From c8c2a2e14667e3bc4c248b6f87147f628a56d5a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 May 2026 05:25:34 +0100 Subject: [PATCH 01/17] build(deps): bump filetime from 0.2.27 to 0.2.28 (#4065) Bumps [filetime](https://github.com/alexcrichton/filetime) from 0.2.27 to 0.2.28. - [Commits](https://github.com/alexcrichton/filetime/compare/0.2.27...0.2.28) --- updated-dependencies: - dependency-name: filetime dependency-version: 0.2.28 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 34 +++------------------------------- 1 file changed, 3 insertions(+), 31 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7ff301999..f3df67f27 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1298,13 +1298,12 @@ checksum = "9f1f227452a390804cdb637b74a86990f2a7d7ba4b7d5693aac9b4dd6defd8d6" [[package]] name = "filetime" -version = "0.2.27" +version = "0.2.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f98844151eee8917efc50bd9e8318cb963ae8b297431495d3f758616ea5c57db" +checksum = "2d5b2eef6fafbf69f877e55509ce5b11a760690ac9700a2921be067aa6afaef6" dependencies = [ "cfg-if", "libc", - "libredox", ] [[package]] @@ -2026,18 +2025,6 @@ version = "0.2.185" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "52ff2c0fe9bc6cb6b14a0592c2ff4fa9ceb83eea9db979b0487cd054946a2b8f" -[[package]] -name = "libredox" -version = "0.1.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e02f3bb43d335493c96bf3fd3a321600bf6bd07ed34bc64118e9293bdffea46c" -dependencies = [ - "bitflags 2.11.1", - "libc", - "plain", - "redox_syscall 0.7.4", -] - [[package]] name = "linux-raw-sys" version = "0.12.1" @@ -2290,7 +2277,7 @@ checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1" dependencies = [ "cfg-if", "libc", - "redox_syscall 0.5.18", + "redox_syscall", "smallvec", "windows-link", ] @@ -2343,12 +2330,6 @@ version = "0.3.33" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "19f132c84eca552bf34cab8ec81f1c1dcc229b811638f9d283dceabe58c5569e" -[[package]] -name = "plain" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6" - [[package]] name = "plotters" version = "0.3.7" @@ -2568,15 +2549,6 @@ dependencies = [ "bitflags 2.11.1", ] -[[package]] -name = "redox_syscall" -version = "0.7.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f450ad9c3b1da563fb6948a8e0fb0fb9269711c9c73d9ea1de5058c79c8d643a" -dependencies = [ - "bitflags 2.11.1", -] - [[package]] name = "regex" version = "1.12.3" From 47f416c5e0e1caa13691ecb032029fae84a521ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 May 2026 05:25:55 +0100 Subject: [PATCH 02/17] build(deps): bump taiki-e/install-action from 2.75.30 to 2.77.4 (#4067) Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.75.30 to 2.77.4. - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/taiki-e/install-action/compare/db5fb34fa772531a3ece57ca434f579eb334e0fb...ec28e287910af896fd98e04056d31fa68607e7ad) --- updated-dependencies: - dependency-name: taiki-e/install-action dependency-version: 2.77.4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-post-merge.yml | 4 ++-- .github/workflows/ci.yml | 4 ++-- .github/workflows/coverage.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/semver-checks.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci-post-merge.yml b/.github/workflows/ci-post-merge.yml index 5656978b0..4cfda26ca 100644 --- a/.github/workflows/ci-post-merge.yml +++ b/.github/workflows/ci-post-merge.yml @@ -51,7 +51,7 @@ jobs: toolchain: ${{ matrix.version.version }} - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean - uses: taiki-e/install-action@db5fb34fa772531a3ece57ca434f579eb334e0fb # v2.75.30 + uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 with: tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean @@ -87,7 +87,7 @@ jobs: uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 - name: Install just, cargo-hack - uses: taiki-e/install-action@db5fb34fa772531a3ece57ca434f579eb334e0fb # v2.75.30 + uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 with: tool: just,cargo-hack diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3f8165865..af21eef97 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -66,7 +66,7 @@ jobs: toolchain: ${{ matrix.version.version }} - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean - uses: taiki-e/install-action@db5fb34fa772531a3ece57ca434f579eb334e0fb # v2.75.30 + uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 with: tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean @@ -123,7 +123,7 @@ jobs: toolchain: nightly - name: Install just - uses: taiki-e/install-action@db5fb34fa772531a3ece57ca434f579eb334e0fb # v2.75.30 + uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 with: tool: just diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 0ed8bd7ee..564eaaa56 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -26,7 +26,7 @@ jobs: components: llvm-tools - name: Install just, cargo-llvm-cov, cargo-nextest - uses: taiki-e/install-action@db5fb34fa772531a3ece57ca434f579eb334e0fb # v2.75.30 + uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 with: tool: just,cargo-llvm-cov,cargo-nextest diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 91ce706e7..d63568f6f 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -103,7 +103,7 @@ jobs: toolchain: ${{ vars.RUST_VERSION_EXTERNAL_TYPES }} - name: Install just - uses: taiki-e/install-action@db5fb34fa772531a3ece57ca434f579eb334e0fb # v2.75.30 + uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 with: tool: just diff --git a/.github/workflows/semver-checks.yml b/.github/workflows/semver-checks.yml index 2526f5ee8..fd452800d 100644 --- a/.github/workflows/semver-checks.yml +++ b/.github/workflows/semver-checks.yml @@ -21,7 +21,7 @@ jobs: toolchain: stable - name: Install cargo-semver-checks - uses: taiki-e/install-action@db5fb34fa772531a3ece57ca434f579eb334e0fb # v2.75.30 + uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 with: tool: cargo-semver-checks From 9009fa98aca530797e82124335719e497ff3e774 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 May 2026 05:26:05 +0100 Subject: [PATCH 03/17] build(deps): bump tokio from 1.52.1 to 1.52.3 (#4066) Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.52.1 to 1.52.3. - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.52.1...tokio-1.52.3) --- updated-dependencies: - dependency-name: tokio dependency-version: 1.52.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f3df67f27..b288b189a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3235,9 +3235,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.52.1" +version = "1.52.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b67dee974fe86fd92cc45b7a95fdd2f99a36a6d7b0d431a231178d3d670bbcc6" +checksum = "8fc7f01b389ac15039e4dc9531aa973a135d7a4135281b12d7c1bc79fd57fffe" dependencies = [ "bytes", "libc", From 8099317317c69b71d1d336eb5a57d7c179c8936a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 May 2026 05:27:04 +0100 Subject: [PATCH 04/17] build(deps): bump actions/labeler from 6.0.1 to 6.1.0 (#4069) Bumps [actions/labeler](https://github.com/actions/labeler) from 6.0.1 to 6.1.0. - [Release notes](https://github.com/actions/labeler/releases) - [Commits](https://github.com/actions/labeler/compare/634933edcd8ababfe52f92936142cc22ac488b1b...f27b608878404679385c85cfa523b85ccb86e213) --- updated-dependencies: - dependency-name: actions/labeler dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/labeler.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 4a3f66a95..f33abe101 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -15,4 +15,4 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1 + - uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6.1.0 From b8d8b20870822c9f61518ee8b0f661414cd9e612 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 May 2026 05:00:29 +0000 Subject: [PATCH 05/17] build(deps): bump actions-rust-lang/setup-rust-toolchain from 1.16.0 to 1.16.1 (#4068) build(deps): bump actions-rust-lang/setup-rust-toolchain Bumps [actions-rust-lang/setup-rust-toolchain](https://github.com/actions-rust-lang/setup-rust-toolchain) from 1.16.0 to 1.16.1. - [Release notes](https://github.com/actions-rust-lang/setup-rust-toolchain/releases) - [Changelog](https://github.com/actions-rust-lang/setup-rust-toolchain/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions-rust-lang/setup-rust-toolchain/compare/2b1f5e9b395427c92ee4e3331786ca3c37afe2d7...46268bd060767258de96ed93c1251119784f2ab6) --- updated-dependencies: - dependency-name: actions-rust-lang/setup-rust-toolchain dependency-version: 1.16.