Skip to content

deps: bump tower-http to 0.7 and k8s-openapi to 0.28 (with kube 4.0)#302

Merged
passcod merged 1 commit into
mainfrom
deps-tower-http-k8s-openapi
Jul 1, 2026
Merged

deps: bump tower-http to 0.7 and k8s-openapi to 0.28 (with kube 4.0)#302
passcod merged 1 commit into
mainfrom
deps-tower-http-k8s-openapi

Conversation

@passcod

@passcod passcod commented Jul 1, 2026

Copy link
Copy Markdown
Member

🤖 Supersedes the two standalone Dependabot PRs (#289, #291), which each needed manual follow-up to build.

tower-http 0.6.11 → 0.7.0

Bumped in commons-servers, private-server, and public-server. Our usage (CompressionLayer, RequestDecompressionLayer, TraceLayer, ServeDir) is unaffected by the 0.7 breaking changes, so no code changes were needed. Transitive consumers (reqwest, axum-client-ip) stay on 0.6.11.

k8s-openapi 0.27.1 → 0.28.0 + kube 3.1 → 4.0

Dependabot's #291 bumped k8s-openapi alone, which pins to whatever kube depends on. kube 3.1 still needs k8s-openapi 0.27, so the bump produced two copies of k8s-openapi (the exact failure the workspace Cargo.toml comment warns about). Bumping kube to 4.0 alongside resolves back to a single k8s-openapi 0.28. The v1_32 feature is retained (0.28 drops 1.31 but keeps 1.32). kube 4.0's API is source-compatible with our backup_secrets usage — no code changes needed.

Closes #289
Closes #291

@passcod passcod added this pull request to the merge queue Jul 1, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Jul 1, 2026
@passcod passcod added this pull request to the merge queue Jul 1, 2026
Merged via the queue into main with commit 7bc973d Jul 1, 2026
7 checks passed
@passcod passcod deleted the deps-tower-http-k8s-openapi branch July 1, 2026 22:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant