Update Rust crate hyper to 0.14 [SECURITY] - abandoned

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
hyper (source)	dependencies	minor	0.12 -> 0.14
hyper (source)	dev-dependencies	minor	0.12 -> 0.14

GitHub Vulnerability Alerts

CVE-2021-32715

Summary

hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such Content-Length headers, but forwards them, can result in "request smuggling" or "desync attacks".

Vulnerability

The flaw exists in all prior versions of hyper, if built with rustc v1.5.0 or newer.

Example:

GET / HTTP/1.1
Host: example.com
Content-Length: +3

abc

This request gets accepted and hyper reads the body as abc. The request should be rejected, according to RFC 7230, since the ABNF for Content-Length only allows for DIGITs. This is due to using the FromStr implementation for u64 in the standard library. By differing from the spec, it is possible to send requests like these to endpoints that have different HTTP implementations, with different interpretations of the payload semantics, and cause "desync attacks".

In this particular case, an upstream proxy would need to error when parsing the Content-Length, but not reject the request (swallowing its own error), and forwarding the request as-is with the Content-Length still included. Then the upstream proxy and hyper would disagree on the length of the request body. The combination of these factors would be extremely rare.

Read more about desync attacks: https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn

Impact

To determine if vulnerable, all these things must be true:

• Using hyper as an HTTP server. While the lenient decoder also exists in the client, a vulnerability does not exist around responses.
• Using HTTP/1. The HTTP/2 code uses a stricter parser.
• Using a vulnerable HTTP proxy upstream to hyper. If an upstream proxy correctly rejects the illegal Content-Length header, OR can parse the length with the plus sign, the desync attack cannot succeed.

Patches

We have released the following patch versions:

• v0.14.10 (to be released when this advisor is published)

Workarounds

Besides upgrading hyper, you can take the following options:

• Reject requests manually that contain a plus sign prefix in the Content-Length header.
• Ensure any upstream proxy handles Content-Length headers with a plus sign prefix.

Credits

This issue was initially reported by Mattias Grenfeldt and Asta Olofsson.

CVE-2021-32714

Summary

hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in "request smuggling" or "desync attacks".

Vulnerability

Example:

GET / HTTP/1.1
Host: example.com
Transfer-Encoding: chunked

f0000000000000003
abc
0

hyper only reads the rightmost 64-bit integer as the chunk size. So it reads f0000000000000003 as 3. A loss of data can occur since hyper would then read only 3 bytes of the body. Additionally, an HTTP request smuggling vulnerability would occur if using a proxy which instead has prefix truncation in the chunk size, or that understands larger than 64-bit chunk sizes.

Read more about desync attacks: https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn

Impact

To determine if vulnerable to data loss, these things must be true:

• Using HTTP/1.1. Since HTTP/2 does not use chunked encoding, it is not vulnerable.
• Using hyper as a server or client. The body would be improperly truncated in either case.
• Users send requests or responses with chunk sizes greater than 18 exabytes.

To determine if vulnerable to desync attacks, these things must be true:

• Using an upstream proxy that allows chunks sizes larger than 64-bit. If the proxy rejects chunk sizes that are too large, that request won't be forwarded to hyper.

Patches

We have released the following patch versions:

• v0.14.10 (to be released when this advisory is published)

Workarounds

Besides upgrading hyper, you can take the following options:

• Reject requests manually that contain a Transfer-Encoding header.
• Ensure any upstream proxy rejects Transfer-Encoding chunk sizes greater than what fits in 64-bit unsigned integers.

Credits

This issue was initially reported by Mattias Grenfeldt and Asta Olofsson.

GHSA-f67m-9j94-qv9j

Affected versions of this crate called mem::uninitialized() in the HTTP1 parser to create values of type httparse::Header (from the httparse crate).
This is unsound, since Header contains references and thus must be non-null.

The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.