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-post-merge.yml | 4 ++-- .github/workflows/ci.yml | 6 +++--- .github/workflows/coverage.yml | 2 +- .github/workflows/lint.yml | 8 ++++---- .github/workflows/semver-checks.yml | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci-post-merge.yml b/.github/workflows/ci-post-merge.yml index 4cfda26ca..001a01f3c 100644 --- a/.github/workflows/ci-post-merge.yml +++ b/.github/workflows/ci-post-merge.yml @@ -46,7 +46,7 @@ jobs: echo "RUSTFLAGS=-C target-feature=+crt-static" >> $GITHUB_ENV - name: Install Rust (${{ matrix.version.name }}) - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 + uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 with: toolchain: ${{ matrix.version.version }} @@ -84,7 +84,7 @@ jobs: uses: rui314/setup-mold@9c9c13bf4c3f1adef0cc596abc155580bcb04444 # v1 - name: Install Rust - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 + uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 - name: Install just, cargo-hack uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index af21eef97..52e053b5d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -61,7 +61,7 @@ jobs: uses: rui314/setup-mold@9c9c13bf4c3f1adef0cc596abc155580bcb04444 # v1 - name: Install Rust (${{ matrix.version.name }}) - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 + uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 with: toolchain: ${{ matrix.version.version }} @@ -100,7 +100,7 @@ jobs: persist-credentials: false - name: Install Rust - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 + uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 with: toolchain: nightly @@ -118,7 +118,7 @@ jobs: persist-credentials: false - name: Install Rust (nightly) - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 + uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 with: toolchain: nightly diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 564eaaa56..7a2a0f1dc 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -20,7 +20,7 @@ jobs: persist-credentials: false - name: Install Rust (nightly) - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 + uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 with: toolchain: nightly components: llvm-tools diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index d63568f6f..1e21b71bf 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: Install Rust (nightly) - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 + uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 with: toolchain: nightly components: rustfmt @@ -58,7 +58,7 @@ jobs: persist-credentials: false - name: Install Rust - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 + uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 with: components: clippy @@ -79,7 +79,7 @@ jobs: persist-credentials: false - name: Install Rust (nightly) - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 + uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 with: toolchain: nightly components: rust-docs @@ -98,7 +98,7 @@ jobs: persist-credentials: false - name: Install Rust (${{ vars.RUST_VERSION_EXTERNAL_TYPES }}) - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 + uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 with: toolchain: ${{ vars.RUST_VERSION_EXTERNAL_TYPES }} diff --git a/.github/workflows/semver-checks.yml b/.github/workflows/semver-checks.yml index fd452800d..67f6f1a88 100644 --- a/.github/workflows/semver-checks.yml +++ b/.github/workflows/semver-checks.yml @@ -16,7 +16,7 @@ jobs: persist-credentials: false - name: Install Rust - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 + uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 with: toolchain: stable From c6610d41ec2fc9a1413b906a70c2f0d6602c8eb7 Mon Sep 17 00:00:00 2001 From: oab24413gmai Date: Fri, 15 May 2026 05:07:17 -0500 Subject: [PATCH 06/17] fix: duplicated words in actix-multipart and actix-http h2 comments (#4070) Co-authored-by: Mira Sato <275437409+oab24413gmai@users.noreply.github.com> --- actix-http/src/h2/dispatcher.rs | 2 +- actix-multipart/src/form/mod.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/actix-http/src/h2/dispatcher.rs b/actix-http/src/h2/dispatcher.rs index 400476c88..61a4d4bca 100644 --- a/actix-http/src/h2/dispatcher.rs +++ b/actix-http/src/h2/dispatcher.rs @@ -163,7 +163,7 @@ where Poll::Pending => match this.ping_pong.as_mut() { Some(ping_pong) => loop { if ping_pong.in_flight { - // When there is an in-flight ping-pong, poll pong and and keep-alive + // When there is an in-flight ping-pong, poll pong and keep-alive // timer. On successful pong received, update keep-alive timer to // determine the next timing of ping pong. match ping_pong.ping_pong.poll_pong(cx)? { diff --git a/actix-multipart/src/form/mod.rs b/actix-multipart/src/form/mod.rs index de0eeecaa..51136869b 100644 --- a/actix-multipart/src/form/mod.rs +++ b/actix-multipart/src/form/mod.rs @@ -862,7 +862,7 @@ mod tests { let response = send_form(&srv, form, "/").await; assert_eq!