From 891ab083c6d497db2f6adde7767b41e367ca8907 Mon Sep 17 00:00:00 2001 From: Bruno Paulino Date: Wed, 24 Jan 2024 15:17:42 +0100 Subject: [PATCH 1/8] actix-http: Bump h2 to fix a resource exhaustion vulnerability (#3262) Co-authored-by: Rob Ede --- actix-http/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actix-http/Cargo.toml b/actix-http/Cargo.toml index 6c53f35cc..e7d50c313 100644 --- a/actix-http/Cargo.toml +++ b/actix-http/Cargo.toml @@ -89,7 +89,7 @@ tokio-util = { version = "0.7", features = ["io", "codec"] } tracing = { version = "0.1.30", default-features = false, features = ["log"] } # http2 -h2 = { version = "0.3.17", optional = true } +h2 = { version = "0.3.24", optional = true } # websockets local-channel = { version = "0.1", optional = true } From 643a80bff2dec42f3c9aa287de67c88a505d4638 Mon Sep 17 00:00:00 2001 From: Rob Ede Date: Thu, 1 Feb 2024 05:41:28 +0000 Subject: [PATCH 2/8] ci: workaround half crate msrv --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9dcd8fab9..7d4d1a4b2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -57,6 +57,8 @@ jobs: - name: workaround MSRV issues if: matrix.version.name == 'msrv' run: | + cargo update -p=ciborium --precise=0.2.1 + cargo update -p=ciborium-ll --precise=0.2.1 cargo update -p=clap --precise=4.3.24 cargo update -p=clap_lex --precise=0.5.0 cargo update -p=anstyle --precise=1.0.2 From 5246d24aba3db150ff9a6c75bb367abb70c9e3e6 Mon Sep 17 00:00:00 2001 From: Rob Ede Date: Thu, 1 Feb 2024 06:01:28 +0000 Subject: [PATCH 3/8] ci: force openssl version 3.2.1 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7d4d1a4b2..4caa9b1a5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -37,7 +37,7 @@ jobs: - name: Install OpenSSL if: matrix.target.os == 'windows-latest' - run: choco install openssl -y --forcex64 --no-progress + run: choco install openssl -y --forcex64 --no-progress --version=3.2.1 - name: Set OpenSSL dir in env if: matrix.target.os == 'windows-latest' run: | From e89c881624b290c3c0802d02cc33360cb4c994da Mon Sep 17 00:00:00 2001 From: Rob Ede Date: Thu, 1 Feb 2024 06:27:22 +0000 Subject: [PATCH 4/8] ci: use cargo-ci-cache-clean --- .github/workflows/ci-post-merge.yml | 12 ++++++++---- .github/workflows/ci.yml | 12 ++++++++---- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci-post-merge.yml b/.github/workflows/ci-post-merge.yml index e63821892..a08bc2ed4 100644 --- a/.github/workflows/ci-post-merge.yml +++ b/.github/workflows/ci-post-merge.yml @@ -58,6 +58,7 @@ jobs: - name: tests timeout-minutes: 60 run: | + set -e cargo test --lib --tests -p=actix-router --all-features cargo test --lib --tests -p=actix-http --all-features cargo test --lib --tests -p=actix-web --features=rustls-0_20,rustls-0_21,openssl -- --skip=test_reading_deflate_encoding_large_random_rustls @@ -69,10 +70,13 @@ jobs: cargo test --lib --tests -p=actix-multipart --all-features cargo test --lib --tests -p=actix-web-actors --all-features - - name: Clear the cargo caches - run: | - cargo --locked install cargo-cache --version 0.8.3 --no-default-features --features ci-autoclean - cargo-cache + - name: Install cargo-ci-cache-clean + uses: taiki-e/install-action@v2.25.9 + with: + tool: cargo-ci-cache-clean + + - name: CI cache clean + run: cargo-ci-cache-clean ci_feature_powerset_check: name: Verify Feature Combinations diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4caa9b1a5..90392892a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -72,6 +72,7 @@ jobs: - name: tests timeout-minutes: 60 run: | + set -e cargo test --lib --tests -p=actix-router --all-features cargo test --lib --tests -p=actix-http --all-features cargo test --lib --tests -p=actix-web --features=rustls-0_20,rustls-0_21,openssl -- --skip=test_reading_deflate_encoding_large_random_rustls @@ -83,10 +84,13 @@ jobs: cargo test --lib --tests -p=actix-multipart --all-features cargo test --lib --tests -p=actix-web-actors --all-features - - name: Clear the cargo caches - run: | - cargo --locked install cargo-cache --version 0.8.3 --no-default-features --features ci-autoclean - cargo-cache + - name: Install cargo-ci-cache-clean + uses: taiki-e/install-action@v2.25.9 + with: + tool: cargo-ci-cache-clean + + - name: CI cache clean + run: cargo-ci-cache-clean io-uring: name: io-uring tests From 8e458b34b7b5f63adddf39483755c1a358440040 Mon Sep 17 00:00:00 2001 From: Rob Ede Date: Thu, 1 Feb 2024 06:33:58 +0000 Subject: [PATCH 5/8] chore: remove set -e --- .github/workflows/ci-post-merge.yml | 1 - .github/workflows/ci.