Skip to content

Bump the cargo-dependencies group with 8 updates#566

Merged
michielp1807 merged 3 commits into
mainfrom
dependabot/cargo/cargo-dependencies-b421c98ec8
Jul 8, 2026
Merged

Bump the cargo-dependencies group with 8 updates#566
michielp1807 merged 3 commits into
mainfrom
dependabot/cargo/cargo-dependencies-b421c98ec8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the cargo-dependencies group with 8 updates:

Package From To
mail-parser 0.11.3 0.11.4
mail-auth 0.9.0 0.9.1
tower-http 0.6.11 0.7.0
uuid 1.23.2 1.23.3
totp-rs 5.7.1 5.7.2
kube 3.1.0 4.0.0
k8s-openapi 0.27.1 0.28.0
regex 1.12.3 1.12.4

Updates mail-parser from 0.11.3 to 0.11.4

Changelog

Sourced from mail-parser's changelog.

mail-parser 0.11.4

  • Add Message::received_all() to iterate over all Received header fields (#146)
  • Reject dates with invalid month names.
  • parse_date() doesn't handle UTC+12 and greater (#148)
  • Leniently decode quoted-printable bodies with invalid = escapes (#144)
Commits

Updates mail-auth from 0.9.0 to 0.9.1

Changelog

Sourced from mail-auth's changelog.

mail-auth 0.9.1

  • Fix: Security Header injection in Authentication-Results.
Commits

Updates tower-http from 0.6.11 to 0.7.0

Release notes

Sourced from tower-http's releases.

tower-http-0.7.0

Changes since 0.6.11

Added

  • csrf: add cross-site request forgery (CSRF) protection middleware, porting the cross-origin protection scheme introduced in Go 1.25 (#699)

    use tower::ServiceBuilder;
    use tower_http::csrf::CsrfLayer;
    // Rejects cross-origin state-changing requests using Sec-Fetch-Site,
    // an Origin allow-list, and an Origin/Host fallback. No per-request
    // token state required.
    let layer = CsrfLayer::new().add_trusted_origin("https://example.com")?;
    let service = ServiceBuilder::new().layer(layer).service_fn(handler);

  • timeout: add DeadlineBody for non-resetting body timeouts, applied via the new RequestBodyDeadlineLayer and ResponseBodyDeadlineLayer (#688)

    Unlike TimeoutBody, which resets its deadline on every frame, DeadlineBody caps the total time of a body transfer. A slow client trickling one byte at a time never trips an idle timeout but will trip a deadline.

    use std::time::Duration;
    use tower::ServiceBuilder;
    use tower_http::timeout::RequestBodyDeadlineLayer;
    // Abort the request body transfer after 30s total, regardless of how
    // frequently data arrives.
    let service = ServiceBuilder::new()
    .layer(RequestBodyDeadlineLayer::new(Duration::from_secs(30)))
    .service_fn(handler);

  • fs: add strong ETag support to ServeDir, including If-Match and If-None-Match precondition handling per RFC 9110. 304 Not Modified responses now carry the ETag and Last-Modified validators (#691)

  • fs: add a Backend trait to make ServeDir work with non-filesystem sources (e.g. embedded assets or object storage). The default TokioBackend preserves existing behavior. Use ServeDir::with_backend() to plug in custom implementations (#684)

    use tower_http::services::fs::ServeDir;
    // MyBackend implements tower_http::services::fs::Backend.
    // The default ServeDir::new() continues to use TokioBackend (local FS).
    let service = ServeDir::with_backend("assets", MyBackend::new());

  • fs: add html_as_default_extension option to ServeDir, appending .html when the request path has no extension (#519)

  • fs: add redirect_path_prefix option to ServeDir, prepending a prefix on trailing-slash redirects so the service can be mounted under a sub-path (#486)

  • validate-request: add ValidateRequestHeaderLayer::has_header_value() to reject requests when a header does not have an expected value (#360)

  • body: UnsyncBoxBody::new() constructor and From<ServeFileSystemResponseBody> conversion to avoid double-boxing when combining ServeDir responses with other body types (#537)

  • limit: implement Default for limit::ResponseBody when the wrapped body also implements Default (#679)

Changed

... (truncated)

