build(deps): bump the http group across 1 directory with 7 updates

[dependabot]

Bumps the http group with 7 updates in the / directory:

Package	From	To
hyper	0.14.32	1.6.0
hyper-util	0.1.11	0.1.13
tower-http	0.5.2	0.6.4
tower	0.3.1	0.5.2
reqwest	0.12.15	0.12.18
rustls-cng	0.5.3	0.6.0
openssl	0.10.72	0.10.73

Updates hyper from 0.14.32 to 1.6.0

Release notes

Sourced from hyper's releases.

v1.6.0

Features

• ext: add ext::on_informational() callback extension (#3818) (8ce1fcfa, closes #2565)
• server: add http1::Builder::ignore_invalid_headers(bool) option (#3824) (3817a79b)

Bug Fixes

• server:
  • start http1 header read timeout when conn is idle (#3828) (10b09ffc, closes #3780, #3781)
  • change max_local_error_reset_streams function to &mut self (#3820) (e981a91e)

Breaking Changes

• http2::Builder::max_local_error_reset_streams() now takes &mut self and returns &mut Self. In practice, this shouldn't break almost anyone. It was the wrong receiver and return types. (e981a91e)

New Contributors

• @​finnbear made their first contribution in hyperium/hyper#3820

Thanks

• @​GlenDC
• @​tottoto
• @​seanmonstar

Full Changelog: hyperium/hyper@v1.5.2...v1.6.0

v1.5.2

Bug Fixes

• http1:
  • fix intermitent panic parsing partial headers (#3812) (a131111f, closes #3811)
  • skip debug assertion of content length for HEAD responses (#3795) (eaf2267c, closes #3794)

Features

• ffi: (unstable) add cargo-c support (#3787) (7f4a6826, closes #3786)

New Contributors

• @​23doors made their first contribution in hyperium/hyper#3795
• @​ionionascu made their first contribution in hyperium/hyper#3799
• @​linyihai made their first contribution in hyperium/hyper#3800
• @​suzp1984 made their first contribution in hyperium/hyper#3807

Thanks

• @​seanmonstar

Full Changelog: hyperium/hyper@v1.5.1...v1.5.2

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.6.0 (2025-01-28)

Bug Fixes

• server:
  • start http1 header read timeout when conn is idle (#3828) (10b09ffc, closes #3780, #3781)
  • change max_local_error_reset_streams function to &mut self (#3820) (e981a91e)

Features

• ext: add ext::on_informational() callback extension (#3818) (8ce1fcfa, closes #2565)
• server: add http1::Builder::ignore_invalid_headers(bool) option (#3824) (3817a79b)

Breaking Changes

• http2::Builder::max_local_error_reset_streams() now takes &mut self and returns &mut Self. In practice, this shouldn't break almost anyone. It was the wrong receiver and return types. (e981a91e)

v1.5.2 (2024-12-16)

Bug Fixes

• http1:
  • fix intermitent panic parsing partial headers (#3812) (a131111f, closes #3811)
  • skip debug assertion of content length for HEAD responses (#3795) (eaf2267c, closes #3794)

Features

• ffi: add cargo-c support (#3787) (7f4a6826, closes #3786)

v1.5.1 (2024-11-19)

Bug Fixes

• http2:
  • pass proper value to h2 max_local_error_reset_streams (4a20147a)
  • improve graceful shutdown during handshake (#3729) (13b05943)

v1.5.0 (2024-10-15)

... (truncated)

Commits

• 621d8e4 v1.6.0
• 83f4588 chore(LICENSE): update copyright year
• 10b09ff fix(server): start http1 header read timeout when conn is idle (#3828)
• 8ce1fcf feat(ext): add ext::on_informational() callback extension (#3818)
• de28b0e chore(ci): use msrv aware dependency resolver (#3831)
• 5baf537 chore(ci): use yq to get rust-version in manifest (#3829)
• 3817a79 feat(server): add http1::Builder::ignore_invalid_headers(bool) option (#3824)
• e981a91 fix(server): change max_local_error_reset_streams function to &mut self (...
• 30f2961 v1.5.2
• a131111 fix(http1): fix intermitent panic parsing partial headers (#3812)
• Additional commits viewable in compare view

Updates hyper-util from 0.1.11 to 0.1.13

Release notes

Sourced from hyper-util's releases.

v0.1.13

tl;dr

• Fix HttpConnector to always prefer IPv6 addresses first, if happy eyeballs is enabled.
• Fix legacy::Client to return better errors if available on the connection.

