Merge 31ff1ef12c into 9fb6c13a1a

ci: fix msrv job
2025-08-26 10:11:10 +02:00 · 2025-08-26 08:26:49 +01:00 · 2025-08-26 08:18:34 +01:00 · 2025-08-26 08:00:19 +01:00 · 2025-08-26 07:28:27 +01:00 · 2025-08-25 12:31:30 +00:00
16 changed files with 330 additions and 233 deletions
--- a/.clippy.toml
+++ b/.clippy.toml
@ -3,6 +3,6 @@ disallowed-names = [
  "e", # no single letter error bindings
 ]
 disallowed-methods = [
-  { path = "std::cell::RefCell::default()", reason = "prefer explicit inner type default" },
-  { path = "std::rc::Rc::default()", reason = "prefer explicit inner type default" },
+  { path = "std::cell::RefCell::default()", reason = "prefer explicit inner type default (remove allow-invalid when rust-lang/rust-clippy/#8581 is fixed)", allow-invalid = true },
+  { path = "std::rc::Rc::default()", reason = "prefer explicit inner type default (remove allow-invalid when rust-lang/rust-clippy/#8581 is fixed)", allow-invalid = true },
 ]
--- a/.github/workflows/ci-post-merge.yml
+++ b/.github/workflows/ci-post-merge.yml
@ -44,12 +44,12 @@ jobs:
          echo "RUSTFLAGS=-C target-feature=+crt-static" >> $GITHUB_ENV

      - name: Install Rust (${{ matrix.version.name }})
-        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@ab6845274e2ff01cd4462007e1a9d9df1ab49f42 # v1.14.0
        with:
          toolchain: ${{ matrix.version.version }}

      - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean
-        uses: taiki-e/install-action@ad95d4e02e061d4390c4b66ef5ed56c7fee3d2ce # v2.58.17
+        uses: taiki-e/install-action@f63c33fd96cc1e69a29bafd06541cf28588b43a4 # v2.58.21
        with:
          tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean

@ -80,10 +80,10 @@ jobs:
        uses: rui314/setup-mold@7344740a9418dcdcb481c7df83d9fbd1d5072d7d # v1

      - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@ab6845274e2ff01cd4462007e1a9d9df1ab49f42 # v1.14.0

      - name: Install just, cargo-hack
-        uses: taiki-e/install-action@ad95d4e02e061d4390c4b66ef5ed56c7fee3d2ce # v2.58.17
+        uses: taiki-e/install-action@f63c33fd96cc1e69a29bafd06541cf28588b43a4 # v2.58.21
        with:
          tool: just,cargo-hack

--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -59,12 +59,12 @@ jobs:
        uses: rui314/setup-mold@7344740a9418dcdcb481c7df83d9fbd1d5072d7d # v1

      - name: Install Rust (${{ matrix.version.name }})
-        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@ab6845274e2ff01cd4462007e1a9d9df1ab49f42 # v1.14.0
        with:
          toolchain: ${{ matrix.version.version }}

      - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean
-        uses: taiki-e/install-action@ad95d4e02e061d4390c4b66ef5ed56c7fee3d2ce # v2.58.17
+        uses: taiki-e/install-action@f63c33fd96cc1e69a29bafd06541cf28588b43a4 # v2.58.21
        with:
          tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean

@ -92,7 +92,7 @@ jobs:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@ab6845274e2ff01cd4462007e1a9d9df1ab49f42 # v1.14.0
        with:
          toolchain: nightly

@ -108,12 +108,12 @@ jobs:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@ab6845274e2ff01cd4462007e1a9d9df1ab49f42 # v1.14.0
        with:
          toolchain: nightly

      - name: Install just
-        uses: taiki-e/install-action@ad95d4e02e061d4390c4b66ef5ed56c7fee3d2ce # v2.58.17
+        uses: taiki-e/install-action@f63c33fd96cc1e69a29bafd06541cf28588b43a4 # v2.58.21
        with:
          tool: just

--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@ -18,13 +18,13 @@ jobs:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@ab6845274e2ff01cd4462007e1a9d9df1ab49f42 # v1.14.0
        with:
          toolchain: nightly
          components: llvm-tools

      - name: Install just, cargo-llvm-cov, cargo-nextest
-        uses: taiki-e/install-action@ad95d4e02e061d4390c4b66ef5ed56c7fee3d2ce # v2.58.17
+        uses: taiki-e/install-action@f63c33fd96cc1e69a29bafd06541cf28588b43a4 # v2.58.21
        with:
          tool: just,cargo-llvm-cov,cargo-nextest

