Update Rust crate axum to 0.6 - autoclosed

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
axum	dependencies	minor	0.5 -> 0.6

---

Release Notes

tokio-rs/axum

v0.6.0: axum - v0.6.0

Compare Source

Routing

• fixed: Nested routers are now allowed to have fallbacks (#​1521):

  let api_router = Router::new()
      .route("/users", get(|| { ... }))
      .fallback(api_fallback);
  
  let app = Router::new()
      // this would panic in 0.5 but in 0.6 it just works
      //
      // requests starting with `/api` but not handled by `api_router`
      // will go to `/api_fallback`
      .nest("/api", api_router);

  The outer router's fallback will still apply if a nested router doesn't have
  its own fallback:

  // this time without a fallback
  let api_router = Router::new().route("/users", get(|| { ... }));
  
  let app = Router::new()
      .nest("/api", api_router)
      // `api_fallback` will inherit this fallback
      .fallback(app_fallback);

• breaking: The request /foo/ no longer matches /foo/*rest. If you want
  to match /foo/ you have to add a route specifically for that (#​1086)

  For example:

  use axum::{Router, routing::get, extract::Path};
  
  let app = Router::new()
      // this will match `/foo/bar/baz`
      .route("/foo/*rest", get(handler))
      // this will match `/foo/`
      .route("/foo/", get(handler))
      // if you want `/foo` to match you must also add an explicit route for it
      .route("/foo", get(handler));
  
  async fn handler(
      // use an `Option` because `/foo/` and `/foo` don't have any path params
      params: Option<Path<String>>,
  ) {}

• breaking: Path params for wildcard routes no longer include the prefix
  /. e.g. /foo.js will match /*filepath with a value of foo.js, not
  /foo.js (#​1086)

  For example:

  use axum::{Router, routing::get, extract::Path};
  
  let app = Router::new().route("/foo/*rest", get(handler));
  
  async fn handler(
      Path(params): Path<String>,
  ) {
      // for the request `/foo/bar/baz` the value of `params` will be `bar/baz`
      //
      // on 0.5 it would be `/bar/baz`
  }

• fixed: Routes like /foo and /*rest are no longer considered
  overlapping. /foo will take priority (#​1086)

  For example:

  use axum::{Router, routing::get};
  
  let app = Router::new()
      // this used to not be allowed but now just works
      .route("/foo/*rest", get(foo))
      .route("/foo/bar", get(bar));
  
  async fn foo() {}
  
  async fn bar() {}

• breaking: Automatic trailing slash redirects have been removed.
  Previously if you added a route for /foo, axum would redirect calls to
  /foo/ to /foo (or vice versa for /foo/):

  use axum::{Router, routing::get};
  
  let app = Router::new()
      // a request to `GET /foo/` will now get `404 Not Found`
      // whereas in 0.5 axum would redirect to `/foo`
      //
      // same goes the other way if you had the route `/foo/`
      // axum will no longer redirect from `/foo` to `/foo/`
      .route("/foo", get(handler));
  
  async fn handler() {}

  Either explicitly add routes for /foo and /foo/ or use
  axum_extra::routing::RouterExt::route_with_tsr if you want the old behavior
  (#​1119)

• breaking: Router::fallback now only accepts Handlers (similarly to
  what get, post, etc. accept). Use the new Router::fallback_service for
  setting any Service as the fallback (#​1155)

  This fallback on 0.5:

  use axum::{Router, handler::Handler};
  
  let app = Router::new().fallback(fallback.into_service());
  
  async fn fallback() {}

  Becomes this in 0.6

  use axum::Router;
  
  let app = Router::new().fallback(fallback);
  
  async fn fallback() {}

• changed: Router::nest now only accepts Routers, the general-purpose
  Service nesting method has been renamed to nest_service (#​1368)

• breaking: Allow Error: Into<Infallible> for Route::{layer, route_layer} (#​924)

• breaking: MethodRouter now panics on overlapping routes (#​1102)

• breaking: Router::route now only accepts MethodRouters created with
  get, post, etc. Use the new Router::route_service for routing to
  any Services (#​1155)

• breaking: Adding a .route_layer onto a Router or MethodRouter
  without any routes will now result in a panic. Previously, this just did
  nothing. #​1327

• breaking: RouterService has been removed since Router now implements
  Service when the state is (). Use Router::with_state to provide the
  state and get a Router<()>. Note that RouterService only existed in the
  pre-releases, not 0.5 (#​1552)

Extractors

• added: Added new type safe State extractor. This can be used with
  Router::with_state and gives compile errors for missing states, whereas
  Extension would result in runtime errors (#​1155)

  We recommend migrating from Extension to State for sharing application state since that is more type
  safe and faster. That is done by using Router::with_state and State.