What's Changed

• fix(client): prefer IPv6 addresses before IPv4 even if resolver ordered differently by @​seanmonstar in hyperium/hyper-util#194
• chore(test): make proxy test robust wrt IPv4/v6 by @​Fabian-Gruenbichler in hyperium/hyper-util#195
• refactor: limit dependency futures-util to tests and client-legacy by @​hanna-kruppe in hyperium/hyper-util#192
• Fix some clippy lints by @​jplatte in hyperium/hyper-util#196
• ConnectErrors improvements by @​seanmonstar in hyperium/hyper-util#197
• fix(client): race in connection errors propagation by @​dare3path in hyperium/hyper-util#184

New Contributors

• @​Fabian-Gruenbichler made their first contribution in hyperium/hyper-util#195
• @​hanna-kruppe made their first contribution in hyperium/hyper-util#192
• @​jplatte made their first contribution in hyperium/hyper-util#196
• @​dare3path made their first contribution in hyperium/hyper-util#184

Full Changelog: hyperium/hyper-util@v0.1.12...v0.1.13

v0.1.12

tl;dr

• Add client::legacy::proxy::Tunnel connector that wraps another connector with HTTP tunneling.
• Add client::legacy::proxy::{SocksV4, SocksV5} connectors that wraps another connector with SOCKS.
• Add client::proxy::matcher::Matcher type that can use environment variables to match proxy rules.
• Add server::graceful::Watcher type that can be sent to watch a connection in another task.
• Add GracefulShutdown::count() method to get number of currently watched connections.
• Fix missing must_use attributes on Connection futures.
• Fix tracing span in GAI resolver that can cause panics.

What's Changed

• fix(server): Enforce serve_connection result usage by @​Sol-Ell in hyperium/hyper-util#178
• fix(tracing): revert #134 - tracing span removal in legacy DNS GaiResolver by @​arpadav in hyperium/hyper-util#179
• docs(service): document service utilities by @​cratelyn in hyperium/hyper-util#180
• refactor: replace manual implementations of ReadBufCursor methods by @​paolobarbolini in hyperium/hyper-util#181
• feat(server): add graceful::Watcher type by @​seanmonstar in hyperium/hyper-util#182
• feat(server): implement default for server auto connection builder by @​tottoto in hyperium/hyper-util#183
• feat(client): add proxy::Tunnel legacy util by @​seanmonstar in hyperium/hyper-util#140
• docs(client): Include .pool_timer() in the Client builder example by @​sulami in hyperium/hyper-util#186
• feat(server): add method to get number of watching connection by @​tottoto in hyperium/hyper-util#185
• Add a proxy Matcher by @​seanmonstar in hyperium/hyper-util#171
• feat(client): add macOS system proxy support for Matcher by @​seanmonstar in hyperium/hyper-util#189
• feat(client): add windows system proxies for Matcher by @​seanmonstar in hyperium/hyper-util#190
• feat(client): add proxy::SocksV4 and proxy::SocksV5 connectors by @​JPDye in hyperium/hyper-util#187

New Contributors

• @​Sol-Ell made their first contribution in hyperium/hyper-util#178

... (truncated)

Changelog

Sourced from hyper-util's changelog.

0.1.13 (2025-05-27)

• Fix HttpConnector to always prefer IPv6 addresses first, if happy eyeballs is enabled.
• Fix legacy::Client to return better errors if available on the connection.

0.1.12 (2025-05-19)

• Add client::legacy::proxy::Tunnel connector that wraps another connector with HTTP tunneling.
• Add client::legacy::proxy::{SocksV4, SocksV5} connectors that wraps another connector with SOCKS.
• Add client::proxy::matcher::Matcher type that can use environment variables to match proxy rules.
• Add server::graceful::Watcher type that can be sent to watch a connection in another task.
• Add GracefulShutdown::count() method to get number of currently watched connections.
• Fix missing must_use attributes on Connection futures.
• Fix tracing span in GAI resolver that can cause panics.

