Bump hyper-staticfile from 0.9.5 to 0.10.0

[dependabot]

Bumps hyper-staticfile from 0.9.5 to 0.10.0.

Release notes

Sourced from hyper-staticfile's releases.

v0.10.0

These are all the changes since v0.9.5 combined:

• Breaking change: Upgraded to Hyper 1.0.
• Breaking change: The top-level resolve* functions are now methods on a new type Resolver.
• Breaking change: ResolveResult::Found now contains a ResolvedFile, a new struct replacing the old unnamed tuple parameters.
• Breaking change: The FileBytesStream and FileResponseBuilder exports have moved to a util submodule.
• A filesystem abstraction was added. Different backing can now be implemented using traits from the vfs submodule.
  • Breaking change: Static, ResolveResult, util::FileBytesStream, util::FileBytesStreamRange, util::FileBytesStreamMultiRange are now generic over traits from the vfs submodule. The type parameters have defaults set for the Tokio implementation, which should make migration effortless in many cases.
  • A MemoryFs was added, which allows serving files efficiently from memory, and preloading an entire directory into memory.
• Added Static::allowed_encodings, which can be used to serve precompressed .br and .gz files if a client requests them with the Accept-Encoding header.
• Added Resolver::set_rewrite, which allows rewriting a request before the filesystem is accessed.

v0.10.0-alpha.7

• Upgraded to Hyper 1.0.0-rc.4. (Thanks @​aaronriekenberg!)

v0.10.0-alpha.6

• ResolvedFile now has a path field containing the resolved and sanitized path of the file.

v0.10.0-alpha.5

• Fixes an issue in path sanitization that made open redirects possible. (RUSTSEC-2022-0072)

v0.10.0-alpha.4

• Breaking change: FileBytesStream and FileResponseBuilder are no longer exported. If you were using these, please let us know via an issue, so we can design an API that fits the changes in structures.
• Breaking change: The VFS layer now uses a new FileAccess trait instead of AsyncRead, to save on copy operations when serving from MemoryFs. An additional IntoFileAccess trait was also added to provide an intermediate step where buffer allocation can take place. These changes are reflected in type constraints throughout the crate API.
• Fixed an issue where MemoryFs would not serve the directory index for /.

v0.10.0-alpha.3

• Added Static::allowed_encodings, which can be used to serve precompressed .br and .gz files if a client requests them with the Accept-Encoding header.
• A filesystem abstraction was added, and a simple in-memory filesystem MemoryFs is now available.
  • Breaking change: Many types are now generic over the filesystem or file implementation. Where possible, a default is provided for the type parameters, which should make migration effortless in many cases.
    • Static is now generic over FileOpener, a new trait that represents the filesystem implementation.
    • ResolveResult, FileBytesStream and Body are now generic over AsyncRead and AsyncSeek.
  • Breaking change: The top-level resolve* functions are now methods on a new type Resolver.
  • Breaking change: ResolveResult::Found now contains a ResolvedFile, a new struct replacing the old unnamed tuple parameters.

v0.10.0-alpha.2

• Fixed an issue where a different drive could be accessed on Windows with a malicious path. (RUSTSEC-2022-0069)

v0.10.0-alpha.1

• Breaking change: Support for Hyper 1.0-rc.1.

Commits

• c57fea7 Version 0.10.0
• c135201 Merge pull request #46 from stephank/feat/rewrite
• 3c47005 Use hyper-util 0.1.1 release in dev-dependencies
• ab267aa Add rewrite function
• 960a750 Merge pull request #45 from stephank/feat/upgrade
• 94d39db cargo clippy --fix
• 51f1308 Upgrade to hyper 1.0
• 7693e1f Version 0.10.0-alpha.7
• 1513079 Merge pull request #43 from aaronriekenberg/main
• 41076ac Step up to hyper 1.0.0-rc.4
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[ahl]

depends on #831