Merge d623e7b269 into 90c19a835d

Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.49.32 to 2.49.33.
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/taiki-e/install-action/compare/v2.49.32...v2.49.33)

---
updated-dependencies:
- dependency-name: taiki-e/install-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.cspell.yml

@@ -0,0 +1,3 @@
+version: "0.2"
+words:
+  - actix

.github/workflows/ci-post-merge.yml

@@ -49,7 +49,7 @@ jobs:
           toolchain: ${{ matrix.version.version }}
 
       - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean
-        uses: taiki-e/install-action@v2.49.17
+        uses: taiki-e/install-action@v2.49.33
         with:
           tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean
 
@@ -83,7 +83,7 @@ jobs:
         uses: actions-rust-lang/setup-rust-toolchain@v1.11.0
 
       - name: Install just, cargo-hack
-        uses: taiki-e/install-action@v2.49.17
+        uses: taiki-e/install-action@v2.49.33
         with:
           tool: just,cargo-hack
 

.github/workflows/ci.yml

@@ -64,7 +64,7 @@ jobs:
           toolchain: ${{ matrix.version.version }}
 
       - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean
-        uses: taiki-e/install-action@v2.49.17
+        uses: taiki-e/install-action@v2.49.33
         with:
           tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean
 
@@ -113,7 +113,7 @@ jobs:
           toolchain: nightly
 
       - name: Install just
-        uses: taiki-e/install-action@v2.49.17
+        uses: taiki-e/install-action@v2.49.33
         with:
           tool: just
 

.github/workflows/coverage.yml

@@ -24,7 +24,7 @@ jobs:
           components: llvm-tools
 
       - name: Install just, cargo-llvm-cov, cargo-nextest
-        uses: taiki-e/install-action@v2.49.17
+        uses: taiki-e/install-action@v2.49.33
         with:
           tool: just,cargo-llvm-cov,cargo-nextest
 

.github/workflows/lint.yml

@@ -77,7 +77,7 @@ jobs:
           toolchain: ${{ vars.RUST_VERSION_EXTERNAL_TYPES }}
 
       - name: Install just
-        uses: taiki-e/install-action@v2.49.17
+        uses: taiki-e/install-action@v2.49.33
         with:
           tool: just
 

.gitignore

@@ -1,4 +1,3 @@
-Cargo.lock
 target/
 guide/build/
 /gh-pages

actix-files/CHANGES.md

@@ -3,6 +3,7 @@
 ## Unreleased
 
 - Minimum supported Rust version (MSRV) is now 1.75.
+- Allow serving `.well-known` files when serving dotfiles is otherwise disallowed.
 
 ## 0.6.6
 

actix-files/src/path_buf.rs

@@ -40,11 +40,12 @@ impl PathBufWrap {
             return Err(UriSegmentError::BadChar('/'));
         }
 
+        // disallow invalid or suspicious path segments
         for segment in path.split('/') {
             if segment == ".." {
                 segment_count -= 1;
                 buf.pop();
-            } else if !hidden_files && segment.starts_with('.') {
+            } else if segment != ".well-known" && !hidden_files && segment.starts_with('.') {
                 return Err(UriSegmentError::BadStart('.'));
             } else if segment.starts_with('*') {
                 return Err(UriSegmentError::BadStart('*'));
@@ -105,6 +106,10 @@ mod tests {
             PathBufWrap::from_str("/test/.tt").map(|t| t.0),
             Err(UriSegmentError::BadStart('.'))
         );
+        assert_eq!(
+            PathBufWrap::from_str("/.well-known/test/.tt").map(|t| t.0),
+            Err(UriSegmentError::BadStart('.'))
+        );
         assert_eq!(
             PathBufWrap::from_str("/test/*tt").map(|t| t.0),
             Err(UriSegmentError::BadStart('*'))
@@ -144,6 +149,33 @@ mod tests {
         );
     }
 
+    #[test]
+    fn test_parse_well_known() {
+        assert_eq!(
+            PathBufWrap::parse_path("/.well-known/test/.tt", false).map(|t| t.0),
+            Err(UriSegmentError::BadStart('.'))
+        );
+        assert_eq!(
+            PathBufWrap::parse_path("/.well-known/test/foo", false)
+                .unwrap()
+                .0,
+            PathBuf::from_iter(vec![".well-known", "test", "foo"])
+        );
+
+        assert_eq!(
+            PathBufWrap::parse_path("/.well-known/test/.tt", true)
+                .unwrap()
+                .0,
+            PathBuf::from_iter(vec![".well-known", "test", ".tt"])
+        );
+        assert_eq!(
+            PathBufWrap::parse_path("/.well-known/test/foo", true)
+                .unwrap()
+                .0,
+            PathBuf::from_iter(vec![".well-known", "test", "foo"])
+        );
+    }
+
     #[test]
     fn path_traversal() {
         assert_eq!(

actix-multipart-derive/Cargo.toml

@@ -18,8 +18,8 @@ all-features = true
 proc-macro = true
 
 [dependencies]
+bytesize = "2"
 darling = "0.20"
-parse-size = "1"
 proc-macro2 = "1"
 quote = "1"
 syn = "2"
@@ -27,7 +27,7 @@ syn = "2"
 [dev-dependencies]
 actix-multipart = "0.7"
 actix-web = "4"
-rustversion = "1"
+rustversion-msrv = "0.100"
 trybuild = "1"
 
 [lints]

actix-multipart-derive/src/lib.rs

@@ -9,8 +9,8 @@
 
 use std::collections::HashSet;
 