Commits

• 2c3c55f v0.1.13
• a01e6b2 fix(client): improve client errors details if available (#184)
• fc1d699 refactor(client): add socket addr to ConnectError
• 0959d46 refactor(client): return the first connect error, not the last
• 6328823 refactor(client): don't allocate for ConnectError messages
• 3a971c9 Fix some clippy lints (#196)
• 2b2c352 refactor: limit dependency futures-util to tests and client-legacy (#192)
• 1bcd489 chore(test): make proxy test robust wrt IPv4/v6 (#195)
• d3b8440 fix(client): prefer IPv6 addresses before IPv4 even if resolver ordered diffe...
• 8805922 v0.1.12
• Additional commits viewable in compare view

Updates tower-http from 0.5.2 to 0.6.4

Release notes

Sourced from tower-http's releases.

tower-http 0.6.4

Added

• decompression: Support HTTP responses containing multiple ZSTD frames (#548)
• The ServiceExt trait for chaining layers onto an arbitrary http service just like ServiceBuilderExt allows for ServiceBuilder (#563)

Fixed

• Remove unnecessary trait bounds on S::Error for Service impls of RequestBodyTimeout<S> and ResponseBodyTimeout<S> (#533)
• compression: Respect is_end_stream (#535)
• Fix a rare panic in fs::ServeDir (#553)
• Fix invalid content-lenght of 1 in response to range requests to empty files (#556)
• In AsyncRequireAuthorization, use the original inner service after it is ready, instead of using a clone (#561)

#533: tower-rs/tower-http#533 #535: tower-rs/tower-http#535 #548: tower-rs/tower-http#548 #553: tower-rs/tower-http#556 #556: tower-rs/tower-http#556 #561: tower-rs/tower-http#561 #563: tower-rs/tower-http#563

tower-http 0.6.3

This release was yanked because its definition of ServiceExt was quite unhelpful, in a way that's very unlikely that anybody would start depending on within the small timeframe before this was yanked, but that was technically breaking to change.

tower-http-0.6.2

Changed:

• CompressionBody<B> now propagates B's size hint in its http_body::Body implementation, if compression is disabled (#531)
  • this allows a content-length to be included in an HTTP message with this body for those cases

#531: tower-rs/tower-http#531

New Contributors

• @​musicinmybrain made their first contribution in tower-rs/tower-http#524
• @​SabrinaJewson made their first contribution in tower-rs/tower-http#531

Full Changelog: tower-rs/tower-http@tower-http-0.6.1...tower-http-0.6.2

v0.6.1

Fixed

• decompression: reuse scratch buffer to significantly reduce allocations and improve performance (#521)

... (truncated)

Commits

• fa8848e Release v0.6.4 (#568)
• 2608a51 Make type inference work for ServiceExt (#566)
• c61fb8d msrv: reduce to 1.64, only run check in ci (#567)
• 8d38de8 Upgrade CHANGELOG.md to note today's yank (#565)
• 7b4b07d Release v0.6.3 (#564)
• 2c3f8f3 Add ServiceExt trait (#563)
• 001be27 Fix clippy warnings
• 6f13eb9 Simplify test implementation of authorize
• de9b51e Remove unused UserId from AsynRequireAuthorization test
• 55287c7 Move sealed module next to the trait that uses it
• Additional commits viewable in compare view

Updates tower from 0.3.1 to 0.5.2

Release notes

Sourced from tower's releases.

tower 0.5.2

Added

• util: Add BoxCloneSyncService which is a Clone + Send + Sync boxed Service (#777)
• util: Add BoxCloneSyncServiceLayer which is a Clone + Send + Sync boxed Layer (#802)

tower 0.5.1

• Fix minimum version of tower-layer dependency (#787)

#787: tower-rs/tower#787

tower 0.5.0

Fixed

• util: BoxService is now Sync (#702)

Changed

• util: Removed deprecated ServiceExt::ready_and method and ReadyAnd future (#652)
• retry: Breaking Change retry::Policy::retry now accepts &mut Req and &mut Res instead of the previous mutable versions. This increases the flexibility of the retry policy. To update, update your method signature to include mut for both parameters. (#584)
• retry: Breaking Change Change Policy to accept &mut self (#681)
• retry: Add generic backoff utilities (#685)
• retry: Add Budget trait. This allows end-users to implement their own budget and bucket implementations. (#703)
• reconnect: Breaking Change Remove unused generic parameter from Reconnect::new (#755)
• ready-cache: Allow iteration over ready services (#700)
• discover: Implement Clone for Change (#701)
• util: Add a BoxCloneServiceLayer (#708)
• rng: use a simpler random 2-sampler (#716)
• filter: Derive Clone for AsyncFilterLayer (#731)
• general: Update IndexMap (#741)
• MSRV: Increase MSRV to 1.63.0 (#741)