@ -32,7 +32,7 @@ jobs:
        run: just test-coverage-codecov

      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
        with:
          files: codecov.json
          fail_ci_if_error: true
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -18,7 +18,7 @@ jobs:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@ab6845274e2ff01cd4462007e1a9d9df1ab49f42 # v1.14.0
        with:
          toolchain: nightly
          components: rustfmt
@ -36,7 +36,7 @@ jobs:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@ab6845274e2ff01cd4462007e1a9d9df1ab49f42 # v1.14.0
        with:
          components: clippy

@ -55,7 +55,7 @@ jobs:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@ab6845274e2ff01cd4462007e1a9d9df1ab49f42 # v1.14.0
        with:
          toolchain: nightly
          components: rust-docs
@ -72,12 +72,12 @@ jobs:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Install Rust (${{ vars.RUST_VERSION_EXTERNAL_TYPES }})
-        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@ab6845274e2ff01cd4462007e1a9d9df1ab49f42 # v1.14.0
        with:
          toolchain: ${{ vars.RUST_VERSION_EXTERNAL_TYPES }}

      - name: Install just
-        uses: taiki-e/install-action@ad95d4e02e061d4390c4b66ef5ed56c7fee3d2ce # v2.58.17
+        uses: taiki-e/install-action@f63c33fd96cc1e69a29bafd06541cf28588b43a4 # v2.58.21
        with:
          tool: just

--- a/Cargo.lock
+++ b/Cargo.lock
--- a/actix-files/CHANGES.md
+++ b/actix-files/CHANGES.md
@ -2,6 +2,7 @@

 ## Unreleased

+- `PathBufWrap` & `UriSegmentError` made public.
 - Minimum supported Rust version (MSRV) is now 1.75.

 ## 0.6.6
--- a/actix-files/src/error.rs
+++ b/actix-files/src/error.rs
@ -21,6 +21,7 @@ impl ResponseError for FilesError {
    }
 }

+/// Error which can occur with parsing/validating a request-uri path
 #[derive(Debug, PartialEq, Eq, Display)]
 #[non_exhaustive]
 pub enum UriSegmentError {
--- a/actix-files/src/lib.rs
+++ b/actix-files/src/lib.rs
@ -37,13 +37,12 @@ mod range;
 mod service;

 pub use self::{
-    chunked::ChunkedReadFile, directory::Directory, files::Files, named::NamedFile,
-    range::HttpRange, service::FilesService,
+    chunked::ChunkedReadFile, directory::Directory, error::UriSegmentError, files::Files,
+    named::NamedFile, path_buf::PathBufWrap, range::HttpRange, service::FilesService,
 };
 use self::{
    directory::{directory_listing, DirectoryRenderer},
    error::FilesError,
-    path_buf::PathBufWrap,
 };

 type HttpService = BoxService<ServiceRequest, ServiceResponse, Error>;
--- a/actix-files/src/path_buf.rs
+++ b/actix-files/src/path_buf.rs
@ -8,8 +8,11 @@ use actix_web::{dev::Payload, FromRequest, HttpRequest};

 use crate::error::UriSegmentError;

+/// Secure Path Traversal Guard
+///
+/// This struct parses a request-uri [`PathBuf`](std::path::PathBuf)
 #[derive(Debug, PartialEq, Eq)]
-pub(crate) struct PathBufWrap(PathBuf);
+pub struct PathBufWrap(PathBuf);

 impl FromStr for PathBufWrap {
    type Err = UriSegmentError;
@ -20,6 +23,15 @@ impl FromStr for PathBufWrap {
 }

 impl PathBufWrap {
+    /// Parse a safe path from a supplied [`HttpRequest`](actix_web::HttpRequest),
+    /// given the choice of allowing hiddden files to be considered valid segments.
+    ///
+    /// Path traversal is guarded by this method.
+    #[inline]
+    pub fn parse_req(req: &HttpRequest, hidden_files: bool) -> Result<Self, UriSegmentError> {
+        Self::parse_path(req.match_info().unprocessed(), hidden_files)
+    }
+
    /// Parse a path, giving the choice of allowing hidden files to be considered valid segments.
    ///
    /// Path traversal is guarded by this method.
--- a/actix-http/CHANGES.md
+++ b/actix-http/CHANGES.md
@ -2,8 +2,11 @@

 ## Unreleased

- Update `TestRequest::set_payload` to generate "Content-Length" header
- Malformed websocket frames are now gracefully rejected.
+## 3.11.1
+
+- Prevent more hangs after client disconnects.
+- More malformed WebSocket frames are now gracefully rejected.
+- Using `TestRequest::set_payload()` now sets a Content-Length header.

 ## 3.11.0

--- a/actix-http/Cargo.toml
+++ b/actix-http/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "actix-http"
-version = "3.11.0"
+version = "3.11.1"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>", "Rob Ede <robjtede@icloud.com>"]
 description = "HTTP types and services for the Actix ecosystem"
 keywords = ["actix", "http", "framework", "async", "futures"]
--- a/actix-http/README.md
+++ b/actix-http/README.md
@ -5,11 +5,11 @@
 <!-- prettier-ignore-start -->

 [![crates.io](https://img.shields.io/crates/v/actix-http?label=latest)](https://crates.io/crates/actix-http)
-[![Documentation](https://docs.rs/actix-http/badge.svg?version=3.11.0)](https://docs.rs/actix-http/3.11.0)
+[![Documentation](https://docs.rs/actix-http/badge.svg?version=3.11.1)](https://docs.rs/actix-http/3.11.1)
 ![Version](https://img.shields.io/badge/rustc-1.72+-ab6000.svg)
 ![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/actix-http.svg)
 <br />
-[![dependency status](https://deps.rs/crate/actix-http/3.11.0/status.svg)](https://deps.rs/crate/actix-http/3.11.0)
+[![dependency status](https://deps.rs/crate/actix-http/3.11.1/status.svg)](https://deps.rs/crate/actix-http/3.11.1)
 [![Download](https://img.shields.io/crates/d/actix-http.svg)](https://crates.io/crates/actix-http)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)

--- a/actix-router/benches/router.rs
+++ b/actix-router/benches/router.rs
@ -13,6 +13,7 @@ macro_rules! register {
        register!(finish => "(.*)", "(.*)", "(.*)", "(.*)")
    }};
    (finish => $p1:literal, $p2:literal, $p3:literal, $p4:literal) => {{
+        #[expect(clippy::useless_concat)]
        let arr = [
            concat!("/authorizations"),
            concat!("/authorizations/", $p1),
--- a/actix-web/MIGRATION-3.0.md
+++ b/actix-web/MIGRATION-3.0.md
@ -3,7 +3,6 @@
 - The return type for `ServiceRequest::app_data::<T>()` was changed from returning a `Data<T>` to simply a `T`. To access a `Data<T>` use `ServiceRequest::app_data::<Data<T>>()`.

 - Cookie handling has been offloaded to the `cookie` crate:
-
  - `USERINFO_ENCODE_SET` is no longer exposed. Percent-encoding is still supported; check docs.
  - Some types now require lifetime parameters.

--- a/8
+++ b/8
@ -13,6 +13,8 @@ fmt:
 [private]
 downgrade-for-msrv:
    cargo {{ toolchain }} update -p=divan --precise=0.1.15 # next ver: 1.80.0
+    cargo {{ toolchain }} update -p=rayon --precise=1.10.0 # next ver: 1.80.0
+    cargo {{ toolchain }} update -p=rayon-core --precise=1.12.1 # next ver: 1.80.0
    cargo {{ toolchain }} update -p=half --precise=2.4.1 # next ver: 1.81.0
    cargo {{ toolchain }} update -p=idna_adapter --precise=1.2.0 # next ver: 1.82.0
    cargo {{ toolchain }} update -p=litemap --precise=0.7.4 # next ver: 1.81.0
@ -50,8 +52,7 @@ clippy:
    cargo {{ toolchain }} clippy --workspace --all-targets {{ all_crate_features }}

 # Run Clippy over workspace using MSRV.
-clippy-msrv:
-    @just toolchain={{ msrv_rustup }} downgrade-for-msrv
+clippy-msrv: downgrade-for-msrv
    @just toolchain={{ msrv_rustup }} clippy

 # Test workspace code.
@ -62,8 +63,7 @@ test:
    cargo {{ toolchain }} nextest run --no-tests=warn --workspace --exclude=actix-web-codegen --exclude=actix-multipart-derive {{ all_crate_features }} --filter-expr="not test(test_reading_deflate_encoding_large_random_rustls)"

 # Test workspace using MSRV.
-test-msrv:
-    @just toolchain={{ msrv_rustup }} downgrade-for-msrv
+test-msrv: downgrade-for-msrv
    @just toolchain={{ msrv_rustup }} test