(response.status(), StatusCode::OK); - // Exceeds the the 30 byte limit + // Exceeds the 30 byte limit let mut form = multipart::Form::default(); form.add_text("field", "this string is more than 30 bytes long"); let response = send_form(&srv, form, "/").await; From 24e5c77d2b1308279acf9517257891bd665ca354 Mon Sep 17 00:00:00 2001 From: tatakaisun <136896447+tatakaisun@users.noreply.github.com> Date: Wed, 20 May 2026 17:20:59 +0900 Subject: [PATCH 07/17] docs: fix API documentation label in README (#4075) --- actix-web/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actix-web/README.md b/actix-web/README.md index eab4587b0..b557b9112 100644 --- a/actix-web/README.md +++ b/actix-web/README.md @@ -54,7 +54,7 @@ Please use them in a production environment at your own risk. - [Website & User Guide](https://actix.rs) - [Examples Repository](https://github.com/actix/examples) - [API Documentation](https://docs.rs/actix-web) -- [API Documentation (mainranch)](https://actix.rs/actix-web/actix_web) +- [API Documentation (main branch)](https://actix.rs/actix-web/actix_web) ## Example From 240927080352261cd0accc98f90d9fa7574798d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 May 2026 18:22:29 +0900 Subject: [PATCH 08/17] build(deps): bump taiki-e/install-action from 2.77.4 to 2.79.0 (#4072) Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.77.4 to 2.79.0. - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/taiki-e/install-action/compare/ec28e287910af896fd98e04056d31fa68607e7ad...7be9fd86bd1707236395105d6e9329dd1511a7e1) --- updated-dependencies: - dependency-name: taiki-e/install-action dependency-version: 2.79.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-post-merge.yml | 4 ++-- .github/workflows/ci.yml | 4 ++-- .github/workflows/coverage.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/semver-checks.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci-post-merge.yml b/.github/workflows/ci-post-merge.yml index 001a01f3c..5e7c95c3f 100644 --- a/.github/workflows/ci-post-merge.yml +++ b/.github/workflows/ci-post-merge.yml @@ -51,7 +51,7 @@ jobs: toolchain: ${{ matrix.version.version }} - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean - uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 + uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 with: tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean @@ -87,7 +87,7 @@ jobs: uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 - name: Install just, cargo-hack - uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 + uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 with: tool: just,cargo-hack diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 52e053b5d..ae9b2c9b5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -66,7 +66,7 @@ jobs: toolchain: ${{ matrix.version.version }} - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean - uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 + uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 with: tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean @@ -123,7 +123,7 @@ jobs: toolchain: nightly - name: Install just - uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 + uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 with: tool: just diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 7a2a0f1dc..a74711349 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -26,7 +26,7 @@ jobs: components: llvm-tools - name: Install just, cargo-llvm-cov, cargo-nextest - uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 + uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 with: tool: just,cargo-llvm-cov,cargo-nextest diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 1e21b71bf..d1694dbbd 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -103,7 +103,7 @@ jobs: toolchain: ${{ vars.RUST_VERSION_EXTERNAL_TYPES }} - name: Install just - uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 + uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 with: tool: just diff --git a/.github/workflows/semver-checks.yml b/.github/workflows/semver-checks.yml index 67f6f1a88..5d6690506 100644 --- a/.github/workflows/semver-checks.yml +++ b/.github/workflows/semver-checks.yml @@ -21,7 +21,7 @@ jobs: toolchain: stable - name: Install cargo-semver-checks - uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2.77.4 + uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 with: tool: cargo-semver-checks From 9449a9666cbc48ef29b50ac4bef704eaa3c1b3ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 May 2026 09:27:00 +0000 Subject: [PATCH 09/17] build(deps): bump filetime from 0.2.28 to 0.2.29 (#4071) Bumps [filetime](https://github.com/alexcrichton/filetime) from 0.2.28 to 0.2.29. - [Commits](https://github.com/alexcrichton/filetime/compare/0.2.28...0.2.29) --- updated-dependencies: - dependency-name: filetime dependency-version: 0.2.29 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b288b189a..60c38b846 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1298,9 +1298,9 @@ checksum = "9f1f227452a390804cdb637b74a86990f2a7d7ba4b7d5693aac9b4dd6defd8d6" [[package]] name = "filetime" -version = "0.2.28" +version = "0.2.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d5b2eef6fafbf69f877e55509ce5b11a760690ac9700a2921be067aa6afaef6" +checksum = "5c287a33c7f0a620c38e641e7f60827713987b3c0f26e8ddc9462cc69cf75759" dependencies = [ "cfg-if", "libc", From 955ada1b8401d07541cb64a3b940cf9728a464d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 May 2026 09:30:50 +0000 Subject: [PATCH 10/17] build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.17 to 2.0.18 (#4074) Bumps [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) from 2.0.17 to 2.0.18. - [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases) - [Commits](https://github.com/embarkstudios/cargo-deny-action/compare/91bf2b620e09e18d6eb78b92e7861937469acedb...6c8f9facfa5047ec02d8485b6bf52b587b7777d1) --- updated-dependencies: - dependency-name: EmbarkStudios/cargo-deny-action dependency-version: 2.0.18 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ae9b2c9b5..9caf60411 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -89,7 +89,7 @@ jobs: - name: deny check if: matrix.version.name == 'stable' && matrix.target.os == 'ubuntu-latest' - uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb # v2.0.17 + uses: EmbarkStudios/cargo-deny-action@6c8f9facfa5047ec02d8485b6bf52b587b7777d1 # v2.0.18 io-uring: name: io-uring tests From 52136f16d521085ce0d0b912f565567b38219291 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 May 2026 19:16:39 +0900 Subject: [PATCH 11/17] build(deps): bump openssl from 0.10.79 to 0.10.80 (#4076) Bumps [openssl](https://github.com/rust-openssl/rust-openssl) from 0.10.79 to 0.10.80. - [Release notes](https://github.com/rust-openssl/rust-openssl/releases) - [Commits](https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.79...openssl-v0.10.80) --- updated-dependencies: - dependency-name: openssl dependency-version: 0.10.80 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 60c38b846..6c6c8121d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2208,9 +2208,9 @@ checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] name = "openssl" -version = "0.10.79" +version = "0.10.80" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf0b434746ee2832f4f0baf10137e1cabb18cbe6912c69e2e33263c45250f542" +checksum = "a45fa2aa886c42762255da344f0a0d313e254066c46aad76f300c3d3da62d967" dependencies = [ "bitflags 2.11.1", "cfg-if", @@ -2239,9 +2239,9 @@ checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" [[package]] name = "openssl-sys" -version = "0.9.115" +version = "0.9.116" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "158fe5b292746440aa6e7a7e690e55aeb72d41505e2804c23c6973ad0e9c9781" +checksum = "f28a22dc7140cda5f096e5e7724a6962ca81a7f8bfd2979f9b18c11af56318c4" dependencies = [ "cc", "libc", From 263fde9648f478ebd0765950c2de5148570d8799 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 May 2026 19:16:44 +0900 Subject: [PATCH 12/17] build(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 (#4073) Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) from 0.5.3 to 0.5.6. - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](https://github.com/zizmorcore/zizmor-action/compare/b1d7e1fb5de872772f31590499237e7cce841e8e...5f14fd08f7cf1cb1609c1e344975f152c7ee938d) --- updated-dependencies: - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index d1694dbbd..33b9a66b7 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -24,7 +24,7 @@ jobs: with: persist-credentials: false - - uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3 + - uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 with: advanced-security: false annotations: true From 15743c401054fe4e801e9c4e0c01068ec8706d09 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 