#702: tower-rs/tower#702 #652: tower-rs/tower#652 #584: tower-rs/tower#584 #681: tower-rs/tower#681 #685: tower-rs/tower#685 #703: tower-rs/tower#703 #755: tower-rs/tower#755 #700: tower-rs/tower#700 #701: tower-rs/tower#701 #708: tower-rs/tower#708 #716: tower-rs/tower#716 #731: tower-rs/tower#731 #741: tower-rs/tower#741

tower 0.4.13

Added

... (truncated)

Commits

• 7dc533e tower v0.5.2
• a09fd97 chore: fix dead code warning for 'Sealed' trait and 'sample_floyd2' func (#799)
• f57e31b Add util::BoxCloneSyncServiceLayer (#802)
• da24532 Add util::BoxCloneSyncService (#777)
• 6283f3a Upgrade http and sync_wrapper dependencies (#788)
• 7155101 Prepare release of v0.5.1 (#791)
• b2c48b4 Bump dependency on tower-layer (#787)
• fec9e55 tower-layer: drop versions from dev dependencies (#782)
• 646804d chore: prepare to release tower-0.5.0, tower-layer-0.3.3, tower-service-0.3.3...
• 7202cfe chore: fix a few typos (#780)
• Additional commits viewable in compare view

Updates reqwest from 0.12.15 to 0.12.18

Release notes

Sourced from reqwest's releases.

v0.12.18

What's Changed

• Fix compilation when socks enabled without TLS.

v0.12.17

What's Changed

• build: Fix compilation issues on macOS by @​0x676e67 in seanmonstar/reqwest#2696

v0.12.16

Highlights

• Add ClientBuilder::http3_congestion_bbr() to enable BBR congestion control.
• Add ClientBuilder::http3_send_grease() to configure whether to send use QUIC grease.
• Add ClientBuilder::http3_max_field_section_size() to configure the maximum response headers.
• Add ClientBuilder::tcp_keepalive_interval() to configure TCP probe interval.
• Add ClientBuilder::tcp_keepalive_retries() to configure TCP probe count.
• Add Proxy::headers() to add extra headers that should be sent to a proxy.
• Fix redirect::Policy::limit() which had an off-by-1 error, allowing 1 more redirect than specified.
• Fix HTTP/3 to support streaming request bodies.
• (wasm) Fix null bodies when calling Response::bytes_stream().

What's Changed

• Clarify that Response::content_length() is not derived from a Content-Length header in docs by @​babolivier in seanmonstar/reqwest#2588
• docs: link to char::REPLACEMENT_CHARACTER by @​marcospb19 in seanmonstar/reqwest#1880
• feat: add H3 client config support by @​smalls0098 in seanmonstar/reqwest#2609
• chore: update brotli to v7 by @​nyurik in seanmonstar/reqwest#2620
• Do not pull in an entirely different DEFLATE implementation just for tests by @​Shnatsel in seanmonstar/reqwest#2625
• chore: fix some typos in comment by @​xixishidibei in seanmonstar/reqwest#2628
• fix(wasm): handle null body in bytes_stream by @​alongubkin in seanmonstar/reqwest#2632
• ClientBuilder::interface on macOS/Solarish OSes by @​hawkw in seanmonstar/reqwest#2623
• ci: use ubuntu-latest in nightly job by @​seanmonstar in seanmonstar/reqwest#2646
• feat: BBR congestion control for http3 by @​threeninesixseven in seanmonstar/reqwest#2642
• feat: Add extentions for Request by @​Xuanwo in seanmonstar/reqwest#2647
• refactor: Store request timeout in request extensions instead by @​Xuanwo in seanmonstar/reqwest#2650
• chore: make ci pass by @​linyihai in seanmonstar/reqwest#2666
• update h3 dependencys by @​Ruben2424 in seanmonstar/reqwest#2670
• Document reqwest can make TLS and cookie requests with Wasm by @​nickbabcock in seanmonstar/reqwest#2661
• fix(redirect): make the number of redirects of policy matches its maximum limit. by @​linyihai in seanmonstar/reqwest#2664
• Exposed hyper tcp keepalive interval and retries parameters by @​mackliet in seanmonstar/reqwest#2675
• refactor: use hyper-util's proxy::Matcher by @​seanmonstar in seanmonstar/reqwest#2681
• Support streaming request body in HTTP/3 by @​ducaale in seanmonstar/reqwest#2673
• refactor: use hyper-util Tunnel by @​seanmonstar in seanmonstar/reqwest#2684
• Upgrade webpki-roots to 1 by @​djc in seanmonstar/reqwest#2688
• refactor: remove futures-util unless using stream/multipart/compression/blocking by @​paolobarbolini in seanmonstar/reqwest#2692
• chore: replace rustls-pemfile with rustls-pki-types by @​tottoto in seanmonstar/reqwest#2541
• Ensure H3ResponseFuture Implements Sync by @​ducaale in seanmonstar/reqwest#2685
• feat(redirect): Using FollowRedirect from tower-http to handle the redirect loop by @​linyihai in seanmonstar/reqwest#2617
• feat: add customizable headers in proxy mode by @​chanbengz in seanmonstar/reqwest#2600

