Skip to content

build(deps): bump the cargo-dependencies group across 1 directory with 8 updates#951

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/services/indexer/cargo-dependencies-e93ce99661
Open

build(deps): bump the cargo-dependencies group across 1 directory with 8 updates#951
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/services/indexer/cargo-dependencies-e93ce99661

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on axum, tower, tower-http, tower_governor, sqlx, thiserror, metrics and metrics-exporter-prometheus to permit the latest version.
Updates axum to 0.8.9

Release notes

Sourced from axum's releases.

axum-v0.8.9

  • added: WebSocketUpgrade::{requested_protocols, set_selected_protocol} for more flexible subprotocol selection (#3597)
  • changed: Update minimum rust version to 1.80 (#3620)
  • fixed: Set connect endpoint on correct field in MethodRouter (#3656)
  • fixed: Return specific error message when multipart body limit is exceeded (#3611)

#3597: tokio-rs/axum#3597 #3620: tokio-rs/axum#3620 #3656: tokio-rs/axum#3656 #3611: tokio-rs/axum#3611

Commits

Updates tower to 0.5.3

Release notes

Sourced from tower's releases.

tower 0.5.3

Added

  • builder: Add ServiceBuilder::boxed_clone_sync() helper (#804)

Fixed

  • retry: Check that supplied jitter is not NaN (#843)

#804: tower-rs/tower#804 #843: tower-rs/tower#843

Commits

Updates tower-http to 0.7.0

Release notes

Sourced from tower-http's releases.

tower-http-0.7.0

Changes since 0.6.11

Added

  • csrf: add cross-site request forgery (CSRF) protection middleware, porting the cross-origin protection scheme introduced in Go 1.25 (#699)

    use tower::ServiceBuilder;
    use tower_http::csrf::CsrfLayer;
    // Rejects cross-origin state-changing requests using Sec-Fetch-Site,
    // an Origin allow-list, and an Origin/Host fallback. No per-request
    // token state required.
    let layer = CsrfLayer::new().add_trusted_origin("https://example.com")?;
    let service = ServiceBuilder::new().layer(layer).service_fn(handler);

  • timeout: add DeadlineBody for non-resetting body timeouts, applied via the new RequestBodyDeadlineLayer and ResponseBodyDeadlineLayer (#688)

    Unlike TimeoutBody, which resets its deadline on every frame, DeadlineBody caps the total time of a body transfer. A slow client trickling one byte at a time never trips an idle timeout but will trip a deadline.

    use std::time::Duration;
    use tower::ServiceBuilder;
    use tower_http::timeout::RequestBodyDeadlineLayer;
    // Abort the request body transfer after 30s total, regardless of how
    // frequently data arrives.
    let service = ServiceBuilder::new()
    .layer(RequestBodyDeadlineLayer::new(Duration::from_secs(30)))
    .service_fn(handler);

  • fs: add strong ETag support to ServeDir, including If-Match and If-None-Match precondition handling per RFC 9110. 304 Not Modified responses now carry the ETag and Last-Modified validators (#691)

  • fs: add a Backend trait to make ServeDir work with non-filesystem sources (e.g. embedded assets or object storage). The default TokioBackend preserves existing behavior. Use ServeDir::with_backend() to plug in custom implementations (#684)

    use tower_http::services::fs::ServeDir;
    // MyBackend implements tower_http::services::fs::Backend.
    // The default ServeDir::new() continues to use TokioBackend (local FS).
    let service = ServeDir::with_backend("assets", MyBackend::new());

  • fs: add html_as_default_extension option to ServeDir, appending .html when the request path has no extension (#519)

  • fs: add redirect_path_prefix option to ServeDir, prepending a prefix on trailing-slash redirects so the service can be mounted under a sub-path (#486)

  • validate-request: add ValidateRequestHeaderLayer::has_header_value() to reject requests when a header does not have an expected value (#360)

  • body: UnsyncBoxBody::new() constructor and From<ServeFileSystemResponseBody> conversion to avoid double-boxing when combining ServeDir responses with other body types (#537)

  • limit: implement Default for limit::ResponseBody when the wrapped body also implements Default (#679)

Changed

... (truncated)

Commits
  • b194fcf v0.7.0
  • af828a6 feat(follow_redirect)!: preserve request extensions across redirects (#706)
  • 8cb8d99 feat(ValidateRequestHeaderLayer): add has_header("...").with_value("...") fun...
  • 3b56d2d feat!: Add configurable Backend trait for ServeDir, bump MSRV 1.65 (#684)
  • 8508716 Add redirect_path_prefix option (#486)
  • 56327b2 Add Windows drive-prefix path regression test (#705)
  • 54c6db8 feat(compression)!: upgrade SizeAbove threshold from u16 to u64 (#704)
  • 68cd6d8 Add DeadlineBody for non-resetting body timeouts (#688)
  • fa8a98c feat(fs): add strong ETag support to ServeDir (#691)
  • 36d2205 fix: Make SetMultiple*Header Clone for !Clone http bodies (#703)
  • Additional commits viewable in compare view

Updates tower_governor to 0.8.0

Commits

Updates sqlx to 0.9.0

Changelog

Sourced from sqlx's changelog.