+use bytesize::ByteSize;
 use darling::{FromDeriveInput, FromField, FromMeta};
-use parse_size::parse_size;
 use proc_macro::TokenStream;
 use proc_macro2::Ident;
 use quote::quote;
@@ -103,7 +103,7 @@ struct ParsedField<'t> {
 /// # Field Limits
 ///
 /// You can use the `#[multipart(limit = "<size>")]` attribute to set field level limits. The limit
-/// string is parsed using [parse_size].
+/// string is parsed using [`bytesize`].
 ///
 /// Note: the form is also subject to the global limits configured using `MultipartFormConfig`.
 ///
@@ -150,7 +150,7 @@ struct ParsedField<'t> {
 /// struct Form { }
 /// ```
 ///
-/// [parse_size]: https://docs.rs/parse-size/1/parse_size
+/// [`bytesize`]: https://docs.rs/bytesize/2
 #[proc_macro_derive(MultipartForm, attributes(multipart))]
 pub fn impl_multipart_form(input: proc_macro::TokenStream) -> proc_macro::TokenStream {
     let input: syn::DeriveInput = parse_macro_input!(input);
@@ -191,8 +191,8 @@ pub fn impl_multipart_form(input: proc_macro::TokenStream) -> proc_macro::TokenS
             let attrs = FieldAttrs::from_field(field).map_err(|err| err.write_errors())?;
             let serialization_name = attrs.rename.unwrap_or_else(|| rust_name.to_string());
 
-            let limit = match attrs.limit.map(|limit| match parse_size(&limit) {
-                Ok(size) => Ok(usize::try_from(size).unwrap()),
+            let limit = match attrs.limit.map(|limit| match limit.parse::<ByteSize>() {
+                Ok(ByteSize(size)) => Ok(usize::try_from(size).unwrap()),
                 Err(err) => Err(syn::Error::new(
                     field.ident.as_ref().unwrap().span(),
                     format!("Could not parse size limit `{}`: {}", limit, err),

actix-multipart-derive/tests/trybuild.rs

@@ -1,4 +1,4 @@
-#[rustversion::stable(1.72)] // MSRV
+#[rustversion_msrv::msrv]
 #[test]
 fn compile_macros() {
     let t = trybuild::TestCases::new();

actix-multipart-derive/tests/trybuild/size-limit-parse-fail.stderr

@@ -1,16 +1,16 @@
-error: Could not parse size limit `2 bytes`: invalid digit found in string
+error: Could not parse size limit `2 bytes`: couldn't parse "bytes" into a known SI unit, couldn't parse unit of "bytes"
  --> tests/trybuild/size-limit-parse-fail.rs:6:5
   |
 6 |     description: Text<String>,
   |     ^^^^^^^^^^^
 
-error: Could not parse size limit `2 megabytes`: invalid digit found in string
+error: Could not parse size limit `2 megabytes`: couldn't parse "megabytes" into a known SI unit, couldn't parse unit of "megabytes"
   --> tests/trybuild/size-limit-parse-fail.rs:12:5
    |
 12 |     description: Text<String>,
    |     ^^^^^^^^^^^
 
-error: Could not parse size limit `four meters`: invalid digit found in string
+error: Could not parse size limit `four meters`: couldn't parse "four meters" into a ByteSize, cannot parse float from empty string
   --> tests/trybuild/size-limit-parse-fail.rs:18:5
    |
 18 |     description: Text<String>,

actix-web-codegen/Cargo.toml

@@ -34,7 +34,7 @@ actix-web = "4"
 
 futures-core = { version = "0.3.17", default-features = false, features = ["alloc"] }
 trybuild = "1"
-rustversion = "1"
+rustversion-msrv = "0.100"
 
 [lints]
 workspace = true

actix-web-codegen/tests/trybuild.rs

@@ -1,4 +1,4 @@
-#[rustversion::stable(1.72)] // MSRV
+#[rustversion_msrv::msrv]
 #[test]
 fn compile_macros() {
     let t = trybuild::TestCases::new();

actix-web/CHANGES.md

@@ -21,6 +21,7 @@
 - On Windows, an error is now returned from `HttpServer::bind()` (or TLS variants) when binding to a socket that's already in use.
 - Update `brotli` dependency to `7`.
 - Minimum supported Rust version (MSRV) is now 1.75.
+- Allow serving `.well-known` files when serving dotfiles is otherwise disallowed.
 
 ## 4.9.0
 

justfile

@@ -7,14 +7,14 @@ fmt:
     cargo +nightly fmt
     fd --hidden --type=file --extension=md --extension=yml --exec-batch npx -y prettier --write
 
-# Downgrade dev-dependencies necessary to run MSRV checks/tests.
+# Downgrade dependencies necessary to run MSRV checks/tests.
 [private]
 downgrade-for-msrv:
-    cargo update -p=parse-size --precise=1.0.0
-    cargo update -p=clap --precise=4.4.18
-    cargo update -p=divan --precise=0.1.15
-    cargo update -p=litemap --precise=0.7.4
-    cargo update -p=zerofrom --precise=0.1.5
+    cargo update -p=clap --precise=4.4.18 # next ver: 1.74.0
+    cargo update -p=divan --precise=0.1.15 # next ver: 1.80.0
+    cargo update -p=litemap --precise=0.7.4 # next ver: 1.81.0
+    cargo update -p=zerofrom --precise=0.1.5 # next ver: 1.81.0
+    cargo update -p=half --precise=2.4.1 # next ver: 1.81.0
 
 msrv := ```
     cargo metadata --format-version=1 \