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/workflows/ci-post-merge.yml b/.github/workflows/ci-post-merge.yml index a08bc2ed4..fd41819a2 100644 --- a/.github/workflows/ci-post-merge.yml +++ b/.github/workflows/ci-post-merge.yml @@ -58,7 +58,6 @@ jobs: - name: tests timeout-minutes: 60 run: | - set -e cargo test --lib --tests -p=actix-router --all-features cargo test --lib --tests -p=actix-http --all-features cargo test --lib --tests -p=actix-web --features=rustls-0_20,rustls-0_21,openssl -- --skip=test_reading_deflate_encoding_large_random_rustls diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 90392892a..b2128f3e2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -72,7 +72,6 @@ jobs: - name: tests timeout-minutes: 60 run: | - set -e cargo test --lib --tests -p=actix-router --all-features cargo test --lib --tests -p=actix-http --all-features cargo test --lib --tests -p=actix-web --features=rustls-0_20,rustls-0_21,openssl -- --skip=test_reading_deflate_encoding_large_random_rustls From 7a76ba73406f9a72c3c76f7e9ccd01ae1640dd33 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 07:34:11 +0000 Subject: [PATCH 6/8] build(deps): bump taiki-e/install-action from 2.24.1 to 2.26.8 (#3271) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-post-merge.yml | 8 ++++---- .github/workflows/ci.yml | 4 ++-- .github/workflows/coverage.yml | 2 +- .github/workflows/lint.yml | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci-post-merge.yml b/.github/workflows/ci-post-merge.yml index fd41819a2..d2f952ec7 100644 --- a/.github/workflows/ci-post-merge.yml +++ b/.github/workflows/ci-post-merge.yml @@ -45,7 +45,7 @@ jobs: toolchain: ${{ matrix.version.version }} - name: Install cargo-hack - uses: taiki-e/install-action@v2.25.9 + uses: taiki-e/install-action@v2.26.8 with: tool: cargo-hack @@ -70,7 +70,7 @@ jobs: cargo test --lib --tests -p=actix-web-actors --all-features - name: Install cargo-ci-cache-clean - uses: taiki-e/install-action@v2.25.9 + uses: taiki-e/install-action@v2.26.8 with: tool: cargo-ci-cache-clean @@ -88,7 +88,7 @@ jobs: uses: actions-rust-lang/setup-rust-toolchain@v1.8.0 - name: Install cargo-hack - uses: taiki-e/install-action@v2.25.9 + uses: taiki-e/install-action@v2.26.8 with: tool: cargo-hack @@ -109,7 +109,7 @@ jobs: uses: actions-rust-lang/setup-rust-toolchain@v1.8.0 - name: Install nextest - uses: taiki-e/install-action@v2.25.9 + uses: taiki-e/install-action@v2.26.8 with: tool: nextest diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b2128f3e2..5d2f5bb1c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,7 +50,7 @@ jobs: toolchain: ${{ matrix.version.version }} - name: Install cargo-hack - uses: taiki-e/install-action@v2.25.9 + uses: taiki-e/install-action@v2.26.8 with: tool: cargo-hack @@ -84,7 +84,7 @@ jobs: cargo test --lib --tests -p=actix-web-actors --all-features - name: Install cargo-ci-cache-clean - uses: taiki-e/install-action@v2.25.9 + uses: taiki-e/install-action@v2.26.8 with: tool: cargo-ci-cache-clean diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 2722da084..2ad7bf8e0 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -23,7 +23,7 @@ jobs: components: llvm-tools-preview - name: Install cargo-llvm-cov - uses: taiki-e/install-action@v2.25.9 + uses: taiki-e/install-action@v2.26.8 with: tool: cargo-llvm-cov diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index adcb257b5..502bfeb61 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -82,7 +82,7 @@ jobs: toolchain: nightly-2023-08-25 - name: Install cargo-public-api - uses: taiki-e/install-action@v2.24.1 + uses: taiki-e/install-action@v2.26.8 with: tool: cargo-public-api From c1f88f718b866d6712d5b98e7dc6be4344944c77 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 07:34:23 +0000 Subject: [PATCH 7/8] build(deps): bump codecov/codecov-action from 3.1.4 to 4.0.0 (#3272) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Rob Ede --- .github/workflows/coverage.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 2ad7bf8e0..d871898f3 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -31,7 +31,9 @@ jobs: run: cargo llvm-cov --workspace --all-features --codecov --output-path codecov.json - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3.1.4 + uses: codecov/codecov-action@v4.0.0 with: files: codecov.json fail_ci_if_error: true + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} From ae7736f1341aef94d2ed7f52315c3bdea1d2ab3b Mon Sep 17 00:00:00 2001 From: SleeplessOne1917 <28871516+SleeplessOne1917@users.noreply.github.com> Date: Thu, 1 Feb 2024 12:52:35 +0000 Subject: [PATCH 8/8] Implement `From<&HeaderMap>` for `http::HeaderMap` (#3230) * Add From impl for header map references * Add From impl for header map references * Remove Into via http::HeaderMap * fix changelog --------- Co-authored-by: SleeplessOne1917 Co-authored-by: Rob Ede --- actix-http/CHANGES.md | 4 ++++ actix-http/src/header/map.rs | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/actix-http/CHANGES.md b/actix-http/CHANGES.md index 994c91a83..3ce06442e 100644 --- a/actix-http/CHANGES.md +++ b/actix-http/CHANGES.md @@ -2,6 +2,10 @@ ## Unreleased +### Added + +- Implement `From<&HeaderMap>` for `http::HeaderMap`. + ## 3.5.1 ### Fixed diff --git a/actix-http/src/header/map.rs b/actix-http/src/header/map.rs index d8a63b573..b86798a4c 100644 --- a/actix-http/src/header/map.rs +++ b/actix-http/src/header/map.rs @@ -650,6 +650,13 @@ impl From for http::HeaderMap { } } +/// Convert our `&HeaderMap` to a `http::HeaderMap`. +impl From<&HeaderMap> for http::HeaderMap { + fn from(map: &HeaderMap) -> Self { + map.to_owned().into() + } +} + /// Iterator over removed, owned values with the same associated name. /// /// Returned from methods that remove or replace items. See [`HeaderMap::insert`]