0.9.0 - 2026-05-06

Important Announcements

New Github Organization

Shortly after this release is published, the SQLx repository will be transferred to a new GitHub organization: https://github.com/transact-rs/

This is because SQLx has not been owned or maintained by LaunchBadge, LLC. for a few years now, and has since been informally transferred to the collective ownership of its principal authors. Moving the repository to a new organization makes this change more clear, and also allows for potentially inviting outside collaborators.

Cargo.lock Removed from Tracking

The Cargo.lock has been removed from tracking in Git. CI should now always test with the latest versions of all dependencies by default, alongside our pass that checks with cargo generate-lockfile -Z minimal-versions.

This should eliminate the need for any PRs that update dependencies to also update Cargo.lock or contend with an endless stream of merge conflicts against it.

N.B. cargo install --locked sqlx-cli will no longer work. However, cargo install sqlx-cli has always used the latest dependencies by default, ignoring the lockfile, so most users should not be affected. For users requiring reproducible builds, consider maintaining your own lockfile instead; historically, we only ran cargo update sporadically, so relying on SQLx's lockfile offered few guarantees anyway.

See [the manual page for cargo install][man-cargo-install] for details.

Breaking

As per our MSRV policy, the supported Rust version for this release cycle is 1.94.0.

  • [#3383]: feat: create sqlx.toml format [[@​abonander]]
    • SQLx and sqlx-cli now support per-crate configuration files (sqlx.toml)
    • New functionality includes, but is not limited to:
      • Rename DATABASE_URL for a crate (for multi-database workspaces)
      • Set global type overrides for the macros (supporting custom types)
      • Rename or relocate the _sqlx_migrations table (for multiple crates using the same database)
      • Set characters to ignore when hashing migrations (e.g. ignore whitespace)
    • More to be implemented in future releases.
    • Enable feature sqlx-toml to use.
      • sqlx-cli has it enabled by default, but sqlx does not.
      • Default features of library crates can be hard to completely turn off because of [feature unification], so it's better to keep the default feature set as limited as possible. [This is something we learned the hard way.][preferred-crates]
    • Guide: see sqlx::_config module in documentation.
    • Reference: [Link]
    • Examples (written for Postgres but can be adapted to other databases; PRs welcome!):
      • Multiple databases using DATABASE_URL renaming and global type overrides: [Link]
      • Multi-tenant database using _sqlx_migrations renaming and multiple schemas: [Link]
      • Force use of chrono when time is enabled (e.g. when using tower-sessions-sqlx-store): [[Link][preferred-crates]]
        • Forcing bigdecimal when rust_decimal is enabled is also shown, but problems with chrono/time are more common.

... (truncated)

Commits
  • 75bc048 Release 0.9.0 (#4256)
  • 6956cef Prefer to give real data to .bind() in README.md (#4257)
  • 45ba990 Add the possibility to skip migrations (#3846)
  • 66533fa Ensure Deterministic Migration Order (#4136)
  • db47fe3 ci: check direct minimal versions (#4173)
  • 9ecb76d Unescape PostgreSQL passfile password (#3993)
  • c0a3218 breaking(any+mysql): correctly convert text and blob types to AnyTypeInfo (...
  • d82b781 test(sqlite): add regression test for ORDER BY + LIMIT nullability (#4223)
  • b77ba16 chore: update to axum 0.8 (#4253)
  • c0ec9c0 fix(tls): potential deadlock in StdSocket::poll_ready() (#4251)
  • Additional commits viewable in compare view

Updates thiserror to 2.0.18

Release notes

Sourced from thiserror's releases.

2.0.18

Commits
  • dc0f6a2 Release 2.0.18
  • 0275292 Touch up PR 443
  • 3c33bc6 Merge pull request #443 from LucaCappelletti94/master
  • 995939c Reproduce issue 442
  • 21653d1 Made clippy lifetime allows conditional
  • 45e5388 Update actions/upload-artifact@v5 -> v6
  • 386aac1 Update actions/upload-artifact@v4 -> v5
  • ec50561 Update actions/checkout@v5 -> v6
  • 247eab5 Update name of empty_enum clippy lint
  • 91b181f Raise required compiler to Rust 1.68
  • Additional commits viewable in compare view