Commits
  • b194fcf v0.7.0
  • af828a6 feat(follow_redirect)!: preserve request extensions across redirects (#706)
  • 8cb8d99 feat(ValidateRequestHeaderLayer): add has_header("...").with_value("...") fun...
  • 3b56d2d feat!: Add configurable Backend trait for ServeDir, bump MSRV 1.65 (#684)
  • 8508716 Add redirect_path_prefix option (#486)
  • 56327b2 Add Windows drive-prefix path regression test (#705)
  • 54c6db8 feat(compression)!: upgrade SizeAbove threshold from u16 to u64 (#704)
  • 68cd6d8 Add DeadlineBody for non-resetting body timeouts (#688)
  • fa8a98c feat(fs): add strong ETag support to ServeDir (#691)
  • 36d2205 fix: Make SetMultiple*Header Clone for !Clone http bodies (#703)
  • Additional commits viewable in compare view

Updates uuid from 1.23.2 to 1.23.3

Release notes

Sourced from uuid's releases.

v1.23.3

What's Changed

Full Changelog: uuid-rs/uuid@v1.23.2...v1.23.3

Commits
  • 20da78b Merge pull request #887 from uuid-rs/cargo/v1.23.3
  • 62232ca prepare for 1.23.3 release
  • 2320c6a Merge pull request #886 from uuid-rs/fix/parser-panics
  • 2d034d4 fix some invalid indexers on error reporting
  • a8b9f14 update fuzz infra and run in CI
  • See full diff in compare view

Updates totp-rs from 5.7.1 to 5.7.2

Release notes

Sourced from totp-rs's releases.

v5.7.2

Fix

  • Parse algorithm from URLs more consistently. #90

Special thanks

  • @​deade1e for proposing a PR to fix that. It was changed in v6 but might as well fix it now.
Changelog

Sourced from totp-rs's changelog.

5.7.2 (23/06/2026)

Fix

  • Parse algorithm from URLs more consistently. #90

Special thanks

  • @​deade1e for proposing a PR to fix that. It was changed in v6 but might as well fix it now.
Commits

Updates kube from 3.1.0 to 4.0.0

Release notes

Sourced from kube's releases.

4.0.0

New Major

As per the release schedule to match up with the latest Kubernetes ハル release. Lots of fixes and improvements. Thanks to everyone who contributed!

Kubernetes v1_36 support via k8s-openapi 0.28

Please upgrade k8s-openapi along with kube to avoid conflicts.

CEL Validation

A new optional crate kube-cel is being re-exported through kube::core::cel via kube-rs/kube#1954

Kubernetes CRDs support CEL validation rules via x-kubernetes-validations, and were supported from 3.0 via KubeSchema, but these rules could only be evaluated server-side by the API server.

The new crate allows evaluating these rules locally using rules matching the upstream Kubernetes CEL libraries.

While low-level, a higher-level CEL validator integrates with CustomResource via #[kube(cel)] from kube-rs/kube#2011 and can be used as;

#[derive(CustomResource, Serialize, Deserialize, Clone, KubeSchema)]
#[kube(group = "example.com", version = "v1", kind = "Foo", namespaced)]
#[kube(cel, validation = "self.spec.replicas >= 0")] // cel trigger + validation rule
struct FooSpec { replicas: i32 }
let foo = Foo::new("test", FooSpec { replicas: -1 });
foo.validate_cel()?;                     // new impl; checks creation rules
new_foo.validate_cel_update(&old_foo)?;  // new impl; checks transition rules

See examples/crd_derive_cel.rs for more details.

This is available under the kube/cel feature, courtesy of @​doxxx93.

Config

A lot of improvements to config handling;

Retry and Timeouts

Better timeout and retry handling to better deal with flaky network conditions, and busy or initializing apiservers.

Client

... (truncated)

Changelog

Sourced from kube's changelog.

4.0.0 / 2026-06-16

New Major

As per the release schedule to match up with the latest Kubernetes ハル release. Lots of fixes and improvements. Thanks to everyone who contributed!

Kubernetes v1_36 support via k8s-openapi 0.28

Please upgrade k8s-openapi along with kube to avoid conflicts.

CEL Validation

A new optional crate kube-cel is being re-exported through kube::core::cel via kube-rs/kube#1954

Kubernetes CRDs support CEL validation rules via x-kubernetes-validations, and were supported from 3.0 via KubeSchema, but these rules could only be evaluated server-side by the API server.

The new crate allows evaluating these rules locally using rules matching the upstream Kubernetes CEL libraries.