May 2026 10:00:10 +0000 Subject: [PATCH 13/17] build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 (#4078) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2...e79a6962e0d4c0c17b229090214935d2e33f8354) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/coverage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index a74711349..54a758950 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -34,7 +34,7 @@ jobs: run: just test-coverage-codecov - name: Upload coverage to Codecov - uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 + uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 with: files: codecov.json fail_ci_if_error: true From 9a7c961949d64ac4276b745762fbb2817442a0c3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 May 2026 10:00:28 +0000 Subject: [PATCH 14/17] build(deps): bump taiki-e/install-action from 2.79.0 to 2.79.7 (#4081) Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.79.0 to 2.79.7. - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/taiki-e/install-action/compare/7be9fd86bd1707236395105d6e9329dd1511a7e1...d9be7d8cda89035c9c843f78bd44d4f72d8403d4) --- updated-dependencies: - dependency-name: taiki-e/install-action dependency-version: 2.79.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-post-merge.yml | 4 ++-- .github/workflows/ci.yml | 4 ++-- .github/workflows/coverage.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/semver-checks.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci-post-merge.yml b/.github/workflows/ci-post-merge.yml index 5e7c95c3f..a0aa0a89d 100644 --- a/.github/workflows/ci-post-merge.yml +++ b/.github/workflows/ci-post-merge.yml @@ -51,7 +51,7 @@ jobs: toolchain: ${{ matrix.version.version }} - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean - uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 + uses: taiki-e/install-action@d9be7d8cda89035c9c843f78bd44d4f72d8403d4 # v2.79.7 with: tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean @@ -87,7 +87,7 @@ jobs: uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 - name: Install just, cargo-hack - uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 + uses: taiki-e/install-action@d9be7d8cda89035c9c843f78bd44d4f72d8403d4 # v2.79.7 with: tool: just,cargo-hack diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9caf60411..1fc777f65 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -66,7 +66,7 @@ jobs: toolchain: ${{ matrix.version.version }} - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean - uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 + uses: taiki-e/install-action@d9be7d8cda89035c9c843f78bd44d4f72d8403d4 # v2.79.7 with: tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean @@ -123,7 +123,7 @@ jobs: toolchain: nightly - name: Install just - uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 + uses: taiki-e/install-action@d9be7d8cda89035c9c843f78bd44d4f72d8403d4 # v2.79.7 with: tool: just diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 54a758950..c6a704a9d 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -26,7 +26,7 @@ jobs: components: llvm-tools - name: Install just, cargo-llvm-cov, cargo-nextest - uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 + uses: taiki-e/install-action@d9be7d8cda89035c9c843f78bd44d4f72d8403d4 # v2.79.7 with: tool: just,cargo-llvm-cov,cargo-nextest diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 33b9a66b7..dc917bc33 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -103,7 +103,7 @@ jobs: toolchain: ${{ vars.RUST_VERSION_EXTERNAL_TYPES }} - name: Install just - uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 + uses: taiki-e/install-action@d9be7d8cda89035c9c843f78bd44d4f72d8403d4 # v2.79.7 with: tool: just diff --git a/.github/workflows/semver-checks.yml b/.github/workflows/semver-checks.yml index 5d6690506..b5df5541c 100644 --- a/.github/workflows/semver-checks.yml +++ b/.github/workflows/semver-checks.yml @@ -21,7 +21,7 @@ jobs: toolchain: stable - name: Install cargo-semver-checks - uses: taiki-e/install-action@7be9fd86bd1707236395105d6e9329dd1511a7e1 # v2.79.0 + uses: taiki-e/install-action@d9be7d8cda89035c9c843f78bd44d4f72d8403d4 # v2.79.7 with: tool: cargo-semver-checks From ab80ff75dee8a8f3e44b0057bc3df4409670e437 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 May 2026 21:07:05 +0900 Subject: [PATCH 15/17] build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.18 to 2.0.19 (#4079) Bumps [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) from 