  This setup in 0.5

  use axum::{routing::get, Extension, Router};
  
  let app = Router::new()
      .route("/", get(handler))
      .layer(Extension(AppState {}));
  
  async fn handler(Extension(app_state): Extension<AppState>) {}
  
  #[derive(Clone)]
  struct AppState {}

  Becomes this in 0.6 using State:

  use axum::{routing::get, extract::State, Router};
  
  let app = Router::new()
      .route("/", get(handler))
      .with_state(AppState {});
  
  async fn handler(State(app_state): State<AppState>) {}
  
  #[derive(Clone)]
  struct AppState {}

  If you have multiple extensions, you can use fields on AppState and implement
  FromRef:

  use axum::{extract::{State, FromRef}, routing::get, Router};
  
  let state = AppState {
      client: HttpClient {},
      database: Database {},
  };
  
  let app = Router::new().route("/", get(handler)).with_state(state);
  
  async fn handler(
      State(client): State<HttpClient>,
      State(database): State<Database>,
  ) {}
  
  // the derive requires enabling the "macros" feature
  #[derive(Clone, FromRef)]
  struct AppState {
      client: HttpClient,
      database: Database,
  }
  
  #[derive(Clone)]
  struct HttpClient {}
  
  #[derive(Clone)]
  struct Database {}

• breaking: It is now only possible for one extractor per handler to consume
  the request body. In 0.5 doing so would result in runtime errors but in 0.6 it
  is a compile error (#​1272)

  axum enforces this by only allowing the last extractor to consume the
  request.

  For example:

  use axum::{Json, http::HeaderMap};
  
  // This wont compile on 0.6 because both `Json` and `String` need to consume
  // the request body. You can use either `Json` or `String`, but not both.
  async fn handler_1(
      json: Json<serde_json::Value>,
      string: String,
  ) {}
  
  // This won't work either since `Json` is not the last extractor.
  async fn handler_2(
      json: Json<serde_json::Value>,
      headers: HeaderMap,
  ) {}
  
  // This works!
  async fn handler_3(
      headers: HeaderMap,
      json: Json<serde_json::Value>,
  ) {}

  This is done by reworking the FromRequest trait and introducing a new
  FromRequestParts trait.

  If your extractor needs to consume the request body then you should implement
  FromRequest, otherwise implement FromRequestParts.

  This extractor in 0.5:

  struct MyExtractor { /* ... */ }
  
  #[async_trait]
  impl<B> FromRequest<B> for MyExtractor
  where
      B: Send,
  {
      type Rejection = StatusCode;
  
      async fn from_request(req: &mut RequestParts<B>) -> Result<Self, Self::Rejection> {
          // ...
      }
  }

  Becomes this in 0.6:

  use axum::{
      extract::{FromRequest, FromRequestParts},
      http::{StatusCode, Request, request::Parts},
      async_trait,
  };
  
  struct MyExtractor { /* ... */ }
  
  // implement `FromRequestParts` if you don't need to consume the request body
  #[async_trait]
  impl<S> FromRequestParts<S> for MyExtractor
  where
      S: Send + Sync,
  {
      type Rejection = StatusCode;
  
      async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
          // ...
      }
  }
  
  // implement `FromRequest` if you do need to consume the request body
  #[async_trait]
  impl<S, B> FromRequest<S, B> for MyExtractor
  where
      S: Send + Sync,
      B: Send + 'static,
  {
      type Rejection = StatusCode;
  
      async fn from_request(req: Request<B>, state: &S) -> Result<Self, Self::Rejection> {
          // ...
      }
  }

  For an example of how to write an extractor that accepts different
  Content-Types see the [parse-body-based-on-content-type][parse-body-based-on-content-type] example.