 # Test workspace docs.
Author	SHA1	Message	Date
Andrew Scott	f43899ac55	Merge `31ff1ef12c` into `9fb6c13a1a`	2025-08-26 10:11:10 +02:00
Rob Ede	9fb6c13a1a	ci: fix msrv job	2025-08-26 08:26:49 +01:00
Rob Ede	05cfef7f4b	ci: fix msrv job	2025-08-26 08:18:34 +01:00
Rob Ede	8f3eb32a32	chore: fix justfile for msrv	2025-08-26 08:00:19 +01:00
Rob Ede	ddd16ec9db	chore(actix-http): prepare release 3.11.1	2025-08-26 07:28:27 +01:00
dependabot[bot]	9c47a247fb	build(deps): bump bitflags from 2.9.2 to 2.9.3 (#3745 ) Bumps [bitflags](https://github.com/bitflags/bitflags) from 2.9.2 to 2.9.3. - [Release notes](https://github.com/bitflags/bitflags/releases) - [Changelog](https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md) - [Commits](https://github.com/bitflags/bitflags/compare/2.9.2...2.9.3) --- updated-dependencies: - dependency-name: bitflags dependency-version: 2.9.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-25 12:31:30 +00:00
dependabot[bot]	2536823e3b	build(deps): bump regex-lite from 0.1.6 to 0.1.7 (#3743 ) Bumps [regex-lite](https://github.com/rust-lang/regex) from 0.1.6 to 0.1.7. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/regex-lite-0.1.6...regex-lite-0.1.7) --- updated-dependencies: - dependency-name: regex-lite dependency-version: 0.1.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-25 10:43:50 +00:00
dependabot[bot]	e3f81d0643	build(deps): bump url from 2.5.4 to 2.5.7 (#3742 ) Bumps [url](https://github.com/servo/rust-url) from 2.5.4 to 2.5.7. - [Release notes](https://github.com/servo/rust-url/releases) - [Commits](https://github.com/servo/rust-url/commits) --- updated-dependencies: - dependency-name: url dependency-version: 2.5.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-25 10:42:00 +00:00
dependabot[bot]	a84aee836b	build(deps): bump tempfile from 3.20.0 to 3.21.0 (#3744 ) Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.20.0 to 3.21.0. - [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md) - [Commits](https://github.com/Stebalien/tempfile/commits) --- updated-dependencies: - dependency-name: tempfile dependency-version: 3.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-25 10:40:55 +00:00
dependabot[bot]	1f08cb24c3	build(deps): bump regex from 1.11.1 to 1.11.2 (#3746 ) Bumps [regex](https://github.com/rust-lang/regex) from 1.11.1 to 1.11.2. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.11.1...1.11.2) --- updated-dependencies: - dependency-name: regex dependency-version: 1.11.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-25 10:36:40 +00:00
dependabot[bot]	1b49047086	build(deps): bump codecov/codecov-action from 5.4.3 to 5.5.0 (#3741 ) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.4.3 to 5.5.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](`18283e04ce...fdcc847654`) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 5.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-25 10:33:15 +00:00
dependabot[bot]	9fe033a963	build(deps): bump taiki-e/install-action from 2.58.17 to 2.58.21 (#3740 ) Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.58.17 to 2.58.21. - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](`ad95d4e02e...f63c33fd96`) --- updated-dependencies: - dependency-name: taiki-e/install-action dependency-version: 2.58.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-25 10:32:36 +00:00
dependabot[bot]	2ba69a1904	build(deps): bump actions-rust-lang/setup-rust-toolchain from 1.13.0 to 1.14.0 (#3739 ) build(deps): bump actions-rust-lang/setup-rust-toolchain Bumps [actions-rust-lang/setup-rust-toolchain](https://github.com/actions-rust-lang/setup-rust-toolchain) from 1.13.0 to 1.14.0. - [Release notes](https://github.com/actions-rust-lang/setup-rust-toolchain/releases) - [Changelog](https://github.com/actions-rust-lang/setup-rust-toolchain/blob/main/CHANGELOG.md) - [Commits](`fb51252c7b...ab6845274e`) --- updated-dependencies: - dependency-name: actions-rust-lang/setup-rust-toolchain dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-25 10:31:31 +00:00
imgurbot12	31ff1ef12c	feat: expose PathBufWrap utility for public access	2025-07-14 21:39:59 -07:00