2.0.18 to 2.0.19. - [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases) - [Commits](https://github.com/embarkstudios/cargo-deny-action/compare/6c8f9facfa5047ec02d8485b6bf52b587b7777d1...a531616d8ce3b9177443e48a1159bc945a099823) --- updated-dependencies: - dependency-name: EmbarkStudios/cargo-deny-action dependency-version: 2.0.19 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1fc777f65..dd3154a27 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -89,7 +89,7 @@ jobs: - name: deny check if: matrix.version.name == 'stable' && matrix.target.os == 'ubuntu-latest' - uses: EmbarkStudios/cargo-deny-action@6c8f9facfa5047ec02d8485b6bf52b587b7777d1 # v2.0.18 + uses: EmbarkStudios/cargo-deny-action@a531616d8ce3b9177443e48a1159bc945a099823 # v2.0.19 io-uring: name: io-uring tests From 0d6b4a0c52b4d6c4d77f875070dbe27fb56370ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 May 2026 21:07:09 +0900 Subject: [PATCH 16/17] build(deps): bump serde_json from 1.0.149 to 1.0.150 (#4080) Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.149 to 1.0.150. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](https://github.com/serde-rs/json/compare/v1.0.149...v1.0.150) --- updated-dependencies: - dependency-name: serde_json dependency-version: 1.0.150 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6c6c8121d..8501f4355 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2861,9 +2861,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.149" +version = "1.0.150" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +checksum = "e8014e44b4736ed0538adeecded0fce2a272f22dc9578a7eb6b2d9993c74cfb9" dependencies = [ "itoa", "memchr", From 2196aeac0abc6486ca4bd844c97bbe8ca1b3bc47 Mon Sep 17 00:00:00 2001 From: Yuki Okushi Date: Thu, 28 May 2026 15:33:25 +0900 Subject: [PATCH 17/17] fix(files): fix panic in `Files` containing `.` (#4083) --- actix-files/CHANGES.md | 2 ++ actix-files/src/lib.rs | 15 +++++++++++++++ actix-files/src/path_buf.rs | 9 ++++++++- 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/actix-files/CHANGES.md b/actix-files/CHANGES.md index aea6fe8f4..12c785192 100644 --- a/actix-files/CHANGES.md +++ b/actix-files/CHANGES.md @@ -5,6 +5,7 @@ - Add support for passing multiple root directories to `Files::new`. [#3402] - Add `Files::try_compressed()` to support serving pre-compressed static files [#2615] - Fix handling of `bytes=0-` +- Fix panic in `Files` when `use_hidden_files()` is enabled and request paths contain `.` segments. [#4082] - Fix `NamedFile` panic when serving files with pre-UNIX epoch modification times. [#2748] - Fix invalid `Content-Encoding: identity` header in `NamedFile` range responses. [#3191] - Update `v_htmlescape` dependency to `0.17`. @@ -13,6 +14,7 @@ [#2615]: https://github.com/actix/actix-web/pull/2615 [#2748]: https://github.com/actix/actix-web/issues/2748 [#3191]: https://github.com/actix/actix-web/issues/3191 +[#4082]: https://github.com/actix/actix-web/issues/4082 ## 0.6.10 diff --git a/actix-files/src/lib.rs b/actix-files/src/lib.rs index 3312a621d..8646da1ea 100644 --- a/actix-files/src/lib.rs +++ b/actix-files/src/lib.rs @@ -1094,6 +1094,21 @@ mod tests { assert_eq!(bytes, web::Bytes::from_static(b"default content")); } + #[actix_rt::test] + async fn test_hidden_files_reject_cur_dir_segment() { + let service = Files::new("/", Vec::::new()) + .use_hidden_files() + .default_handler(Files::new("/", ".").use_hidden_files()) + .new_service(()) + .await + .unwrap(); + + let req = TestRequest::with_uri("/./Cargo.toml").to_srv_request(); + let resp = test::call_service(&service, req).await; + + assert_eq!(resp.status(), StatusCode::BAD_REQUEST); + } + #[actix_rt::test] async fn test_serve_index_nested() { let service = Files::new(".", ".") diff --git a/actix-files/src/path_buf.rs b/actix-files/src/path_buf.rs index f12d68593..58b06d70f 100644 --- a/actix-files/src/path_buf.rs +++ b/actix-files/src/path_buf.rs @@ -78,7 +78,9 @@ impl PathBufWrap { } for segment in path.split('/') { - if segment == ".." { + if segment == "." { + return Err(UriSegmentError::BadStart('.')); + } else if segment == ".." { segment_count -= 1; buf.pop(); } else if !hidden_files && segment.starts_with('.') { @@ -180,6 +182,11 @@ mod tests { PathBufWrap::parse_path("/test/.tt", true).unwrap().0, PathBuf::from_iter(vec!["test", ".tt"]) ); + + assert_eq!( + PathBufWrap::parse_path("/test/./file.txt", true).map(|t| t.0), + Err(UriSegmentError::BadStart('.')) + ); } #[test]