`cargo audit` checks for dependencies with known issues. This PR adds a github workflow that runs `cargo audit` on a weekly basis on `HEAD` and whenever a dependency changes.
Signed-off-by: Michael Rodler <mrodler@amazon.de>
Co-authored-by: Michael Rodler <mrodler@amazon.de>
Co-authored-by: f0rki <m@mrodler.eu>
This refactors the way hyper handles HTTP/2 CONNECT / Extended CONNECT. Before,
an uninhabited enum was used to try to prevent sending of the `Buf` type once
the STREAM had been upgraded. However, the way it was originally written was
incorrect, and will eventually have compilation issues.
The change here is to spawn an extra task and use a channel to bridge the IO
operations of the `Upgraded` object to be `Cursor` buffers in the new task.
ref: https://github.com/rust-lang/rust/issues/147588Closes#3966
BREAKING CHANGE: The HTTP/2 client connection no longer allows an executor
that can not spawn itself.
This was an oversight originally. The client connection will now include spawning
a future that keeps a copy of the executor to spawn other futures. Thus, if it is
`!Send`, it needs to spawn `!Send` futures. The likelihood of executors that match
the previously allowed behavior should be very remote.
There is also technically a semver break in here, which is that the
`Http2ClientConnExec` trait no longer dyn-compatible, because it now expects to
be `Clone`. This should not break usage of the `conn` builder, because it already
separately had `E: Clone` bounds. If someone were using `dyn Http2ClientConnExec`,
that will break. However, there is no purpose for doing so, and it is not usable
otherwise, since the trait only exists to propagate bounds into hyper. Thus, the
breakage should not affect anyone.
The new trait method has a default implementation just returning `Instant::now()`.
An implementer can override that, such as Tokio providing support for it's pausable clock.
Fix a mistake in commit e11b2ad: use the 'dep:' syntax for futures-util, so
that Cargo won't implicitly create a feature called 'futures-util'.
Removing features is semver-breaking, but said commit hasn't been in any
release yet, so it can still be fixed now.
`CachedDate` gets updated every second, but the current logic doesn't
take into account milliseconds - if the application starts at
`12:00:00.600`, hyper will report `date: ...T120000` up until
`12:00:01.599`, which is overzealous.
We can sidestep this by subtracing the nanoseconds part (which includes
milliseconds) from the time passed to `CachedDate::update()`.
Make hyper usable for h1/h2 and client/server without this heavyweight
dependency. It's about 17k lines of code and takes up to 1.7 seconds to
compile on my machine, but hyper is only using a tiny fraction of it.
Larger applications probably still pull in futures-util by other means,
but it's no longer as unavoidable as in the early days of the ecosystem.
To remove futures-util without raising MSRV, I took these steps:
* When futures-util just re-exports something from its dependencies,
use it directly from the source.
* Inline trivial helpers like `poll_unpin` that "only" communicate
intent a little better but don't save any significant amount of code.
* Refactor the h2 client code to avoid `StreamFuture` for the "Client
has been dropped" detection -- just poll the mpsc channel directly.
* Implement a couple of small helpers from scratch when they're
straightforward and fit on one screen each. The majority of this is
polyfills for standard library APIs that would require a higher MSRV.
* Use `AtomicWaker` from the `atomic-waker` crate, a separately
published copy of the futures-util type of the same name. While the
two crates are owned by different organizations (smol-rs vs.
rust-lang), it's mostly the same people maintaining both copies.
The uses of future-util in hyper's tests/benches/examples and in the
`ffi` module seem much harder to remove entirely, so I did not touch
those modules at all.
this commit introduces a new inherent method to
`hyper::client::conn::TrySendError<T>`.
this error type includes a `TrySendError::into_error()` method today
that will consume the `TrySendError<T>`, returning the inner error. this
commit introduces a new method that allows callers to inspect the error,
e.g. to update metrics, without needing to consume the error.
this is akin to #3884, which added the `TrySendError::message()` method
that returns a reference to the `T`-typed message when applicable.
Signed-off-by: katelyn martin <git@katelyn.world>
this commit introduces a new inherent method to
`hyper::client::conn::TrySendError<T>`.
this error type includes a `TrySendError::take_message()` method today
that will return an owned instance of the inbound message, should the
underlying dispatch have been closed before serialization of the message
ever began.
this commit introduces a new method that allows callers to inspect the
message, e.g. to update metrics, without needing to take ownership of
the message.
Signed-off-by: katelyn martin <git@katelyn.world>
`proto::h2::ping` has some documentation that won't be rendered
properly, because it is written as documentation of an item rather than
documenting the enclosing submodule.
this commit updates this comment, using `//!` notation.
Signed-off-by: katelyn martin <git@katelyn.world>
this commit introduces some additional documentation to the
`HttpService` trait, and the `Service` trait.
notably, this commit introduces some intradoc links, so that rustdoc
will render links to types like `http::Request` and `http::Response`, or
to the `Body` trait.
additionally, mention of `hyper-util` is added to the `Service` trait,
to direct users to the glue implementations that they will likely need
to interact with e.g. `tower`.
Signed-off-by: katelyn martin <me+cratelyn@katelyn.world>
Running `cargo test` fails to compile because tests rely on types which
are behind a #[cfg(…)] which is disabled by default.
Add a #[cfg(…)] directive to tests which rely on types which are also
behind a #[cfg(…)] directive, so that these tests run only if the types
on which they depend exist.
Currently, the header read timeout is started before any part of the first request is received. This allows closing the connection if no requests are received. However, after the first request, the connection can remain open indefinitely. This change ensures that the header read timeout is started immediately after the connection is idle, following the transmission of the response, before the first part of the subsequent request is received.
This change allows a potential future addition of an idle_timeout, which if set, would be used instead of the header_read_timeout. This behavior is matched in other servers, such as Golang.
Fixes#3780Closes#3781
This new function allows attaching a callback to a request, such that
when it is sent through a hyper client connection, and any 1xx
informational responses are received, they are passed to the callback.
This takes the unstable client informational feature (introduced in
#2594, tracking issue in #2565), and promotes it to a stable API.
Closes#2565
BREAKING CHANGE: `http2::Builder::max_local_error_reset_streams()` now takes `&mut self` and returns `&mut Self`. In practice, this shouldn't break almost anyone. It was the wrong receiver and return types.