• added: FromRequest and FromRequestParts derive macro re-exports from
  [axum-macros][axum-macros] behind the macros feature (#​1352)

• added: Add RequestExt and RequestPartsExt which adds convenience
  methods for running extractors to http::Request and http::request::Parts (#​1301)

• added: JsonRejection now displays the path at which a deserialization
  error occurred (#​1371)

• added: Add extract::RawForm for accessing raw urlencoded query bytes or request body (#​1487)

• fixed: Used 400 Bad Request for FailedToDeserializeQueryString
  rejections, instead of 422 Unprocessable Entity (#​1387)

• changed: The inner error of a JsonRejection is now
  serde_path_to_error::Error<serde_json::Error>. Previously it was
  serde_json::Error (#​1371)

• changed: The default body limit now applies to the Multipart extractor (#​1420)

• breaking: ContentLengthLimit has been removed. Use DefaultBodyLimit instead (#​1400)

• breaking: RequestParts has been removed as part of the FromRequest
  rework (#​1272)

• breaking: BodyAlreadyExtracted has been removed (#​1272)

• breaking: The following types or traits have a new S type param
  which represents the state (#​1155):

  • Router, defaults to ()
  • MethodRouter, defaults to ()
  • FromRequest, no default
  • Handler, no default

• breaking: MatchedPath can now no longer be extracted in middleware for
  nested routes. In previous versions it returned invalid data when extracted
  from a middleware applied to a nested router. MatchedPath can still be
  extracted from handlers and middleware that aren't on nested routers (#​1462)

• breaking: Rename FormRejection::FailedToDeserializeQueryString to
  FormRejection::FailedToDeserializeForm (#​1496)

Middleware

• added: Support running extractors on middleware::from_fn functions (#​1088)
• added: Add middleware::from_fn_with_state to enable running extractors that require
  state (#​1342)
• added: Add middleware::from_extractor_with_state (#​1396)
• added: Add map_request, map_request_with_state for transforming the
  request with an async function (#​1408)
• added: Add map_response, map_response_with_state for transforming the
  response with an async function (#​1414)
• added: Support any middleware response that implements IntoResponse (#​1152)
• breaking: Remove extractor_middleware which was previously deprecated.
  Use axum::middleware::from_extractor instead (#​1077)
• breaking: Require middleware added with Handler::layer to have
  Infallible as the error type (#​1152)

Misc

• added: Support compiling to WASM. See the simple-router-wasm example
  for more details (#​1382)
• added: Add ServiceExt with methods for turning any Service into a
  MakeService similarly to Router::into_make_service (#​1302)
• added: String and binary From impls have been added to extract::ws::Message
  to be more inline with tungstenite (#​1421)
• added: Add #[derive(axum::extract::FromRef)] (#​1430)
• added: Add accept_unmasked_frames setting in WebSocketUpgrade (#​1529)
• added: Add WebSocketUpgrade::on_failed_upgrade to customize what to do
  when upgrading a connection fails (#​1539)
• fixed: Annotate panicking functions with #[track_caller] so the error
  message points to where the user added the invalid route, rather than
  somewhere internally in axum (#​1248)
• changed: axum's MSRV is now 1.60 (#​1239)
• changed: For methods that accept some S: Service, the bounds have been
  relaxed so the response type must implement IntoResponse rather than being a
  literal Response
• breaking: New tokio default feature needed for WASM support. If you
  don't need WASM support but have default_features = false for other reasons
  you likely need to re-enable the tokio feature (#​1382)
• breaking: handler::{WithState, IntoService} are merged into one type,
  named HandlerService (#​1418)

v0.5.17: axum - v0.5.17

Compare Source

• fixed: Annotate panicking functions with #[track_caller] so the error
  message points to where the user added the invalid router, rather than
  somewhere internally in axum (#​1248)
• fixed: Make Multipart extractor work with RequestBodyLimit middleware (#​1379)
• added: Add DefaultBodyLimit::max for changing the default body limit (#​1397)
• added: Various documentation improvements

v0.5.16: axum - v0.5.16

Compare Source

Security

• breaking: Added default limit to how much data Bytes::from_request will
  consume. Previously it would attempt to consume the entire request body
  without checking its length. This meant if a malicious peer sent an large (or
  infinite) request body your server might run out of memory and crash.

  The default limit is at 2 MB and can be disabled by adding the new
  DefaultBodyLimit::disable() middleware. See its documentation for more
  details.

