1.3 support when using native-tls backend.
Fix redirect handling to strip sensitive headers when the scheme changes.
Fix HTTP/3 happy-eyeball connection creation.
Upgrade hickory-resolver to 0.26.

`v0.13.3`

Compare Source

Fix CertificateRevocationList parsing of PEM values.
Fix logging in resolver to only show host, not full URL.
Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
Fix HTTP/3 to handle STOP_SENDING as not an error.
Fix HTTP/3 pool to remove timed out QUIC connections.
Fix HTTP/3 connection establishment picking IPv4 and IPv6.
Upgrade rustls-platform-verifier.
(wasm) Only use wasm-bindgen on unknown-* targets.

`v0.13.2`

Compare Source

Fix HTTP/2 and native-tls ALPN feature combinations.
Fix HTTP/3 to send h3 ALPN.
(wasm) fix RequestBuilder::json() from override previously set content-type.

`v0.13.1`

Compare Source

Fixes compiling with rustls on Android targets.

`v0.13.0`

Compare Source

Breaking changes:
- rustls is now the default TLS backend, instead of native-tls.
- rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
- rustls-tls has been renamed to rustls.
- rustls roots features removed, rustls-platform-verifier is used by default.
  - To use different roots, call tls_certs_only(your_roots).
- native-tls now includes ALPN. To disable, use native-tls-no-alpn.
- query and form are now crate features, disabled by default.
- Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
- For example, prefer tls_backend_rustls() over use_rustls_tls().

v0.12.28

Fix compiling on Windows if TLS and SOCKS features are not enabled.

v0.12.27

Add ClientBuilder::windows_named_pipe(name) option that will force all requests over that Windows Named Piper.

v0.12.26

Fix sending Accept-Encoding header only with values configured with reqwest, regardless of underlying tower-http config.

v0.12.25

Add Error::is_upgrade() to determine if the error was from an HTTP upgrade.
Fix sending Proxy-Authorization if only username is configured.
Fix sending Proxy-Authorization to HTTPS proxies when the target is HTTP.
Refactor internal decompression handling to use tower-http.

v0.12.24

Refactor cookie handling to an internal middleware.
Refactor internal random generator.
Refactor base64 encoding to reduce a copy.
Documentation updates.

v0.12.23

Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
Add ClientBuilder::retry(policy) and reqwest::retry::Builder to configure automatic retries.
Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.
Add http3_* options to blocking::ClientBuilder.
Fix default TCP timeout values to enabled and faster.
Fix SOCKS proxies to default to port 1080
(wasm) Add cache methods to RequestBuilder.

v0.12.22

Fix socks proxies when resolving IPv6 destinations.

v0.12.21

Fix socks proxy to use socks4a:// instead of socks4h://.
Fix Error::is_timeout() to check for hyper and IO timeouts too.
Fix request Error to again include URLs when possible.
Fix socks connect error to include more context.
(wasm) implement Default for Body.

v0.12.20

Add ClientBuilder::tcp_user_timeout(Duration) option to set TCP_USER_TIMEOUT.
Fix proxy headers only using the first matched proxy.
(wasm) Fix re-adding Error::is_status().

v0.12.19

Fix redirect that changes the method to GET should remove payload headers.
Fix redirect to only check the next scheme if the policy action is to follow.
(wasm) Fix compilation error if cookies feature is enabled (by the way, it's a noop feature in wasm).

v0.12.18

Fix compilation when socks enabled without TLS.

v0.12.17

Fix compilation on macOS.

v0.12.16

Add ClientBuilder::http3_congestion_bbr() to enable BBR congestion control.
Add ClientBuilder::http3_send_grease() to configure whether to send use QUIC grease.
Add ClientBuilder::http3_max_field_section_size() to configure the maximum response headers.
Add ClientBuilder::tcp_keepalive_interval() to configure TCP probe interval.
Add ClientBuilder::tcp_keepalive_retries() to configure TCP probe count.
Add Proxy::headers() to add extra headers that should be sent to a proxy.
Fix redirect::Policy::limit() which had an off-by-1 error, allowing 1 more redirect than specified.
Fix HTTP/3 to support streaming request bodies.
(wasm) Fix null bodies when calling Response::bytes_stream().

v0.12.15

Fix Windows to support both ProxyOverride and NO_PROXY.
Fix http3 to support streaming response bodies.
Fix http3 dependency from public API misuse.

v0.12.14

Fix missing fetch_mode_no_cors(), marking as deprecated when not on WASM.

v0.12.13

Add Form::into_reader() for blocking multipart forms.
Add Form::into_stream() for async multipart forms.
Add support for SOCKS4a proxies.
Fix decoding responses with multiple zstd frames.
Fix RequestBuilder::form() from overwriting a previously set Content-Type header, like the other builder methods.
Fix cloning of request timeout in blocking::Request.
Fix http3 synchronization of connection creation, reducing unneccesary extra connections.
Fix Windows system proxy to use ProxyOverride as a NO_PROXY value.
Fix blocking read to correctly reserve and zero read buffer.
(wasm) Add support for request timeouts.
(wasm) Fix Error::is_timeout() to return true when from a request timeout.

v0.12.12

(wasm) Fix compilation by not compiler tokio/time on WASM.

v0.12.11

Fix decompression returning an error when HTTP/2 ends with an empty data frame.

v0.12.10

Add ClientBuilder::connector_layer() to allow customizing the connector stack.
Add ClientBuilder::http2_max_header_list_size() option.
Fix propagating body size hint (content-length) information when wrapping bodies.
Fix decompression of chunked bodies so the connections can be reused more often.

v0.12.9

Add tls::CertificateRevocationLists support.
Add crate features to enable webpki roots without selecting a rustls provider.
Fix connection_verbose() to output read logs.
Fix multipart::Part::file() to automatically include content-length.
Fix proxy to internally no longer cache system proxy settings.

v0.12.8

Add support for SOCKS4 proxies.
Add multipart::Form::file() method for adding files easily.
Add Body::wrap() to wrap any http_body::Body type.
Fix the pool configuration to use a timer to remove expired connections.

v0.12.7

Revert adding impl Service<http::Request<_>> for Client.

v0.12.6

Add support for danger_accept_invalid_hostnames for rustls.
Add impl Service<http::Request<Body>> for Client and &'_ Client.
Add support for !Sync bodies in Body::wrap_stream().
Enable happy eyeballs when hickory-dns is used.
Fix Proxy so that HTTP(S)_PROXY values take precedence over ALL_PROXY.
Fix blocking::RequestBuilder::header() from unsetting sensitive on passed header values.

v0.12.5

Add blocking::ClientBuilder::dns_resolver() method to change DNS resolver in blocking client.
Add http3 feature back, still requiring reqwest_unstable.
Add rustls-tls-no-provider Cargo feature to use rustls without a crypto provider.
Fix Accept-Encoding header combinations.
Fix http3 resolving IPv6 addresses.
Internal: upgrade to rustls 0.23.

v0.12.4

Add zstd support, enabled with zstd Cargo feature.
Add ClientBuilder::read_timeout(Duration), which applies the duration for each read operation. The timeout resets after a successful read.

v0.12.3

Add FromStr for dns::Name.
Add ClientBuilder::built_in_webpki_certs(bool) to enable them separately.
Add ClientBuilder::built_in_native_certs(bool) to enable them separately.
Fix sending content-length: 0 for GET requests.
Fix response body content_length() to return value when timeout is configured.
Fix ClientBuilder::resolve() to use lowercase domain names.

v0.12.2

Fix missing ALPN when connecting to socks5 proxy with rustls.
Fix TLS version limits with rustls.
Fix not detected ALPN h2 from server with native-tls.

v0.12.1

Fix ClientBuilder::interface() when no TLS is enabled.
Fix TlsInfo::peer_certificate() being truncated with rustls.
Fix panic if http2 feature disabled but TLS negotiated h2 in ALPN.
Fix Display for Error to not include its source error.

serde-rs/json (serde_json)

`v1.0.150`

Compare Source

Reject non-string enum object keys (#1324, thanks @puneetdixit200)

tokio-rs/tokio (tokio)

`v1.52.3`: Tokio v1.52.3

Compare Source

1.52.3 (May 8th, 2026)

Fixed

sync: fix underflow in mpsc channel len() (#8062)
sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
sync: require that an RwLock has max_readers != 0 (#8076)
sync: return Empty from try_recv() when mpsc is closed with outstanding permits (#8074)

`v1.52.2`: Tokio v1.52.2

Compare Source

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to its performance impact. (#8100)

tower-rs/tower-http (tower-http)

set-header: add SetMultipleResponseHeadersLayer and
SetMultipleResponseHeader for setting multiple response headers at once.
Supports overriding, appending, and if_not_present modes. Header
values can be fixed or computed dynamically via closures (#672)

use http::{Response, header::{self, HeaderValue}};
use http_body::Body as _;
use tower_http::set_header::response::SetMultipleResponseHeadersLayer;

let layer = SetMultipleResponseHeadersLayer::overriding(vec![
    (header::X_FRAME_OPTIONS, HeaderValue::from_static("DENY")).into(),
    (header::CONTENT_LENGTH, |res: &Response<MyBody>| {
        res.body().size_hint().exact()
            .map(|size| HeaderValue::from_str(&size.to_string()).unwrap())
    }).into(),
]);

set-header: add SetMultipleRequestHeadersLayer and
SetMultipleRequestHeaders for setting multiple request headers at once,
mirroring the response-side API (#677)
classify: add From<i32> and From<NonZeroI32> impls for GrpcCode.
Unrecognized status codes map to GrpcCode::Unknown (#506)

Changed

compression: compress application/grpc-web responses. Previously all
application/grpc* content types were excluded from compression; now only
application/grpc (non-web) is excluded (#408)

Fixed

fs: fix ServeDir returning 500 instead of 405 for non-GET/HEAD requests
when call_fallback_on_method_not_allowed is enabled but no fallback service
is configured (#587)
fs: remove duplicate cfg attribute on is_reserved_dos_name (#675)

All PRs

ci: fix flaky encoding test, add nightly stress test job by @jlizen in #670
ci: use static timeout in stress-test workflow by @jlizen in #671
Fix serve_dir method not allowed handling when no fallback is configured by @soerenmeier in #587
Do compress grpc-web responses by @bouk in #408
add From impl for GrpcCode by @gshipilov in #506
feat(set_header): refactor and improve multiple header middleware by @seun-ja in #672
Remove duplicate cfg attribute for is_reserved_dos_name by @GlenDC in #675
feat: set multiple request header by @seun-ja in #677
chore: release 0.6.11 by @jlizen in #673

New Contributors

@gshipilov made their first contribution in #506
@seun-ja made their first contribution in #672

Full Changelog: https://github.com/tower-rs/tower-http/compare/tower-http-0.6.10...tower-http-0.6.11

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [axum-extra](https://github.com/tokio-rs/axum) | dependencies | minor | `0.10` -> `0.12` | | [http](https://github.com/hyperium/http) | dependencies | patch | `1.4.0` -> `1.4.1` | | [reqwest](https://github.com/seanmonstar/reqwest) | dependencies | minor | `0.12` -> `0.13` | | [serde_json](https://github.com/serde-rs/json) | dependencies | patch | `1.0.149` -> `1.0.150` | | [tokio](https://tokio.rs) ([source](https://github.com/tokio-rs/tokio)) | dependencies | patch | `1.52.1` -> `1.52.3` | | [tower-http](https://github.com/tower-rs/tower-http) | dependencies | patch | `0.6.10` -> `0.6.11` | --- ### Release Notes <details> <summary>tokio-rs/axum (axum-extra)</summary> ### [`v0.12.6`](https://github.com/tokio-rs/axum/releases/tag/axum-extra-v0.12.6) [Compare Source](https://github.com/tokio-rs/axum/compare/axum-extra-v0.12.5...axum-extra-v0.12.6) - **fixed:** Escape backslashes and double quotes in `Content-Disposition` filenames to prevent header parameter injection in `Attachment` and `FileStream` ([#3664]) - `vpath!` macro now stops the compilation if your path is using deprecated path variables in the old `107` format, such as `:var` and `*var`. the only allowed way now is `{var}`. ([#3618]) - **fixed:** Return specific error message when multipart body limit is exceeded ([#3611]) [#3664]: https://github.com/tokio-rs/axum/pull/3664 [#3618]: https://github.com/tokio-rs/axum/pull/3618 [#3611]: https://github.com/tokio-rs/axum/pull/3611 ### [`v0.12.5`](https://github.com/tokio-rs/axum/compare/axum-extra-v0.12.4...axum-extra-v0.12.5) [Compare Source](https://github.com/tokio-rs/axum/compare/axum-extra-v0.12.4...axum-extra-v0.12.5) ### [`v0.12.4`](https://github.com/tokio-rs/axum/compare/axum-extra-v0.12.3...axum-extra-v0.12.4) [Compare Source](https://github.com/tokio-rs/axum/compare/axum-extra-v0.12.3...axum-extra-v0.12.4) ### [`v0.12.3`](https://github.com/tokio-rs/axum/releases/tag/axum-extra-v0.12.3): axum-extra v0.12.3 [Compare Source](https://github.com/tokio-rs/axum/compare/axum-extra-v0.12.2...axum-extra-v0.12.3) - **changed:** Make the `typed-routing` feature enable the `routing` feature ([#3514]) - **changed:** Add trailing newline to `ErasedJson::pretty` response bodies ([#3526]) - **fixed:** Fix integer underflow in `FileStream::try_range_response` for empty files ([#3566]) [#3514]: https://github.com/tokio-rs/axum/pull/3514 [#3526]: https://github.com/tokio-rs/axum/pull/3526 [#3566]: https://github.com/tokio-rs/axum/pull/3566 ### [`v0.12.2`](https://github.com/tokio-rs/axum/releases/tag/axum-extra-v0.12.2): axum-extra v0.12.2 - Make it easier to visually scan for default features ([#3550]) [#3550]: https://github.com/tokio-rs/axum/pull/3550 ### [`v0.12.0`](https://github.com/tokio-rs/axum/releases/tag/axum-extra-v0.12.0): axum-extra v0.12.0 [Compare Source](https://github.com/tokio-rs/axum/compare/axum-extra-v0.11.0...axum-extra-v0.12.0) - **breaking:** Remove unused `async-stream` feature, which was accidentally introduced as an implicit feature through an optional dependency which was no longer being used ([#3298]) - **breaking:** `option_layer` now maps the `Response` body type to `axum::body::Body` ([#3469]) - **breaking:** Some new features are added which need to be opted in ([#3485]). - `Cached` extractor requires `cached` feature. - The handler utilities require `handler` feature. - The middleware utilities require `middleware` feature. - `OptionalPath` extractor requires `optional-path` feature. - The routing utilities require `routing` feature. - `WithRejection` extractor requires `with-rejection` feature. - **breaking:** Upgraded `prost` dependency to v0.14. ([#3517]) [#3298]: https://github.com/tokio-rs/axum/pull/3298 [#3469]: https://github.com/tokio-rs/axum/pull/3469 [#3485]: https://github.com/tokio-rs/axum/pull/3485 [#3517]: https://github.com/tokio-rs/axum/pull/3517 ### [`v0.11.0`](https://github.com/tokio-rs/axum/releases/tag/axum-extra-v0.11.0): axum-extra v0.11.0 [Compare Source](https://github.com/tokio-rs/axum/compare/axum-extra-v0.10.3...axum-extra-v0.11.0) Yanked from crates.io due to unforeseen breaking change, see [#3190](https://github.com/tokio-rs/axum/issues/3190) for details *** - **breaking:** Remove unused `async-stream` feature, which was accidentally introduced as an implicit feature through an optional dependency which was no longer being used ([#3145]) - **fixed:** Fix a broken link in the documentation of `ErasedJson` ([#3186]) - **changed:** Make the `status` function of rejections a `const` function, such as `FormRejection`, `QueryRejection` and `MultipartRejection` ([#3168]) [#3145]: https://github.com/tokio-rs/axum/pull/3145 [#3168]: https://github.com/tokio-rs/axum/pull/3168 [#3186]: https://github.com/tokio-rs/axum/pull/3186 </details> <details> <summary>hyperium/http (http)</summary> ### [`v1.4.1`](https://github.com/hyperium/http/blob/HEAD/CHANGELOG.md#141-May-25-2026) [Compare Source](https://github.com/hyperium/http/compare/v1.4.0...v1.4.1) - Fix `PathAndQuery::from_static()` and `from_shared()` to reject inputs that do not start with `/`. - Fix `Extend` for `HeaderMap` to clamp max size hint and not overflow. - Fix `header::IntoIter` that could use-after-free if the generic value type could panic on drop. - Fix `header::{IterMut, ValuesIterMut}` to not violate stacked borrows. </details> <details> <summary>seanmonstar/reqwest (reqwest)</summary> ### [`v0.13.4`](https://github.com/seanmonstar/reqwest/blob/HEAD/CHANGELOG.md#v0134) [Compare Source](https://github.com/seanmonstar/reqwest/compare/v0.13.3...v0.13.4) - Add `ClientBuilder::tls_sslkeylogfile(bool)` option to allow using the related environment variable. - Add `ClientBuilder::http2_keep_alive_*` options for the `blocking` client. - Add TLS 1.3 support when using `native-tls` backend. - Fix redirect handling to strip sensitive headers when the scheme changes. - Fix HTTP/3 happy-eyeball connection creation. - Upgrade hickory-resolver to 0.26. ### [`v0.13.3`](https://github.com/seanmonstar/reqwest/blob/HEAD/CHANGELOG.md#v0133) [Compare Source](https://github.com/seanmonstar/reqwest/compare/v0.13.2...v0.13.3) - Fix CertificateRevocationList parsing of PEM values. - Fix logging in resolver to only show host, not full URL. - Fix hickory-dns to fallback to a default if `/etc/resolv.conf` fails. - Fix HTTP/3 to handle `STOP_SENDING` as not an error. - Fix HTTP/3 pool to remove timed out QUIC connections. - Fix HTTP/3 connection establishment picking IPv4 and IPv6. - Upgrade rustls-platform-verifier. - (wasm) Only use wasm-bindgen on unknown-\* targets. ### [`v0.13.2`](https://github.com/seanmonstar/reqwest/blob/HEAD/CHANGELOG.md#v0132) [Compare Source](https://github.com/seanmonstar/reqwest/compare/v0.13.1...v0.13.2) - Fix HTTP/2 and native-tls ALPN feature combinations. - Fix HTTP/3 to send h3 ALPN. - (wasm) fix `RequestBuilder::json()` from override previously set content-type. ### [`v0.13.1`](https://github.com/seanmonstar/reqwest/blob/HEAD/CHANGELOG.md#v0131) [Compare Source](https://github.com/seanmonstar/reqwest/compare/v0.13.0...v0.13.1) - Fixes compiling with rustls on Android targets. ### [`v0.13.0`](https://github.com/seanmonstar/reqwest/blob/HEAD/CHANGELOG.md#v0130) [Compare Source](https://github.com/seanmonstar/reqwest/compare/v0.12.28...v0.13.0) - **Breaking changes**: - `rustls` is now the default TLS backend, instead of `native-tls`. - `rustls` crypto provider defaults to aws-lc instead of *ring*. (`rustls-no-provider` exists if you want a different crypto provider) - `rustls-tls` has been renamed to `rustls`. - rustls roots features removed, `rustls-platform-verifier` is used by default. - To use different roots, call `tls_certs_only(your_roots)`. - `native-tls` now includes ALPN. To disable, use `native-tls-no-alpn`. - `query` and `form` are now crate features, disabled by default. - Long-deprecated methods and crate features have been removed (such as `trust-dns`, which was renamed `hickory-dns` a while ago). - Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings) - For example, prefer `tls_backend_rustls()` over `use_rustls_tls()`. #### v0.12.28 - Fix compiling on Windows if TLS and SOCKS features are not enabled. #### v0.12.27 - Add `ClientBuilder::windows_named_pipe(name)` option that will force all requests over that Windows Named Piper. #### v0.12.26 - Fix sending `Accept-Encoding` header only with values configured with reqwest, regardless of underlying tower-http config. #### v0.12.25 - Add `Error::is_upgrade()` to determine if the error was from an HTTP upgrade. - Fix sending `Proxy-Authorization` if only username is configured. - Fix sending `Proxy-Authorization` to HTTPS proxies when the target is HTTP. - Refactor internal decompression handling to use tower-http. #### v0.12.24 - Refactor cookie handling to an internal middleware. - Refactor internal random generator. - Refactor base64 encoding to reduce a copy. - Documentation updates. #### v0.12.23 - Add `ClientBuilder::unix_socket(path)` option that will force all requests over that Unix Domain Socket. - Add `ClientBuilder::retry(policy)` and `reqwest::retry::Builder` to configure automatic retries. - Add `ClientBuilder::dns_resolver2()` with more ergonomic argument bounds, allowing more resolver implementations. - Add `http3_*` options to `blocking::ClientBuilder`. - Fix default TCP timeout values to enabled and faster. - Fix SOCKS proxies to default to port 1080 - (wasm) Add cache methods to `RequestBuilder`. #### v0.12.22 - Fix socks proxies when resolving IPv6 destinations. #### v0.12.21 - Fix socks proxy to use `socks4a://` instead of `socks4h://`. - Fix `Error::is_timeout()` to check for hyper and IO timeouts too. - Fix request `Error` to again include URLs when possible. - Fix socks connect error to include more context. - (wasm) implement `Default` for `Body`. #### v0.12.20 - Add `ClientBuilder::tcp_user_timeout(Duration)` option to set `TCP_USER_TIMEOUT`. - Fix proxy headers only using the first matched proxy. - (wasm) Fix re-adding `Error::is_status()`. #### v0.12.19 - Fix redirect that changes the method to GET should remove payload headers. - Fix redirect to only check the next scheme if the policy action is to follow. - (wasm) Fix compilation error if `cookies` feature is enabled (by the way, it's a noop feature in wasm). #### v0.12.18 - Fix compilation when `socks` enabled without TLS. #### v0.12.17 - Fix compilation on macOS. #### v0.12.16 - Add `ClientBuilder::http3_congestion_bbr()` to enable BBR congestion control. - Add `ClientBuilder::http3_send_grease()` to configure whether to send use QUIC grease. - Add `ClientBuilder::http3_max_field_section_size()` to configure the maximum response headers. - Add `ClientBuilder::tcp_keepalive_interval()` to configure TCP probe interval. - Add `ClientBuilder::tcp_keepalive_retries()` to configure TCP probe count. - Add `Proxy::headers()` to add extra headers that should be sent to a proxy. - Fix `redirect::Policy::limit()` which had an off-by-1 error, allowing 1 more redirect than specified. - Fix HTTP/3 to support streaming request bodies. - (wasm) Fix null bodies when calling `Response::bytes_stream()`. #### v0.12.15 - Fix Windows to support both `ProxyOverride` and `NO_PROXY`. - Fix http3 to support streaming response bodies. - Fix http3 dependency from public API misuse. #### v0.12.14 - Fix missing `fetch_mode_no_cors()`, marking as deprecated when not on WASM. #### v0.12.13 - Add `Form::into_reader()` for blocking `multipart` forms. - Add `Form::into_stream()` for async `multipart` forms. - Add support for SOCKS4a proxies. - Fix decoding responses with multiple zstd frames. - Fix `RequestBuilder::form()` from overwriting a previously set `Content-Type` header, like the other builder methods. - Fix cloning of request timeout in `blocking::Request`. - Fix http3 synchronization of connection creation, reducing unneccesary extra connections. - Fix Windows system proxy to use `ProxyOverride` as a `NO_PROXY` value. - Fix blocking read to correctly reserve and zero read buffer. - (wasm) Add support for request timeouts. - (wasm) Fix `Error::is_timeout()` to return true when from a request timeout. #### v0.12.12 - (wasm) Fix compilation by not compiler `tokio/time` on WASM. #### v0.12.11 - Fix decompression returning an error when HTTP/2 ends with an empty data frame. #### v0.12.10 - Add `ClientBuilder::connector_layer()` to allow customizing the connector stack. - Add `ClientBuilder::http2_max_header_list_size()` option. - Fix propagating body size hint (`content-length`) information when wrapping bodies. - Fix decompression of chunked bodies so the connections can be reused more often. #### v0.12.9 - Add `tls::CertificateRevocationLists` support. - Add crate features to enable webpki roots without selecting a rustls provider. - Fix `connection_verbose()` to output read logs. - Fix `multipart::Part::file()` to automatically include content-length. - Fix proxy to internally no longer cache system proxy settings. #### v0.12.8 - Add support for SOCKS4 proxies. - Add `multipart::Form::file()` method for adding files easily. - Add `Body::wrap()` to wrap any `http_body::Body` type. - Fix the pool configuration to use a timer to remove expired connections. #### v0.12.7 - Revert adding `impl Service<http::Request<_>>` for `Client`. #### v0.12.6 - Add support for `danger_accept_invalid_hostnames` for `rustls`. - Add `impl Service<http::Request<Body>>` for `Client` and `&'_ Client`. - Add support for `!Sync` bodies in `Body::wrap_stream()`. - Enable happy eyeballs when `hickory-dns` is used. - Fix `Proxy` so that `HTTP(S)_PROXY` values take precedence over `ALL_PROXY`. - Fix `blocking::RequestBuilder::header()` from unsetting `sensitive` on passed header values. #### v0.12.5 - Add `blocking::ClientBuilder::dns_resolver()` method to change DNS resolver in blocking client. - Add `http3` feature back, still requiring `reqwest_unstable`. - Add `rustls-tls-no-provider` Cargo feature to use rustls without a crypto provider. - Fix `Accept-Encoding` header combinations. - Fix http3 resolving IPv6 addresses. - Internal: upgrade to rustls 0.23. #### v0.12.4 - Add `zstd` support, enabled with `zstd` Cargo feature. - Add `ClientBuilder::read_timeout(Duration)`, which applies the duration for each read operation. The timeout resets after a successful read. #### v0.12.3 - Add `FromStr` for `dns::Name`. - Add `ClientBuilder::built_in_webpki_certs(bool)` to enable them separately. - Add `ClientBuilder::built_in_native_certs(bool)` to enable them separately. - Fix sending `content-length: 0` for GET requests. - Fix response body `content_length()` to return value when timeout is configured. - Fix `ClientBuilder::resolve()` to use lowercase domain names. #### v0.12.2 - Fix missing ALPN when connecting to socks5 proxy with rustls. - Fix TLS version limits with rustls. - Fix not detected ALPN h2 from server with native-tls. #### v0.12.1 - Fix `ClientBuilder::interface()` when no TLS is enabled. - Fix `TlsInfo::peer_certificate()` being truncated with rustls. - Fix panic if `http2` feature disabled but TLS negotiated h2 in ALPN. - Fix `Display` for `Error` to not include its source error. </details> <details> <summary>serde-rs/json (serde_json)</summary> ### [`v1.0.150`](https://github.com/serde-rs/json/releases/tag/v1.0.150) [Compare Source](https://github.com/serde-rs/json/compare/v1.0.149...v1.0.150) - Reject non-string enum object keys ([#1324](https://github.com/serde-rs/json/issues/1324), thanks [@puneetdixit200](https://github.com/puneetdixit200)) </details> <details> <summary>tokio-rs/tokio (tokio)</summary> ### [`v1.52.3`](https://github.com/tokio-rs/tokio/releases/tag/tokio-1.52.3): Tokio v1.52.3 [Compare Source](https://github.com/tokio-rs/tokio/compare/tokio-1.52.2...tokio-1.52.3) ### 1.52.3 (May 8th, 2026) ##### Fixed - sync: fix underflow in mpsc channel `len()` ([#8062]) - sync: notify receivers in mpsc `OwnedPermit::release()` method ([#8075]) - sync: require that an `RwLock` has `max_readers != 0` ([#8076]) - sync: return `Empty` from `try_recv()` when mpsc is closed with outstanding permits ([#8074]) [#8062]: https://github.com/tokio-rs/tokio/pull/8062 [#8074]: https://github.com/tokio-rs/tokio/pull/8074 [#8075]: https://github.com/tokio-rs/tokio/pull/8075 [#8076]: https://github.com/tokio-rs/tokio/pull/8076 ### [`v1.52.2`](https://github.com/tokio-rs/tokio/releases/tag/tokio-1.52.2): Tokio v1.52.2 [Compare Source](https://github.com/tokio-rs/tokio/compare/tokio-1.52.1...tokio-1.52.2) ### 1.52.2 (May 4th, 2026) This release reverts the LIFO slot stealing change introduced in 1.51.0 ([#7431]), due to [its performance impact][#8065]. ([#8100]) [#7431]: https://github.com/tokio-rs/tokio/pull/7431 [#8065]: https://github.com/tokio-rs/tokio/pull/8065 [#8100]: https://github.com/tokio-rs/tokio/pull/8100 </details> <details> <summary>tower-rs/tower-http (tower-http)</summary> ### [`v0.6.11`](https://github.com/tower-rs/tower-http/releases/tag/tower-http-0.6.11) [Compare Source](https://github.com/tower-rs/tower-http/compare/tower-http-0.6.10...tower-http-0.6.11) #### Added - `set-header`: add `SetMultipleResponseHeadersLayer` and `SetMultipleResponseHeader` for setting multiple response headers at once. Supports `overriding`, `appending`, and `if_not_present` modes. Header values can be fixed or computed dynamically via closures ([#672]) ```rust use http::{Response, header::{self, HeaderValue}}; use http_body::Body as _; use tower_http::set_header::response::SetMultipleResponseHeadersLayer; let layer = SetMultipleResponseHeadersLayer::overriding(vec![ (header::X_FRAME_OPTIONS, HeaderValue::from_static("DENY")).into(), (header::CONTENT_LENGTH, |res: &Response<MyBody>| { res.body().size_hint().exact() .map(|size| HeaderValue::from_str(&size.to_string()).unwrap()) }).into(), ]); ``` - `set-header`: add `SetMultipleRequestHeadersLayer` and `SetMultipleRequestHeaders` for setting multiple request headers at once, mirroring the response-side API ([#677]) - `classify`: add `From<i32>` and `From<NonZeroI32>` impls for `GrpcCode`. Unrecognized status codes map to `GrpcCode::Unknown` ([#506]) #### Changed - `compression`: compress `application/grpc-web` responses. Previously all `application/grpc*` content types were excluded from compression; now only `application/grpc` (non-web) is excluded ([#408]) #### Fixed - `fs`: fix `ServeDir` returning 500 instead of 405 for non-GET/HEAD requests when `call_fallback_on_method_not_allowed` is enabled but no fallback service is configured ([#587]) - `fs`: remove duplicate `cfg` attribute on `is_reserved_dos_name` ([#675]) [#408]: https://github.com/tower-rs/tower-http/pull/408 [#506]: https://github.com/tower-rs/tower-http/pull/506 [#587]: https://github.com/tower-rs/tower-http/pull/587 [#672]: https://github.com/tower-rs/tower-http/pull/672 [#675]: https://github.com/tower-rs/tower-http/pull/675 [#677]: https://github.com/tower-rs/tower-http/pull/677 #### All PRs - ci: fix flaky encoding test, add nightly stress test job by [@jlizen](https://github.com/jlizen) in [#670](https://github.com/tower-rs/tower-http/pull/670) - ci: use static timeout in stress-test workflow by [@jlizen](https://github.com/jlizen) in [#671](https://github.com/tower-rs/tower-http/pull/671) - Fix serve\_dir method not allowed handling when no fallback is configured by [@soerenmeier](https://github.com/soerenmeier) in [#587](https://github.com/tower-rs/tower-http/pull/587) - Do compress grpc-web responses by [@bouk](https://github.com/bouk) in [#408](https://github.com/tower-rs/tower-http/pull/408) - add From<i32> impl for GrpcCode by [@gshipilov](https://github.com/gshipilov) in [#506](https://github.com/tower-rs/tower-http/pull/506) - feat(set\_header): refactor and improve multiple header middleware by [@seun-ja](https://github.com/seun-ja) in [#672](https://github.com/tower-rs/tower-http/pull/672) - Remove duplicate cfg attribute for is\_reserved\_dos\_name by [@GlenDC](https://github.com/GlenDC) in [#675](https://github.com/tower-rs/tower-http/pull/675) - feat: set multiple request header by [@seun-ja](https://github.com/seun-ja) in [#677](https://github.com/tower-rs/tower-http/pull/677) - chore: release 0.6.11 by [@jlizen](https://github.com/jlizen) in [#673](https://github.com/tower-rs/tower-http/pull/673) #### New Contributors - [@gshipilov](https://github.com/gshipilov) made their first contribution in [#506](https://github.com/tower-rs/tower-http/pull/506) - [@seun-ja](https://github.com/seun-ja) made their first contribution in [#672](https://github.com/tower-rs/tower-http/pull/672) **Full Changelog**: <https://github.com/tower-rs/tower-http/compare/tower-http-0.6.10...tower-http-0.6.11> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

clank-bot added 1 commit

2026-05-15 15:20:39 +00:00

Update dependencies (non-major)

renovate/artifacts Artifact file update failure

545124915a

clank-bot requested review from martin

2026-05-15 15:20:39 +00:00

clank-bot commented

2026-05-15 15:20:39 +00:00

Author

Member

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --package axum-extra@0.10.3 --precise 0.12.6
error: failed to load manifest for workspace member `/var/lib/private/renovate/repos/forgejo/Personal/woodpecker-extension/target/generated/*`
referenced by workspace at `/var/lib/private/renovate/repos/forgejo/Personal/woodpecker-extension/Cargo.toml`

Caused by:
  failed to read `/var/lib/private/renovate/repos/forgejo/Personal/woodpecker-extension/target/generated/*/Cargo.toml`

Caused by:
  No such file or directory (os error 2)

### ⚠️ Artifact update problem Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens: - any of the package files in this branch needs updating, or - the branch becomes conflicted, or - you click the rebase/retry checkbox if found above, or - you rename this PR's title to start with "rebase!" to trigger it manually The artifact failure details are included below: ##### File name: Cargo.lock ``` Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --package axum-extra@0.10.3 --precise 0.12.6 error: failed to load manifest for workspace member `/var/lib/private/renovate/repos/forgejo/Personal/woodpecker-extension/target/generated/*` referenced by workspace at `/var/lib/private/renovate/repos/forgejo/Personal/woodpecker-extension/Cargo.toml` Caused by: failed to read `/var/lib/private/renovate/repos/forgejo/Personal/woodpecker-extension/target/generated/*/Cargo.toml` Caused by: No such file or directory (os error 2) ```

clank-bot changed title from ~~Update dependencies (non-major)~~ to fix(deps): update dependencies (non-major)

2026-05-15 15:50:58 +00:00

clank-bot force-pushed renovate/dependencies-(non-major) from 545124915a

renovate/artifacts Artifact file update failure

to 55845610f1

renovate/artifacts Artifact file update failure

2026-05-15 15:50:59 +00:00

Compare

clank-bot force-pushed renovate/dependencies-(non-major) from 55845610f1

renovate/artifacts Artifact file update failure

to 95d6ffae60

renovate/artifacts Artifact file update failure

2026-05-15 17:03:42 +00:00

Compare

clank-bot force-pushed renovate/dependencies-(non-major) from 95d6ffae60

renovate/artifacts Artifact file update failure

to c41329fa83

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

2026-05-15 17:29:49 +00:00

Compare

clank-bot force-pushed renovate/dependencies-(non-major) from c41329fa83

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

to bb06104f4f

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

2026-05-15 18:38:02 +00:00

Compare

clank-bot force-pushed renovate/dependencies-(non-major) from bb06104f4f

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

to 811106029a

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

2026-05-16 19:12:24 +00:00

Compare

clank-bot force-pushed renovate/dependencies-(non-major) from 811106029a

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

to 11bc9db945

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

2026-05-16 22:51:36 +00:00

Compare

clank-bot force-pushed renovate/dependencies-(non-major) from 11bc9db945

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

to f9b5ca80b9

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

2026-05-17 00:01:14 +00:00

Compare

martin self-assigned this

2026-05-17 11:27:06 +00:00

clank-bot force-pushed renovate/dependencies-(non-major) from f9b5ca80b9

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

to 9bf1351287

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

2026-05-19 17:04:38 +00:00

Compare

clank-bot force-pushed renovate/dependencies-(non-major) from 9bf1351287

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

to 81ba384e11

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

2026-05-21 00:16:40 +00:00

Compare

clank-bot force-pushed renovate/dependencies-(non-major) from 81ba384e11

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

to dcda9d6d6c

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

2026-05-21 15:21:31 +00:00

Compare

clank-bot force-pushed renovate/dependencies-(non-major) from dcda9d6d6c

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

to c5c9273d0c

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

2026-05-21 15:37:42 +00:00

Compare

clank-bot force-pushed renovate/dependencies-(non-major) from c5c9273d0c

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

to 1cbcbcf59b

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

2026-05-23 18:46:25 +00:00

Compare

renovate/artifacts Artifact file update failure

ci/woodpecker/push/verify Pipeline failed

Details

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/dependencies-(non-major):renovate/dependencies-(non-major)

git switch renovate/dependencies-(non-major)

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff renovate/dependencies-(non-major)

git switch renovate/dependencies-(non-major)

git rebase main

git switch main

git merge --ff-only renovate/dependencies-(non-major)

git switch renovate/dependencies-(non-major)

git rebase main

git switch main

git merge --no-ff renovate/dependencies-(non-major)

git switch main

git merge --squash renovate/dependencies-(non-major)

git switch main

git merge --ff-only renovate/dependencies-(non-major)

git switch main

git merge renovate/dependencies-(non-major)

git push origin main

Rows
Columns

fix(deps): update dependencies (non-major) #3

Release Notes

v0.12.3: axum-extra v0.12.3

v0.12.2: axum-extra v0.12.2

v0.12.0: axum-extra v0.12.0

v0.11.0: axum-extra v0.11.0

v0.12.28

v0.12.27

v0.12.26

v0.12.25

v0.12.24

v0.12.23

v0.12.22

v0.12.21

v0.12.20

v0.12.19

v0.12.18

v0.12.17

v0.12.16

v0.12.15

v0.12.14

v0.12.13

v0.12.12

v0.12.11

v0.12.10

v0.12.9

v0.12.8

v0.12.7

v0.12.6

v0.12.5

v0.12.4

v0.12.3

v0.12.2

v0.12.1

v1.52.3: Tokio v1.52.3

1.52.3 (May 8th, 2026)

Fixed

v1.52.2: Tokio v1.52.2

1.52.2 (May 4th, 2026)

Added

Changed

Fixed

All PRs

New Contributors

Configuration

⚠️ Artifact update problem

File name: Cargo.lock

Checkout

Merge

`v0.12.3`: axum-extra v0.12.3

`v0.12.2`: axum-extra v0.12.2

`v0.12.0`: axum-extra v0.12.0

`v0.11.0`: axum-extra v0.11.0

`v1.52.3`: Tokio v1.52.3

`v1.52.2`: Tokio v1.52.2