fix(deps): update rust crate tower-http to 0.3.3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
tower-http	dependencies	minor	0.1.2 -> 0.3.3

---

Release Notes

tower-rs/tower-http

v0.3.3

Compare Source

Added

• serve_dir: Add ServeDir::call_fallback_on_method_not_allowed to allow calling the fallback
  for requests that aren't GET or HEAD (#​264)
• request_id: Add MakeRequestUuid for generating request ids using UUIDs (#​266)

Fixed

• serve_dir: Include Allow header for 405 Method Not Allowed responses (#​263)

v0.3.2

Compare Source

Fixed

• serve_dir: Fix empty request parts being passed to ServeDir's fallback instead of the actual ones (#​258)

v0.3.1

Compare Source

Fixed

• cors: Only send a single origin in Access-Control-Allow-Origin header when a list of
  allowed origins is configured (the previous behavior of sending a comma-separated list like for
  allowed methods and allowed headers is not allowed by any standard)

v0.3.0

Compare Source

Added

• fs: Add ServeDir::{fallback, not_found_service} for calling another service if
  the file cannot be found (#​243)
• fs: Add SetStatus to override status codes (#​248)
• ServeDir and ServeFile now respond with 405 Method Not Allowed to requests where the
  method isn't GET or HEAD (#​249)
• cors: Added CorsLayer::very_permissive which is like
  CorsLayer::permissive except it (truly) allows credentials. This is made
  possible by mirroring the request's origin as well as method and headers
  back as CORS-whitelisted ones (#​237)
• cors: Allow customizing the value(s) for the Vary header (#​237)

Changed

• cors: Removed allow-credentials: true from CorsLayer::permissive.
  It never actually took effect in compliant browsers because it is mutually
  exclusive with the * wildcard (Any) on origins, methods and headers (#​237)
• cors: Rewrote the CORS middleware. Almost all existing usage patterns
  will continue to work. (BREAKING) (#​237)
• cors: The CORS middleware will now panic if you try to use Any in
  combination with .allow_credentials(true). This configuration worked
  before, but resulted in browsers ignoring the allow-credentials header,
  which defeats the purpose of setting it and can be very annoying to debug
  (#​237)

Fixed

• fs: Fix content-length calculation on range requests (#​228)

v0.2.5

Compare Source

Fixed

• Fix content-length calculation on range requests (#​228)

v0.2.4

Compare Source

Added

• Added CatchPanic middleware which catches panics and converts them
  into 500 Internal Server responses (#​214)

Fixed

• Make parsing of Accept-Encoding more robust (#​220)

v0.2.3

Compare Source

Changed

• Update to tokio-util 0.7 (#​221)

Fixed

• The CORS layer / service methods allow_headers, allow_methods, allow_origin
  and expose_headers now do nothing if given an empty Vec, instead of sending
  the respective header with an empty value (#​218)

v0.2.2

Compare Source

Fixed

• Add Vary headers for CORS preflight responses (#​216)

v0.2.1

Compare Source

Added

• Support Last-Modified (and friends) headers in ServeDir and ServeFile (#​145)
• Add AsyncRequireAuthorization::layer (#​195)

Fixed

• Fix build error for certain feature sets (#​209)
• Cors: Set Vary header (#​199)
• ServeDir and ServeFile: Fix potential directory traversal attack due to
  improper path validation on Windows (#​204)

v0.2.0

Compare Source

Added

• builder: Add ServiceBuilderExt which adds methods to tower::ServiceBuilder for
  adding middleware from tower-http (#​106)
• request_id: Add SetRequestId and PropagateRequestId middleware (#​150)
• trace: Add DefaultMakeSpan::level to make log level of tracing spans easily configurable (#​124)
• trace: Add LatencyUnit::Seconds for formatting latencies as seconds (#​179)
• trace: Support customizing which status codes are considered failures by GrpcErrorsAsFailures (#​189)
• compression: Support specifying predicates to choose when responses should
  be compressed. This can be used to disable compression of small responses,
  responses with a certain content-type, or something user defined (#​172)
• fs: Ability to serve precompressed files (#​156)
• fs: Support Range requests (#​173)
• fs: Properly support HEAD requests which return no body and have the Content-Length header set (#​169)

Changed

• AddAuthorization, InFlightRequests, SetRequestHeader,
  SetResponseHeader, AddExtension, MapRequestBody and MapResponseBody
  now requires underlying service to use http::Request<ReqBody> and
  http::Response<ResBody> as request and responses (#​182) (BREAKING)
• set_header: Remove unnecessary generic parameter from SetRequestHeaderLayer
  and SetResponseHeaderLayer. This removes the need (and possibility) to specify a
  body type for these layers (#​148) (BREAKING)
• compression, decompression: Change the response body error type to
  Box<dyn std::error::Error + Send + Sync>. This makes them usable if
  the body they're wrapping uses Box<dyn std::error::Error + Send + Sync> as
  its error type which they previously weren't (#​166) (BREAKING)
• fs: Change response body type of ServeDir and ServeFile to
  ServeFileSystemResponseBody and ServeFileSystemResponseFuture (#​187) (BREAKING)
• auth: Change AuthorizeRequest and AsyncAuthorizeRequest traits to be simpler (#​192) (BREAKING)

Removed

• compression, decompression: Remove BodyOrIoError. Its been replaced with Box<dyn std::error::Error + Send + Sync> (#​166) (BREAKING)
• compression, decompression: Remove the compression and decompression feature. They were unnecessary
  and compression-full/decompression-full can be used to get full
  compression/decompression support. For more granular control, [compression|decompression]-gzip,
  [compression|decompression]-br and [compression|decompression]-deflate may
  be used instead (#​170) (BREAKING)

v0.1.3

Compare Source

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.