  This also applies to these extractors which used Bytes::from_request
  internally:

  • Form
  • Json
  • String

  Thanks to Shachar Menashe for reporting this vulnerability.

  (#​1346)

v0.5.15: axum - v0.5.15

Compare Source

Note: This is a re-release of 0.5.14 that fixes an accidental breaking change.

• fixed: Don't expose internal type names in QueryRejection response. (#​1171)
• fixed: Improve performance of JSON serialization (#​1178)
• fixed: Improve build times by generating less IR (#​1192)

v0.5.14: axum - v0.5.14

Compare Source

Yanked, as it contained an accidental breaking change.

v0.5.13: axum - v0.5.13

Compare Source

• fixed: If WebSocketUpgrade cannot upgrade the connection it will return a
  WebSocketUpgradeRejection::ConnectionNotUpgradable rejection (#​1135)
• changed: WebSocketUpgradeRejection has a new variant ConnectionNotUpgradable
  variant (#​1135)

v0.5.12: axum - v0.5.12

Compare Source

• added: Added debug_handler which is an attribute macro that improves
  type errors when applied to handler function. It is re-exported from
  axum-macros (#​1144)

v0.5.11: axum - v0.5.11

Compare Source

• added: Implement TryFrom<http:: Method> for MethodFilter and use new
  NoMatchingMethodFilter error in case of failure (#​1130)
• added: Document how to run extractors from middleware (#​1140)

v0.5.10: axum - v0.5.10

Compare Source

• fixed: Make Router cheaper to clone (#​1123)
• fixed: Fix possible panic when doing trailing slash redirect (#​1124)

v0.5.9: axum - v0.5.9

Compare Source

• fixed: Fix compile error when the headers is enabled and the form
  feature is disabled (#​1107)

v0.5.8: axum - v0.5.8

Compare Source

• added: Support resolving host name via Forwarded header in Host
  extractor (#​1078)
• added: Implement IntoResponse for Form (#​1095)
• change: axum's MSRV is now 1.56 (#​1098)

v0.5.7: axum - v0.5.7

Compare Source

• added: Implement Default for Extension (#​1043)
• fixed: Support deserializing Vec<(String, String)> in extract::Path<_> to get vector of
  key/value pairs (#​1059)
• added: Add extract::ws::close_code which contains constants for close codes (#​1067)
• fixed: Use impl IntoResponse less in docs (#​1049)

v0.5.6: axum - v0.5.6

Compare Source

• added: Add WebSocket::protocol to return the selected WebSocket subprotocol, if there is one. (#​1022)
• fixed: Improve error message for PathRejection::WrongNumberOfParameters to hint at using
  Path<(String, String)> or Path<SomeStruct> (#​1023)
• fixed: PathRejection::WrongNumberOfParameters now uses 500 Internal Server Error since
  it's a programmer error and not a client error (#​1023)
• fixed: Fix InvalidFormContentType mentioning the wrong content type

v0.5.5: axum - v0.5.5

Compare Source

• fixed: Correctly handle GET, HEAD, and OPTIONS requests in ContentLengthLimit.
  Request with these methods are now accepted if they do not have a Content-Length header, and
  the request body will not be checked. If they do have a Content-Length header they'll be
  rejected. This allows ContentLengthLimit to be used as middleware around several routes,
  including GET routes (#​989)
• added: Add MethodRouter::{into_make_service, into_make_service_with_connect_info} (#​1010)

v0.5.4: axum - v0.5.4

Compare Source

• added: Add response::ErrorResponse and response::Result for
  IntoResponse-based error handling (#​921)
• added: Add middleware::from_extractor and deprecate extract::extractor_middleware (#​957)
• changed: Update to tower-http 0.3 (#​965)

v0.5.3: axum - v0.5.3

Compare Source

• added: Add AppendHeaders for appending headers to a response rather than overriding them (#​927)
• added: Add axum::extract::multipart::Field::chunk method for streaming a single chunk from
  the field (#​901)
• fixed: Fix trailing slash redirection with query parameters (#​936)

v0.5.2: axum - v0.5.2

Compare Source

Yanked, as it contained an accidental breaking change.

v0.5.1: axum - v0.5.1

Compare Source

• added: Add RequestParts::extract which allows applying an extractor as a method call ([#​897)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.