---

Release Notes

hyperium/hyper

v0.14.25

Compare Source

Features

• client:
  • deprecate client::conn types (#​3156) (0ced15d3)
  • add 1.0 compatible client conn API (#​3155) (253cc74d, closes #​3053)
  • add client::connect::capture_connection() (#​3144) (c8493399)
  • add poison to Connected (#​3145) (37ed5a2e)
• server:
  • deprecate server conn structs (#​3161) (02fe20f2)
  • backport the split server conn modules from 1.0 (#​3102) (84881c9e, closes #​3079)
  • remove some Unpin and 'static constraints (#​3119) (0368a41a)

New Contributors

• @​rcoh made their first contribution in https://github.com/hyperium/hyper/pull/3145
• @​iamwwc made their first contribution in https://github.com/hyperium/hyper/pull/3119

v0.14.24

Compare Source

Bug Fixes

• body: set an internal max to reserve in to_bytes (4d89adce)
• server: prevent sending 100-continue if user drops request body (#​3138) (92443d7e)

Features

• http2: add http2_max_header_list_size to hyper::server::Builder (#​3006) (031425f0)

New Contributors

• @​jiahaoliang made their first contribution in https://github.com/hyperium/hyper/pull/3006

v0.14.23

Compare Source

Bug Fixes

• http2: Fix race condition in client dispatcher (#​3041) (2f1c0b72, closes #​2419)
• dependencies: Really fix compile-time feature for socket2 dependency.

New Contributors

• @​jfourie1 made their first contribution in https://github.com/hyperium/hyper/pull/3041

v0.14.22

Compare Source

Bug Fixes

• server: fix compile-time cfgs for TCP keepalive options (#​3039) (e8765e0f, closes #​3038)

v0.14.21

Compare Source

Bug Fixes

• client: send an error back to client when dispatch misbehaves () (9fa36382, closes #​2649)
• http1: fix http1_header_read_timeout to use same future (#​2891) (c5a14e7c)

Features

• http1: allow ignoring invalid header lines in requests (73dd4746)
• server: add Server::tcp_keepalive_interval and Server::tcp_keepalive_retries (#​2991) (287d7124)

New Contributors

• @​hansonchar made their first contribution in https://github.com/hyperium/hyper/pull/2991

v0.14.20

Compare Source

Bug Fixes

• http1: fix http1_header_read_timeout to use same future (#​2891) (c5a14e7c)

Features

• ext: support non-canonical HTTP/1 reason phrases (#​2792) (b2052a43)

New Contributors

• @​kianmeng made their first contribution in https://github.com/hyperium/hyper/pull/2876
• @​Ticsmtc made their first contribution in https://github.com/hyperium/hyper/pull/2889

v0.14.19

Compare Source

Bug Fixes

• http1: fix preserving header case without enabling ffi (#​2820) (6a35c175)
• server: don't add implicit content-length to HEAD responses (#​2836) (67b73138)

Features

• server:
  • add Connection::http2_max_header_list_size option (#​2828) (a32658c1, closes #​2826)
  • add AddrStream::local_addr() (#​2816) (ffbf610b, closes #​2773)

Breaking Changes

• ffi (unstable):
  • hyper_clientconn_options_new no longer sets the http1_preserve_header_case connection option by default.
    Users should now call hyper_clientconn_options_set_preserve_header_case if they desire that functionality. (78de8914)

v0.14.18

Compare Source

Bug Fixes

• ffi: don't build C libraries by default (1c663706)

Features

• client: add HttpInfo::local_addr() method (055b4e7e, closes #​2767)

v0.14.17

Compare Source

Bug Fixes

• client: avoid panics in uses of Instant (#​2746) (dcdd6d10)

Features

• client: implement the HTTP/2 extended CONNECT protocol from RFC 8441 (#​2682) (5ec094ca)
• error: add Error::message (#​2737) (6932896a, closes #​2732)
• http1: implement obsolete line folding (#​2734) (1f0c177b)

v0.14.16

Compare Source

Bug Fixes

• http1: return 414 when URI contains more than 65534 characters (#​2706) (5f938fff, closes #​2701)
• http2: received Body::size_hint() now return 0 if implicitly empty (#​2715) (84b78b6c)
• server: use case-insensitive comparison for Expect: 100-continue (#​2709) (7435cc33, closes #​2708)

Features

• http2: add http2_max_send_buf_size option to client and server (bff977b7)
• server: add HTTP/1 header read timeout option (#​2675) (842c6553, closes #​2457)

v0.14.15

Compare Source

Bug Fixes

• client: cancel blocking DNS lookup if GaiFuture is dropped (174b553d

Features

• http1: add http1_writev(bool) options to Client and Server builders, to allow forcing vectored writes (80627141)
• upgrade: allow http upgrades with any body type (ab469eb3)

v0.14.14

Compare Source

Bug Fixes

• client:
  • make ResponseFuture implement Sync (bd6c35b9)
  • remove ipv6 square brackets before resolving (910e0268)

Features

• h2: always include original h2 error on broken pipe (6169db25)
• server: Remove Send + Sync requirement for Body in with_graceful_shutdown (1d553e52)

v0.14.13

Compare Source

Bug Fixes

• client: don't reuse a connection while still flushing (c88011da)
• server: convert panic to error if Connection::without_shutdown called on HTTP/2 conn (ea3e2282)

Features

• ffi: add hyper_request_set_uri_parts (a54689b9)
• lib:
  • Export more things with Cargo features (server, !http1, !http2) (0a4b56ac)
  • Export rt module independently of Cargo features (cf6f62c7)

v0.14.12

Compare Source

Bug Fixes

• ffi: on_informational callback had no headers (39b6d01a)
• http1: apply header title case for consecutive dashes (#​2613) (684f2fa7)
• http2: improve errors emitted by HTTP2 Upgraded stream shutdown (#​2622) (be08648e)

Features

• client: expose http09 and http1 options on client::conn::Builder (#​2611) (73bff4e9, closes #​2461)

v0.14.11

Compare Source

Bug Fixes

• client: retry when pool checkout returns closed HTTP2 connection (#​2585) (52214f39)
• http2:
  • improve I/O errors emitted by H2Upgraded (#​2598) (f51c677d)
  • preserve proxy-authenticate and proxy-authorization headers (#​2597) (52435701)

Features

• ffi: add hyper_request_on_informational (25d18c0b)

v0.14.10

Compare Source

Bug Fixes

• http1:
  • reject content-lengths that have a plus sign prefix (06335158)
  • protect against overflow in chunked decoder (efd9a982)

Features

• ffi: add option to get raw headers from response (8c89a8c1)

v0.14.9

Compare Source

Bug Fixes

• http1: reduce memory used with flatten write strategy (eb0c6463)

v0.14.8

Compare Source

Features

• client: allow to config http2 max concurrent reset streams (#​2535) (b9916c41)
• error: add Error::is_parse_too_large and Error::is_parse_status methods (#​2538) (960a69a5)
• http2:
  • Implement Client and Server CONNECT support over HTTP/2 (#​2523) (5442b6fa, closes #​2508)
  • allow HTTP/2 requests by ALPN when http2_only is unset (#​2527) (be9677a1)

Performance

• http2: reduce amount of adaptive window pings as BDP stabilizes (#​2550) (4cd06bf2)

v0.14.7

Compare Source

Bug Fixes

• http1: http1_title_case_headers should move Builder (a303b3c3)

Features

• server: implement forgotten settings for case preserving (4fd6c4cb)

v0.14.6

Compare Source

Features

• client: add option to allow misplaced spaces in HTTP/1 responses (#​2506) (11345394)
• http1: add options to preserve header casing (#​2480) (dbea7716, closes #​2313)

v0.14.5

Compare Source

Bug Fixes

• client: omit default port from automatic Host headers (#​2441) (0b11eee9)
• headers: Support multiple Content-Length values on same line (#​2471) (48fdaf16, closes #​2470)
• server: skip automatic Content-Length headers when not allowed (#​2216) (8cbf9527, closes #​2215)

Features

• client: allow HTTP/0.9 responses behind a flag (#​2473) (68d4e4a3, closes #​2468)
• server: add AddrIncoming::from_listener constructor (#​2439) (4c946af4)

v0.14.4

Compare Source

Bug Fixes

• build: Fix compile error when only http1 feature was enabled.

v0.14.3

Compare Source

Bug Fixes

• client: HTTP/1 client "Transfer-Encoding" repair code would panic (#​2410) (2c8121f1, closes #​2409)
• http1: fix server misinterpretting multiple Transfer-Encoding headers (8f93123e)

Features

• body:
  • reexport hyper::body::SizeHint (#​2404) (9956587f)
  • add send_trailers to Body channel's Sender (#​2387) (bf8d74ad, closes #​2260)
• ffi:
  • add HYPERE_INVALID_PEER_MESSAGE error code for parse errors (1928682b)
  • Initial C API for hyper (3ae1581a)

v0.14.2

Compare Source

Features

• client: expose connect types without proto feature (#​2377) (73a59e5f)
• server: expose Accept without httpX features (#​2382) (a6d4fcbe)

v0.14.1

Compare Source

Bug Fixes

• http1: fix preserving header case without enabling ffi (#​2820) (6a35c175)
• server: don't add implicit content-length to HEAD responses (#​2836) (67b73138)

Features

• server:
  • add Connection::http2_max_header_list_size option (#​2828) (a32658c1, closes #​2826)
  • add AddrStream::local_addr() (#​2816) (ffbf610b, closes #​2773)

Breaking Changes

• ffi (unstable):
  • hyper_clientconn_options_new no longer sets the http1_preserve_header_case connection option by default.
    Users should now call hyper_clientconn_options_set_preserve_header_case if they desire that functionality. (78de8914)

v0.14.0

Compare Source

Bug Fixes

• client: log socket option errors instead of returning error (#​2361) (dad5c879, closes #​2359)
• http1:
  • ignore chunked trailers (#​2357) (1dd761c8, closes #​2171)
  • ending close-delimited body should close (#​2322) (71f34024)

Features

• client:
  • change DNS Resolver to resolve to SocketAddrs (#​2346) (b4e24332, closes #​1937)
  • Make client an optional feature (4e55583d)
• http1: Make HTTP/1 support an optional feature (2a19ab74)
• http2: Make HTTP/2 support an optional feature (b819b428)
• lib:
  • Upgrade to Tokio 1.0, Bytes 1.0, http-body 0.4 (#​2369) (fad42acc, closes #​2370)
  • remove dependency on tracing's log feature (#​2342) (db32e105, closes #​2326)
  • disable all optional features by default (#​2336) (ed2b22a7)
• server: Make the server code an optional feature (#​2334) (bdb5e5d6)
• upgrade: Moved HTTP upgrades off Body to a new API (#​2337) (121c3313, closes #​2086)

Breaking Changes

• hyper depends on tokio v1 and bytes v1.

• Custom resolvers used with HttpConnector must change
  to resolving to an iterator of SocketAddrs instead of IpAddrs.
  (b4e24332)

• hyper no longer emits log records automatically.
  If you need hyper to integrate with a log logger (as opposed to tracing),
  you can add tracing = { version = "0.1", features = ["log"] } to activate them.
  (db32e105)

• Removed http1_writev methods from client::Builder,
  client::conn::Builder, server::Builder, and server::conn::Builder.

  Vectored writes are now enabled based on whether the AsyncWrite
  implementation in use supports them, rather than though adaptive
  detection. To explicitly disable vectored writes, users may wrap the IO
  in a newtype that implements AsyncRead and AsyncWrite and returns
  false from its AsyncWrite::is_write_vectored method.
  (d6aadb83)

• The method Body::on_upgrade() is gone. It is
  essentially replaced with hyper::upgrade::on(msg).
  (121c3313)

• All optional features have been disabled by default.
  (ed2b22a7)

• The HTTP server code is now an optional feature. To
  enable the server, add features = ["server"] to the dependency in
  your Cargo.toml.
  (bdb5e5d6)

• The HTTP client of hyper is now an optional feature. To
  enable the client, add features = ["client"] to the dependency in
  your Cargo.toml.
  (4e55583d)

• This puts all HTTP/1 methods and support behind an
  http1 cargo feature, which will not be enabled by default. To use
  HTTP/1, add features = ["http1"] to the hyper dependency in your
  Cargo.toml.

(2a19ab74)

• This puts all HTTP/2 methods and support behind an
  http2 cargo feature, which will not be enabled by default. To use
  HTTP/2, add features = ["http2"] to the hyper dependency in your
  Cargo.toml.

(b819b428)

v0.13.9 (2020-11-02)

Bug Fixes

• client: fix panic when addrs in ConnectingTcpRemote is empty (#​2292) (01103da5, closes #​2291)
• http2: reschedule keep alive interval timer once a pong is received (2a938d96, closes #​2310)

Features

• client:
  • add HttpConnector::set_local_addresses to set both IPv6 and IPv4 local addrs ( (fb19f3a8)
  • Add accessors to Connected fields (#​2290) (2dc9768d)

v0.13.8 (2020-09-18)

Bug Fixes

• http1: return error if user body ends prematurely (1ecbcbb1, closes #​2263)

Features

• lib: Setting http1_writev(true) will now force writev queue usage (187c22af, closes #​2282)
• server: implement AsRawFd for AddrStream (#​2246) (b5d5e214, closes #​2245)

v0.13.7 (2020-07-13)

Bug Fixes

• client: don't panic in DNS resolution when task cancelled (#​2229) (0d0d3635)

Features

• client: impl tower_service::Service for &Client (#​2089) (77c3b5bc)
• http2: configure HTTP/2 frame size in the high-level builders too (#​2214) (2354a7ee)
• lib: Move from log to tracing in a backwards-compatible way (#​2204) (9832aef9)

v0.13.6 (2020-05-29)

Features

• body: remove Sync bound for Body::wrap_stream (042c7706)
• http2: allow configuring the HTTP/2 frame size (b6446456)

v0.13.5 (2020-04-17)

Bug Fixes

• server: fix panic in Connection::graceful_shutdown (fce3ddce)

v0.13.4 (2020-03-20)

Bug Fixes

• http1: try to drain connection buffer if user drops Body (d838d54f)

Features

• http2: add HTTP2 keep-alive support for client and server (9a8413d9)

v0.13.3 (2020-03-03)

Features

• client: rename client::Builder pool options (#​2142) (a82fd6c9)
• http2: add adaptive window size support using BDP (#​2138) (48102d61)
• server: add poll_peek to AddrStream (#​2127) (24d53d3f)

v0.13.2 (2020-01-29)

Bug Fixes

• body: return exactly 0 SizeHint for empty body (#​2122) (dc882047)
• client: strip path from Uri before calling Connector (#​2109) (ba2a144f)
• http1:
  • only send 100 Continue if request body is polled (c4bb4db5)
  • remove panic for HTTP upgrades that have been ignored (#​2115) (1881db63, closes #​2114)
• http2: don't add client content-length if method doesn't require it (fb90d30c)

Features

• service: Implement Clone/Copy on ServiceFn and MakeServiceFn (#​2104) (a5720fab)

v0.13.1 (2019-12-13)

Bug Fixes

• http1: fix response with non-chunked transfer-encoding to be close-delimited (cb71d2cd, closes #​2058)

Features

• body: implement HttpBody for Request and Response (4b6099c7, closes #​2067)
• client: expose hyper::client::connect::Connect trait alias (2553ea1a)

v0.13.10

Compare Source

Bug Fixes

• http1: fix server misinterpretting multiple Transfer-Encoding headers (6d9e5f9f)

  See GHSA-6hfq-h8hq-87mf

v0.13.9

Compare Source

Bug Fixes

• client: fix panic when addrs in ConnectingTcpRemote is empty (#​2292) (01103da5, closes #​2291)
• http2: reschedule keep alive interval timer once a pong is received (2a938d96, closes #​2310)

Features

• client:
  • add HttpConnector::set_local_addresses to set both IPv6 and IPv4 local addrs ( (fb19f3a8)
  • Add accessors to Connected fields (#​2290) (2dc9768d)

v0.13.8

Compare Source

Bug Fixes

• http1: return error if user body ends prematurely (1ecbcbb1, closes #​2263)

Features

• lib: Setting http1_writev(true) will now force writev queue usage (187c22af, closes #​2282)
• server: implement AsRawFd for AddrStream (#​2246) (b5d5e214, closes #​2245)

v0.13.7

Compare Source

Bug Fixes

• client: don't panic in DNS resolution when task cancelled (#​2229) (0d0d3635)

Features

• client: impl tower_service::Service for &Client (#​2089) (77c3b5bc)
• http2: configure HTTP/2 frame size in the high-level builders too (#​2214) (2354a7ee)
• lib: Move from log to tracing in a backwards-compatible way (#​2204) (9832aef9)

v0.13.6

Compare Source

Features

• body: remove Sync bound for Body::wrap_stream (042c7706)
• http2: allow configuring the HTTP/2 frame size (b6446456)

v0.13.5

Compare Source

Bug Fixes

• server: fix panic in Connection::graceful_shutdown (fce3ddce)

v0.13.4

Compare Source

Bug Fixes

• http1: try to drain connection buffer if user drops Body (d838d54f)

Features

• http2: add HTTP2 keep-alive support for client and server (9a8413d9)

v0.13.3

Compare Source

Features

• client: rename client::Builder pool options (#​2142) (a82fd6c9)
• http2: add adaptive window size support using BDP (#​2138) (48102d61)
• server: add poll_peek to AddrStream (#​2127) (24d53d3f)

v0.13.2

Compare Source

Bug Fixes

• body: return exactly 0 SizeHint for empty body (#​2122) (dc882047)
• client: strip path from Uri before calling Connector (#​2109) (ba2a144f)
• http1:
  • only send 100 Continue if request body is polled (c4bb4db5)
  • remove panic for HTTP upgrades that have been ignored (#​2115) (1881db63, closes #​2114)
• http2: don't add client content-length if method doesn't require it (fb90d30c)

Features

• service: Implement Clone/Copy on ServiceFn and MakeServiceFn (#​2104) (a5720fab)

v0.13.1

Compare Source

Bug Fixes

• http1: fix response with non-chunked transfer-encoding to be close-delimited (cb71d2cd, closes #​2058)

Features

• body: implement HttpBody for Request and Response (4b6099c7, closes #​2067)
• client: expose hyper::client::connect::Connect trait alias (2553ea1a)

v0.13.0

Compare Source

Bug Fixes

• client:
  • fix polling dispatch channel after it has closed (039281b8)
  • fix panic from unreachable code (e6027bc0)
• dependencies: require correct bytes minimum version (#​1975) (536b1e18)
• server:
  • change Builder window size methods to be by-value (a22dabd0, closes #​1814)
  • ignore expect-continue with no body in debug mode (ca5836f1, closes #​1843)
  • Remove unneeded 'static bound of Service on Connection (#​1971) (4d147126)

Features

• body:
  • change Sender::send_data to an async fn. (62a96c07)
  • require Sync when wrapping a dynamic Stream (44413721)
  • add body::aggregate and body::to_bytes functions (8ba9a8d2)
  • replace Chunk type with Bytes (5a598757, closes #​1931)
  • replace the Payload trait with HttpBody (c63728eb)
• client:
  • impl tower_service::Service for Client (edbd10ac)
  • provide tower::Service support for clients (#​1915) (eee2a728)
  • change connectors to return an impl Connection (4d7a2266)
  • remove Destination for http::Uri in connectors (319e8aee)
  • filter remote IP addresses by family of given local IP address (131962c8)
  • change Resolve to be Service<Name> (9d9233ce, closes #​1903)
  • change Connect trait into an alias for Service (d67e49f1, closes #​1902)
  • change GaiResolver to use a global blocking threadpool (049b5132)
  • Add connect timeout to HttpConnector (#​1972) (4179297a)
• lib:
  • update to std::future::Future (8f4b05ae)
  • add optional tcp feature, split from runtime (5b348b82)
  • make Stream trait usage optional behind the stream feature, enabled by default (0b03b730, closes #​2034)
  • update Tokio, bytes, http, h2, and http-body (cb3f39c2)
• rt: introduce rt::Executor trait (6ae5889f, closes #​1944)
• server:
  • introduce Accept trait (b3e55062)
  • give Server::local_addr a more general type (3cc93e79)
  • change http1_half_close option default to disabled (7e31fd88)
• service:
  • use tower_service::Service for hyper::service (ec520d56)
  • rename Service to HttpService, re-export tower::Service (4f274399, closes #​1959)

Breaking Changes

• All usage of async traits (Future, Stream,
  AsyncRead, AsyncWrite, etc) are updated to newer versions.

(8f4b05ae)

• All usage of hyper::Chunk should be replaced with
  bytes::Bytes (or hyper::body::Bytes).

(5a598757)

• Using a Body as a Stream, and constructing one via
  Body::wrap_stream, require enabling the stream feature.

(511ea388)

• Calls to GaiResolver::new and HttpConnector::new no
  longer should pass an integer argument for the number of threads.

(049b5132)

• Connectors no longer return a tuple of
  (T, Connected), but a single T: Connection.

(4d7a2266)

• All usage of `hyper::c

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.