594: Refuse to dial addresses via Tor that are almost certainly not reachable r=thomaseizinger a=thomaseizinger
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
602: Bump thiserror from 1.0.25 to 1.0.26 r=thomaseizinger a=dependabot[bot]
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.25 to 1.0.26.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/dtolnay/thiserror/releases">thiserror's releases</a>.</em></p>
<blockquote>
<h2>1.0.26</h2>
<ul>
<li>Work around bug in Clippy nonstandard_macro_braces lint (<a href="https://github-redirect.dependabot.com/rust-lang/rust-clippy/issues/7422">rust-lang/rust-clippy#7422</a>, 245e7cfd149140806ecef89d44b14e9557b297b1)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="031fea6f3b"><code>031fea6</code></a> Release 1.0.26</li>
<li><a href="245e7cfd14"><code>245e7cf</code></a> Suppress nonstandard_macro_braces in generated code</li>
<li><a href="4bbe3ece51"><code>4bbe3ec</code></a> Ignore buggy nonstandard_macro_braces clippy lint</li>
<li><a href="e0628be8ed"><code>e0628be</code></a> Ignore doc_markdown clippy false positive</li>
<li><a href="a37b5ab11f"><code>a37b5ab</code></a> Resolve needless_borrow clippy lints</li>
<li><a href="8862629bcc"><code>8862629</code></a> Delete broken #[deprecated] test</li>
<li>See full diff in <a href="https://github.com/dtolnay/thiserror/compare/1.0.25...1.0.26">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=thiserror&package-manager=cargo&previous-version=1.0.25&new-version=1.0.26)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
603: Bump structopt from 0.3.21 to 0.3.22 r=thomaseizinger a=dependabot[bot]
Bumps [structopt](https://github.com/TeXitoi/structopt) from 0.3.21 to 0.3.22.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/TeXitoi/structopt/blob/master/CHANGELOG.md">structopt's changelog</a>.</em></p>
<blockquote>
<h1>v0.3.22 (2021-07-04)</h1>
<ul>
<li>Add support for <a href="https://github-redirect.dependabot.com/TeXitoi/structopt/issues/128">generics in derive</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="004cfc218e"><code>004cfc2</code></a> v0.3.22</li>
<li><a href="4bdde69b60"><code>4bdde69</code></a> add basic support for generic structs and enums (<a href="https://github-redirect.dependabot.com/TeXitoi/structopt/issues/483">#483</a>)</li>
<li><a href="d16cfd264d"><code>d16cfd2</code></a> fix clippy</li>
<li><a href="8161b1522c"><code>8161b15</code></a> Add an example using strum</li>
<li><a href="3848d5b55b"><code>3848d5b</code></a> Fix explanation on optional string list argument</li>
<li>See full diff in <a href="https://github.com/TeXitoi/structopt/compare/v0.3.21...v0.3.22">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=structopt&package-manager=cargo&previous-version=0.3.21&new-version=0.3.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Instead of formatting to a string right away, we parse the multiaddress
into a stricter data structure that only allows the kind of addresses
we can dial through Tor.
This will allow us to perform further checks on the parsed address.
585: Configurable kraken websocket url via the ASB config r=thomaseizinger a=cimble-code
- Allows the ASB operator to configure a custom kraken websocket url via the ASB config.
- Addresses the issue of price control first brought up [here](https://github.com/comit-network/xmr-btc-swap/discussions/571)
> Gotya.
There is a relatively easy to implement (but temporary) solution for that. We could let the user configure the kraken websocket url via the ASB config. That way you can plug in your own service. The only requirement is that your service publishes prices updates in the same format as [kraken](https://docs.kraken.com/websockets/), e.g. :
_Originally posted by @bonomat in https://github.com/comit-network/xmr-btc-swap/discussions/571#discussioncomment-885535_
Co-authored-by: Your Name <you@example.com>
586: `swap_setup` instead of `spot_price` and `execution_setup` r=da-kami a=da-kami
Having `spot_price` and `execution_setup` as separate protocols did not bring any advantages, but was problematic because we had to ensure that `execution_setup` would be triggered after `spot_price`. Because of this dependency it is better to combine the protocols into one.
Combining the protocols also allows a refactoring to get rid of the `libp2p-async-await` dependency.
Alice always listens for the `swap_setup` protocol. When Bob opens a substream on that protocol the spot price is communicated, and then all execution setup messages (swap-id and signature exchange).
Co-authored-by: Daniel Karzel <daniel@comit.network>
Closing the connection upon completing the `swap_setup` protocol caused problems on the ASB side, because the CLI would close the connection before the last message was properly processed. This would result in swaps going into execution on the CLI side, but not on the ASB side.
The CLI ensures an open connection to the ASB over the complete course of a swap. So it does not make much sense to allow a protocol to close the connection (the CLI would immediately redial).
For the Alice we set the initial `KeepAlive` to `10` seconds because Bob is expected to request a spot price in reasonable time after opening a connection on the protocol. Since Tor connections can take some time we set 10 seconds fow now for resilience.
Given that we combined the `spot_price` and the `execution_setup` messaging into one protocol we should allow the protocol to take longer than 60 seconds to complete.
This is especially important for connections over Tor, where messaging can take significantly longer than over clearnet.
I ran some tests with Tor and did not run into issues with the 60 seconds, but we get very close to the timeout, so we better make it more resilient by adding more time.
When swapping on testnet we ran into a problem where the CLI started the swap after sending all messages successfully, but the ASB ran into a `connection closed` error at the end of the `swap_setup` and the swap state machine was never actually triggered.
Flushing and closing the stream on both sides should ensure that we don't run into this problem and both parties gracefully exit the protocol.
Some network and application specific code does not belong in the protocol module and was moved.
Eventloop, recovery and the outside behaviour were moved to the respective application module because they are application specific.
The `swap_setup` was moved into the network module because upon change both sides will have to be changed and should thus stay close together.
Having `spot_price` and `execution_setup` as separate protocols did not bring any advantages, but was problematic because we had to ensure that `execution_setup` would be triggered after `spot_price`. Because of this dependency it is better to combine the protocols into one.
Combining the protocols also allows a refactoring to get rid of the `libp2p-async-await` dependency.
Alice always listens for the `swap_setup` protocol. When Bob opens a substream on that protocol the spot price is communicated, and then all execution setup messages (swap-id and signature exchange).
578: Bump rust_decimal_macros from 1.14.1 to 1.14.3 r=thomaseizinger a=dependabot[bot]
Bumps [rust_decimal_macros](https://github.com/paupino/rust-decimal) from 1.14.1 to 1.14.3.
<details>
<summary>Commits</summary>
<ul>
<li><a href="b7cf68ed01"><code>b7cf68e</code></a> Merge branch 'SebRollen-SR/fix_ln_panic'</li>
<li><a href="8d2829b918"><code>8d2829b</code></a> Minor doc updates for version release</li>
<li><a href="092fdf8c8d"><code>092fdf8</code></a> fix panic in call to Decimal::ZERO.ln()</li>
<li><a href="3482ce1d23"><code>3482ce1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/paupino/rust-decimal/issues/396">#396</a> from c410-f3r/patch-3</li>
<li><a href="9365805c5f"><code>9365805</code></a> Update arithmetic.rs</li>
<li><a href="23750d8bd0"><code>23750d8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/paupino/rust-decimal/issues/383">#383</a> from c410-f3r/fuzz</li>
<li><a href="ab3bec8958"><code>ab3bec8</code></a> Merge branch 'master' into fuzz</li>
<li><a href="16b41cc58c"><code>16b41cc</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/paupino/rust-decimal/issues/394">#394</a> from paupino/version/1.14.2</li>
<li><a href="c7bd3bf987"><code>c7bd3bf</code></a> Version 1.14.2</li>
<li><a href="f7f058312d"><code>f7f0583</code></a> Merge branch 'master' into fuzz</li>
<li>Additional commits viewable in <a href="https://github.com/paupino/rust-decimal/compare/1.14.1...1.14.3">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rust_decimal_macros&package-manager=cargo&previous-version=1.14.1&new-version=1.14.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
579: Bump rust_decimal from 1.14.2 to 1.14.3 r=thomaseizinger a=dependabot[bot]
Bumps [rust_decimal](https://github.com/paupino/rust-decimal) from 1.14.2 to 1.14.3.
<details>
<summary>Commits</summary>
<ul>
<li><a href="b7cf68ed01"><code>b7cf68e</code></a> Merge branch 'SebRollen-SR/fix_ln_panic'</li>
<li><a href="8d2829b918"><code>8d2829b</code></a> Minor doc updates for version release</li>
<li><a href="092fdf8c8d"><code>092fdf8</code></a> fix panic in call to Decimal::ZERO.ln()</li>
<li><a href="3482ce1d23"><code>3482ce1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/paupino/rust-decimal/issues/396">#396</a> from c410-f3r/patch-3</li>
<li><a href="9365805c5f"><code>9365805</code></a> Update arithmetic.rs</li>
<li><a href="23750d8bd0"><code>23750d8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/paupino/rust-decimal/issues/383">#383</a> from c410-f3r/fuzz</li>
<li><a href="ab3bec8958"><code>ab3bec8</code></a> Merge branch 'master' into fuzz</li>
<li><a href="f7f058312d"><code>f7f0583</code></a> Merge branch 'master' into fuzz</li>
<li><a href="27168cbef4"><code>27168cb</code></a> Update step name</li>
<li><a href="b98bff2931"><code>b98bff2</code></a> Enable cargo-make</li>
<li>Additional commits viewable in <a href="https://github.com/paupino/rust-decimal/compare/1.14.2...1.14.3">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rust_decimal&package-manager=cargo&previous-version=1.14.2&new-version=1.14.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
582: Asb price guarantees r=da-kami a=da-kami
Fixes#557
Tested on test-/stagenet setup with Raspi.
The change log entry in the last commit sums up the changes.
Co-authored-by: Daniel Karzel <daniel@comit.network>
Includes a new state that is used to await BTC lock tx finality. Upon starting the swap we initially only wait for the BTC lock tx to be seen in the mempool.
This is guarded by a short timeout (3 mins), because it is assumed that in the current setup (sport_price + execution_setup only triggered upon funds being available already) the lock transaction should be picked up almost instanly after the execution setup succeeded.
Similar to the CLI the ASB has to ensure that the execution_setup is executed within a certain time.
Without a timeout the price (returned by `spot_price` would be guaranteed with the CLI indefinitely.
584: Request timeout when swapping over Tor r=da-kami a=da-kami
It seems the current chosen channel timeouts are still not optimal.
I ran into issues with swapping over Tor and traced them down to the CLI timeout of the bmrng channel.
It appears that the ASB waited significant time for the acknowledgement from the CLI, which caused quite a delay.
Logs of the CLI timeout:
```
2021-06-23 12:37:49 INFO Spot price btc=0.00100000 BTC xmr=0.152542734847 XMR
2021-06-23 12:37:53 DEBUG Starting execution setup with 12D3KooWPZ69DRp4wbGB3wJsxxsg1XW1EVZ2evtVwcARCF3a1nrx
Error: Failed to complete swap
Caused by:
request timed out
Process finished with exit code 1
```
ASB logs (sorry about the time zones being not aligned, the minutes are the interesting part)
```
Jun 23 03:48:27 raspberrypi asb[7933]: WARN Estimated fee of 137.0 is smaller than the min relay fee, defaulting to min relay fee 1000
Jun 23 03:48:44 raspberrypi asb[7933]: DEBUG Spot price response sent peer=12D3KooWRqVnNWuahKawSSmxQQptGcEApNBFXNodzRv2q6tBvhUW
Jun 23 03:49:00 raspberrypi asb[7933]: WARN Lost connection. Error Connection error: I/O error: connection is closed peer=12D3KooWRqVnNWuahKawSSmxQQptGcEApNBFXNodzRv2q6tBvhUW address=/ip4/127.0.0.1/tcp/49362
```
Co-authored-by: Daniel Karzel <daniel@comit.network>
It seems the current chosen channel timeouts are still not optimal.
I ran into issues with swapping over Tor and traced them down to the CLI timeout of the bmrng channel.
It appears that the ASB was not running as quick as the CLI, which caused a timeout on the CLI side (in addition to the delay when sending messages over Tor).
Only `execution_setup` caused the problem so far, but I would recommend changing all the channel timeouts to one minute to avoid this problem.
544: Drop `monero-wallet-rpc` test container if errors r=da-kami a=da-kami
Previously we tried to wait longer upon errors on startup, but that did not fix the problem:
```
May 28 05:35:01.440 INFO monero_harness: Starting wallet: bob
May 28 05:35:04.350 INFO testcontainers::core::wait_for_message: Found message after comparing 16 lines
May 28 05:35:04.409 WARN monero_harness: Monero wallet RPC emitted error error sending request for url (http://127.0.0.1:49183/json_rpc): operation was canceled: connection closed before message completed - retrying to create wallet in 2 seconds...
May 28 05:35:06.413 WARN monero_harness: Monero wallet RPC emitted error error sending request for url (http://127.0.0.1:49183/json_rpc): operation was canceled: connection closed before message completed - retrying to create wallet in 2 seconds...
May 28 05:35:08.416 WARN monero_harness: Monero wallet RPC emitted error error sending request for url (http://127.0.0.1:49183/json_rpc): operation was canceled: connection closed before message completed - retrying to create wallet in 2 seconds...
May 28 05:35:10.420 WARN monero_harness: Monero wallet RPC emitted error error sending request for url (http://127.0.0.1:49183/json_rpc): operation was canceled: connection closed before message completed - retrying to create wallet in 2 seconds...
May 28 05:35:12.424 WARN monero_harness: Monero wallet RPC emitted error error sending request for url (http://127.0.0.1:49183/json_rpc): operation was canceled: connection closed before message completed - retrying to create wallet in 2 seconds...
thread 'alice_manually_redeems_after_enc_sig_learned' panicked at 'called `Result::unwrap()` on an `Err` value: All retry attempts for creating a wallet exhausted
```
Thus we now drop the container upon error and try to spin up a new one. If the container is not up within 5 minutes we timeout.
Co-authored-by: Daniel Karzel <daniel@comit.network>
Previously we tried to wait longer upon errors on startup, but that did not fix the problem:
```
May 28 05:35:01.440 INFO monero_harness: Starting wallet: bob
May 28 05:35:04.350 INFO testcontainers::core::wait_for_message: Found message after comparing 16 lines
May 28 05:35:04.409 WARN monero_harness: Monero wallet RPC emitted error error sending request for url (http://127.0.0.1:49183/json_rpc): operation was canceled: connection closed before message completed - retrying to create wallet in 2 seconds...
May 28 05:35:06.413 WARN monero_harness: Monero wallet RPC emitted error error sending request for url (http://127.0.0.1:49183/json_rpc): operation was canceled: connection closed before message completed - retrying to create wallet in 2 seconds...
May 28 05:35:08.416 WARN monero_harness: Monero wallet RPC emitted error error sending request for url (http://127.0.0.1:49183/json_rpc): operation was canceled: connection closed before message completed - retrying to create wallet in 2 seconds...
May 28 05:35:10.420 WARN monero_harness: Monero wallet RPC emitted error error sending request for url (http://127.0.0.1:49183/json_rpc): operation was canceled: connection closed before message completed - retrying to create wallet in 2 seconds...
May 28 05:35:12.424 WARN monero_harness: Monero wallet RPC emitted error error sending request for url (http://127.0.0.1:49183/json_rpc): operation was canceled: connection closed before message completed - retrying to create wallet in 2 seconds...
thread 'alice_manually_redeems_after_enc_sig_learned' panicked at 'called `Result::unwrap()` on an `Err` value: All retry attempts for creating a wallet exhausted
```
Thus we now drop the container upon error and try to spin up a new one. If the container is not up within 5 minutes we timeout.
581: Remove dead code r=thomaseizinger a=da-kami
583: Bump reqwest from 0.11.3 to 0.11.4 r=thomaseizinger a=dependabot[bot]
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.3 to 0.11.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/releases">reqwest's releases</a>.</em></p>
<blockquote>
<h2>v0.11.4</h2>
<ul>
<li>Add <code>ClientBuilder::resolve()</code> option to override DNS resolution for specific domains.</li>
<li>Add <code>native-tls-alpn</code> Cargo feature to use ALPN with the native-tls backend.</li>
<li>Add <code>ClientBuilder::deflate()</code> option and <code>deflate</code> Cargo feature to support decoding response bodies using deflate.</li>
<li>Add <code>RequestBuilder::version()</code> to allow setting the HTTP version of a request.</li>
<li>Fix allowing "invalid" certificates with the <code>rustls-tls</code> backend, when the server uses TLS v1.2 or v1.3.</li>
<li>(wasm) Add <code>try_clone</code> to <code>Request</code> and <code>RequestBuilder</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's changelog</a>.</em></p>
<blockquote>
<h2>v0.11.4</h2>
<ul>
<li>Add <code>ClientBuilder::resolve()</code> option to override DNS resolution for specific domains.</li>
<li>Add <code>native-tls-alpn</code> Cargo feature to use ALPN with the native-tls backend.</li>
<li>Add <code>ClientBuilder::deflate()</code> option and <code>deflate</code> Cargo feature to support decoding response bodies using deflate.</li>
<li>Add <code>RequestBuilder::version()</code> to allow setting the HTTP version of a request.</li>
<li>Fix allowing "invalid" certificates with the <code>rustls-tls</code> backend, when the server uses TLS v1.2 or v1.3.</li>
<li>(wasm) Add <code>try_clone</code> to <code>Request</code> and <code>RequestBuilder</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="f5fe17876a"><code>f5fe178</code></a> v0.11.4</li>
<li><a href="8e5af459e5"><code>8e5af45</code></a> Allow overriding of DNS resolution to specified IP addresses(<a href="https://github-redirect.dependabot.com/seanmonstar/reqwest/issues/561">#561</a>) (<a href="https://github-redirect.dependabot.com/seanmonstar/reqwest/issues/1277">#1277</a>)</li>
<li><a href="c4388fcff9"><code>c4388fc</code></a> WASM: Add <code>try_clone</code> implementations to <code>Request</code> and <code>RequestBuilder</code> (<a href="https://github-redirect.dependabot.com/seanmonstar/reqwest/issues/1286">#1286</a>)</li>
<li><a href="b48cb4a5aa"><code>b48cb4a</code></a> Add native-tls-alpn feature (<a href="https://github-redirect.dependabot.com/seanmonstar/reqwest/issues/1283">#1283</a>)</li>
<li><a href="bbeb1ede4e"><code>bbeb1ed</code></a> Bump ssri from 6.0.1 to 6.0.2 in /examples/wasm_github_fetch (<a href="https://github-redirect.dependabot.com/seanmonstar/reqwest/issues/1262">#1262</a>)</li>
<li><a href="841d47c6a2"><code>841d47c</code></a> Bump url-parse from 1.4.7 to 1.5.1 in /examples/wasm_github_fetch (<a href="https://github-redirect.dependabot.com/seanmonstar/reqwest/issues/1267">#1267</a>)</li>
<li><a href="33bc7939b4"><code>33bc793</code></a> Bump lodash from 4.17.19 to 4.17.21 in /examples/wasm_github_fetch (<a href="https://github-redirect.dependabot.com/seanmonstar/reqwest/issues/1269">#1269</a>)</li>
<li><a href="b0af278f78"><code>b0af278</code></a> Implement "default" functions of the trait to fix "insecure" mode (<a href="https://github-redirect.dependabot.com/seanmonstar/reqwest/issues/1259">#1259</a>)</li>
<li><a href="8d3e27966c"><code>8d3e279</code></a> use ZlibDecoder for deflate responses (<a href="https://github-redirect.dependabot.com/seanmonstar/reqwest/issues/1257">#1257</a>)</li>
<li><a href="b88f309339"><code>b88f309</code></a> Fix small typos in <code>Client</code> docs (<a href="https://github-redirect.dependabot.com/seanmonstar/reqwest/issues/1253">#1253</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/seanmonstar/reqwest/compare/v0.11.3...v0.11.4">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=reqwest&package-manager=cargo&previous-version=0.11.3&new-version=0.11.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Co-authored-by: Daniel Karzel <daniel@comit.network>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
573: Bump hyper from 0.14.8 to 0.14.9 r=thomaseizinger a=dependabot[bot]
Bumps [hyper](https://github.com/hyperium/hyper) from 0.14.8 to 0.14.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/hyperium/hyper/releases">hyper's releases</a>.</em></p>
<blockquote>
<h2>v0.14.9</h2>
<h2>Bug Fixes</h2>
<ul>
<li><strong>http1:</strong> reduce memory used with flatten write strategy (<a href="eb0c646395">eb0c6463</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/hyperium/hyper/blob/master/CHANGELOG.md">hyper's changelog</a>.</em></p>
<blockquote>
<h3>v0.14.9 (2021-06-07)</h3>
<h4>Bug Fixes</h4>
<ul>
<li><strong>http1:</strong> reduce memory used with flatten write strategy (<a href="eb0c646395">eb0c6463</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8b71a67413"><code>8b71a67</code></a> v0.14.9</li>
<li><a href="55d9a584b1"><code>55d9a58</code></a> refactor(http1): return Parse::Internal error if there's an illegal header na...</li>
<li><a href="6a6a24030e"><code>6a6a240</code></a> refactor(lib): Switch from pin-project to pin-project-lite (<a href="https://github-redirect.dependabot.com/hyperium/hyper/issues/2566">#2566</a>)</li>
<li><a href="0d82405a7b"><code>0d82405</code></a> refactor(http1): emit trace logs when buffering write data</li>
<li><a href="eb0c646395"><code>eb0c646</code></a> fix(http1): reduce memory used with flatten write strategy</li>
<li>See full diff in <a href="https://github.com/hyperium/hyper/compare/v0.14.8...v0.14.9">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=hyper&package-manager=cargo&previous-version=0.14.8&new-version=0.14.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
566: Bump rand_chacha from 0.3.0 to 0.3.1 r=thomaseizinger a=dependabot[bot]
Bumps [rand_chacha](https://github.com/rust-random/rand) from 0.3.0 to 0.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/rust-random/rand/blob/master/CHANGELOG.md">rand_chacha's changelog</a>.</em></p>
<blockquote>
<h2>[0.3.19] - 2017-12-27</h2>
<h3>Changed</h3>
<ul>
<li>Require <code>log <= 0.3.8</code> for dev builds</li>
<li>Update <code>fuchsia-zircon</code> dependency to 0.3</li>
<li>Fix broken links in docs (to unblock compiler docs testing CI)</li>
</ul>
<h2>[0.3.18] - 2017-11-06</h2>
<h3>Changed</h3>
<ul>
<li><code>thread_rng</code> is seeded from the system time if <code>OsRng</code> fails</li>
<li><code>weak_rng</code> now uses <code>thread_rng</code> internally</li>
</ul>
<h2>[0.3.17] - 2017-10-07</h2>
<h3>Changed</h3>
<ul>
<li>Fuchsia: Magenta was renamed Zircon</li>
</ul>
<h2>[0.3.16] - 2017-07-27</h2>
<h3>Added</h3>
<ul>
<li>Implement Debug for mote non-public types</li>
<li>implement <code>Rand</code> for (i|u)i128</li>
<li>Support for Fuchsia</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Add inline attribute to SampleRange::construct_range.
This improves the benchmark for sample in 11% and for shuffle in 16%.</li>
<li>Use <code>RtlGenRandom</code> instead of <code>CryptGenRandom</code></li>
</ul>
<h2>[0.3.15] - 2016-11-26</h2>
<h3>Added</h3>
<ul>
<li>Add <code>Rng</code> trait method <code>choose_mut</code></li>
<li>Redox support</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Use <code>arc4rand</code> for <code>OsRng</code> on FreeBSD.</li>
<li>Use <code>arc4random(3)</code> for <code>OsRng</code> on OpenBSD.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix filling buffers 4 GiB or larger with <code>OsRng::fill_bytes</code> on Windows</li>
</ul>
<h2>[0.3.14] - 2016-02-13</h2>
<h3>Fixed</h3>
<ul>
<li>Inline definitions from winapi/advapi32, which decreases build times</li>
</ul>
<h2>[0.3.13] - 2016-01-09</h2>
<h3>Fixed</h3>
<ul>
<li>Compatible with Rust 1.7.0-nightly (needed some extra type annotations)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="98a0339f99"><code>98a0339</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rust-random/rand/issues/1135">#1135</a> from dhardy/work</li>
<li><a href="a7f8fb72d7"><code>a7f8fb7</code></a> Prepare rand_chacha v0.3.1 release</li>
<li><a href="09d3df3119"><code>09d3df3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rust-random/rand/issues/1130">#1130</a> from dhardy/work</li>
<li><a href="d167dd25d2"><code>d167dd2</code></a> Deprecate ReadRng</li>
<li><a href="e3bc4a1357"><code>e3bc4a1</code></a> Do not impl serde for ReadRng or ReseedingRng</li>
<li><a href="66b163632e"><code>66b1636</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rust-random/rand/issues/1132">#1132</a> from rust-random/readme-wasm-note</li>
<li><a href="d9c6a76048"><code>d9c6a76</code></a> README: add note regarding wasm32-unknown-unknown</li>
<li><a href="4726d328d6"><code>4726d32</code></a> Update minimum version of packed_simd_2</li>
<li><a href="f6bbfcfa89"><code>f6bbfcf</code></a> serde for BlockRng, ReseedingRng and ReadRng</li>
<li><a href="2732f2d6a8"><code>2732f2d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rust-random/rand/issues/1116">#1116</a> from vks/criterion</li>
<li>Additional commits viewable in <a href="https://github.com/rust-random/rand/compare/rand_chacha-0.3.0...rand_chacha-0.3.1">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rand_chacha&package-manager=cargo&previous-version=0.3.0&new-version=0.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
568: Bump bdk from 0.7.0 to 0.8.0 r=thomaseizinger a=dependabot[bot]
Bumps [bdk](https://github.com/bitcoindevkit/bdk) from 0.7.0 to 0.8.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/bitcoindevkit/bdk/blob/master/CHANGELOG.md">bdk's changelog</a>.</em></p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="33b45ebe82"><code>33b45eb</code></a> Bump version to 0.8.0</li>
<li><a href="2faed425ed"><code>2faed42</code></a> Update CHANGELOG</li>
<li><a href="2cc05c07a5"><code>2cc05c0</code></a> Bump version in <code>src/lib.rs</code></li>
<li><a href="9205295332"><code>9205295</code></a> Merge commit 'refs/pull/365/head' of github.com:bitcoindevkit/bdk into releas...</li>
<li><a href="3b446c9e14"><code>3b446c9</code></a> Use no_run instead of ignore</li>
<li><a href="378167efca"><code>378167e</code></a> Remove explicit <code>feature(external_doc)</code></li>
<li><a href="224be27aa8"><code>224be27</code></a> Fix example/doctests format</li>
<li><a href="4a23070cc8"><code>4a23070</code></a> [ci] Check fmt for examples/doctests</li>
<li><a href="f8117c0f9f"><code>f8117c0</code></a> Bump version to 0.8.0-rc.1</li>
<li><a href="0ec064ef13"><code>0ec064e</code></a> Use AddressInfo in private methods</li>
<li>Additional commits viewable in <a href="https://github.com/bitcoindevkit/bdk/compare/v0.7.0...v0.8.0">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=bdk&package-manager=cargo&previous-version=0.7.0&new-version=0.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
577: Don't depend on `core::fmt` through `bitcoin_hashes` re-export r=thomaseizinger a=thomaseizinger
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>