While low-level, a higher-level CEL validator integrates with CustomResource via #[kube(cel)] from kube-rs/kube#2011 and can be used as;

#[derive(CustomResource, Serialize, Deserialize, Clone, KubeSchema)]
#[kube(group = "example.com", version = "v1", kind = "Foo", namespaced)]
#[kube(cel, validation = "self.spec.replicas >= 0")] // cel trigger + validation rule
struct FooSpec { replicas: i32 }
let foo = Foo::new("test", FooSpec { replicas: -1 });
foo.validate_cel()?;                     // new impl; checks creation rules
new_foo.validate_cel_update(&old_foo)?;  // new impl; checks transition rules

See examples/crd_derive_cel.rs for more details.

This is available under the kube/cel feature, courtesy of @​doxxx93.

Config

A lot of improvements to config handling;

Retry and Timeouts

Better timeout and retry handling to better deal with flaky network conditions, and busy or initializing apiservers.

Client

... (truncated)

Commits
  • b4f0cc4 re-hook cel feature and move dev-dep pin
  • 163ade1 unhook dev-dep temporarily
  • 2a14dec release 4.0.0
  • 2310a06 feat(derive): client-side CEL validation via #[kube(cel)] / #[x_kube(cel)] (#...
  • 8d61784 Enable RetryPolicy::server_retry by default for Client (#2007)
  • a5b4f3f Box a large runtime error in ReconcilerErr (#1880)
  • 3dd76bc bump k8s-openapi to 0.28 (#2009)
  • 60ffe61 chore: group cel into the just hack feature-powerset (#2006)
  • c261d78 deps: bump kube-cel to 0.6.1 (validation surface flattened) (#2005)
  • 6c26657 refactor(runtime): rename Store::state_with/state_filtered per review feedbac...
  • Additional commits viewable in compare view

Updates k8s-openapi from 0.27.1 to 0.28.0

Release notes

Sourced from k8s-openapi's releases.

v0.28.0

k8s-openapi

  • BREAKING CHANGE: Added support for Kubernetes 1.36 under the v1_36 feature.

  • BREAKING CHANGE: Dropped support for Kubernetes 1.31.

  • FEATURE: schemars v0.8 support has been restored under the schemars08 feature flag. This can be enabled independently of the existing schemars feature that enables schemars v1 support.

  • FEATURE: StatefulSetSpec::volume_claim_templates field now uses a map merge strategy using its .metadata.name as the key.

Corresponding Kubernetes API server versions:

  • v1.32.13
  • v1.33.13
  • v1.34.9
  • v1.35.6
  • v1.36.2

k8s-openapi-codegen-common

  • FEATURE: schemars v0.8 support has been restored via a new parameter to fn run().

k8s-openapi-derive

  • FEATURE: schemars v0.8 support has been restored via a new #[custom_resource_definition(generate_schema08)] attr.
Changelog

Sourced from k8s-openapi's changelog.

v0.28.0 (2026-06-14)

k8s-openapi

  • BREAKING CHANGE: Added support for Kubernetes 1.36 under the v1_36 feature.

  • BREAKING CHANGE: Dropped support for Kubernetes 1.31.

  • FEATURE: schemars v0.8 support has been restored under the schemars08 feature flag. This can be enabled independently of the existing schemars feature that enables schemars v1 support.

  • FEATURE: StatefulSetSpec::volume_claim_templates field now uses a map merge strategy using its .metadata.name as the key.

Corresponding Kubernetes API server versions:

  • v1.32.13
  • v1.33.13
  • v1.34.9
  • v1.35.6
  • v1.36.2

k8s-openapi-codegen-common

  • FEATURE: schemars v0.8 support has been restored via a new parameter to fn run().

k8s-openapi-derive

  • FEATURE: schemars v0.8 support has been restored via a new #[custom_resource_definition(generate_schema08)] attr.

Commits
  • b2c839b v0.28.0
  • ebea539 Update to v1.33.13, v1.34.9, v1.35.6, v1.36.2
  • b7acde4 Restore schemars 0.8 support.
  • 366b480 Update kind to v0.32.0
  • f1b5881 Update to v1.33.12, v1.34.8, v1.35.5, v1.36.1
  • 8a891b9 Add v1.36 and drop v1.31
  • bcd3499 Fix StatefulSet::volumeClaimTemplates to deep merge by name.
  • 654a839 Update to v1.33.11, v1.34.7, v1.35.4
  • eda35ab Update to v1.33.10, v1.34.6, v1.35.3
  • See full diff in compare view

Updates regex from 1.12.3 to 1.12.4

Changelog

Sourced from regex's changelog.

1.12.4 (2025-06-09)

This release includes a performance optimization for compilation of regexes with very large character classes.

Improvements:

  • #1308: Avoid re-canonicalizing the entire interval set when pushing new class ranges.
Commits
  • 7b96fdc 1.12.4
  • 7b89cf0 deps: update to regex-syntax 0.8.11
  • 1401679 regex-syntax-0.8.11
  • d709000 changelog: 1.12.4
  • 9825c74 syntax: avoid re-canonicalizing the entire IntervalSet on push (#1308)
  • a7f2ff6 docs: clarify regex-lite word boundaries
  • 2c7b172 docs: clarify unsupported Anchored::Pattern searches
  • 839d16b regex-syntax-0.8.10
  • c4865a0 syntax: fix negation handling in HIR translation
  • d8761c0 cargo: also include benches
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the cargo-dependencies group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [mail-parser](https://github.com/stalwartlabs/mail-parser) | `0.11.3` | `0.11.4` |
| [mail-auth](https://github.com/stalwartlabs/mail-auth) | `0.9.0` | `0.9.1` |
| [tower-http](https://github.com/tower-rs/tower-http) | `0.6.11` | `0.7.0` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.23.2` | `1.23.3` |
| [totp-rs](https://github.com/constantoine/totp-rs) | `5.7.1` | `5.7.2` |
| [kube](https://github.com/kube-rs/kube) | `3.1.0` | `4.0.0` |
| [k8s-openapi](https://github.com/Arnavion/k8s-openapi) | `0.27.1` | `0.28.0` |
| [regex](https://github.com/rust-lang/regex) | `1.12.3` | `1.12.4` |


Updates `mail-parser` from 0.11.3 to 0.11.4
- [Release notes](https://github.com/stalwartlabs/mail-parser/releases)
- [Changelog](https://github.com/stalwartlabs/mail-parser/blob/main/CHANGELOG.md)
- [Commits](https://github.com/stalwartlabs/mail-parser/commits)

Updates `mail-auth` from 0.9.0 to 0.9.1
- [Release notes](https://github.com/stalwartlabs/mail-auth/releases)
- [Changelog](https://github.com/stalwartlabs/mail-auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/stalwartlabs/mail-auth/commits)

Updates `tower-http` from 0.6.11 to 0.7.0
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](tower-rs/tower-http@tower-http-0.6.11...tower-http-0.7.0)

Updates `uuid` from 1.23.2 to 1.23.3
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](uuid-rs/uuid@v1.23.2...v1.23.3)

Updates `totp-rs` from 5.7.1 to 5.7.2
- [Release notes](https://github.com/constantoine/totp-rs/releases)
- [Changelog](https://github.com/constantoine/totp-rs/blob/master/CHANGELOG.md)
- [Commits](constantoine/totp-rs@v5.7.1...v5.7.2)

Updates `kube` from 3.1.0 to 4.0.0
- [Release notes](https://github.com/kube-rs/kube/releases)
- [Changelog](https://github.com/kube-rs/kube/blob/main/CHANGELOG.md)
- [Commits](kube-rs/kube@3.1.0...4.0.0)

Updates `k8s-openapi` from 0.27.1 to 0.28.0
- [Release notes](https://github.com/Arnavion/k8s-openapi/releases)
- [Changelog](https://github.com/Arnavion/k8s-openapi/blob/master/CHANGELOG.md)
- [Commits](Arnavion/k8s-openapi@v0.27.1...v0.28.0)

Updates `regex` from 1.12.3 to 1.12.4
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](rust-lang/regex@1.12.3...1.12.4)

---
updated-dependencies:
- dependency-name: mail-parser
  dependency-version: 0.11.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-dependencies
- dependency-name: mail-auth
  dependency-version: 0.9.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-dependencies
- dependency-name: tower-http
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo-dependencies
- dependency-name: uuid
  dependency-version: 1.23.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-dependencies
- dependency-name: totp-rs
  dependency-version: 5.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-dependencies
- dependency-name: kube
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: cargo-dependencies
- dependency-name: k8s-openapi
  dependency-version: 0.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo-dependencies
- dependency-name: regex
  dependency-version: 1.12.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jul 1, 2026
@codecov

codecov Bot commented Jul 8, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@michielp1807 michielp1807 enabled auto-merge (squash) July 8, 2026 10:35
@michielp1807 michielp1807 merged commit 984533e into main Jul 8, 2026
18 of 19 checks passed
@michielp1807 michielp1807 deleted the dependabot/cargo/cargo-dependencies-b421c98ec8 branch July 8, 2026 10:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant