-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Rust crate tower-sessions to ~0.13.0 #271
Open
renovate
wants to merge
1
commit into
main
Choose a base branch
from
renovate/tower-sessions-0.x
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.4.1
Update Rust crate tower-sessions to ~0.4.1 - autoclosed
Nov 4, 2023
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.4.1 - autoclosed
Update Rust crate tower-sessions to ~0.4.1
Nov 11, 2023
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.4.1
Update Rust crate tower-sessions to ~0.4.2
Nov 11, 2023
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
November 11, 2023 00:05
d6b9aad
to
fe5df90
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.4.2
Update Rust crate tower-sessions to ~0.4.3
Nov 11, 2023
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
November 11, 2023 18:52
fe5df90
to
107a6b5
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.4.3
Update Rust crate tower-sessions to ~0.5.0
Nov 12, 2023
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
November 12, 2023 22:46
107a6b5
to
8f5094c
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.5.0
Update Rust crate tower-sessions to ~0.5.1
Nov 15, 2023
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
November 15, 2023 19:13
8f5094c
to
c79ed10
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.5.1
Update Rust crate tower-sessions to ~0.6.0
Nov 18, 2023
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
November 18, 2023 00:15
c79ed10
to
8a499aa
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.6.0
Update Rust crate tower-sessions to ~0.7.0
Nov 27, 2023
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
November 27, 2023 18:32
8a499aa
to
54a9986
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.7.0
Update Rust crate tower-sessions to ~0.7.0 - autoclosed
Dec 16, 2023
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.7.0 - autoclosed
Update Rust crate tower-sessions to ~0.7.0
Dec 21, 2023
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.7.0
Update Rust crate tower-sessions to ~0.8.0
Dec 21, 2023
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
2 times, most recently
from
December 23, 2023 16:14
9cc2ee5
to
daf8256
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.8.0
Update Rust crate tower-sessions to ~0.8.1
Dec 23, 2023
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
December 24, 2023 04:34
daf8256
to
ab4d856
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.8.1
Update Rust crate tower-sessions to ~0.8.2
Dec 24, 2023
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.8.2
Update Rust crate tower-sessions to ~0.9.0
Jan 1, 2024
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.9.0
Update Rust crate tower-sessions to ~0.9.1
Jan 4, 2024
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
January 4, 2024 16:11
f9ad1ae
to
47e04b1
Compare
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
January 23, 2024 04:05
47e04b1
to
3d5c47c
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.9.1
Update Rust crate tower-sessions to ~0.10.0
Jan 23, 2024
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
January 27, 2024 18:22
3d5c47c
to
5480ee7
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.10.0
Update Rust crate tower-sessions to ~0.10.1
Jan 27, 2024
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.10.1
Update Rust crate tower-sessions to ~0.10.2
Feb 6, 2024
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
February 6, 2024 18:37
5480ee7
to
fd67a8c
Compare
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
February 23, 2024 19:57
fd67a8c
to
8e7903b
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.10.2
Update Rust crate tower-sessions to ~0.10.3
Feb 23, 2024
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
February 24, 2024 15:18
8e7903b
to
8ef0001
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.10.3
Update Rust crate tower-sessions to ~0.10.2
Feb 24, 2024
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
February 24, 2024 19:22
8ef0001
to
aae8a91
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.10.2
Update Rust crate tower-sessions to ~0.10.4
Feb 24, 2024
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
March 5, 2024 04:34
aae8a91
to
916b319
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.10.4
Update Rust crate tower-sessions to ~0.11.0
Mar 5, 2024
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
March 17, 2024 16:07
916b319
to
17668e6
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.11.0
Update Rust crate tower-sessions to ~0.11.1
Mar 17, 2024
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.11.1
Update Rust crate tower-sessions to ~0.12.0
Mar 19, 2024
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
March 19, 2024 22:38
17668e6
to
6c3d9ff
Compare
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
April 1, 2024 01:29
6c3d9ff
to
b2a833e
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.12.0
Update Rust crate tower-sessions to ~0.12.1
Apr 1, 2024
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
April 14, 2024 18:31
b2a833e
to
145200c
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.12.1
Update Rust crate tower-sessions to ~0.12.2
Apr 14, 2024
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
May 5, 2024 10:07
145200c
to
f910b85
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.12.2
Update Rust crate tower-sessions to ~0.12.0
May 5, 2024
renovate
bot
force-pushed
the
renovate/tower-sessions-0.x
branch
from
September 3, 2024 19:50
f910b85
to
eda8ace
Compare
renovate
bot
changed the title
Update Rust crate tower-sessions to ~0.12.0
Update Rust crate tower-sessions to ~0.13.0
Sep 3, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
~0.7.0
->~0.13.0
Release Notes
maxcountryman/tower-sessions (tower-sessions)
v0.13.0
Compare Source
v0.12.3
Compare Source
continuously_delete_expired
waits for initial run. #208v0.12.2
Compare Source
set_expiry
mutatesMax-Age
. #191This addresses a bug where using
set_expiry
on a session with no initial expiry time would not add the Max-age attribute to the cookie leading to an inconsitency between the cookie and the database.v0.12.1
Compare Source
Important Security Update
create
. #188Because cycling the session ID involves creating a new ID, this must follow the same semantics as normal session creation. Therefore prior to this fix session ID collision could occur through this vector.
v0.12.0
Compare Source
Important Security Update
This release introduces a new method,
create
, to theSessionStore
trait to distinguish between creating a new session and updating an existing one. This distinction is crucial for mitigating the potential for session ID collisions.Although the probability of session ID collisions is statistically low, given that IDs are composed of securely-random
i128
values, such collisions pose a significant security risk. A store that does not differentiate between session creation and updates could inadvertently allow an existing session to be accessed, leading to potential session takeovers.Session store authors are strongly encouraged to update and implement
create
such that potential ID collisions are handled, either by generating a new ID or returning an error.As a transitional measure, we have provided a default implementation of
create
that wraps the existingsave
method. However, this default is not immune to the original issue. Therefore, it is imperative that stores override thecreate
method with an implementation that adheres to the required uniqueness semantics, thereby effectively mitigating the risk of session ID collisions.v0.11.1
Compare Source
session.set_expiry
updates record. #175signed
andprivate
features, enabling signing and encryption respectively. #157v0.11.0
Compare Source
Id
. #159Breaking Changes
IdError
type in favor of usingbase64::DecodeSliceError
. #159base64
to0.22.0
.v0.10.4
Compare Source
This ensures that the changes introduced in
0.10.3
do not break SemVer.Please note that
0.10.3
has been yanked in accordance with cargo guidelines.v0.10.3
Compare Source
v0.10.2
Compare Source
v0.10.1
Compare Source
Expires: Session
#149v0.10.0
Compare Source
Breaking Changes
Session IDs are now represetned as base64-encoded
i128
s, boast 128 bits of entropy, and are shorter, saving network bandwidth and improving the secure nature of sessions.We no longer bundle session stores via feature flags and as such applications must be updated to require the stores directly. For example, applications that use the
tower-sessions-sqlx-store
should update theirCargo.toml
like so:Assuming a SQLite store, as an example.
Furthermore, imports will also need to be updated accordingly. For example:
Finally, the service itself has been moved out of the core crate, which makes this crate smaller as well as establishes better boundaries between code.
Thank you for bearing with us: we are approaching longer term stability and aim to minimize churn going forward as we begin to move toward a 1.0 release.
v0.9.1
Compare Source
clear
works before record loading. #134v0.9.0
Compare Source
Breakiung Changes
This updates the service such that it always returns a response directly. In practice this means that e.g.
axum
applications no longer need theHandleErrorLayer
and instead can use the layer directly. Note that if you use other fallibletower
middleware, you will still need to useHandleErrorLayer
.As such we've also remove the
MissingCookies
andMissingId
variants from the session error enum.v0.8.2
Compare Source
PartialEq
forRecord
. #125v0.8.1
Compare Source
RedisStore
fromRedisPool
. #122v0.8.0
Compare Source
Breaking Changes
Among other things, session methods are now entirely async, meaning applications must be updated to await these methods in order to migrate.
Separately,
SessionStore
has been updated to use aRecord
intermediary. As such,SessionStore
implementations must be updated accordingly.Session stores now use a concrete error type that must be used in implementations of
SessionStore
.The
secure
cookie attribute now defaults totrue
.Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.