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.12.18

• Fix compilation when socks enabled without TLS.

v0.12.17

• Fix compilation on macOS.

v0.12.16

• Add ClientBuilder::http3_congestion_bbr() to enable BBR congestion control.
• Add ClientBuilder::http3_send_grease() to configure whether to send use QUIC grease.
• Add ClientBuilder::http3_max_field_section_size() to configure the maximum response headers.
• Add ClientBuilder::tcp_keepalive_interval() to configure TCP probe interval.
• Add ClientBuilder::tcp_keepalive_retries() to configure TCP probe count.
• Add Proxy::headers() to add extra headers that should be sent to a proxy.
• Fix redirect::Policy::limit() which had an off-by-1 error, allowing 1 more redirect than specified.
• Fix HTTP/3 to support streaming request bodies.
• (wasm) Fix null bodies when calling Response::bytes_stream().

Commits

• 595c80b v0.12.18
• f279ad1 fix compilation if socks is enabled without tls
• fed6bc6 ci: add a feature powerset check job
• 56ed35b v0.12.17
• f0bf46b build: Fix compilation issues on macOS (#2696)
• 99259cb v0.12.16
• 57670ac feat: add customizable headers for reqwest::Proxy (#2600)
• d9cf60e refactor: Using FollowRedirect from tower-http to handle the redirect l...
• 75f62f2 fix: ensure H3ResponseFuture is sync (#2685)
• 0e1d188 chore: replace rustls-pemfile with rustls-pki-types (#2541)
• Additional commits viewable in compare view

Updates rustls-cng from 0.5.3 to 0.6.0

Commits

• c96b7fa Removed unused early-data feature
• 0ae70b2 Added support for silent flag
• c377b43 address comments
• 5c3a9fb cargo fmt change
• 24a8398 modify as_chain_der()
• 0a6098b revert back as_chain_der() parameter change
• c54087a added local machine and no-root supprot for as_chain_der()
• 130765e cargo fmt change
• a5a3544 use BCryptHash in hash()
• 6dd8cd7 added sha256 support
• See full diff in compare view

Updates openssl from 0.10.72 to 0.10.73

Release notes

Sourced from openssl's releases.

openssl-v0.10.73

What's Changed

• test against openssl 3.5.0 by @​alex in sfackler/rust-openssl#2392
• Support Libressl 4.1 by @​botovq in sfackler/rust-openssl#2398
• Release openssl-sys v0.9.108 by @​alex in sfackler/rust-openssl#2399
• Replace ctest2 with ctest by @​botovq in sfackler/rust-openssl#2403
• fixed building on the latest boringssl by @​alex in sfackler/rust-openssl#2414
• Release openssl v0.10.73 and openssl-sys v0.9.109 by @​alex in sfackler/rust-openssl#2415

Full Changelog: sfackler/rust-openssl@openssl-v0.10.72...openssl-v0.10.73

Commits

• e6209d4 Merge pull request #2415 from alex/bump-version
• 9ca6cfe Release openssl v0.10.73 and openssl-sys v0.9.109
• c42d49c Merge pull request #2414 from alex/boringssl-fix
• 5e24219 Attempt to fix with vcpkg
• 93f30ff fixed building on the latest boringssl
• eb88fb0 Merge pull request #2403 from botovq/ctest
• 79a304a Replace ctest2 with ctest
• 132418b Merge pull request #2399 from alex/release-sys
• f7a692b Release openssl-sys v0.9.108
• 2f9b496 Merge pull request #2398 from botovq/libressl-4.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.