Bump axum from 0.5.9 to 0.5.17

[dependabot]

Bumps axum from 0.5.9 to 0.5.17.

Release notes

Sourced from axum's releases.

axum - v0.5.17

• fixed: Annotate panicking functions with #[track_caller] so the error message points to where the user added the invalid router, rather than somewhere internally in axum (#1248)
• fixed: Make Multipart extractor work with RequestBodyLimit middleware (#1379)
• added: Add DefaultBodyLimit::max for changing the default body limit (#1397)
• added: Various documentation improvements

#1248: tokio-rs/axum#1248 #1379: tokio-rs/axum#1379 #1397: tokio-rs/axum#1397

axum - v0.5.16

Security

• breaking: Added default limit to how much data Bytes::from_request will consume. Previously it would attempt to consume the entire request body without checking its length. This meant if a malicious peer sent an large (or infinite) request body your server might run out of memory and crash.

  The default limit is at 2 MB and can be disabled by adding the new DefaultBodyLimit::disable() middleware. See its documentation for more details.

  This also applies to these extractors which used Bytes::from_request internally:

  • Form
  • Json
  • String

  Thanks to Shachar Menashe for reporting this vulnerability.

  (#1346)

#1346: tokio-rs/axum#1346

axum - v0.5.15

Note: This is a re-release of 0.5.14 that fixes an accidental breaking change.

• fixed: Don't expose internal type names in QueryRejection response. (#1171)
• fixed: Improve performance of JSON serialization (#1178)
• fixed: Improve build times by generating less IR (#1192)

#1171: tokio-rs/axum#1171 #1178: tokio-rs/axum#1178 #1192: tokio-rs/axum#1192

axum - v0.5.14

Yanked, as it contained an accidental breaking change.

... (truncated)

Commits

• 2c00e61 axum 0.5.17 (#1494)
• 23ded07 axum-core 0.2.9 (#1490)
• 48036a6 Update deny.toml
• 3ea4e30 Update expected stderr of trybuild test (#1402)
• e021440 Update axum/CHANGELOG.md
• f5fc4a1 Add Error::into_inner (#1476)
• e2fa9ae Document differences between DefaultBodyLimit and RequestBodyLimit (#1461)
• c869349 Add DefaultBodyLimit::max to change the body size limit (#1397)
• 9991b85 Use regular non-exhaustive debug representation instead of custom one (#1380)
• 177c50c Relax bounds on Multipart FromRequest implementation (#1379)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: A-dependencies.