Updates metrics to 0.24.6

Commits
  • 23cc597 chore: Release
  • 78ebfc3 revert: defer version bumps to cargo-release
  • 8d7f5ea update CHANGELOG for metrics
  • cd5b9a3 chore(metrics): update doc comments for macros for consistency
  • 9cf1f73 fix(metrics): resolve hash mismatch between pre-computed and on-demand key ha...
  • 2bfe3ba enhancement(metrics): allow specifying description and unit in registration m...
  • dae3a67 chore: Release
  • 6dddb64 update CHANGELOG for metrics-exporter-dogstatsd
  • 9e387a4 chore: Release
  • f21d811 update CHANGELOG for metrics-exporter-prometheus
  • Additional commits viewable in compare view

Updates metrics-exporter-prometheus to 0.18.3

Commits
  • 9e387a4 chore: Release
  • f21d811 update CHANGELOG for metrics-exporter-prometheus
  • 34af5ea chore: Release
  • 6f33477 update CHANGELOG for metrics-util
  • 01dab26 fix: bump metrics dep to avoid breakage
  • ecbc010 chore: slight tweak to follow-up PR message after release
  • 50fcd63 chore: Release
  • 815f5e9 update CHANGELOG for metrics
  • 401a16c fix(perf): ensure hash_label properly hashes both the key and value (#690)
  • e8e2538 chore(dev): add Claude skill for simplifying the release process
  • Additional commits viewable in compare view

@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

…h 8 updates

Updates the requirements on [axum](https://github.com/tokio-rs/axum), [tower](https://github.com/tower-rs/tower), [tower-http](https://github.com/tower-rs/tower-http), [tower_governor](https://github.com/benwis/tower-governor), [sqlx](https://github.com/launchbadge/sqlx), [thiserror](https://github.com/dtolnay/thiserror), [metrics](https://github.com/metrics-rs/metrics) and [metrics-exporter-prometheus](https://github.com/metrics-rs/metrics) to permit the latest version.

Updates `axum` to 0.8.9
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](tokio-rs/axum@axum-v0.7.0...axum-v0.8.9)

Updates `tower` to 0.5.3
- [Release notes](https://github.com/tower-rs/tower/releases)
- [Commits](tower-rs/tower@tower-0.4.0...tower-0.5.3)

Updates `tower-http` to 0.7.0
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](tower-rs/tower-http@tower-http-0.5.0...tower-http-0.7.0)

Updates `tower_governor` to 0.8.0
- [Commits](https://github.com/benwis/tower-governor/commits)

Updates `sqlx` to 0.9.0
- [Changelog](https://github.com/transact-rs/sqlx/blob/main/CHANGELOG.md)
- [Commits](transact-rs/sqlx@v0.7.0...v0.9.0)

Updates `thiserror` to 2.0.18
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](dtolnay/thiserror@1.0.0...2.0.18)

Updates `metrics` to 0.24.6
- [Changelog](https://github.com/metrics-rs/metrics/blob/main/release.toml)
- [Commits](metrics-rs/metrics@metrics-v0.22.0...metrics-v0.24.6)

Updates `metrics-exporter-prometheus` to 0.18.3
- [Changelog](https://github.com/metrics-rs/metrics/blob/main/release.toml)
- [Commits](metrics-rs/metrics@metrics-exporter-prometheus-v0.13.0...metrics-exporter-prometheus-v0.18.3)

---
updated-dependencies:
- dependency-name: axum
  dependency-version: 0.8.9
  dependency-type: direct:production
  dependency-group: cargo-dependencies
- dependency-name: metrics
  dependency-version: 0.24.6
  dependency-type: direct:production
  dependency-group: cargo-dependencies
- dependency-name: metrics-exporter-prometheus
  dependency-version: 0.18.3
  dependency-type: direct:production
  dependency-group: cargo-dependencies
- dependency-name: sqlx
  dependency-version: 0.9.0
  dependency-type: direct:production
  dependency-group: cargo-dependencies
- dependency-name: thiserror
  dependency-version: 2.0.18
  dependency-type: direct:production
  dependency-group: cargo-dependencies
- dependency-name: tower
  dependency-version: 0.5.3
  dependency-type: direct:production
  dependency-group: cargo-dependencies
- dependency-name: tower-http
  dependency-version: 0.7.0
  dependency-type: direct:production
  dependency-group: cargo-dependencies
- dependency-name: tower_governor
  dependency-version: 0.8.0
  dependency-type: direct:production
  dependency-group: cargo-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump the cargo-dependencies group in /services/indexer with 8 updates build(deps): bump the cargo-dependencies group across 1 directory with 8 updates Jul 17, 2026
@dependabot
dependabot Bot force-pushed the dependabot/cargo/services/indexer/cargo-dependencies-e93ce99661 branch from 6fce45c to aed9a6c Compare July 17, 2026 14:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants