diff --git a/Cargo.lock b/Cargo.lock
index cd8805859ac88..df42e798b7144 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3824,9 +3824,9 @@ dependencies = [
 
 [[package]]
 name = "kube"
-version = "0.70.0"
+version = "0.72.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4dcc72fdf0c491160a34d4a1bfb03f96da8a5054288d61c816d514b5c2fa49ea"
+checksum = "977951a1d7dbce4c6f9c2cbed0711f568df9944010fafa88161a20f7e5163bd3"
 dependencies = [
  "k8s-openapi",
  "kube-client",
@@ -3836,9 +3836,9 @@ dependencies = [
 
 [[package]]
 name = "kube-client"
-version = "0.70.0"
+version = "0.72.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "94b01c722d55ffedec74cbc259b4508d8a59bf19540006ec87618f76ab156579"
+checksum = "625e8a89c79dd4e590217838f32274ccbb0f4ecc1db181f84aba3df635fca729"
 dependencies = [
  "base64 0.13.0",
  "bytes 1.1.0",
@@ -3872,9 +3872,9 @@ dependencies = [
 
 [[package]]
 name = "kube-core"
-version = "0.70.0"
+version = "0.72.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7dd9e3535777edd122cc26fe3fe6357066b33eff63d8b919862edbe7a956a679"
+checksum = "0491dcd9adca79a96c63404aa978137f5fe1d3db5dcb6e5c0b073f915dbdd49d"
 dependencies = [
  "chrono",
  "form_urlencoded",
@@ -3889,9 +3889,9 @@ dependencies = [
 
 [[package]]
 name = "kube-runtime"
-version = "0.70.0"
+version = "0.72.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "816c8c086f8bbcf9a4db0b7a68db90b784ef6292a57de35c64cccb90d5edfbe5"
+checksum = "bb67002cbacd6cd99d1b1d0890785a84b6408158972f2561317bc4cdc06c981e"
 dependencies = [
  "ahash",
  "backoff",
@@ -7957,9 +7957,9 @@ dependencies = [
 
 [[package]]
 name = "tower-http"
-version = "0.2.4"
+version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90c125fdea84614a4368fd35786b51d0682ab8d42705e061e92f0b955dea40fb"
+checksum = "7d342c6d58709c0a6d48d48dabbb62d4ef955cf5f0f3bbfd845838e7ae88dbae"
 dependencies = [
  "base64 0.13.0",
  "bitflags",
diff --git a/Cargo.toml b/Cargo.toml
index 8981837bde707..4f54bbd7d274b 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -238,7 +238,7 @@ infer = { version = "0.7.0", default-features = false, optional = true}
 indoc = { version = "1.0.4", default-features = false }
 inventory = { version = "0.1.10", default-features = false }
 k8s-openapi = { version = "0.14.0", default-features = false, features = ["api", "v1_16"], optional = true }
-kube = { version = "0.70.0", default-features = false, features = ["client", "native-tls", "runtime"], optional = true }
+kube = { version = "0.72.0", default-features = false, features = ["client", "native-tls", "runtime"], optional = true }
 listenfd = { version = "0.5.0", default-features = false, optional = true }
 logfmt = { version = "0.0.2", default-features = false, optional = true }
 lru = { version = "0.7.5", default-features = false, optional = true }
diff --git a/vendor/kube-client/.cargo-checksum.json b/vendor/kube-client/.cargo-checksum.json
index 47af97de83eb1..f3a0aa4d3cefc 100644
--- a/vendor/kube-client/.cargo-checksum.json
+++ b/vendor/kube-client/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"Cargo.toml":"bccd1a87a88b6bac9bd3cb074eae802e3f53d5601812ed5dac50eecdce23059f","README.md":"64461d106b16b7c13f1c646813ed55a6501bd02062d3e88385642af6f8ed96e4","src/api/core_methods.rs":"13cb918209159b193635b7a230e48b876d257dc95d9e6773f1950c3e42b2429a","src/api/entry.rs":"c1bb3454975eac9a982587a62002b133747a2a55c2e75847cb53f056131b4ea2","src/api/mod.rs":"7594e94e06c5a6fab1fc491da116d477b1168567ba3778289afabdc369d31d18","src/api/portforward.rs":"36e43a130f7258dc1b87adf5331c5be0fb855302a6ccb27df730716dc634e580","src/api/remote_command.rs":"ccd308f60976d11cb0bd24fdac663de4e4b220c2e3435d8d5578cf6d5721d8f4","src/api/subresource.rs":"16a9c6c8a29a810b4e312ce143c368cffec254c7408a6b885179e4e55e8b93a0","src/api/util/csr.rs":"7c220fe59b2397f2bd10bcc2ab098072b15737228baedb8abcfa65c8e435aa3d","src/api/util/mod.rs":"8bb8aade37e9b68c835a83eff399bbb619bc44641140c50c32565f14257d3086","src/client/auth/mod.rs":"28ada7d2cf13ea991a74abb04616a3c19be1cd67fd890613a10bc680e51b2ee6","src/client/auth/oauth.rs":"cdc6c58d5c0c141eb786db6b7f35a1c250b28820c29330417bd7175a6f39aa93","src/client/body.rs":"0b1488596c30a699f7afe1ebbc705178f61a6e6bdbc7bcd1f6111857c1fe2f62","src/client/config_ext.rs":"22923ebe9c7ec00a7289fd96a76bfd7b982a7ab65779f0f678fb96159438a5f9","src/client/middleware/base_uri.rs":"3b50e8e119b9ae8bbdd21e57331922e5fd067a95d0f74299665008eccde1f1c7","src/client/middleware/extra_headers.rs":"956711fcf36dd0ee5dc0be9dc740f463760051370cab3226d75a1cd42804b78f","src/client/middleware/mod.rs":"ecef232d946a2365dc383006acc6b7fcb7d658914e9bb9cfef35a0b7d873dcc3","src/client/mod.rs":"57fe8619ace507b30fa9a8d431fc1d89767b66de12c1dee068960d48790d4721","src/client/tls.rs":"5d4d870dc7fb115f668d9346eabc7e59fc6c058bb7848a688942b49430afc8e6","src/client/upgrade.rs":"4a29a94ace955d3841b42b15ebb70c38a1dcc5631b9fc7f994c2dc5093ffccfd","src/config/file_config.rs":"002a63ba9ed94a9cd17d756b9e69732f3e0ab63a58b8c7c8f500748f29c352fa","src/config/file_loader.rs":"fce1cbc13421c3742447ae3efb61b47a62e5e4da70e9dd286970fa9b3f8cb6e8","src/config/incluster_config.rs":"3438c25e841032b78b268a5bef37084466c15f3030cc01d9a0bccd1e4923666a","src/config/mod.rs":"36298beacee4c4b9aaa24446f971dbf4cb3c7c03f5c0fdae13370f6a48a7fe41","src/discovery/apigroup.rs":"7014dacc44d30de6817ef20d91ab0516ada5c7d1c1fab167d986750a2430040c","src/discovery/mod.rs":"439d2958c67029ac5ea61193dfc8572f41aaed3b325833ea6cc4f74f2c585aa1","src/discovery/oneshot.rs":"e4b8812acbed969b4389847b964c17d18926486e05a3e76f7fedbe6a83703573","src/discovery/parse.rs":"972287ffff2d7d9a3343e2d244e5f2ca10168807111da7af0cf410470dc0a085","src/error.rs":"8a2ba71c15d724aa473649995f7c47c3fe548e1fd19b8f41768295abd78a5f3c","src/lib.rs":"4a289497d46b64338046e705c866e82ec2127a53cfa6bfc6f7bd087b7ab068b5"},"package":"94b01c722d55ffedec74cbc259b4508d8a59bf19540006ec87618f76ab156579"}
\ No newline at end of file
+{"files":{"Cargo.toml":"168d20503b3d0417fad36dd4e645b9b555808b4f6edd79137747122593ac9f2c","README.md":"64461d106b16b7c13f1c646813ed55a6501bd02062d3e88385642af6f8ed96e4","src/api/core_methods.rs":"13cb918209159b193635b7a230e48b876d257dc95d9e6773f1950c3e42b2429a","src/api/entry.rs":"c1bb3454975eac9a982587a62002b133747a2a55c2e75847cb53f056131b4ea2","src/api/mod.rs":"7594e94e06c5a6fab1fc491da116d477b1168567ba3778289afabdc369d31d18","src/api/portforward.rs":"617569d6c441ee9a6ec4080cac4371a8e6a34fa21ec35347db783b68e9db54d6","src/api/remote_command.rs":"4bed56f240224d3aff309fe669f253a3219165717a3fc97a0d55b13362d2f6a2","src/api/subresource.rs":"16a9c6c8a29a810b4e312ce143c368cffec254c7408a6b885179e4e55e8b93a0","src/api/util/csr.rs":"7c220fe59b2397f2bd10bcc2ab098072b15737228baedb8abcfa65c8e435aa3d","src/api/util/mod.rs":"8bb8aade37e9b68c835a83eff399bbb619bc44641140c50c32565f14257d3086","src/client/auth/mod.rs":"28ada7d2cf13ea991a74abb04616a3c19be1cd67fd890613a10bc680e51b2ee6","src/client/auth/oauth.rs":"cdc6c58d5c0c141eb786db6b7f35a1c250b28820c29330417bd7175a6f39aa93","src/client/body.rs":"0b1488596c30a699f7afe1ebbc705178f61a6e6bdbc7bcd1f6111857c1fe2f62","src/client/builder.rs":"3c9988718a118fc7cd781ef1d661335c7b4db7df9239c9c0d987db7f152031e7","src/client/config_ext.rs":"22923ebe9c7ec00a7289fd96a76bfd7b982a7ab65779f0f678fb96159438a5f9","src/client/middleware/base_uri.rs":"3b50e8e119b9ae8bbdd21e57331922e5fd067a95d0f74299665008eccde1f1c7","src/client/middleware/extra_headers.rs":"956711fcf36dd0ee5dc0be9dc740f463760051370cab3226d75a1cd42804b78f","src/client/middleware/mod.rs":"ecef232d946a2365dc383006acc6b7fcb7d658914e9bb9cfef35a0b7d873dcc3","src/client/mod.rs":"8da573bb41334711f62532f638075272d66c958a55583c1bd16cf433b95e7a6f","src/client/tls.rs":"5d4d870dc7fb115f668d9346eabc7e59fc6c058bb7848a688942b49430afc8e6","src/client/upgrade.rs":"4a29a94ace955d3841b42b15ebb70c38a1dcc5631b9fc7f994c2dc5093ffccfd","src/config/file_config.rs":"002a63ba9ed94a9cd17d756b9e69732f3e0ab63a58b8c7c8f500748f29c352fa","src/config/file_loader.rs":"964bfa370427c6b8013941a8d77eee2048910b2ba634dc58c838a8f4704a617b","src/config/incluster_config.rs":"ace6378286986e18c005d5b20ad0b5e0c9c2fdb28383b836f8de52fff10ff597","src/config/mod.rs":"08fba1f28f39eb79348d93ecf352791e5acc92fa42e020ee2558bdf9895ff7e6","src/discovery/apigroup.rs":"7014dacc44d30de6817ef20d91ab0516ada5c7d1c1fab167d986750a2430040c","src/discovery/mod.rs":"439d2958c67029ac5ea61193dfc8572f41aaed3b325833ea6cc4f74f2c585aa1","src/discovery/oneshot.rs":"e4b8812acbed969b4389847b964c17d18926486e05a3e76f7fedbe6a83703573","src/discovery/parse.rs":"972287ffff2d7d9a3343e2d244e5f2ca10168807111da7af0cf410470dc0a085","src/error.rs":"e53e9e69fdaffc6cf4a5a5c3c03e678002dd3e1fa0d5f114d37823637818f962","src/lib.rs":"ce4c812f23ee0ac75d79296ae9cdedab73ab9fc69bb58e108486336e018efff7"},"package":"625e8a89c79dd4e590217838f32274ccbb0f4ecc1db181f84aba3df635fca729"}
\ No newline at end of file
diff --git a/vendor/kube-client/Cargo.toml b/vendor/kube-client/Cargo.toml
index 5b6136f3d2d8c..74c8b1be2bf86 100644
--- a/vendor/kube-client/Cargo.toml
+++ b/vendor/kube-client/Cargo.toml
@@ -13,17 +13,39 @@
 edition = "2021"
 rust-version = "1.56"
 name = "kube-client"
-version = "0.70.0"
-authors = ["clux <sszynrae@gmail.com>", "Teo Klestrup Röijezon <teo@nullable.se>", "kazk <kazk.dev@gmail.com>"]
+version = "0.72.0"
+authors = [
+    "clux <sszynrae@gmail.com>",
+    "Teo Klestrup Röijezon <teo@nullable.se>",
+    "kazk <kazk.dev@gmail.com>",
+]
 description = "Kubernetes client"
 readme = "../README.md"
-keywords = ["kubernetes", "client"]
+keywords = [
+    "kubernetes",
+    "client",
+]
 categories = ["web-programming::http-client"]
 license = "Apache-2.0"
 repository = "https://github.com/kube-rs/kube-rs"
+
 [package.metadata.docs.rs]
-features = ["client", "native-tls", "rustls-tls", "openssl-tls", "ws", "oauth", "jsonpatch", "admission", "k8s-openapi/v1_22"]
-rustdoc-args = ["--cfg", "docsrs"]
+features = [
+    "client",
+    "native-tls",
+    "rustls-tls",
+    "openssl-tls",
+    "ws",
+    "oauth",
+    "jsonpatch",
+    "admission",
+    "k8s-openapi/v1_23",
+]
+rustdoc-args = [
+    "--cfg",
+    "docsrs",
+]
+
 [dependencies.base64]
 version = "0.13.0"
 optional = true
@@ -59,7 +81,12 @@ optional = true
 
 [dependencies.hyper]
 version = "0.14.13"
-features = ["client", "http1", "stream", "tcp"]
+features = [
+    "client",
+    "http1",
+    "stream",
+    "tcp",
+]
 optional = true
 
 [dependencies.hyper-openssl]
@@ -88,7 +115,7 @@ features = []
 default-features = false
 
 [dependencies.kube-core]
-version = "^0.70.0"
+version = "=0.72.0"
 
 [dependencies.openssl]
 version = "0.10.36"
@@ -112,12 +139,15 @@ features = ["dangerous_configuration"]
 optional = true
 
 [dependencies.rustls-pemfile]
-version = "0.3.0"
+version = "1.0.0"
 optional = true
 
 [dependencies.secrecy]
 version = "0.8.0"
-features = ["alloc", "serde"]
+features = [
+    "alloc",
+    "serde",
+]
 
 [dependencies.serde]
 version = "1.0.130"
@@ -140,7 +170,11 @@ version = "1.0.29"
 
 [dependencies.tokio]
 version = "1.14.0"
-features = ["time", "signal", "sync"]
+features = [
+    "time",
+    "signal",
+    "sync",
+]
 optional = true
 
 [dependencies.tokio-native-tls]
@@ -153,31 +187,47 @@ optional = true
 
 [dependencies.tokio-util]
 version = "0.7.0"
-features = ["io", "codec"]
+features = [
+    "io",
+    "codec",
+]
 optional = true
 
 [dependencies.tower]
 version = "0.4.6"
-features = ["buffer", "filter", "util"]
+features = [
+    "buffer",
+    "filter",
+    "util",
+]
 optional = true
 
 [dependencies.tower-http]
-version = "0.2.0"
-features = ["auth", "map-response-body", "trace"]
+version = "0.3.2"
+features = [
+    "auth",
+    "map-response-body",
+    "trace",
+]
 optional = true
 
 [dependencies.tracing]
 version = "0.1.29"
 features = ["log"]
 optional = true
+
 [dev-dependencies.k8s-openapi]
 version = "0.14.0"
-features = ["v1_22"]
+features = ["v1_23"]
 default-features = false
 
 [dev-dependencies.kube]
 version = "<1.0.0, >=0.61.0"
-features = ["derive", "client", "ws"]
+features = [
+    "derive",
+    "client",
+    "ws",
+]
 
 [dev-dependencies.schemars]
 version = "0.8.6"
@@ -196,16 +246,64 @@ version = "0.4.0"
 version = "0.4.0"
 
 [features]
-__non_core = ["tracing", "serde_yaml", "base64"]
+__non_core = [
+    "tracing",
+    "serde_yaml",
+    "base64",
+]
 admission = ["kube-core/admission"]
-client = ["config", "__non_core", "hyper", "http-body", "tower", "tower-http", "hyper-timeout", "pin-project", "chrono", "jsonpath_lib", "bytes", "futures", "tokio", "tokio-util", "either"]
-config = ["__non_core", "pem", "dirs"]
-default = ["client", "native-tls"]
-deprecated-crd-v1beta1 = ["kube-core/deprecated-crd-v1beta1"]
-gzip = ["client", "tower-http/decompression-gzip"]
+client = [
+    "config",
+    "__non_core",
+    "hyper",
+    "http-body",
+    "tower",
+    "tower-http",
+    "hyper-timeout",
+    "pin-project",
+    "chrono",
+    "jsonpath_lib",
+    "bytes",
+    "futures",
+    "tokio",
+    "tokio-util",
+    "either",
+]
+config = [
+    "__non_core",
+    "pem",
+    "dirs",
+]
+default = [
+    "client",
+    "openssl-tls",
+]
+gzip = [
+    "client",
+    "tower-http/decompression-gzip",
+]
 jsonpatch = ["kube-core/jsonpatch"]
-native-tls = ["openssl", "hyper-tls", "tokio-native-tls"]
-oauth = ["client", "tame-oauth"]
-openssl-tls = ["openssl", "hyper-openssl"]
-rustls-tls = ["rustls", "rustls-pemfile", "hyper-rustls"]
-ws = ["client", "tokio-tungstenite", "rand", "kube-core/ws"]
+native-tls = [
+    "openssl",
+    "hyper-tls",
+    "tokio-native-tls",
+]
+oauth = [
+    "client",
+    "tame-oauth",
+]
+openssl-tls = [
+    "openssl",
+    "hyper-openssl",
+]
+rustls-tls = [
+    "rustls",
+    "rustls-pemfile",
+    "hyper-rustls",
+]
+ws = [
+    "client",
+    "tokio-tungstenite",
+    "rand",
+    "kube-core/ws",
+]
diff --git a/vendor/kube-client/src/api/portforward.rs b/vendor/kube-client/src/api/portforward.rs
index 901b062718104..6dee12b4cba0a 100644
--- a/vendor/kube-client/src/api/portforward.rs
+++ b/vendor/kube-client/src/api/portforward.rs
@@ -1,9 +1,4 @@
-use std::{
-    future::Future,
-    pin::Pin,
-    sync::{Arc, Mutex},
-    task::{Context, Poll, Waker},
-};
+use std::{collections::HashMap, future::Future};
 
 use bytes::{Buf, Bytes};
 use futures::{
@@ -62,6 +57,9 @@ pub enum Error {
     /// Failed to receive a WebSocket message from the server.
     #[error("failed to receive a WebSocket message: {0}")]
     ReceiveWebSocketMessage(#[source] ws::Error),
+
+    #[error("failed to complete the background task: {0}")]
+    Spawn(#[source] tokio::task::JoinError),
 }
 
 type ErrorReceiver = oneshot::Receiver<String>;
@@ -73,18 +71,15 @@ enum Message {
     ToPod(u8, Bytes),
 }
 
-struct PortforwarderState {
-    waker: Option<Waker>,
-    result: Option<Result<(), Error>>,
-}
-
-// Provides `AsyncRead + AsyncWrite` for each port and **does not** bind to local ports.
-// Error channel for each port is only written by the server when there's an exception and
-// the port cannot be used (didn't initialize or can't be used anymore).
-/// Manage port forwarding.
+/// Manages port-forwarded streams.
+///
+/// Provides `AsyncRead + AsyncWrite` for each port and **does not** bind to local ports.  Error
+/// channel for each port is only written by the server when there's an exception and
+/// the port cannot be used (didn't initialize or can't be used anymore).
 pub struct Portforwarder {
-    ports: Vec<Port>,
-    state: Arc<Mutex<PortforwarderState>>,
+    ports: HashMap<u16, DuplexStream>,
+    errors: HashMap<u16, ErrorReceiver>,
+    task: tokio::task::JoinHandle<Result<(), Error>>,
 }
 
 impl Portforwarder {
@@ -92,90 +87,59 @@ impl Portforwarder {
     where
         S: AsyncRead + AsyncWrite + Unpin + Sized + Send + 'static,
     {
-        let mut ports = Vec::new();
-        let mut errors = Vec::new();
-        let mut duplexes = Vec::new();
-        for _ in port_nums.iter() {
+        let mut ports = HashMap::with_capacity(port_nums.len());
+        let mut error_rxs = HashMap::with_capacity(port_nums.len());
+        let mut error_txs = Vec::with_capacity(port_nums.len());
+        let mut task_ios = Vec::with_capacity(port_nums.len());
+        for port in port_nums.iter() {
             let (a, b) = tokio::io::duplex(1024 * 1024);
-            let (tx, rx) = oneshot::channel();
-            ports.push(Port::new(a, rx));
-            errors.push(Some(tx));
-            duplexes.push(b);
-        }
-
-        let state = Arc::new(Mutex::new(PortforwarderState {
-            waker: None,
-            result: None,
-        }));
-        let shared_state = state.clone();
-        let port_nums = port_nums.to_owned();
-        tokio::spawn(async move {
-            let result = start_message_loop(stream, port_nums, duplexes, errors).await;
-
-            let mut shared = shared_state.lock().unwrap();
-            shared.result = Some(result);
-            if let Some(waker) = shared.waker.take() {
-                waker.wake()
-            }
-        });
-        Portforwarder { ports, state }
-    }
+            ports.insert(*port, a);
+            task_ios.push(b);
 
-    /// Get streams for forwarded ports.
-    pub fn ports(&mut self) -> &mut [Port] {
-        self.ports.as_mut_slice()
-    }
-}
-
-impl Future for Portforwarder {
-    type Output = Result<(), Error>;
-
-    fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
-        let mut state = self.state.lock().unwrap();
-        if let Some(result) = state.result.take() {
-            return Poll::Ready(result);
-        }
-
-        if let Some(waker) = &state.waker {
-            if waker.will_wake(cx.waker()) {
-                return Poll::Pending;
-            }
+            let (tx, rx) = oneshot::channel();
+            error_rxs.insert(*port, rx);
+            error_txs.push(Some(tx));
         }
-
-        state.waker = Some(cx.waker().clone());
-        Poll::Pending
-    }
-}
-
-pub struct Port {
-    // Data pipe.
-    stream: Option<DuplexStream>,
-    // Error channel.
-    error: Option<ErrorReceiver>,
-}
-
-impl Port {
-    pub(crate) fn new(stream: DuplexStream, error: ErrorReceiver) -> Self {
-        Port {
-            stream: Some(stream),
-            error: Some(error),
+        let task = tokio::spawn(start_message_loop(
+            stream,
+            port_nums.to_vec(),
+            task_ios,
+            error_txs,
+        ));
+
+        Portforwarder {
+            ports,
+            errors: error_rxs,
+            task,
         }
     }
 
-    /// Data pipe for sending to and receiving from the forwarded port.
+    /// Take a port stream by the port on the target resource.
     ///
-    /// This returns a `Some` on the first call, then a `None` on every subsequent call
-    pub fn stream(&mut self) -> Option<impl AsyncRead + AsyncWrite + Unpin> {
-        self.stream.take()
+    /// A value is returned at most once per port.
+    #[inline]
+    pub fn take_stream(&mut self, port: u16) -> Option<impl AsyncRead + AsyncWrite + Unpin> {
+        self.ports.remove(&port)
     }
 
-    /// Future that resolves with any error message or when the error sender is dropped.
+    /// Take a future that resolves with any error message or when the error sender is dropped.
     /// When the future resolves, the port should be considered no longer usable.
     ///
-    /// This returns a `Some` on the first call, then a `None` on every subsequent call
-    pub fn error(&mut self) -> Option<impl Future<Output = Option<String>>> {
-        // Ignore Cancellation error.
-        self.error.take().map(|recv| recv.map(|res| res.ok()))
+    /// A value is returned at most once per port.
+    #[inline]
+    pub fn take_error(&mut self, port: u16) -> Option<impl Future<Output = Option<String>>> {
+        self.errors.remove(&port).map(|recv| recv.map(|res| res.ok()))
+    }
+
+    /// Abort the background task, causing port forwards to fail.
+    #[inline]
+    pub fn abort(&self) {
+        self.task.abort();
+    }
+
+    /// Waits for port forwarding task to complete.
+    pub async fn join(self) -> Result<(), Error> {
+        self.task.await.unwrap_or_else(|e| Err(Error::Spawn(e)))
     }
 }
 
diff --git a/vendor/kube-client/src/api/remote_command.rs b/vendor/kube-client/src/api/remote_command.rs
index fa689e496a8aa..26b1be8c1fc7e 100644
--- a/vendor/kube-client/src/api/remote_command.rs
+++ b/vendor/kube-client/src/api/remote_command.rs
@@ -1,50 +1,84 @@
-use std::{
-    future::Future,
-    pin::Pin,
-    sync::{Arc, Mutex},
-    task::{Context, Poll, Waker},
-};
+use std::future::Future;
 
 use k8s_openapi::apimachinery::pkg::apis::meta::v1::Status;
 
 use futures::{
+    channel::oneshot,
     future::{
         select,
         Either::{Left, Right},
     },
-    SinkExt, StreamExt,
+    FutureExt, SinkExt, StreamExt,
 };
+use thiserror::Error;
 use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt, DuplexStream};
 use tokio_tungstenite::{tungstenite as ws, WebSocketStream};
 
 use super::AttachParams;
 
-// Internal state of an attached process
-struct AttachedProcessState {
-    waker: Option<Waker>,
-    finished: bool,
-    status: Option<Status>,
-    stdin_writer: Option<DuplexStream>,
-    stdout_reader: Option<DuplexStream>,
-    stderr_reader: Option<DuplexStream>,
+type StatusReceiver = oneshot::Receiver<Status>;
+type StatusSender = oneshot::Sender<Status>;
+
+/// Errors from attaching to a pod.
+#[derive(Debug, Error)]
+pub enum Error {
+    /// Failed to read from stdin
+    #[error("failed to read from stdin: {0}")]
+    ReadStdin(#[source] std::io::Error),
+
+    /// Failed to send stdin data to the pod
+    #[error("failed to send a stdin data: {0}")]
+    SendStdin(#[source] ws::Error),
+
+    /// Failed to write to stdout
+    #[error("failed to write to stdout: {0}")]
+    WriteStdout(#[source] std::io::Error),
+
+    /// Failed to write to stderr
+    #[error("failed to write to stderr: {0}")]
+    WriteStderr(#[source] std::io::Error),
+
+    /// Failed to receive a WebSocket message from the server.
+    #[error("failed to receive a WebSocket message: {0}")]
+    ReceiveWebSocketMessage(#[source] ws::Error),
+
+    // Failed to complete the background task
+    #[error("failed to complete the background task: {0}")]
+    Spawn(#[source] tokio::task::JoinError),
+
+    /// Failed to send close message.
+    #[error("failed to send a WebSocket close message: {0}")]
+    SendClose(#[source] ws::Error),
+
+    /// Failed to deserialize status object
+    #[error("failed to deserialize status object: {0}")]
+    DeserializeStatus(#[source] serde_json::Error),
+
+    /// Failed to send status object
+    #[error("failed to send status object")]
+    SendStatus,
 }
 
 const MAX_BUF_SIZE: usize = 1024;
 
 /// Represents an attached process in a container for [`attach`] and [`exec`].
 ///
-/// Resolves when the connection terminates with an optional [`Status`].
 /// Provides access to `stdin`, `stdout`, and `stderr` if attached.
 ///
+/// Use [`AttachedProcess::join`] to wait for the process to terminate.
+///
 /// [`attach`]: crate::Api::attach
 /// [`exec`]: crate::Api::exec
-/// [`Status`]: k8s_openapi::apimachinery::pkg::apis::meta::v1::Status
 #[cfg_attr(docsrs, doc(cfg(feature = "ws")))]
 pub struct AttachedProcess {
     has_stdin: bool,
     has_stdout: bool,
     has_stderr: bool,
-    state: Arc<Mutex<AttachedProcessState>>,
+    stdin_writer: Option<DuplexStream>,
+    stdout_reader: Option<DuplexStream>,
+    stderr_reader: Option<DuplexStream>,
+    status_rx: Option<StatusReceiver>,
+    task: tokio::task::JoinHandle<Result<(), Error>>,
 }
 
 impl AttachedProcess {
@@ -67,32 +101,25 @@ impl AttachedProcess {
         } else {
             (None, None)
         };
+        let (status_tx, status_rx) = oneshot::channel();
 
-        let state = Arc::new(Mutex::new(AttachedProcessState {
-            waker: None,
-            finished: false,
-            status: None,
-            stdin_writer: Some(stdin_writer),
-            stdout_reader,
-            stderr_reader,
-        }));
-        let shared_state = state.clone();
-        tokio::spawn(async move {
-            let status = start_message_loop(stream, stdin_reader, stdout_writer, stderr_writer).await;
-
-            let mut shared = shared_state.lock().unwrap();
-            shared.finished = true;
-            shared.status = status;
-            if let Some(waker) = shared.waker.take() {
-                waker.wake()
-            }
-        });
+        let task = tokio::spawn(start_message_loop(
+            stream,
+            stdin_reader,
+            stdout_writer,
+            stderr_writer,
+            status_tx,
+        ));
 
         AttachedProcess {
             has_stdin: ap.stdin,
             has_stdout: ap.stdout,
             has_stderr: ap.stderr,
-            state,
+            task,
+            stdin_writer: Some(stdin_writer),
+            stdout_reader,
+            stderr_reader,
+            status_rx: Some(status_rx),
         }
     }
 
@@ -106,9 +133,7 @@ impl AttachedProcess {
         if !self.has_stdin {
             return None;
         }
-
-        let mut state = self.state.lock().unwrap();
-        state.stdin_writer.take()
+        self.stdin_writer.take()
     }
 
     /// Async reader for stdout outputs.
@@ -121,8 +146,7 @@ impl AttachedProcess {
         if !self.has_stdout {
             return None;
         }
-        let mut state = self.state.lock().unwrap();
-        state.stdout_reader.take()
+        self.stdout_reader.take()
     }
 
     /// Async reader for stderr outputs.
@@ -135,30 +159,25 @@ impl AttachedProcess {
         if !self.has_stderr {
             return None;
         }
-
-        let mut state = self.state.lock().unwrap();
-        state.stderr_reader.take()
+        self.stderr_reader.take()
     }
-}
 
-impl Future for AttachedProcess {
-    type Output = Option<Status>;
+    /// Abort the background task, causing remote command to fail.
+    #[inline]
+    pub fn abort(&self) {
+        self.task.abort();
+    }
 
-    fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
-        let mut state = self.state.lock().unwrap();
-        if state.finished {
-            Poll::Ready(state.status.take())
-        } else {
-            // Update waker if necessary
-            if let Some(waker) = &state.waker {
-                if waker.will_wake(cx.waker()) {
-                    return Poll::Pending;
-                }
-            }
+    /// Waits for the remote command task to complete.
+    pub async fn join(self) -> Result<(), Error> {
+        self.task.await.unwrap_or_else(|e| Err(Error::Spawn(e)))
+    }
 
-            state.waker = Some(cx.waker().clone());
-            Poll::Pending
-        }
+    /// Take a future that resolves with any status object or when the sender is dropped.
+    ///
+    /// Returns `None` if called more than once.
+    pub fn take_status(&mut self) -> Option<impl Future<Output = Option<Status>>> {
+        self.status_rx.take().map(|recv| recv.map(|res| res.ok()))
     }
 }
 
@@ -174,7 +193,8 @@ async fn start_message_loop<S>(
     stdin: impl AsyncRead + Unpin,
     mut stdout: Option<impl AsyncWrite + Unpin>,
     mut stderr: Option<impl AsyncWrite + Unpin>,
-) -> Option<Status>
+    status_tx: StatusSender,
+) -> Result<(), Error>
 where
     S: AsyncRead + AsyncWrite + Unpin + Sized + Send + 'static,
 {
@@ -184,7 +204,6 @@ where
     let mut server_recv = raw_server_recv.filter_map(filter_message).boxed();
     let mut server_msg = server_recv.next();
     let mut next_stdin = stdin_stream.next();
-    let mut status: Option<Status> = None;
 
     loop {
         match select(server_msg, next_stdin).await {
@@ -193,31 +212,25 @@ where
                 match message {
                     Ok(Message::Stdout(bin)) => {
                         if let Some(stdout) = stdout.as_mut() {
-                            stdout
-                                .write_all(&bin[1..])
-                                .await
-                                .expect("stdout pipe is writable");
+                            stdout.write_all(&bin[1..]).await.map_err(Error::WriteStdout)?;
                         }
                     }
 
                     Ok(Message::Stderr(bin)) => {
                         if let Some(stderr) = stderr.as_mut() {
-                            stderr
-                                .write_all(&bin[1..])
-                                .await
-                                .expect("stderr pipe is writable");
+                            stderr.write_all(&bin[1..]).await.map_err(Error::WriteStderr)?;
                         }
                     }
 
                     Ok(Message::Status(bin)) => {
-                        if let Ok(s) = serde_json::from_slice::<Status>(&bin[1..]) {
-                            status = Some(s);
-                        }
+                        let status =
+                            serde_json::from_slice::<Status>(&bin[1..]).map_err(Error::DeserializeStatus)?;
+                        status_tx.send(status).map_err(|_| Error::SendStatus)?;
+                        break;
                     }
 
-                    // Fatal error
                     Err(err) => {
-                        panic!("AttachedProcess: fatal WebSocket error: {:?}", err);
+                        return Err(Error::ReceiveWebSocketMessage(err));
                     }
                 }
                 server_msg = server_recv.next();
@@ -238,28 +251,26 @@ where
                     server_send
                         .send(ws::Message::binary(vec))
                         .await
-                        .expect("send stdin");
+                        .map_err(Error::SendStdin)?;
                 }
                 server_msg = p_server_msg;
                 next_stdin = stdin_stream.next();
             }
 
             Right((Some(Err(err)), _)) => {
-                server_send.close().await.expect("send close message");
-                panic!("AttachedProcess: failed to read from stdin pipe: {:?}", err);
+                return Err(Error::ReadStdin(err));
             }
 
             Right((None, _)) => {
                 // Stdin closed (writer half dropped).
                 // Let the server know and disconnect.
-                // REVIEW warn?
-                server_send.close().await.expect("send close message");
+                server_send.close().await.map_err(Error::SendClose)?;
                 break;
             }
         }
     }
 
-    status
+    Ok(())
 }
 
 /// Channeled messages from the server.
diff --git a/vendor/kube-client/src/client/builder.rs b/vendor/kube-client/src/client/builder.rs
new file mode 100644
index 0000000000000..1916c26cea212
--- /dev/null
+++ b/vendor/kube-client/src/client/builder.rs
@@ -0,0 +1,181 @@
+use bytes::Bytes;
+use http::{Request, Response};
+use hyper::{self, client::HttpConnector};
+use hyper_timeout::TimeoutConnector;
+pub use kube_core::response::Status;
+use tower::{util::BoxService, BoxError, Layer, Service, ServiceBuilder};
+use tower_http::{
+    classify::ServerErrorsFailureClass, map_response_body::MapResponseBodyLayer, trace::TraceLayer,
+};
+
+use crate::{client::ConfigExt, Client, Config, Error, Result};
+
+/// HTTP body of a dynamic backing type.
+///
+/// The suggested implementation type is [`hyper::Body`].
+pub type DynBody = dyn http_body::Body<Data = Bytes, Error = BoxError> + Send + Unpin;
+
+/// Builder for [`Client`] instances with customized [tower](`Service`) middleware.
+pub struct ClientBuilder<Svc> {
+    service: Svc,
+    default_ns: String,
+}
+
+impl<Svc> ClientBuilder<Svc> {
+    /// Construct a [`ClientBuilder`] from scratch with a fully custom [`Service`] stack.
+    ///
+    /// This method is only intended for advanced use cases, most users will want to use [`ClientBuilder::try_from`] instead,
+    /// which provides a default stack as a starting point.
+    pub fn new(service: Svc, default_namespace: impl Into<String>) -> Self
+    where
+        Svc: Service<Request<hyper::Body>>,
+    {
+        Self {
+            service,
+            default_ns: default_namespace.into(),
+        }
+    }
+
+    /// Add a [`Layer`] to the current [`Service`] stack.
+    pub fn with_layer<L: Layer<Svc>>(self, layer: &L) -> ClientBuilder<L::Service> {
+        let Self {
+            service: stack,
+            default_ns,
+        } = self;
+        ClientBuilder {
+            service: layer.layer(stack),
+            default_ns,
+        }
+    }
+
+    /// Build a [`Client`] instance with the current [`Service`] stack.
+    pub fn build<B>(self) -> Client
+    where
+        Svc: Service<Request<hyper::Body>, Response = Response<B>> + Send + 'static,
+        Svc::Future: Send + 'static,
+        Svc::Error: Into<BoxError>,
+        B: http_body::Body<Data = bytes::Bytes> + Send + 'static,
+        B::Error: Into<BoxError>,
+    {
+        Client::new(self.service, self.default_ns)
+    }
+}
+
+impl TryFrom<Config> for ClientBuilder<BoxService<Request<hyper::Body>, Response<Box<DynBody>>, BoxError>> {
+    type Error = Error;
+
+    /// Builds a default [`ClientBuilder`] stack from a given configuration
+    fn try_from(config: Config) -> Result<Self> {
+        use std::time::Duration;
+
+        use http::header::HeaderMap;
+        use tracing::Span;
+
+        let timeout = config.timeout;
+        let default_ns = config.default_namespace.clone();
+
+        let client: hyper::Client<_, hyper::Body> = {
+            let mut connector = HttpConnector::new();
+            connector.enforce_http(false);
+
+            // Current TLS feature precedence when more than one are set:
+            // 1. openssl-tls
+            // 2. native-tls
+            // 3. rustls-tls
+            // Create a custom client to use something else.
+            // If TLS features are not enabled, http connector will be used.
+            #[cfg(feature = "openssl-tls")]
+            let connector = config.openssl_https_connector_with_connector(connector)?;
+            #[cfg(all(not(feature = "openssl-tls"), feature = "native-tls"))]
+            let connector = hyper_tls::HttpsConnector::from((
+                connector,
+                tokio_native_tls::TlsConnector::from(config.native_tls_connector()?),
+            ));
+            #[cfg(all(
+                not(any(feature = "openssl-tls", feature = "native-tls")),
+                feature = "rustls-tls"
+            ))]
+            let connector = hyper_rustls::HttpsConnector::from((
+                connector,
+                std::sync::Arc::new(config.rustls_client_config()?),
+            ));
+
+            let mut connector = TimeoutConnector::new(connector);
+            connector.set_connect_timeout(timeout);
+            connector.set_read_timeout(timeout);
+
+            hyper::Client::builder().build(connector)
+        };
+
+        let stack = ServiceBuilder::new().layer(config.base_uri_layer()).into_inner();
+        #[cfg(feature = "gzip")]
+        let stack = ServiceBuilder::new()
+            .layer(stack)
+            .layer(tower_http::decompression::DecompressionLayer::new())
+            .into_inner();
+
+        let service = ServiceBuilder::new()
+            .layer(stack)
+            .option_layer(config.auth_layer()?)
+            .layer(config.extra_headers_layer()?)
+            .layer(
+                // Attribute names follow [Semantic Conventions].
+                // [Semantic Conventions]: https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/semantic_conventions/http.md
+                TraceLayer::new_for_http()
+                    .make_span_with(|req: &Request<hyper::Body>| {
+                        tracing::debug_span!(
+                            "HTTP",
+                             http.method = %req.method(),
+                             http.url = %req.uri(),
+                             http.status_code = tracing::field::Empty,
+                             otel.name = req.extensions().get::<&'static str>().unwrap_or(&"HTTP"),
+                             otel.kind = "client",
+                             otel.status_code = tracing::field::Empty,
+                        )
+                    })
+                    .on_request(|_req: &Request<hyper::Body>, _span: &Span| {
+                        tracing::debug!("requesting");
+                    })
+                    .on_response(|res: &Response<hyper::Body>, _latency: Duration, span: &Span| {
+                        let status = res.status();
+                        span.record("http.status_code", &status.as_u16());
+                        if status.is_client_error() || status.is_server_error() {
+                            span.record("otel.status_code", &"ERROR");
+                        }
+                    })
+                    // Explicitly disable `on_body_chunk`. The default does nothing.
+                    .on_body_chunk(())
+                    .on_eos(|_: Option<&HeaderMap>, _duration: Duration, _span: &Span| {
+                        tracing::debug!("stream closed");
+                    })
+                    .on_failure(|ec: ServerErrorsFailureClass, _latency: Duration, span: &Span| {
+                        // Called when
+                        // - Calling the inner service errored
+                        // - Polling `Body` errored
+                        // - the response was classified as failure (5xx)
+                        // - End of stream was classified as failure
+                        span.record("otel.status_code", &"ERROR");
+                        match ec {
+                            ServerErrorsFailureClass::StatusCode(status) => {
+                                span.record("http.status_code", &status.as_u16());
+                                tracing::error!("failed with status {}", status)
+                            }
+                            ServerErrorsFailureClass::Error(err) => {
+                                tracing::error!("failed with error {}", err)
+                            }
+                        }
+                    }),
+            )
+            .service(client);
+
+        Ok(Self::new(
+            BoxService::new(
+                MapResponseBodyLayer::new(|body| {
+                    Box::new(http_body::Body::map_err(body, BoxError::from)) as Box<DynBody>
+                })
+                .layer(service),
+            ),
+            default_ns,
+        ))
+    }
+}
diff --git a/vendor/kube-client/src/client/mod.rs b/vendor/kube-client/src/client/mod.rs
index 347e253cf9fd7..91006c6dce0cb 100644
--- a/vendor/kube-client/src/client/mod.rs
+++ b/vendor/kube-client/src/client/mod.rs
@@ -11,8 +11,7 @@ use bytes::Bytes;
 use either::{Either, Left, Right};
 use futures::{self, Stream, StreamExt, TryStream, TryStreamExt};
 use http::{self, Request, Response, StatusCode};
-use hyper::{client::HttpConnector, Body};
-use hyper_timeout::TimeoutConnector;
+use hyper::Body;
 use k8s_openapi::apimachinery::pkg::apis::meta::v1 as k8s_meta_v1;
 pub use kube_core::response::Status;
 use serde::de::DeserializeOwned;
@@ -23,15 +22,14 @@ use tokio_util::{
     codec::{FramedRead, LinesCodec, LinesCodecError},
     io::StreamReader,
 };
-use tower::{buffer::Buffer, util::BoxService, BoxError, Layer, Service, ServiceBuilder, ServiceExt};
-use tower_http::{
-    classify::ServerErrorsFailureClass, map_response_body::MapResponseBodyLayer, trace::TraceLayer,
-};
+use tower::{buffer::Buffer, util::BoxService, BoxError, Layer, Service, ServiceExt};
+use tower_http::map_response_body::MapResponseBodyLayer;
 
 use crate::{api::WatchEvent, error::ErrorResponse, Config, Error, Result};
 
 mod auth;
 mod body;
+mod builder;
 // Add `into_stream()` to `http::Body`
 use body::BodyStreamExt;
 mod config_ext;
@@ -40,6 +38,7 @@ pub use config_ext::ConfigExt;
 pub mod middleware;
 #[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "openssl-tls"))]
 mod tls;
+
 #[cfg(feature = "native-tls")] pub use tls::native_tls::Error as NativeTlsError;
 #[cfg(feature = "openssl-tls")]
 pub use tls::openssl_tls::Error as OpensslTlsError;
@@ -52,6 +51,8 @@ pub use auth::OAuthError;
 
 #[cfg(feature = "ws")] pub use upgrade::UpgradeConnectionError;
 
+pub use builder::{ClientBuilder, DynBody};
+
 /// Client for connecting with a Kubernetes cluster.
 ///
 /// The easiest way to instantiate the client is either by
@@ -450,110 +451,9 @@ fn handle_api_errors(text: &str, s: StatusCode) -> Result<()> {
 impl TryFrom<Config> for Client {
     type Error = Error;
 
-    /// Convert [`Config`] into a [`Client`]
+    /// Builds a default [`Client`] from a [`Config`], see [`ClientBuilder`] if more customization is required
     fn try_from(config: Config) -> Result<Self> {
-        use std::time::Duration;
-
-        use http::header::HeaderMap;
-        use tracing::Span;
-
-        let timeout = config.timeout;
-        let default_ns = config.default_namespace.clone();
-
-        let client: hyper::Client<_, Body> = {
-            let mut connector = HttpConnector::new();
-            connector.enforce_http(false);
-
-            // Current TLS feature precedence when more than one are set:
-            // 1. openssl-tls
-            // 2. native-tls
-            // 3. rustls-tls
-            // Create a custom client to use something else.
-            // If TLS features are not enabled, http connector will be used.
-            #[cfg(feature = "openssl-tls")]
-            let connector = config.openssl_https_connector_with_connector(connector)?;
-            #[cfg(all(not(feature = "openssl-tls"), feature = "native-tls"))]
-            let connector = hyper_tls::HttpsConnector::from((
-                connector,
-                tokio_native_tls::TlsConnector::from(config.native_tls_connector()?),
-            ));
-            #[cfg(all(
-                not(any(feature = "openssl-tls", feature = "native-tls")),
-                feature = "rustls-tls"
-            ))]
-            let connector = hyper_rustls::HttpsConnector::from((
-                connector,
-                std::sync::Arc::new(config.rustls_client_config()?),
-            ));
-
-            let mut connector = TimeoutConnector::new(connector);
-            connector.set_connect_timeout(timeout);
-            connector.set_read_timeout(timeout);
-
-            hyper::Client::builder().build(connector)
-        };
-
-        let stack = ServiceBuilder::new().layer(config.base_uri_layer()).into_inner();
-        #[cfg(feature = "gzip")]
-        let stack = ServiceBuilder::new()
-            .layer(stack)
-            .layer(tower_http::decompression::DecompressionLayer::new())
-            .into_inner();
-
-        let service = ServiceBuilder::new()
-            .layer(stack)
-            .option_layer(config.auth_layer()?)
-            .layer(config.extra_headers_layer()?)
-            .layer(
-                // Attribute names follow [Semantic Conventions].
-                // [Semantic Conventions]: https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/semantic_conventions/http.md
-                TraceLayer::new_for_http()
-                    .make_span_with(|req: &Request<hyper::Body>| {
-                        tracing::debug_span!(
-                            "HTTP",
-                             http.method = %req.method(),
-                             http.url = %req.uri(),
-                             http.status_code = tracing::field::Empty,
-                             otel.name = req.extensions().get::<&'static str>().unwrap_or(&"HTTP"),
-                             otel.kind = "client",
-                             otel.status_code = tracing::field::Empty,
-                        )
-                    })
-                    .on_request(|_req: &Request<hyper::Body>, _span: &Span| {
-                        tracing::debug!("requesting");
-                    })
-                    .on_response(|res: &Response<hyper::Body>, _latency: Duration, span: &Span| {
-                        let status = res.status();
-                        span.record("http.status_code", &status.as_u16());
-                        if status.is_client_error() || status.is_server_error() {
-                            span.record("otel.status_code", &"ERROR");
-                        }
-                    })
-                    // Explicitly disable `on_body_chunk`. The default does nothing.
-                    .on_body_chunk(())
-                    .on_eos(|_: Option<&HeaderMap>, _duration: Duration, _span: &Span| {
-                        tracing::debug!("stream closed");
-                    })
-                    .on_failure(|ec: ServerErrorsFailureClass, _latency: Duration, span: &Span| {
-                        // Called when
-                        // - Calling the inner service errored
-                        // - Polling `Body` errored
-                        // - the response was classified as failure (5xx)
-                        // - End of stream was classified as failure
-                        span.record("otel.status_code", &"ERROR");
-                        match ec {
-                            ServerErrorsFailureClass::StatusCode(status) => {
-                                span.record("http.status_code", &status.as_u16());
-                                tracing::error!("failed with status {}", status)
-                            }
-                            ServerErrorsFailureClass::Error(err) => {
-                                tracing::error!("failed with error {}", err)
-                            }
-                        }
-                    }),
-            )
-            .service(client);
-        Ok(Self::new(service, default_ns))
+        Ok(ClientBuilder::try_from(config)?.build())
     }
 }
 
diff --git a/vendor/kube-client/src/config/file_loader.rs b/vendor/kube-client/src/config/file_loader.rs
index 2897f0485f262..7cf8552a89abe 100644
--- a/vendor/kube-client/src/config/file_loader.rs
+++ b/vendor/kube-client/src/config/file_loader.rs
@@ -111,7 +111,9 @@ impl ConfigLoader {
 
         if let Some(proxy) = nonempty(self.cluster.proxy_url.clone())
             .or_else(|| nonempty(std::env::var("HTTP_PROXY").ok()))
+            .or_else(|| nonempty(std::env::var("http_proxy").ok()))
             .or_else(|| nonempty(std::env::var("HTTPS_PROXY").ok()))
+            .or_else(|| nonempty(std::env::var("https_proxy").ok()))
         {
             Ok(Some(
                 proxy
diff --git a/vendor/kube-client/src/config/incluster_config.rs b/vendor/kube-client/src/config/incluster_config.rs
index b71acdcb1c019..4b80349b31705 100644
--- a/vendor/kube-client/src/config/incluster_config.rs
+++ b/vendor/kube-client/src/config/incluster_config.rs
@@ -1,12 +1,5 @@
-use std::env;
-
 use thiserror::Error;
 
-// Old method to connect to kubernetes
-const SERVICE_HOSTENV: &str = "KUBERNETES_SERVICE_HOST";
-const SERVICE_PORTENV: &str = "KUBERNETES_SERVICE_PORT";
-// New method to connect to kubernetes
-const SERVICE_DNS: &str = "kubernetes.default.svc";
 // Mounted credential files
 const SERVICE_TOKENFILE: &str = "/var/run/secrets/kubernetes.io/serviceaccount/token";
 const SERVICE_CERTFILE: &str = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt";
@@ -15,14 +8,6 @@ const SERVICE_DEFAULT_NS: &str = "/var/run/secrets/kubernetes.io/serviceaccount/
 /// Errors from loading in-cluster config
 #[derive(Error, Debug)]
 pub enum Error {
-    /// Required envionment variables were not set
-    #[error(
-        "missing environment variables {} and/or {}",
-        SERVICE_HOSTENV,
-        SERVICE_PORTENV
-    )]
-    MissingEnvironmentVariables,
-
     /// Failed to read the default namespace for the service account
     #[error("failed to read the default namespace: {0}")]
     ReadDefaultNamespace(#[source] std::io::Error),
@@ -40,35 +25,8 @@ pub enum Error {
     ParseCertificates(#[source] pem::PemError),
 }
 
-/// Returns Kubernetes address from specified environment variables.
-pub fn kube_server() -> Result<http::Uri, Error> {
-    kube_host_port()
-        .ok_or(Error::MissingEnvironmentVariables)?
-        .parse::<http::Uri>()
-        .map_err(Error::ParseClusterUrl)
-}
-
 pub fn kube_dns() -> http::Uri {
-    http::Uri::builder()
-        .scheme("https")
-        .authority(SERVICE_DNS)
-        .path_and_query("/")
-        .build()
-        .unwrap()
-}
-
-fn kube_host_port() -> Option<String> {
-    let host = kube_host()?;
-    let port = kube_port()?;
-    Some(format!("https://{}:{}", host, port))
-}
-
-fn kube_host() -> Option<String> {
-    env::var(SERVICE_HOSTENV).ok()
-}
-
-fn kube_port() -> Option<String> {
-    env::var(SERVICE_PORTENV).ok()
+    http::Uri::from_static("https://kubernetes.default.svc/")
 }
 
 pub fn token_file() -> String {
@@ -85,27 +43,3 @@ pub fn load_cert() -> Result<Vec<Vec<u8>>, Error> {
 pub fn load_default_ns() -> Result<String, Error> {
     std::fs::read_to_string(&SERVICE_DEFAULT_NS).map_err(Error::ReadDefaultNamespace)
 }
-
-#[test]
-fn test_kube_host() {
-    let expected = "fake.io";
-    env::set_var(SERVICE_HOSTENV, expected);
-    assert_eq!(kube_host().unwrap(), expected);
-    kube_dns(); // verify kube_dns always unwraps
-}
-
-#[test]
-fn test_kube_port() {
-    let expected = "8080";
-    env::set_var(SERVICE_PORTENV, expected);
-    assert_eq!(kube_port().unwrap(), expected);
-}
-
-#[test]
-fn test_kube_server() {
-    let host = "fake.io";
-    let port = "8080";
-    env::set_var(SERVICE_HOSTENV, host);
-    env::set_var(SERVICE_PORTENV, port);
-    assert_eq!(kube_server().unwrap(), "https://fake.io:8080");
-}
diff --git a/vendor/kube-client/src/config/mod.rs b/vendor/kube-client/src/config/mod.rs
index e5e4d1fa88c2a..9af1f7a0988e6 100644
--- a/vendor/kube-client/src/config/mod.rs
+++ b/vendor/kube-client/src/config/mod.rs
@@ -132,7 +132,7 @@ pub struct Config {
     ///
     /// A value of `None` means no timeout
     pub timeout: Option<std::time::Duration>,
-    /// Whether to accept invalid ceritifacts
+    /// Whether to accept invalid certificates
     pub accept_invalid_certs: bool,
     /// Stores information to tell the cluster who you are.
     pub(crate) auth_info: AuthInfo,
@@ -192,14 +192,7 @@ impl Config {
     /// and relies on you having the service account's token mounted,
     /// as well as having given the service account rbac access to do what you need.
     pub fn from_cluster_env() -> Result<Self, InClusterError> {
-        let cluster_url = if cfg!(feature = "rustls-tls") {
-            // try rolling out new method for rustls which does not support ip based urls anyway
-            // see https://github.com/kube-rs/kube-rs/issues/587
-            incluster_config::kube_dns()
-        } else {
-            incluster_config::kube_server()?
-        };
-
+        let cluster_url = incluster_config::kube_dns();
         let default_namespace = incluster_config::load_default_ns()?;
         let root_cert = incluster_config::load_cert()?;
 
diff --git a/vendor/kube-client/src/error.rs b/vendor/kube-client/src/error.rs
index 9cf29cc5b3c65..4b2826459f0c4 100644
--- a/vendor/kube-client/src/error.rs
+++ b/vendor/kube-client/src/error.rs
@@ -67,7 +67,7 @@ pub enum Error {
 
     /// Errors from OpenSSL TLS
     #[cfg(feature = "openssl-tls")]
-    #[cfg_attr(docsrs, doc(feature = "openssl-tls"))]
+    #[cfg_attr(docsrs, doc(cfg(feature = "openssl-tls")))]
     #[error("openssl tls error: {0}")]
     OpensslTls(#[source] crate::client::OpensslTlsError),
 
diff --git a/vendor/kube-client/src/lib.rs b/vendor/kube-client/src/lib.rs
index 213e5752c1afe..03bf2b34f47ad 100644
--- a/vendor/kube-client/src/lib.rs
+++ b/vendor/kube-client/src/lib.rs
@@ -173,6 +173,21 @@ mod test {
         Ok(())
     }
 
+    #[tokio::test]
+    #[ignore] // needs cluster (lists pods)
+    #[cfg(all(feature = "openssl-tls"))]
+    async fn custom_client_openssl_tls_configuration() -> Result<(), Box<dyn std::error::Error>> {
+        let config = Config::infer().await?;
+        let https = config.openssl_https_connector()?;
+        let service = ServiceBuilder::new()
+            .layer(config.base_uri_layer())
+            .service(hyper::Client::builder().build(https));
+        let client = Client::new(service, config.default_namespace);
+        let pods: Api<Pod> = Api::default_namespaced(client);
+        pods.list(&Default::default()).await?;
+        Ok(())
+    }
+
     #[tokio::test]
     #[ignore] // needs cluster (lists api resources)
     #[cfg(all(feature = "discovery"))]
@@ -336,7 +351,7 @@ mod test {
                 .collect::<Vec<_>>()
                 .await
                 .join("");
-            attached.await;
+            attached.join().await.unwrap();
             assert_eq!(out.lines().count(), 3);
             assert_eq!(out, "1\n2\n3\n");
         }
@@ -354,15 +369,16 @@ mod test {
             let mut stdin_writer = attached.stdin().unwrap();
             let mut stdout_stream = tokio_util::io::ReaderStream::new(attached.stdout().unwrap());
             let next_stdout = stdout_stream.next();
-            stdin_writer.write(b"echo test string 1\n").await?;
+            stdin_writer.write_all(b"echo test string 1\n").await?;
             let stdout = String::from_utf8(next_stdout.await.unwrap().unwrap().to_vec()).unwrap();
             println!("{}", stdout);
             assert_eq!(stdout, "test string 1\n");
 
             // AttachedProcess resolves with status object.
             // Send `exit 1` to get a failure status.
-            stdin_writer.write(b"exit 1\n").await?;
-            if let Some(status) = attached.await {
+            stdin_writer.write_all(b"exit 1\n").await?;
+            let status = attached.take_status().unwrap();
+            if let Some(status) = status.await {
                 println!("{:?}", status);
                 assert_eq!(status.status, Some("Failure".to_owned()));
                 assert_eq!(status.reason, Some("NonZeroExitCode".to_owned()));
diff --git a/vendor/kube-core/.cargo-checksum.json b/vendor/kube-core/.cargo-checksum.json
index 2f4a8cffd4ee7..b329f97b529e3 100644
--- a/vendor/kube-core/.cargo-checksum.json
+++ b/vendor/kube-core/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"Cargo.toml":"3d26737f838350041f9cf902e5cb2097ae790ee0e516fb67f71a1a562095be1e","README.md":"8e51230819eb7772f0097b56afee5c0e98552b4d4ebbfc0f075cebebb8feaaf6","src/admission.rs":"7df98be89eaf6a0991603e7aeaef7976c0093bfddd174b0e10e50cd35e7013de","src/crd.rs":"78c4c72b88a2e1c1933065269a60471094dfdf44a3068cea507dee95251ad4b6","src/discovery.rs":"9ffae9a2c7c569e46e07ab3bddb073d4ab5d759f0b17de3e71fae7e9b6958020","src/dynamic.rs":"9f54df338e5b2fe3a5eae0eb92594fad7d56d630f94ec53745226a01580d6531","src/error.rs":"1da7f8299d9667a5101e9ac00d0109003e1157e241a38d7771c53a397b7afe15","src/gvk.rs":"71d2b518549d256c6fdefcd14bf2f0a7da2bd011aa270f02c1bf9e52f617c034","src/lib.rs":"fc763c264fc029708e983e174ddd588bd5cfea1529e9d6fcd1240cfd612cc3b7","src/metadata.rs":"b86319781d8587a8d321d36adc9a4fe32acb1bd2bac99e6c49fe1f493dd10fb8","src/object.rs":"b11e6c20b719e5e006ca4d589149f53ef1a3f37d5312b69f6388492178e1901c","src/params.rs":"ca8322c1a33ee5ecba4a19b5b9175bb66c2b5bff79d2f6c8245c5fdd59f39961","src/request.rs":"600633661b752417cb8d54df6912c8242de56a2084010e61a5d46952009e0ce3","src/resource.rs":"acf2b5c1f4ac5c8b016dac8a3383783ba3afb6537293829191931d05a0af027b","src/response.rs":"03fdfef20f9a57ba4d3a5371be01622b16e6aaf5f14208b648af4ac55805a09f","src/schema.rs":"9cd0f958808c594326db635d0dcc824c9d9907d2a11e32d337c9d16d5988ec08","src/subresource.rs":"2cd256e05bbc87c2cdf8db2b5801e70a1fb521713da7987a5dc86ee4a3508590","src/util.rs":"fcf8c8864872619533d57a9531c57627c243851447c978d3d912fbe4101bf1bf","src/version.rs":"0b99ad86624517ac29738134a1a332aad20e8a6e734ec425a5c40bf7a797db0e","src/watch.rs":"d957654cd413eded3bdb5a768b3f4d2cbf3c5054f2e9e848744982a6e2c27598"},"package":"7dd9e3535777edd122cc26fe3fe6357066b33eff63d8b919862edbe7a956a679"}
\ No newline at end of file
+{"files":{"Cargo.toml":"071c380762ab3b99e8609cf1042d02b0e21a1ebc51b85d6ac25ed18f43ed3169","README.md":"8e51230819eb7772f0097b56afee5c0e98552b4d4ebbfc0f075cebebb8feaaf6","src/admission.rs":"7df98be89eaf6a0991603e7aeaef7976c0093bfddd174b0e10e50cd35e7013de","src/crd.rs":"7ba31fe22c27b2578a7f0c840960f72c4c2c033fcfcdc3937bb67bd6c6e8795c","src/discovery.rs":"9ffae9a2c7c569e46e07ab3bddb073d4ab5d759f0b17de3e71fae7e9b6958020","src/dynamic.rs":"9f54df338e5b2fe3a5eae0eb92594fad7d56d630f94ec53745226a01580d6531","src/error.rs":"1da7f8299d9667a5101e9ac00d0109003e1157e241a38d7771c53a397b7afe15","src/gvk.rs":"2cccba0e5bd0e58cd625b9c00be6b4a3e4419369efeadc7e0b6e383a9e02cbc6","src/lib.rs":"fc763c264fc029708e983e174ddd588bd5cfea1529e9d6fcd1240cfd612cc3b7","src/metadata.rs":"b86319781d8587a8d321d36adc9a4fe32acb1bd2bac99e6c49fe1f493dd10fb8","src/object.rs":"b11e6c20b719e5e006ca4d589149f53ef1a3f37d5312b69f6388492178e1901c","src/params.rs":"ca8322c1a33ee5ecba4a19b5b9175bb66c2b5bff79d2f6c8245c5fdd59f39961","src/request.rs":"600633661b752417cb8d54df6912c8242de56a2084010e61a5d46952009e0ce3","src/resource.rs":"56837c3f3cf9ef622d66429369c5b90fd3a6eed3946c7d8f92b7f3138b3c1ee0","src/response.rs":"03fdfef20f9a57ba4d3a5371be01622b16e6aaf5f14208b648af4ac55805a09f","src/schema.rs":"6acb53c33eafe10c43854809fbdbd060f4ba72310395476d588ea1e8e62f8a9a","src/subresource.rs":"2cd256e05bbc87c2cdf8db2b5801e70a1fb521713da7987a5dc86ee4a3508590","src/util.rs":"fcf8c8864872619533d57a9531c57627c243851447c978d3d912fbe4101bf1bf","src/version.rs":"0b99ad86624517ac29738134a1a332aad20e8a6e734ec425a5c40bf7a797db0e","src/watch.rs":"d957654cd413eded3bdb5a768b3f4d2cbf3c5054f2e9e848744982a6e2c27598"},"package":"0491dcd9adca79a96c63404aa978137f5fe1d3db5dcb6e5c0b073f915dbdd49d"}
\ No newline at end of file
diff --git a/vendor/kube-core/Cargo.toml b/vendor/kube-core/Cargo.toml
index 4333eef33ba43..d1755e92ee2cb 100644
--- a/vendor/kube-core/Cargo.toml
+++ b/vendor/kube-core/Cargo.toml
@@ -13,15 +13,28 @@
 edition = "2021"
 rust-version = "1.56"
 name = "kube-core"
-version = "0.70.0"
-authors = ["clux <sszynrae@gmail.com>", "kazk <kazk.dev@gmail.com>"]
+version = "0.72.0"
+authors = [
+    "clux <sszynrae@gmail.com>",
+    "kazk <kazk.dev@gmail.com>",
+]
 description = "Kube shared types, traits and client-less behavior"
 readme = "../README.md"
 license = "Apache-2.0"
 repository = "https://github.com/kube-rs/kube-rs"
+
 [package.metadata.docs.rs]
-features = ["ws", "admission", "jsonpatch", "k8s-openapi/v1_22"]
-rustdoc-args = ["--cfg", "docsrs"]
+features = [
+    "ws",
+    "admission",
+    "jsonpatch",
+    "k8s-openapi/v1_23",
+]
+rustdoc-args = [
+    "--cfg",
+    "docsrs",
+]
+
 [dependencies.chrono]
 version = "0.4.19"
 features = ["clock"]
@@ -58,17 +71,23 @@ version = "1.0.68"
 
 [dependencies.thiserror]
 version = "1.0.29"
+
+[dev-dependencies.assert-json-diff]
+version = "2.0.1"
+
 [dev-dependencies.k8s-openapi]
 version = "0.14.0"
-features = ["v1_22"]
+features = ["v1_23"]
 default-features = false
 
 [dev-dependencies.kube]
 version = "<1.0.0, >=0.53.0"
 
+[dev-dependencies.serde_yaml]
+version = "0.8.23"
+
 [features]
 admission = ["json-patch"]
-deprecated-crd-v1beta1 = []
 jsonpatch = ["json-patch"]
 schema = ["schemars"]
 ws = []
diff --git a/vendor/kube-core/src/crd.rs b/vendor/kube-core/src/crd.rs
index 0fd515178b47f..7d72de9551798 100644
--- a/vendor/kube-core/src/crd.rs
+++ b/vendor/kube-core/src/crd.rs
@@ -4,6 +4,7 @@ use k8s_openapi::apiextensions_apiserver::pkg::apis::apiextensions as apiexts;
 
 /// Types for v1 CustomResourceDefinitions
 pub mod v1 {
+    use super::apiexts::v1::CustomResourceDefinition as Crd;
     /// Extension trait that is implemented by kube-derive
     ///
     /// This trait variant is implemented by default (or when `#[kube(apiextensions = "v1")]`)
@@ -11,7 +12,7 @@ pub mod v1 {
         /// Helper to generate the CRD including the JsonSchema
         ///
         /// This is using the stable v1::CustomResourceDefinitions (present in kubernetes >= 1.16)
-        fn crd() -> super::apiexts::v1::CustomResourceDefinition;
+        fn crd() -> Crd;
         /// Helper to return the name of this `CustomResourceDefinition` in kubernetes.
         ///
         /// This is not the name of an _instance_ of this custom resource but the `CustomResourceDefinition` object itself.
@@ -28,36 +29,213 @@ pub mod v1 {
         /// [`Pod`]: `k8s_openapi::api::core::v1::Pod`
         fn shortnames() -> &'static [&'static str];
     }
-}
 
-/// Types for legacy v1beta1 CustomResourceDefinitions
-#[cfg(feature = "deprecated-crd-v1beta1")]
-pub mod v1beta1 {
-    /// Extension trait that is implemented by kube-derive for legacy v1beta1::CustomResourceDefinitions
+    /// Possible errors when merging CRDs
+    #[derive(Debug, thiserror::Error)]
+    pub enum MergeError {
+        /// No crds given
+        #[error("empty list of CRDs cannot be merged")]
+        MissingCrds,
+
+        /// Stored api not present
+        #[error("stored api version {0} not found")]
+        MissingStoredApi(String),
+
+        /// Root api not present
+        #[error("root api version {0} not found")]
+        MissingRootVersion(String),
+
+        /// No versions given in one crd to merge
+        #[error("given CRD must have versions")]
+        MissingVersions,
+
+        /// Too many versions given to individual crds
+        #[error("mergeable CRDs cannot have multiple versions")]
+        MultiVersionCrd,
+
+        /// Mismatching spec properties on crds
+        #[error("mismatching {0} property from given CRDs")]
+        PropertyMismatch(String),
+    }
+
+    /// Merge a collection of crds into a single multiversion crd
     ///
-    /// This trait variant is only implemented with `#[kube(apiextensions = "v1beta1")]`
-    pub trait CustomResourceExt {
-        /// Helper to generate the legacy CRD without a JsonSchema
-        ///
-        /// This is using v1beta1::CustomResourceDefinitions (which will be removed in kubernetes 1.22)
-        fn crd() -> super::apiexts::v1beta1::CustomResourceDefinition;
-        /// Helper to return the name of this `CustomResourceDefinition` in kubernetes.
-        ///
-        /// This is not the name of an _instance_ of this custom resource but the `CustomResourceDefinition` object itself.
-        fn crd_name() -> &'static str;
-        /// Helper to generate the api information type for use with the dynamic `Api`
-        fn api_resource() -> crate::discovery::ApiResource;
-        /// Shortnames of this resource type.
-        ///
-        /// For example: [`Pod`] has the shortname alias `po`.
-        ///
-        /// NOTE: This function returns *declared* short names (at compile-time, using the `#[kube(shortname = "foo")]`), not the
-        /// shortnames registered with the Kubernetes API (which is what tools such as `kubectl` look at).
-        ///
-        /// [`Pod`]: `k8s_openapi::api::core::v1::Pod`
-        fn shortnames() -> &'static [&'static str];
+    /// Given multiple [`CustomResource`] derived types granting [`CRD`]s via [`CustomResourceExt::crd`],
+    /// we can merge them into a single [`CRD`] with multiple [`CRDVersion`] objects, marking only
+    /// the specified apiversion as `storage: true`.
+    ///
+    /// This merge algorithm assumes that every [`CRD`]:
+    ///
+    /// - exposes exactly one [`CRDVersion`]
+    /// - uses identical values for `spec.group`, `spec.scope`, and `spec.names.kind`
+    ///
+    /// This is always true for [`CustomResource`] derives.
+    ///
+    /// ## Usage
+    ///
+    /// ```no_run
+    /// # use k8s_openapi::apiextensions_apiserver::pkg::apis::apiextensions::v1::CustomResourceDefinition;
+    /// use kube::core::crd::merge_crds;
+    /// # let mycrd_v1: CustomResourceDefinition = todo!(); // v1::MyCrd::crd();
+    /// # let mycrd_v2: CustomResourceDefinition = todo!(); // v2::MyCrd::crd();
+    /// let crds = vec![mycrd_v1, mycrd_v2];
+    /// let multi_version_crd = merge_crds(crds, "v1").unwrap();
+    /// ```
+    ///
+    /// Note the merge is done by marking the:
+    ///
+    /// - crd containing the `stored_apiversion` as the place the other crds merge their [`CRDVersion`] items
+    /// - stored version is marked with `storage: true`, while all others get `storage: false`
+    ///
+    /// [`CustomResourceExt::crd`]: crate::CustomResourceExt::crd
+    /// [`CRD`]: https://docs.rs/k8s-openapi/latest/k8s_openapi/apiextensions_apiserver/pkg/apis/apiextensions/v1/struct.CustomResourceDefinition.html
+    /// [`CRDVersion`]: https://docs.rs/k8s-openapi/latest/k8s_openapi/apiextensions_apiserver/pkg/apis/apiextensions/v1/struct.CustomResourceDefinitionVersion.html
+    /// [`CustomResource`]: https://docs.rs/kube/latest/kube/derive.CustomResource.html
+    pub fn merge_crds(mut crds: Vec<Crd>, stored_apiversion: &str) -> Result<Crd, MergeError> {
+        if crds.is_empty() {
+            return Err(MergeError::MissingCrds);
+        }
+        for crd in crds.iter() {
+            if crd.spec.versions.is_empty() {
+                return Err(MergeError::MissingVersions);
+            }
+            if crd.spec.versions.len() != 1 {
+                return Err(MergeError::MultiVersionCrd);
+            }
+        }
+        let ver = stored_apiversion;
+        let found = crds.iter().position(|c| c.spec.versions[0].name == ver);
+        // Extract the root/first object to start with (the one we will merge into)
+        let mut root = match found {
+            None => return Err(MergeError::MissingRootVersion(ver.into())),
+            Some(idx) => crds.remove(idx),
+        };
+        root.spec.versions[0].storage = true; // main version - set true in case modified
+
+        // Values that needs to be identical across crds:
+        let group = &root.spec.group;
+        let kind = &root.spec.names.kind;
+        let scope = &root.spec.scope;
+        // sanity; don't merge crds with mismatching groups, versions, or other core properties
+        for crd in crds.iter() {
+            if &crd.spec.group != group {
+                return Err(MergeError::PropertyMismatch("group".to_string()));
+            }
+            if &crd.spec.names.kind != kind {
+                return Err(MergeError::PropertyMismatch("kind".to_string()));
+            }
+            if &crd.spec.scope != scope {
+                return Err(MergeError::PropertyMismatch("scope".to_string()));
+            }
+        }
+
+        // combine all version objects into the root object
+        let versions = &mut root.spec.versions;
+        while let Some(mut crd) = crds.pop() {
+            while let Some(mut v) = crd.spec.versions.pop() {
+                v.storage = false; // secondary versions
+                versions.push(v);
+            }
+        }
+        Ok(root)
+    }
+
+    mod tests {
+        #[test]
+        fn crd_merge() {
+            use super::{merge_crds, Crd};
+            let crd1 = r#"
+            apiVersion: apiextensions.k8s.io/v1
+            kind: CustomResourceDefinition
+            metadata:
+              name: multiversions.kube.rs
+            spec:
+              group: kube.rs
+              names:
+                categories: []
+                kind: MultiVersion
+                plural: multiversions
+                shortNames: []
+                singular: multiversion
+              scope: Namespaced
+              versions:
+              - additionalPrinterColumns: []
+                name: v1
+                schema:
+                  openAPIV3Schema:
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                served: true
+                storage: true"#;
+
+            let crd2 = r#"
+            apiVersion: apiextensions.k8s.io/v1
+            kind: CustomResourceDefinition
+            metadata:
+              name: multiversions.kube.rs
+            spec:
+              group: kube.rs
+              names:
+                categories: []
+                kind: MultiVersion
+                plural: multiversions
+                shortNames: []
+                singular: multiversion
+              scope: Namespaced
+              versions:
+              - additionalPrinterColumns: []
+                name: v2
+                schema:
+                  openAPIV3Schema:
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                served: true
+                storage: true"#;
+
+            let expected = r#"
+            apiVersion: apiextensions.k8s.io/v1
+            kind: CustomResourceDefinition
+            metadata:
+              name: multiversions.kube.rs
+            spec:
+              group: kube.rs
+              names:
+                categories: []
+                kind: MultiVersion
+                plural: multiversions
+                shortNames: []
+                singular: multiversion
+              scope: Namespaced
+              versions:
+              - additionalPrinterColumns: []
+                name: v2
+                schema:
+                  openAPIV3Schema:
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                served: true
+                storage: true
+              - additionalPrinterColumns: []
+                name: v1
+                schema:
+                  openAPIV3Schema:
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                served: true
+                storage: false"#;
+
+
+            let c1: Crd = serde_yaml::from_str(crd1).unwrap();
+            let c2: Crd = serde_yaml::from_str(crd2).unwrap();
+            let ce: Crd = serde_yaml::from_str(expected).unwrap();
+            let combined = merge_crds(vec![c1, c2], "v2").unwrap();
+
+            let combo_json = serde_json::to_value(&combined).unwrap();
+            let exp_json = serde_json::to_value(&ce).unwrap();
+            assert_json_diff::assert_json_eq!(combo_json, exp_json);
+        }
     }
 }
 
-/// re-export the current latest version until a newer one is available in cloud providers
-pub use v1::CustomResourceExt;
+// re-export current latest (v1)
+pub use v1::{merge_crds, CustomResourceExt, MergeError};
diff --git a/vendor/kube-core/src/gvk.rs b/vendor/kube-core/src/gvk.rs
index 4c8a3ef0ef3cd..df2d5f52b408d 100644
--- a/vendor/kube-core/src/gvk.rs
+++ b/vendor/kube-core/src/gvk.rs
@@ -1,12 +1,13 @@
 //! Type information structs for dynamic resources.
 use std::str::FromStr;
 
+use crate::TypeMeta;
 use serde::{Deserialize, Serialize};
 use thiserror::Error;
 
 #[derive(Debug, Error)]
 #[error("failed to parse group version: {0}")]
-/// Failed to parse group version.
+/// Failed to parse group version
 pub struct ParseGroupVersionError(pub String);
 
 /// Core information about an API Resource.
@@ -31,6 +32,21 @@ impl GroupVersionKind {
     }
 }
 
+impl TryFrom<&TypeMeta> for GroupVersionKind {
+    type Error = ParseGroupVersionError;
+
+    fn try_from(tm: &TypeMeta) -> Result<Self, Self::Error> {
+        Ok(GroupVersion::from_str(&tm.api_version)?.with_kind(&tm.kind))
+    }
+}
+impl TryFrom<TypeMeta> for GroupVersionKind {
+    type Error = ParseGroupVersionError;
+
+    fn try_from(tm: TypeMeta) -> Result<Self, Self::Error> {
+        Ok(GroupVersion::from_str(&tm.api_version)?.with_kind(&tm.kind))
+    }
+}
+
 /// Core information about a family of API Resources
 #[derive(Deserialize, Serialize, Debug, Clone, PartialEq, Eq, Hash)]
 pub struct GroupVersion {
@@ -47,6 +63,15 @@ impl GroupVersion {
         let group = group_.to_string();
         Self { group, version }
     }
+
+    /// Upgrade a GroupVersion to a GroupVersionKind
+    pub fn with_kind(self, kind: &str) -> GroupVersionKind {
+        GroupVersionKind {
+            group: self.group,
+            version: self.version,
+            kind: kind.into(),
+        }
+    }
 }
 
 impl FromStr for GroupVersion {
@@ -118,3 +143,24 @@ impl GroupVersionResource {
         }
     }
 }
+
+#[cfg(test)]
+mod tests {
+    #[test]
+    fn gvk_yaml() {
+        use crate::{GroupVersionKind, TypeMeta};
+        let input = r#"---
+apiVersion: kube.rs/v1
+kind: Example
+metadata:
+  name: doc1
+"#;
+        let tm: TypeMeta = serde_yaml::from_str(input).unwrap();
+        let gvk = GroupVersionKind::try_from(&tm).unwrap(); // takes ref
+        let gvk2: GroupVersionKind = tm.try_into().unwrap(); // takes value
+        assert_eq!(gvk.kind, "Example");
+        assert_eq!(gvk.group, "kube.rs");
+        assert_eq!(gvk.version, "v1");
+        assert_eq!(gvk.kind, gvk2.kind);
+    }
+}
diff --git a/vendor/kube-core/src/resource.rs b/vendor/kube-core/src/resource.rs
index 1cf51bbb91de1..281db65717ce2 100644
--- a/vendor/kube-core/src/resource.rs
+++ b/vendor/kube-core/src/resource.rs
@@ -1,5 +1,9 @@
 pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::ObjectMeta;
-use k8s_openapi::{api::core::v1::ObjectReference, apimachinery::pkg::apis::meta::v1::OwnerReference};
+use k8s_openapi::{
+    api::core::v1::ObjectReference,
+    apimachinery::pkg::apis::meta::v1::{ManagedFieldsEntry, OwnerReference, Time},
+};
+
 use std::{borrow::Cow, collections::BTreeMap};
 
 /// An accessor trait for a kubernetes Resource.
@@ -154,6 +158,10 @@ pub trait ResourceExt: Resource {
     /// Unique ID (if you delete resource and then create a new
     /// resource with the same name, it will have different ID)
     fn uid(&self) -> Option<String>;
+    /// Returns the creation timestamp
+    ///
+    /// This is guaranteed to exist on resources received by the apiserver.
+    fn creation_timestamp(&self) -> Option<Time>;
     /// Returns resource labels
     fn labels(&self) -> &BTreeMap<String, String>;
     /// Provides mutable access to the labels
@@ -170,6 +178,10 @@ pub trait ResourceExt: Resource {
     fn finalizers(&self) -> &[String];
     /// Provides mutable access to the finalizers
     fn finalizers_mut(&mut self) -> &mut Vec<String>;
+    /// Returns managed fields
+    fn managed_fields(&self) -> &[ManagedFieldsEntry];
+    /// Provides mutable access to managed fields
+    fn managed_fields_mut(&mut self) -> &mut Vec<ManagedFieldsEntry>;
 }
 
 // TODO: replace with ordinary static when BTreeMap::new() is no longer
@@ -194,6 +206,10 @@ impl<K: Resource> ResourceExt for K {
         self.meta().uid.clone()
     }
 
+    fn creation_timestamp(&self) -> Option<Time> {
+        self.meta().creation_timestamp.clone()
+    }
+
     fn labels(&self) -> &BTreeMap<String, String> {
         self.meta().labels.as_ref().unwrap_or(&*EMPTY_MAP)
     }
@@ -225,4 +241,12 @@ impl<K: Resource> ResourceExt for K {
     fn finalizers_mut(&mut self) -> &mut Vec<String> {
         self.meta_mut().finalizers.get_or_insert_with(Vec::new)
     }
+
+    fn managed_fields(&self) -> &[ManagedFieldsEntry] {
+        self.meta().managed_fields.as_deref().unwrap_or_default()
+    }
+
+    fn managed_fields_mut(&mut self) -> &mut Vec<ManagedFieldsEntry> {
+        self.meta_mut().managed_fields.get_or_insert_with(Vec::new)
+    }
 }
diff --git a/vendor/kube-core/src/schema.rs b/vendor/kube-core/src/schema.rs
index 6f0a4a90a2964..e532914515078 100644
--- a/vendor/kube-core/src/schema.rs
+++ b/vendor/kube-core/src/schema.rs
@@ -14,6 +14,10 @@ use schemars::{
 
 /// schemars [`Visitor`] that rewrites a [`Schema`] to conform to Kubernetes' "structural schema" rules
 ///
+/// The following two transformations are applied
+///  * Rewrite enums from `oneOf` to `object`s with multiple variants ([schemars#84](https://github.com/GREsau/schemars/issues/84))
+///  * Rewrite `additionalProperties` from `#[serde(flatten)]` to `x-kubernetes-preserve-unknown-fields` ([kube-rs#844](https://github.com/kube-rs/kube-rs/issues/844))
+///
 /// This is used automatically by `kube::derive`'s `#[derive(CustomResource)]`,
 /// but it can also be used manually with [`SchemaSettings::with_visitor`].
 ///
@@ -92,6 +96,18 @@ impl Visitor for StructuralSchemaRewriter {
                 }
             }
         }
+        // check for maps without with properties (i.e. flattnened maps)
+        // and allow these to persist dynamically
+        if let Some(object) = &mut schema.object {
+            if !object.properties.is_empty()
+                && object.additional_properties.as_deref() == Some(&Schema::Bool(true))
+            {
+                object.additional_properties = None;
+                schema
+                    .extensions
+                    .insert("x-kubernetes-preserve-unknown-fields".into(), true.into());
+            }
+        }
     }
 }
 
diff --git a/vendor/kube-runtime/.cargo-checksum.json b/vendor/kube-runtime/.cargo-checksum.json
index 805db781f07a8..50dff04f2b737 100644
--- a/vendor/kube-runtime/.cargo-checksum.json
+++ b/vendor/kube-runtime/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"Cargo.toml":"57112aa8aca0b66c42e7a115732bb47e084a44390bdd588a141e5660f547bcb3","src/controller/future_hash_map.rs":"392448f130b30c25c720e52f8eca045ead0b556e318e5f11301d5aef38e1f5d0","src/controller/mod.rs":"f2ef5ec8a82ecaed80639e8218bc3f68961d95f7f6c63f8f49bfade3bef362fe","src/controller/runner.rs":"9c50706deb99b2a1bb9d52cb6f1af2c1d410072366370edbe9f420871e3d89f3","src/events.rs":"6ecb562d9c776142f0a90569c6047e4ab4bbf7e9f8f44dd112b42546bebbea43","src/finalizer.rs":"17ebe184941c0439bcf83bb444ff5def3f537c27bf4614c5c0005d0771590836","src/lib.rs":"450daacef53c7f87e7d79686ef15c2c3ffbd3941c56a6c0b021f164b859c95df","src/reflector/mod.rs":"e56cc00b48e9a3a58ec8b0e09882d6c24c778540a87c99881077f44c6227930b","src/reflector/object_ref.rs":"364c102da3b1d90c96ebbcc2ce652dc256e32bea2196a379ceb55a89b918a208","src/reflector/store.rs":"3f1b770433d0c91589485975a6cd999774864af4c21c918dbec3632e3242c689","src/scheduler.rs":"c65c35a0d52bbf0f96b9677e29623715b57462d5fd9b0cf1e848bc3b6f105afd","src/utils/backoff_reset_timer.rs":"b647ff7f7d40ae6da1a428d339592c14681e6a344fa7802dcbb391f1364e322a","src/utils/mod.rs":"9dcb48b908243ac666d83141093bd0cc7216609d55c97ccd71828ce7fee64b8f","src/utils/stream_backoff.rs":"d6c3299ced0b8375c8a353bcc90f0921c87f3b98f15fc6fc536fad095c67e285","src/wait.rs":"a07205438e67c2e8cfd5a117551721b80c255d96d6224d0269ce0d43761f44ca","src/watcher.rs":"233daf9d8d8125aab6213b2bae5a9925b3332310c99878f452c75ed8901eff74"},"package":"816c8c086f8bbcf9a4db0b7a68db90b784ef6292a57de35c64cccb90d5edfbe5"}
\ No newline at end of file
+{"files":{"Cargo.toml":"8141324be39e2d39525b2dea23a509a4b7614e464bfea30916954d904ae983ae","src/controller/future_hash_map.rs":"392448f130b30c25c720e52f8eca045ead0b556e318e5f11301d5aef38e1f5d0","src/controller/mod.rs":"2a223403aef84867984b7beb6930112306835c02be49ccdefdd6923bc2ab22fa","src/controller/runner.rs":"9c50706deb99b2a1bb9d52cb6f1af2c1d410072366370edbe9f420871e3d89f3","src/events.rs":"4f875f5c0b4e3e7aaa4c47575a4980a0610dcb787260ae6f2140f096c1444533","src/finalizer.rs":"17ebe184941c0439bcf83bb444ff5def3f537c27bf4614c5c0005d0771590836","src/lib.rs":"f7b3058ba3b242458cc583546c0dd7a1dcff387756fa1ed47f3411b4f5e0db5a","src/reflector/mod.rs":"5f89f99eabfdbbb463012c206dd5bab497ec2c3309b33c8fa4330b0d848501be","src/reflector/object_ref.rs":"364c102da3b1d90c96ebbcc2ce652dc256e32bea2196a379ceb55a89b918a208","src/reflector/store.rs":"45f797c448ffae178f1e985073c1c88b4d8abed809366fd1793e9a387d53fa7b","src/scheduler.rs":"c65c35a0d52bbf0f96b9677e29623715b57462d5fd9b0cf1e848bc3b6f105afd","src/utils/backoff_reset_timer.rs":"b647ff7f7d40ae6da1a428d339592c14681e6a344fa7802dcbb391f1364e322a","src/utils/event_flatten.rs":"488fe8ed9403098ec67af47063c84ee4830cdf7edbd0b21b0be907473522149f","src/utils/mod.rs":"8c358312e7ceadd59bb7aeb7b3ad243803e58e1a54667abc204bc4dc587043af","src/utils/stream_backoff.rs":"d6c3299ced0b8375c8a353bcc90f0921c87f3b98f15fc6fc536fad095c67e285","src/utils/watch_ext.rs":"a36eb5d1a5df98ff7c66ceaac056c5ec8a50c9d490e34902dfdbd185ecd0628a","src/wait.rs":"a07205438e67c2e8cfd5a117551721b80c255d96d6224d0269ce0d43761f44ca","src/watcher.rs":"033634279bf557323522d1b284a55a069912e18858b6eac1818d99447ecdb61b"},"package":"bb67002cbacd6cd99d1b1d0890785a84b6408158972f2561317bc4cdc06c981e"}
\ No newline at end of file
diff --git a/vendor/kube-runtime/Cargo.toml b/vendor/kube-runtime/Cargo.toml
index 7b6c9a4f15d33..9ba6315d69e8a 100644
--- a/vendor/kube-runtime/Cargo.toml
+++ b/vendor/kube-runtime/Cargo.toml
@@ -13,17 +13,31 @@
 edition = "2021"
 rust-version = "1.56"
 name = "kube-runtime"
-version = "0.70.0"
-authors = ["Teo Klestrup Röijezon <teo@nullable.se>", "clux <sszynrae@gmail.com>"]
+version = "0.72.0"
+authors = [
+    "Teo Klestrup Röijezon <teo@nullable.se>",
+    "clux <sszynrae@gmail.com>",
+]
 description = "Kubernetes futures controller runtime"
 readme = "../README.md"
-keywords = ["kubernetes", "runtime", "reflector", "watcher", "controller"]
+keywords = [
+    "kubernetes",
+    "runtime",
+    "reflector",
+    "watcher",
+    "controller",
+]
 categories = ["web-programming::http-client"]
 license = "Apache-2.0"
 repository = "https://github.com/kube-rs/kube-rs"
+
 [package.metadata.docs.rs]
-features = ["k8s-openapi/v1_22"]
-rustdoc-args = ["--cfg", "docsrs"]
+features = ["k8s-openapi/v1_23"]
+rustdoc-args = [
+    "--cfg",
+    "docsrs",
+]
+
 [dependencies.ahash]
 version = "0.7"
 
@@ -44,8 +58,11 @@ version = "0.14.0"
 default-features = false
 
 [dependencies.kube-client]
-version = "^0.70.0"
-features = ["jsonpatch", "client"]
+version = "=0.72.0"
+features = [
+    "jsonpatch",
+    "client",
+]
 default-features = false
 
 [dependencies.parking_lot]
@@ -76,14 +93,19 @@ features = ["time"]
 
 [dependencies.tracing]
 version = "0.1.29"
+
 [dev-dependencies.k8s-openapi]
 version = "0.14.0"
-features = ["v1_22"]
+features = ["v1_23"]
 default-features = false
 
 [dev-dependencies.kube]
 version = "<1.0.0, >=0.60.0"
-features = ["derive", "client", "runtime"]
+features = [
+    "derive",
+    "client",
+    "runtime",
+]
 
 [dev-dependencies.rand]
 version = "0.8.0"
@@ -96,4 +118,7 @@ version = "1.0.68"
 
 [dev-dependencies.tokio]
 version = "1.14.0"
-features = ["full", "test-util"]
+features = [
+    "full",
+    "test-util",
+]
diff --git a/vendor/kube-runtime/src/controller/mod.rs b/vendor/kube-runtime/src/controller/mod.rs
index d3d4e0a3ab5d0..176c68d4f37bc 100644
--- a/vendor/kube-runtime/src/controller/mod.rs
+++ b/vendor/kube-runtime/src/controller/mod.rs
@@ -8,10 +8,7 @@ use crate::{
         ObjectRef,
     },
     scheduler::{scheduler, ScheduleRequest},
-    utils::{
-        try_flatten_applied, try_flatten_touched, trystream_try_via, CancelableJoinHandle,
-        KubeRuntimeStreamExt, StreamBackoff,
-    },
+    utils::{trystream_try_via, CancelableJoinHandle, KubeRuntimeStreamExt, StreamBackoff, WatchStreamExt},
     watcher::{self, watcher},
 };
 use backoff::backoff::Backoff;
@@ -465,7 +462,7 @@ where
         let reader = writer.as_reader();
         let mut trigger_selector = stream::SelectAll::new();
         let self_watcher = trigger_self(
-            try_flatten_applied(reflector(writer, watcher(owned_api, lp))),
+            reflector(writer, watcher(owned_api, lp)).applied_objects(),
             dyntype.clone(),
         )
         .boxed();
@@ -535,11 +532,7 @@ where
     where
         Child::DynamicType: Debug + Eq + Hash + Clone,
     {
-        let child_watcher = trigger_owners(
-            try_flatten_touched(watcher(api, lp)),
-            self.dyntype.clone(),
-            dyntype,
-        );
+        let child_watcher = trigger_owners(watcher(api, lp).touched_objects(), self.dyntype.clone(), dyntype);
         self.trigger_selector.push(child_watcher.boxed());
         self
     }
@@ -590,7 +583,7 @@ where
         I::IntoIter: Send,
         Other::DynamicType: Clone,
     {
-        let other_watcher = trigger_with(try_flatten_touched(watcher(api, lp)), move |obj| {
+        let other_watcher = trigger_with(watcher(api, lp).touched_objects(), move |obj| {
             let watched_obj_ref = ObjectRef::from_obj_with(&obj, dyntype.clone()).erase();
             mapper(obj)
                 .into_iter()
diff --git a/vendor/kube-runtime/src/events.rs b/vendor/kube-runtime/src/events.rs
index 1b5efbf54eccf..126a54ed3d09c 100644
--- a/vendor/kube-runtime/src/events.rs
+++ b/vendor/kube-runtime/src/events.rs
@@ -176,7 +176,7 @@ impl Recorder {
     /// Cluster scoped objects will publish events in the "default" namespace.
     #[must_use]
     pub fn new(client: Client, reporter: Reporter, reference: ObjectReference) -> Self {
-        let default_namespace = "default".to_owned();
+        let default_namespace = "kube-system".to_owned(); // default does not work on k8s < 1.22
         let events = Api::namespaced(client, reference.namespace.as_ref().unwrap_or(&default_namespace));
         Self {
             events,
@@ -294,7 +294,7 @@ mod test {
                 secondary: None,
             })
             .await?;
-        let events: Api<CoreEvent> = Api::namespaced(client, "default");
+        let events: Api<CoreEvent> = Api::namespaced(client, "kube-system");
 
         let event_list = events.list(&Default::default()).await?;
         let found_event = event_list
diff --git a/vendor/kube-runtime/src/lib.rs b/vendor/kube-runtime/src/lib.rs
index 992760eb2897d..a0db4f44ad76b 100644
--- a/vendor/kube-runtime/src/lib.rs
+++ b/vendor/kube-runtime/src/lib.rs
@@ -32,4 +32,5 @@ pub use controller::{applier, Controller};
 pub use finalizer::finalizer;
 pub use reflector::reflector;
 pub use scheduler::scheduler;
+pub use utils::WatchStreamExt;
 pub use watcher::watcher;
diff --git a/vendor/kube-runtime/src/reflector/mod.rs b/vendor/kube-runtime/src/reflector/mod.rs
index 8e0c7961a8639..8932456c53d03 100644
--- a/vendor/kube-runtime/src/reflector/mod.rs
+++ b/vendor/kube-runtime/src/reflector/mod.rs
@@ -8,7 +8,7 @@ use crate::watcher;
 use futures::{Stream, TryStreamExt};
 use kube_client::Resource;
 use std::hash::Hash;
-pub use store::Store;
+pub use store::{store, Store};
 
 /// Caches objects from `watcher::Event`s to a local `Store`
 ///
@@ -16,13 +16,13 @@ pub use store::Store;
 ///
 /// Note: It is a bad idea to feed a single `reflector` from multiple `watcher`s, since
 /// the whole `Store` will be cleared whenever any of them emits a `Restarted` event.
-pub fn reflector<K, W>(mut store: store::Writer<K>, stream: W) -> impl Stream<Item = W::Item>
+pub fn reflector<K, W>(mut writer: store::Writer<K>, stream: W) -> impl Stream<Item = W::Item>
 where
     K: Resource + Clone,
     K::DynamicType: Eq + Hash + Clone,
     W: Stream<Item = watcher::Result<watcher::Event<K>>>,
 {
-    stream.inspect_ok(move |event| store.apply_watcher_event(event))
+    stream.inspect_ok(move |event| writer.apply_watcher_event(event))
 }
 
 #[cfg(test)]
diff --git a/vendor/kube-runtime/src/reflector/store.rs b/vendor/kube-runtime/src/reflector/store.rs
index 9f18204c2658a..ac9e2ef9cfd6b 100644
--- a/vendor/kube-runtime/src/reflector/store.rs
+++ b/vendor/kube-runtime/src/reflector/store.rs
@@ -129,9 +129,26 @@ where
     }
 }
 
+
+/// Create a (Reader, Writer) for a `Store<K>` for a typed resource `K`
+///
+/// The `Writer` should be passed to a [`reflector`](crate::reflector()),
+/// and the [`Store`] is a read-only handle.
+#[must_use]
+pub fn store<K>() -> (Store<K>, Writer<K>)
+where
+    K: Resource + Clone + 'static,
+    K::DynamicType: Eq + Hash + Clone + Default,
+{
+    let w = Writer::<K>::default();
+    let r = w.as_reader();
+    (r, w)
+}
+
+
 #[cfg(test)]
 mod tests {
-    use super::Writer;
+    use super::{store, Writer};
     use crate::{reflector::ObjectRef, watcher};
     use k8s_openapi::api::core::v1::ConfigMap;
     use kube_client::api::ObjectMeta;
@@ -180,9 +197,8 @@ mod tests {
             },
             ..ConfigMap::default()
         };
-        let mut store_w = Writer::default();
-        store_w.apply_watcher_event(&watcher::Event::Applied(cm.clone()));
-        let store = store_w.as_reader();
+        let (store, mut writer) = store();
+        writer.apply_watcher_event(&watcher::Event::Applied(cm.clone()));
         assert_eq!(store.get(&ObjectRef::from_obj(&cm)).as_deref(), Some(&cm));
     }
 
diff --git a/vendor/kube-runtime/src/utils/event_flatten.rs b/vendor/kube-runtime/src/utils/event_flatten.rs
new file mode 100644
index 0000000000000..b4834662b2d8d
--- /dev/null
+++ b/vendor/kube-runtime/src/utils/event_flatten.rs
@@ -0,0 +1,96 @@
+use crate::watcher::{Error, Event};
+use core::{
+    pin::Pin,
+    task::{Context, Poll},
+};
+use futures::{ready, Stream, TryStream};
+use pin_project::pin_project;
+
+#[pin_project]
+/// Stream returned by the [`applied_objects`](super::WatchStreamExt::applied_objects) and [`touched_objects`](super::WatchStreamExt::touched_objects) method.
+#[must_use = "streams do nothing unless polled"]
+pub struct EventFlatten<St, K> {
+    #[pin]
+    stream: St,
+    emit_deleted: bool,
+    queue: std::vec::IntoIter<K>,
+}
+impl<St: TryStream<Ok = Event<K>>, K> EventFlatten<St, K> {
+    pub(super) fn new(stream: St, emit_deleted: bool) -> Self {
+        Self {
+            stream,
+            queue: vec![].into_iter(),
+            emit_deleted,
+        }
+    }
+}
+impl<St, K> Stream for EventFlatten<St, K>
+where
+    St: Stream<Item = Result<Event<K>, Error>>,
+{
+    type Item = Result<K, Error>;
+
+    fn poll_next(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Option<Self::Item>> {
+        let mut me = self.project();
+        Poll::Ready(loop {
+            if let Some(item) = me.queue.next() {
+                break Some(Ok(item));
+            }
+            break match ready!(me.stream.as_mut().poll_next(cx)) {
+                Some(Ok(Event::Applied(obj))) => Some(Ok(obj)),
+                Some(Ok(Event::Deleted(obj))) => {
+                    if *me.emit_deleted {
+                        Some(Ok(obj))
+                    } else {
+                        continue;
+                    }
+                }
+                Some(Ok(Event::Restarted(objs))) => {
+                    *me.queue = objs.into_iter();
+                    continue;
+                }
+                Some(Err(err)) => Some(Err(err)),
+                None => return Poll::Ready(None),
+            };
+        })
+    }
+}
+
+#[cfg(test)]
+pub(crate) mod tests {
+    use std::task::Poll;
+
+    use super::{Error, Event, EventFlatten};
+    use futures::{pin_mut, poll, stream, StreamExt};
+
+    #[tokio::test]
+    async fn watches_applies_uses_correct_eventflattened_stream() {
+        let data = stream::iter([
+            Ok(Event::Applied(0)),
+            Ok(Event::Applied(1)),
+            Ok(Event::Deleted(0)),
+            Ok(Event::Applied(2)),
+            Ok(Event::Restarted(vec![1, 2])),
+            Err(Error::TooManyObjects),
+            Ok(Event::Applied(2)),
+        ]);
+        let rx = EventFlatten::new(data, false);
+        pin_mut!(rx);
+        assert!(matches!(poll!(rx.next()), Poll::Ready(Some(Ok(0)))));
+        assert!(matches!(poll!(rx.next()), Poll::Ready(Some(Ok(1)))));
+        // NB: no Deleted events here
+        assert!(matches!(poll!(rx.next()), Poll::Ready(Some(Ok(2)))));
+        // Restart comes through, currently in reverse order
+        // (normally on restart they just come in alphabetical order by name)
+        // this is fine though, alphabetical event order has no functional meaning in watchers
+        assert!(matches!(poll!(rx.next()), Poll::Ready(Some(Ok(1)))));
+        assert!(matches!(poll!(rx.next()), Poll::Ready(Some(Ok(2)))));
+        // Error passed through
+        assert!(matches!(
+            poll!(rx.next()),
+            Poll::Ready(Some(Err(Error::TooManyObjects)))
+        ));
+        assert!(matches!(poll!(rx.next()), Poll::Ready(Some(Ok(2)))));
+        assert!(matches!(poll!(rx.next()), Poll::Ready(None)));
+    }
+}
diff --git a/vendor/kube-runtime/src/utils/mod.rs b/vendor/kube-runtime/src/utils/mod.rs
index 669c497b756ce..ff0bf03a05a96 100644
--- a/vendor/kube-runtime/src/utils/mod.rs
+++ b/vendor/kube-runtime/src/utils/mod.rs
@@ -1,10 +1,14 @@
 //! Helpers for manipulating built-in streams
 
 mod backoff_reset_timer;
+mod event_flatten;
 mod stream_backoff;
+mod watch_ext;
 
 pub use backoff_reset_timer::ResetTimerBackoff;
+pub use event_flatten::EventFlatten;
 pub use stream_backoff::StreamBackoff;
+pub use watch_ext::WatchStreamExt;
 
 use crate::watcher;
 use futures::{
@@ -23,6 +27,10 @@ use stream::IntoStream;
 use tokio::{runtime::Handle, task::JoinHandle};
 
 /// Flattens each item in the list following the rules of [`watcher::Event::into_iter_applied`].
+#[deprecated(
+    since = "0.72.0",
+    note = "fn replaced with the WatchStreamExt::applied_objects which can be chained onto watcher. Add `use kube::runtime::WatchStreamExt;` and call `stream.applied_objects()` instead. This function will be removed in 0.75.0."
+)]
 pub fn try_flatten_applied<K, S: TryStream<Ok = watcher::Event<K>>>(
     stream: S,
 ) -> impl Stream<Item = Result<K, S::Error>> {
@@ -32,6 +40,10 @@ pub fn try_flatten_applied<K, S: TryStream<Ok = watcher::Event<K>>>(
 }
 
 /// Flattens each item in the list following the rules of [`watcher::Event::into_iter_touched`].
+#[deprecated(
+    since = "0.72.0",
+    note = "fn replaced with the WatchStreamExt::touched_objects which can be chained onto watcher. Add `use kube::runtime::WatchStreamExt;` and call `stream.touched_objects()` instead. This function will be removed in 0.75.0."
+)]
 pub fn try_flatten_touched<K, S: TryStream<Ok = watcher::Event<K>>>(
     stream: S,
 ) -> impl Stream<Item = Result<K, S::Error>> {
diff --git a/vendor/kube-runtime/src/utils/watch_ext.rs b/vendor/kube-runtime/src/utils/watch_ext.rs
new file mode 100644
index 0000000000000..54a6d45bced74
--- /dev/null
+++ b/vendor/kube-runtime/src/utils/watch_ext.rs
@@ -0,0 +1,40 @@
+use crate::{
+    utils::{event_flatten::EventFlatten, stream_backoff::StreamBackoff},
+    watcher,
+};
+use backoff::backoff::Backoff;
+
+use futures::{Stream, TryStream};
+
+/// Extension trait for streams returned by [`watcher`](watcher()) or [`reflector`](crate::reflector::reflector)
+pub trait WatchStreamExt: Stream {
+    /// Apply a [`Backoff`] policy to a [`Stream`] using [`StreamBackoff`]
+    fn backoff<B>(self, b: B) -> StreamBackoff<Self, B>
+    where
+        B: Backoff,
+        Self: TryStream + Sized,
+    {
+        StreamBackoff::new(self, b)
+    }
+
+    /// Flatten a [`watcher()`] stream into a stream of applied objects
+    ///
+    /// All Added/Modified events are passed through, and critical errors bubble up.
+    fn applied_objects<K>(self) -> EventFlatten<Self, K>
+    where
+        Self: Stream<Item = Result<watcher::Event<K>, watcher::Error>> + Sized,
+    {
+        EventFlatten::new(self, false)
+    }
+
+    /// Flatten a [`watcher()`] stream into a stream of touched objects
+    ///
+    /// All Added/Modified/Deleted events are passed through, and critical errors bubble up.
+    fn touched_objects<K>(self) -> EventFlatten<Self, K>
+    where
+        Self: Stream<Item = Result<watcher::Event<K>, watcher::Error>> + Sized,
+    {
+        EventFlatten::new(self, true)
+    }
+}
+impl<St: ?Sized> WatchStreamExt for St where St: Stream {}
diff --git a/vendor/kube-runtime/src/watcher.rs b/vendor/kube-runtime/src/watcher.rs
index 9b4e555ee6170..14bf5d7670124 100644
--- a/vendor/kube-runtime/src/watcher.rs
+++ b/vendor/kube-runtime/src/watcher.rs
@@ -75,6 +75,36 @@ impl<K> Event<K> {
         }
         .into_iter()
     }
+
+    /// Map each object in an event through a mutator fn
+    ///
+    /// This allows for memory optimizations in watch streams.
+    /// If you are chaining a watch stream into a reflector as an in memory state store,
+    /// you can control the space used by each object by dropping fields.
+    ///
+    /// ```no_run
+    /// use k8s_openapi::api::core::v1::Pod;
+    /// use kube::ResourceExt;
+    /// # use kube::runtime::watcher::Event;
+    /// # let event: Event<Pod> = todo!();
+    /// event.modify(|pod| {
+    ///     pod.managed_fields_mut().clear();
+    ///     pod.annotations_mut().clear();
+    ///     pod.status = None;
+    /// });
+    /// ```
+    #[must_use]
+    pub fn modify(mut self, mut f: impl FnMut(&mut K)) -> Self {
+        match &mut self {
+            Event::Applied(obj) | Event::Deleted(obj) => (f)(obj),
+            Event::Restarted(objs) => {
+                for k in objs {
+                    (f)(k)
+                }
+            }
+        }
+        self
+    }
 }
 
 #[derive(Derivative)]
@@ -191,13 +221,13 @@ async fn step<K: Resource + Clone + DeserializeOwned + Debug + Send + 'static>(
 /// [`try_for_each`](futures::TryStreamExt::try_for_each) and [`try_concat`](futures::TryStreamExt::try_concat))
 /// will terminate eagerly as soon as they receive an [`Err`].
 ///
-/// This is intended to provide a safe and atomic input interface for a state store like a [`reflector`],
-/// direct users may want to flatten composite events with [`try_flatten_applied`]:
+/// This is intended to provide a safe and atomic input interface for a state store like a [`reflector`].
+/// Direct users may want to flatten composite events via [`WatchStreamExt`]:
 ///
 /// ```no_run
 /// use kube::{
 ///   api::{Api, ListParams, ResourceExt}, Client,
-///   runtime::{utils::try_flatten_applied, watcher}
+///   runtime::{watcher, WatchStreamExt}
 /// };
 /// use k8s_openapi::api::core::v1::Pod;
 /// use futures::{StreamExt, TryStreamExt};
@@ -206,8 +236,7 @@ async fn step<K: Resource + Clone + DeserializeOwned + Debug + Send + 'static>(
 ///     let client = Client::try_default().await.unwrap();
 ///     let pods: Api<Pod> = Api::namespaced(client, "apps");
 ///
-///     let watcher = watcher(pods, ListParams::default());
-///     try_flatten_applied(watcher)
+///     watcher(pods, ListParams::default()).applied_objects()
 ///         .try_for_each(|p| async move {
 ///          println!("Applied: {}", p.name());
 ///             Ok(())
@@ -216,7 +245,7 @@ async fn step<K: Resource + Clone + DeserializeOwned + Debug + Send + 'static>(
 ///    Ok(())
 /// }
 /// ```
-/// [`try_flatten_applied`]: super::utils::try_flatten_applied
+/// [`WatchStreamExt`]: super::WatchStreamExt
 /// [`reflector`]: super::reflector::reflector
 /// [`Api::watch`]: kube_client::Api::watch
 ///
diff --git a/vendor/kube/.cargo-checksum.json b/vendor/kube/.cargo-checksum.json
index 7bb4e2a8979c6..b02110c18d407 100644
--- a/vendor/kube/.cargo-checksum.json
+++ b/vendor/kube/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"Cargo.toml":"e86f910ce9b6f83a3b341c3275927eddcbe366dcace0bcf5d89118d453ae0e8f","src/lib.rs":"d5336575203da1de02b238cd58415b6624d26ed0e459d9a58719185efd93f5de"},"package":"4dcc72fdf0c491160a34d4a1bfb03f96da8a5054288d61c816d514b5c2fa49ea"}
\ No newline at end of file
+{"files":{"Cargo.toml":"0a01484f0ff0e1a0c098fa8db95edec83e85e6d3e2c742ac2a0b29c5fb9f388c","src/lib.rs":"7981feee7f925782cedd31dd754ebcfd55214160a4d9fef1649f623f013b2bce"},"package":"977951a1d7dbce4c6f9c2cbed0711f568df9944010fafa88161a20f7e5163bd3"}
\ No newline at end of file
diff --git a/vendor/kube/Cargo.toml b/vendor/kube/Cargo.toml
index 0470516f9bfe9..fe7c2cbdbbb01 100644
--- a/vendor/kube/Cargo.toml
+++ b/vendor/kube/Cargo.toml
@@ -13,42 +13,68 @@
 edition = "2021"
 rust-version = "1.56"
 name = "kube"
-version = "0.70.0"
-authors = ["clux <sszynrae@gmail.com>", "Teo Klestrup Röijezon <teo@nullable.se>", "kazk <kazk.dev@gmail.com>"]
+version = "0.72.0"
+authors = [
+    "clux <sszynrae@gmail.com>",
+    "Teo Klestrup Röijezon <teo@nullable.se>",
+    "kazk <kazk.dev@gmail.com>",
+]
 description = "Kubernetes client and async controller runtime"
 readme = "../README.md"
-keywords = ["kubernetes", "client", "runtime"]
+keywords = [
+    "kubernetes",
+    "client",
+    "runtime",
+]
 categories = ["web-programming::http-client"]
 license = "Apache-2.0"
 repository = "https://github.com/kube-rs/kube-rs"
+
 [package.metadata.docs.rs]
-features = ["client", "native-tls", "rustls-tls", "openssl-tls", "derive", "ws", "oauth", "jsonpatch", "admission", "runtime", "k8s-openapi/v1_22"]
-rustdoc-args = ["--cfg", "docsrs"]
+features = [
+    "client",
+    "native-tls",
+    "rustls-tls",
+    "openssl-tls",
+    "derive",
+    "ws",
+    "oauth",
+    "jsonpatch",
+    "admission",
+    "runtime",
+    "k8s-openapi/v1_23",
+]
+rustdoc-args = [
+    "--cfg",
+    "docsrs",
+]
+
 [dependencies.k8s-openapi]
 version = "0.14.0"
 default-features = false
 
 [dependencies.kube-client]
-version = "^0.70.0"
+version = "=0.72.0"
 optional = true
 default-features = false
 
 [dependencies.kube-core]
-version = "^0.70.0"
+version = "=0.72.0"
 
 [dependencies.kube-derive]
-version = "^0.70.0"
+version = "=0.72.0"
 optional = true
 
 [dependencies.kube-runtime]
-version = "^0.70.0"
+version = "=0.72.0"
 optional = true
+
 [dev-dependencies.futures]
 version = "0.3.17"
 
 [dev-dependencies.k8s-openapi]
 version = "0.14.0"
-features = ["v1_22"]
+features = ["v1_23"]
 default-features = false
 
 [dev-dependencies.schemars]
@@ -66,16 +92,24 @@ version = "1.14.0"
 features = ["full"]
 
 [dev-dependencies.validator]
-version = "0.14.0"
+version = "0.15.0"
 features = ["derive"]
 
 [features]
 admission = ["kube-core/admission"]
-client = ["kube-client/client", "config"]
+client = [
+    "kube-client/client",
+    "config",
+]
 config = ["kube-client/config"]
-default = ["client", "native-tls"]
-deprecated-crd-v1beta1 = ["kube-core/deprecated-crd-v1beta1"]
-derive = ["kube-derive", "kube-core/schema"]
+default = [
+    "client",
+    "openssl-tls",
+]
+derive = [
+    "kube-derive",
+    "kube-core/schema",
+]
 gzip = ["kube-client/gzip"]
 jsonpatch = ["kube-core/jsonpatch"]
 native-tls = ["kube-client/native-tls"]
@@ -83,4 +117,7 @@ oauth = ["kube-client/oauth"]
 openssl-tls = ["kube-client/openssl-tls"]
 runtime = ["kube-runtime"]
 rustls-tls = ["kube-client/rustls-tls"]
-ws = ["kube-client/ws", "kube-core/ws"]
+ws = [
+    "kube-client/ws",
+    "kube-core/ws",
+]
diff --git a/vendor/kube/src/lib.rs b/vendor/kube/src/lib.rs
index 06e9b395194f3..faa3917f3e645 100644
--- a/vendor/kube/src/lib.rs
+++ b/vendor/kube/src/lib.rs
@@ -55,7 +55,7 @@
 //!     api::{Api, DeleteParams, ListParams, PatchParams, Patch, ResourceExt},
 //!     core::CustomResourceExt,
 //!     Client, CustomResource,
-//!     runtime::{watcher, utils::try_flatten_applied, wait::{conditions, await_condition}},
+//!     runtime::{watcher, WatchStreamExt, wait::{conditions, await_condition}},
 //! };
 //!
 //! // Our custom resource
@@ -88,7 +88,7 @@
 //!     // Watch for changes to foos in the configured namespace
 //!     let foos: Api<Foo> = Api::default_namespaced(client.clone());
 //!     let lp = ListParams::default();
-//!     let mut apply_stream = try_flatten_applied(watcher(foos, lp)).boxed();
+//!     let mut apply_stream = watcher(foos, lp).applied_objects().boxed();
 //!     while let Some(f) = apply_stream.try_next().await? {
 //!         println!("saw apply to {}", f.name());
 //!     }
@@ -339,6 +339,7 @@ mod test {
                 .entry("kube.rs".to_string())
                 .or_insert_with(|| "hello".to_string());
             pod.finalizers_mut().push("kube-finalizer".to_string());
+            pod.managed_fields_mut().clear();
             // NB: we are **not** pushing these back upstream - (Api::apply or Api::replace needed for it)
         }
         // check we can iterate over ObjectList normally - and check the mutations worked
@@ -347,6 +348,7 @@ mod test {
             assert!(pod.labels().get("kube.rs").is_some());
             assert!(pod.finalizers().contains(&"kube-finalizer".to_string()));
             assert!(pod.spec().containers.is_empty());
+            assert!(pod.managed_fields().is_empty());
         }
         Ok(())
     }
diff --git a/vendor/tower-http/.cargo-checksum.json b/vendor/tower-http/.cargo-checksum.json
index 9221b50eb5437..a139c21f34d75 100644
--- a/vendor/tower-http/.cargo-checksum.json
+++ b/vendor/tower-http/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"444bf5f9cd279b4d413def0def99c115431c8d1c0c128a45e20a02c7639795c4","Cargo.toml":"c4f0aacc214fa304162e9ac406380fa08dcf5ff4c8fcc48b20772229c8bdb6f6","LICENSE":"5049cf464977eff4b4fcfa7988d84e74116956a3eb9d5f1d451b3f828f945233","src/add_extension.rs":"53693e5f8f49cf291246582b8fa8caa80e68b10d08d2a6ef1ea669eb0d1b2b18","src/auth/add_authorization.rs":"f2d82bd2d81e8e4a297092469bf481565e514a57e914dec6853d42697fd944c4","src/auth/async_require_authorization.rs":"c955d8177906f61c7dc57de491c9480e8488fd2274b6d886575992d473b72fdf","src/auth/mod.rs":"7fe22f3e408773f201ef9ff84658ee57a8ac112a3994884d5fd85bd4f97b576e","src/auth/require_authorization.rs":"2f6d0fff18f03676179458eda0aac34812b817dfee9de12dfcadf46b3ebf443a","src/builder.rs":"17f28470efbc410296884b6d9cee646ef5af859986b064592553b1423f1aa962","src/catch_panic.rs":"6b95407a2509fff110ec1bc7b70a2a0ace2e996e50983c402f37225104ee8893","src/classify/grpc_errors_as_failures.rs":"a831048303227d1e1e92e01d53db121bbba419185acc14f90428d903a65c7319","src/classify/map_failure_class.rs":"a9f7d36f3aede2990205a88c06542d68126bb58f0f530bb1f8716fa47587f1f6","src/classify/mod.rs":"69d2d2407be72d8347f59c1ab9f7886f302620540de5cd201900318645e65400","src/classify/status_in_range_is_error.rs":"4d13e0f7a67954d4bf30bc1a4d3eade92014971c3c71679f4813d2dcb32d9ac2","src/compression/body.rs":"38cdc25794142aee83c842bfdefdcc51859e989f9e7544b8c7491f3108a2053e","src/compression/future.rs":"078002e2eccf24a35c109279071f8a6494f9aeab367cb2513aa0cac55057dc80","src/compression/layer.rs":"b2273f86e1081d40604ad962a02697c49e511569c22e5bd26e088a61f1a3682b","src/compression/mod.rs":"667b5852792b9cdd703c0c4cba7d3ff51870247abaff6efbbaa3d6a30aff74b7","src/compression/pin_project_cfg.rs":"a98033f4b8b12f8372ba51522f22a8610d005e82e29b3e24e28b4a8cb902b2ef","src/compression/predicate.rs":"808ef3c8a6093b83f08f6812ff2223a4d3aa9ef9caed8b871f05a8f5d4e08825","src/compression/service.rs":"ef4568f4d37a342f0ed60c33c47576b14b1932453853d18980b421d69d4a8aaf","src/compression_utils.rs":"12a22394faa0089a9dcbeaf06b14bdfcbf5518e2d28649337e826dde8e12465c","src/content_encoding.rs":"a466c59db6c8d370f78573a22df737ce7ec3dd073e0e80a429ef126354b94265","src/cors.rs":"3dd945876dab4926a976785e1848cc583c57695b2c330c80b64b7861d462575a","src/decompression/body.rs":"4e27b3319f1f1f75f63719e110f6713e36ea9dda8341ba3fb843b0dc15b75112","src/decompression/future.rs":"bb862c314e40593956450c3e6aec1f51a0c304891d6e9706efc1ea76be2c4f4a","src/decompression/layer.rs":"c094d563de5247b305e153b6595c21685b8e066f1fdc50a700af236ef9302341","src/decompression/mod.rs":"060730980b600dd75b2995d22da8540d5ab8bbdcabe80c8d183c5c2ce17b0072","src/decompression/service.rs":"aa27d7f20aaa0e5f8288f0419d19e23d0af19fface58008fe30ff88d9851cc81","src/follow_redirect/mod.rs":"b722278c1a4a951476a00e7039203bbf5d4fc2ada8725ad2ba16ec19dde299da","src/follow_redirect/policy/and.rs":"a62623042f4d13029ca0d35a21cab20f26bf98fff0d321dd19ee6eadef96ee02","src/follow_redirect/policy/clone_body_fn.rs":"3a78bf37d4bd000d9c2d60d84a2d02d2d0ae584a0790da2dcdb34fab43fcd557","src/follow_redirect/policy/filter_credentials.rs":"918ce212685ce6501f78e6346c929fec8e01e81b26d681f6d3c86d88fe2eaa97","src/follow_redirect/policy/limited.rs":"b958035fc38736e12ef2a5421366de51c806c8ca849e8e9310b9d14e8b0b1e07","src/follow_redirect/policy/mod.rs":"d5aaa4828890922f38ab491b616cb0db3a353893365094bc600659b572c8e519","src/follow_redirect/policy/or.rs":"02de001232c92a9e7e19cdef70b1321df181c6323973e6297642cc234dbf3119","src/follow_redirect/policy/redirect_fn.rs":"f4f7bf9219df8da1021ef9f44b07b50814dfa0728c8dbf52090e0dfab0b8edcc","src/follow_redirect/policy/same_origin.rs":"9c47be5b615c3dd31db8056e324a4bc87b0510c19df09b6a9e5f7ea8de2829fe","src/lib.rs":"bebb63d58a9c556151f8f803393c5bc087d964b421bcfe38cc2a054ec358b8a0","src/macros.rs":"e942d44669a37fe976c669109790368447c2dbaf91354aff2515bcf0b1784d33","src/map_request_body.rs":"9a8f60e50b80e60de753c43d7fcb95595bb368aa32d69ddd555153121b6d9b13","src/map_response_body.rs":"b1f6be724b16c98c2fecdc9ffc20cbbff3de67fe4b7825256d2ef58adbeb8ab1","src/metrics/in_flight_requests.rs":"2d4834650f847983598600842165412fbc160d6b027e91038ad7fe579ed5ff86","src/metrics/mod.rs":"71d79df8dcb242f4925dc9b0d380d3c4fa7ae1f3d6a125f9db4f8a4ee3be9b3d","src/propagate_header.rs":"6cba913149fae518bf4bfe6ab1b6beeb1f1ceeb9beb12751774f0d41171495f8","src/request_id.rs":"fc3fa6f8005fb23e6f9a350eb67f720baf13c463f6e41c4939fbb1b8ce6251a3","src/sensitive_headers.rs":"9966e23ede1604b35ddb6296233cea0a67aee8b2583082413d4a0bf921f81470","src/services/fs/mod.rs":"a40e57b2e697cce94d33f86aba707cc3e4c39b9ec6f6e1a99be3091bd8927cf1","src/services/fs/serve_dir.rs":"e426737d2f58893f032528196dac4825fc4576cecd13bcdd7af93bb278bb8f5e","src/services/fs/serve_file.rs":"a8a4efff073bd6d6d87d945257fb6e67c3f7711fcdc2b4645ed6841d4473fa29","src/services/mod.rs":"f7987c866efc38f8750d4326609319986451647d2f8bed39705dca899f963aff","src/services/redirect.rs":"19447b838f8add2312b6a69fb00967e374c94b106bad12a3b06d4d24cbdd478f","src/set_header/mod.rs":"642db9ef0fed43886e12311e26ae2522d25275ff9263cb5f0ef500ed6ce5f6bd","src/set_header/request.rs":"8eb30faba910121961d713905d1f01331dfb195cbb313552afff849361ae301d","src/set_header/response.rs":"bb07c259604b4ee4b1ee6efb7c94edc72c736edaad65b93b313e556e924907c6","src/trace/body.rs":"b8869626deb66f355363d32fa563bac16d1e919883107326278b752093ece365","src/trace/future.rs":"9accf5d930eb8db777195fde99f2271e2096cf2e3fbea427bf37170246b0b6be","src/trace/layer.rs":"b8d7b54eff9458f9921b5be4d88b4a140acf2d265623541d87b4cf593052dd9e","src/trace/make_span.rs":"d99b1dbe63b89ad0eeb9868d78151a898d5353e6d30d3c847a83ac90ff0eef3e","src/trace/mod.rs":"43b4ee9d103d44153dc24ef09c1c01796f796785043434ad3d398b1be8d5a17d","src/trace/on_body_chunk.rs":"824f83e4b44e5656fd48922addf02c010764cd73ec4d290213be2b990751f3ca","src/trace/on_eos.rs":"75e10820d73251a5350acbdcda7bb10a2ce43f5314d20f221d4c69c63bc9c0ba","src/trace/on_failure.rs":"01ae3817e0a2463941583ae80b945c786ee3cf60fb0b38e6b2a8bb38bade604a","src/trace/on_request.rs":"a6730dc7e7eb2ccce99fce107673f38e2ef239f3c3446bbce0b54e85e0313b41","src/trace/on_response.rs":"80f68c33ba95e46521c1a359060bf87e3d8377a12e0b5b98aa572b13229f3ca7","src/trace/service.rs":"bb21da126aa4f0e83bd1ad0908b6ea2e0419c9a72ea8c14974aa5118185a426e"},"package":"90c125fdea84614a4368fd35786b51d0682ab8d42705e061e92f0b955dea40fb"}
\ No newline at end of file
+{"files":{"CHANGELOG.md":"007590bd53b0a598bcacc0e0368cf19a249f77aa86f1c9625b7bdb161bb22d91","Cargo.toml":"028cf1edbb04625fcdd7a92ffa32b5ea3ca7f9827370fac4f3828cb27307ef50","LICENSE":"5049cf464977eff4b4fcfa7988d84e74116956a3eb9d5f1d451b3f828f945233","src/add_extension.rs":"53693e5f8f49cf291246582b8fa8caa80e68b10d08d2a6ef1ea669eb0d1b2b18","src/auth/add_authorization.rs":"f2d82bd2d81e8e4a297092469bf481565e514a57e914dec6853d42697fd944c4","src/auth/async_require_authorization.rs":"c955d8177906f61c7dc57de491c9480e8488fd2274b6d886575992d473b72fdf","src/auth/mod.rs":"7fe22f3e408773f201ef9ff84658ee57a8ac112a3994884d5fd85bd4f97b576e","src/auth/require_authorization.rs":"2f6d0fff18f03676179458eda0aac34812b817dfee9de12dfcadf46b3ebf443a","src/builder.rs":"c8b40cd592abbb9106976c40af50dbbe127b76d15091b023ec03fdf6a5a087fe","src/catch_panic.rs":"6b95407a2509fff110ec1bc7b70a2a0ace2e996e50983c402f37225104ee8893","src/classify/grpc_errors_as_failures.rs":"a831048303227d1e1e92e01d53db121bbba419185acc14f90428d903a65c7319","src/classify/map_failure_class.rs":"a9f7d36f3aede2990205a88c06542d68126bb58f0f530bb1f8716fa47587f1f6","src/classify/mod.rs":"69d2d2407be72d8347f59c1ab9f7886f302620540de5cd201900318645e65400","src/classify/status_in_range_is_error.rs":"75203cf5c1531230b7dec5cd808237325c6c9cb4882942f7790bc3fb49e876e0","src/compression/body.rs":"38cdc25794142aee83c842bfdefdcc51859e989f9e7544b8c7491f3108a2053e","src/compression/future.rs":"078002e2eccf24a35c109279071f8a6494f9aeab367cb2513aa0cac55057dc80","src/compression/layer.rs":"9a0d37e44c1deef36ed51b5b8bc705abdf00e4e3a50c8509e4326d1a90f22272","src/compression/mod.rs":"667b5852792b9cdd703c0c4cba7d3ff51870247abaff6efbbaa3d6a30aff74b7","src/compression/pin_project_cfg.rs":"a98033f4b8b12f8372ba51522f22a8610d005e82e29b3e24e28b4a8cb902b2ef","src/compression/predicate.rs":"808ef3c8a6093b83f08f6812ff2223a4d3aa9ef9caed8b871f05a8f5d4e08825","src/compression/service.rs":"37f32f1ce8cf9a40fc5b5d6868a05c9b9c9665e28b7e26b95a8ae295bb8da513","src/compression_utils.rs":"12a22394faa0089a9dcbeaf06b14bdfcbf5518e2d28649337e826dde8e12465c","src/content_encoding.rs":"a466c59db6c8d370f78573a22df737ce7ec3dd073e0e80a429ef126354b94265","src/cors/allow_credentials.rs":"5b194d764c7e2dbc3b7a017516a31e2b62b8ec5a1f0c7b3ab88fac85f0b25b2c","src/cors/allow_headers.rs":"a30892e380530864a17e4fe432d3d8b5f3f3da0afb37bd19ac309833ee34734a","src/cors/allow_methods.rs":"ea35bf01415873be4a013d4851e495750d409854384c3bc32e24aed18b9079fd","src/cors/allow_origin.rs":"7c605b80be6c4646023f19db821669a8696975167fe80c68b570ec59e39e8e26","src/cors/expose_headers.rs":"9ab7d0dbfa921013c9be7679d89cb811649b2606c51becc72a16f627eeea465b","src/cors/max_age.rs":"0d2b67f1c092b9d36b20e05a04bfdf7eb57215c23a04cf2ca5fae07fca066697","src/cors/mod.rs":"50c370f0769790f8c5a4c1c668ed4f3f6c9de0c9957c26b251325d4e46137cc6","src/cors/vary.rs":"5ce252e2720914543758de8c1ac94610cfc255108c35b0d1ff306ce5c54b5c21","src/decompression/body.rs":"4e27b3319f1f1f75f63719e110f6713e36ea9dda8341ba3fb843b0dc15b75112","src/decompression/future.rs":"bb862c314e40593956450c3e6aec1f51a0c304891d6e9706efc1ea76be2c4f4a","src/decompression/layer.rs":"128532dfc4cbd2569f7e8eac6481edd5776895adef31e974120238514dfc0452","src/decompression/mod.rs":"060730980b600dd75b2995d22da8540d5ab8bbdcabe80c8d183c5c2ce17b0072","src/decompression/service.rs":"471d8c55df48b27cedf01f44073aaf7ca3efebbe31d41fd91977399e19ac3dd9","src/follow_redirect/mod.rs":"b722278c1a4a951476a00e7039203bbf5d4fc2ada8725ad2ba16ec19dde299da","src/follow_redirect/policy/and.rs":"a62623042f4d13029ca0d35a21cab20f26bf98fff0d321dd19ee6eadef96ee02","src/follow_redirect/policy/clone_body_fn.rs":"3a78bf37d4bd000d9c2d60d84a2d02d2d0ae584a0790da2dcdb34fab43fcd557","src/follow_redirect/policy/filter_credentials.rs":"918ce212685ce6501f78e6346c929fec8e01e81b26d681f6d3c86d88fe2eaa97","src/follow_redirect/policy/limited.rs":"b958035fc38736e12ef2a5421366de51c806c8ca849e8e9310b9d14e8b0b1e07","src/follow_redirect/policy/mod.rs":"d5aaa4828890922f38ab491b616cb0db3a353893365094bc600659b572c8e519","src/follow_redirect/policy/or.rs":"02de001232c92a9e7e19cdef70b1321df181c6323973e6297642cc234dbf3119","src/follow_redirect/policy/redirect_fn.rs":"f4f7bf9219df8da1021ef9f44b07b50814dfa0728c8dbf52090e0dfab0b8edcc","src/follow_redirect/policy/same_origin.rs":"9c47be5b615c3dd31db8056e324a4bc87b0510c19df09b6a9e5f7ea8de2829fe","src/lib.rs":"16b9b26dc039015286a700b95ff3f58a3a8d3f092677f9bf0ff5e0168766f2c7","src/macros.rs":"e942d44669a37fe976c669109790368447c2dbaf91354aff2515bcf0b1784d33","src/map_request_body.rs":"9a8f60e50b80e60de753c43d7fcb95595bb368aa32d69ddd555153121b6d9b13","src/map_response_body.rs":"b1f6be724b16c98c2fecdc9ffc20cbbff3de67fe4b7825256d2ef58adbeb8ab1","src/metrics/in_flight_requests.rs":"2d4834650f847983598600842165412fbc160d6b027e91038ad7fe579ed5ff86","src/metrics/mod.rs":"71d79df8dcb242f4925dc9b0d380d3c4fa7ae1f3d6a125f9db4f8a4ee3be9b3d","src/propagate_header.rs":"6cba913149fae518bf4bfe6ab1b6beeb1f1ceeb9beb12751774f0d41171495f8","src/request_id.rs":"94f20e1f32ca8736fa5d846321c5db164dfea298f3be8d22da6fd48714925c70","src/sensitive_headers.rs":"9966e23ede1604b35ddb6296233cea0a67aee8b2583082413d4a0bf921f81470","src/services/fs/mod.rs":"87be16e4e6d012ac6ce671eddf060285c2894e48887cd60cb8d4ffcd7050ffe6","src/services/fs/serve_dir/future.rs":"50479bae2356c3714e6942f5e7b9d164de3f1c28d2a4762eafc82a0170a1546e","src/services/fs/serve_dir/headers.rs":"d48fb514ca575e5e380f80eb84521a5fcab0560e57a995f1fef5ca35590400e8","src/services/fs/serve_dir/mod.rs":"14e3a2d0491451e7c9c0028796819d4665ca06dd7525361a9a354aa91bd4278c","src/services/fs/serve_dir/open_file.rs":"dcce9a245b8f77c4786cf126c10132ef141793406b82a8918c4b7174fac62361","src/services/fs/serve_dir/tests.rs":"b808746475e15d2bb14cb8409fbbf9d59cb85a6de2edd6895209edd4f96e8cae","src/services/fs/serve_file.rs":"487249a521b23bc2b82c6b3dcd5e5900676db0fd92bbd47ba7573e55d2ce21da","src/services/mod.rs":"177bf1406c13c0386c82b247e6d1556c55c7a2f6704de7e50dbc987400713b96","src/services/redirect.rs":"19447b838f8add2312b6a69fb00967e374c94b106bad12a3b06d4d24cbdd478f","src/set_header/mod.rs":"642db9ef0fed43886e12311e26ae2522d25275ff9263cb5f0ef500ed6ce5f6bd","src/set_header/request.rs":"8eb30faba910121961d713905d1f01331dfb195cbb313552afff849361ae301d","src/set_header/response.rs":"bb07c259604b4ee4b1ee6efb7c94edc72c736edaad65b93b313e556e924907c6","src/set_status.rs":"a9ca203fadb5c90e92c8cf8ff30930ad88bfb966dbf09133718c0d5b2d47d8de","src/trace/body.rs":"b8869626deb66f355363d32fa563bac16d1e919883107326278b752093ece365","src/trace/future.rs":"9accf5d930eb8db777195fde99f2271e2096cf2e3fbea427bf37170246b0b6be","src/trace/layer.rs":"b8d7b54eff9458f9921b5be4d88b4a140acf2d265623541d87b4cf593052dd9e","src/trace/make_span.rs":"d99b1dbe63b89ad0eeb9868d78151a898d5353e6d30d3c847a83ac90ff0eef3e","src/trace/mod.rs":"43b4ee9d103d44153dc24ef09c1c01796f796785043434ad3d398b1be8d5a17d","src/trace/on_body_chunk.rs":"824f83e4b44e5656fd48922addf02c010764cd73ec4d290213be2b990751f3ca","src/trace/on_eos.rs":"75e10820d73251a5350acbdcda7bb10a2ce43f5314d20f221d4c69c63bc9c0ba","src/trace/on_failure.rs":"01ae3817e0a2463941583ae80b945c786ee3cf60fb0b38e6b2a8bb38bade604a","src/trace/on_request.rs":"a6730dc7e7eb2ccce99fce107673f38e2ef239f3c3446bbce0b54e85e0313b41","src/trace/on_response.rs":"80f68c33ba95e46521c1a359060bf87e3d8377a12e0b5b98aa572b13229f3ca7","src/trace/service.rs":"bb21da126aa4f0e83bd1ad0908b6ea2e0419c9a72ea8c14974aa5118185a426e"},"package":"7d342c6d58709c0a6d48d48dabbb62d4ef955cf5f0f3bbfd845838e7ae88dbae"}
\ No newline at end of file
diff --git a/vendor/tower-http/CHANGELOG.md b/vendor/tower-http/CHANGELOG.md
index 18ee63fc7edff..c2cd260e2e097 100644
--- a/vendor/tower-http/CHANGELOG.md
+++ b/vendor/tower-http/CHANGELOG.md
@@ -23,6 +23,77 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - None.
 
+# 0.3.3 (May 08, 2022)
+
+## Added
+
+- **serve_dir:** Add `ServeDir::call_fallback_on_method_not_allowed` to allow calling the fallback
+  for requests that aren't `GET` or `HEAD` ([#264])
+- **request_id:** Add `MakeRequestUuid` for generating request ids using UUIDs ([#266])
+
+[#264]: https://github.com/tower-rs/tower-http/pull/264
+[#266]: https://github.com/tower-rs/tower-http/pull/266
+
+## Fixed
+
+- **serve_dir:** Include `Allow` header for `405 Method Not Allowed` responses ([#263])
+
+[#263]: https://github.com/tower-rs/tower-http/pull/263
+
+# 0.3.2 (April 29, 2022)
+
+## Fixed
+
+- **serve_dir**: Fix empty request parts being passed to `ServeDir`'s fallback instead of the actual ones ([#258])
+
+[#258]: https://github.com/tower-rs/tower-http/pull/258
+
+# 0.3.1 (April 28, 2022)
+
+## Fixed
+
+- **cors**: Only send a single origin in `Access-Control-Allow-Origin` header when a list of
+  allowed origins is configured (the previous behavior of sending a comma-separated list like for
+  allowed methods and allowed headers is not allowed by any standard)
+
+# 0.3.0 (April 25, 2022)
+
+## Added
+
+- **fs**: Add `ServeDir::{fallback, not_found_service}` for calling another service if
+  the file cannot be found ([#243])
+- **fs**: Add `SetStatus` to override status codes ([#248])
+- `ServeDir` and `ServeFile` now respond with `405 Method Not Allowed` to requests where the
+  method isn't `GET` or `HEAD` ([#249])
+- **cors**: Added `CorsLayer::very_permissive` which is like
+  `CorsLayer::permissive` except it (truly) allows credentials. This is made
+  possible by mirroring the request's origin as well as method and headers
+  back as CORS-whitelisted ones ([#237])
+- **cors**: Allow customizing the value(s) for the `Vary` header ([#237])
+
+## Changed
+
+- **cors**: Removed `allow-credentials: true` from `CorsLayer::permissive`.
+  It never actually took effect in compliant browsers because it is mutually
+  exclusive with the `*` wildcard (`Any`) on origins, methods and headers ([#237])
+- **cors**: Rewrote the CORS middleware. Almost all existing usage patterns
+  will continue to work. (BREAKING) ([#237])
+- **cors**: The CORS middleware will now panic if you try to use `Any` in
+  combination with `.allow_credentials(true)`. This configuration worked
+  before, but resulted in browsers ignoring the `allow-credentials` header,
+  which defeats the purpose of setting it and can be very annoying to debug
+  ([#237])
+
+## Fixed
+
+- **fs**: Fix content-length calculation on range requests ([#228])
+
+[#228]: https://github.com/tower-rs/tower-http/pull/228
+[#237]: https://github.com/tower-rs/tower-http/pull/237
+[#243]: https://github.com/tower-rs/tower-http/pull/243
+[#248]: https://github.com/tower-rs/tower-http/pull/248
+[#249]: https://github.com/tower-rs/tower-http/pull/249
+
 # 0.2.4 (March 5, 2022)
 
 ## Added
diff --git a/vendor/tower-http/Cargo.toml b/vendor/tower-http/Cargo.toml
index 0efbd5e4b9f66..1363c528d5110 100644
--- a/vendor/tower-http/Cargo.toml
+++ b/vendor/tower-http/Cargo.toml
@@ -13,21 +13,36 @@
 edition = "2018"
 rust-version = "1.51"
 name = "tower-http"
-version = "0.2.4"
+version = "0.3.3"
 authors = ["Tower Maintainers <team@tower-rs.com>"]
 description = "Tower middleware and utilities for HTTP clients and servers"
 homepage = "https://github.com/tower-rs/tower-http"
 readme = "../README.md"
-keywords = ["io", "async", "futures", "service", "http"]
-categories = ["asynchronous", "network-programming", "web-programming"]
+keywords = [
+    "io",
+    "async",
+    "futures",
+    "service",
+    "http",
+]
+categories = [
+    "asynchronous",
+    "network-programming",
+    "web-programming",
+]
 license = "MIT"
 repository = "https://github.com/tower-rs/tower-http"
+
 [package.metadata.docs.rs]
 all-features = true
-rustdoc-args = ["--cfg", "docsrs"]
+rustdoc-args = [
+    "--cfg",
+    "docsrs",
+]
 
 [package.metadata.playground]
 features = ["full"]
+
 [dependencies.async-compression]
 version = "0.3"
 features = ["tokio"]
@@ -110,6 +125,12 @@ version = "0.3"
 version = "0.1"
 optional = true
 default_features = false
+
+[dependencies.uuid]
+version = "1.0"
+features = ["v4"]
+optional = true
+
 [dev-dependencies.brotli]
 version = "3"
 
@@ -138,39 +159,114 @@ features = ["full"]
 
 [dev-dependencies.tower]
 version = "0.4.10"
-features = ["buffer", "util", "retry", "make", "timeout"]
+features = [
+    "buffer",
+    "util",
+    "retry",
+    "make",
+    "timeout",
+]
 
 [dev-dependencies.tracing-subscriber]
 version = "0.3"
 
 [dev-dependencies.uuid]
-version = "0.8"
+version = "1.0"
 features = ["v4"]
 
 [features]
 add-extension = []
 auth = ["base64"]
-catch-panic = ["tracing", "futures-util/std"]
-compression-br = ["async-compression/brotli", "tokio-util", "tokio"]
-compression-deflate = ["async-compression/zlib", "tokio-util", "tokio"]
-compression-full = ["compression-br", "compression-deflate", "compression-gzip"]
-compression-gzip = ["async-compression/gzip", "tokio-util", "tokio"]
+catch-panic = [
+    "tracing",
+    "futures-util/std",
+]
+compression-br = [
+    "async-compression/brotli",
+    "tokio-util",
+    "tokio",
+]
+compression-deflate = [
+    "async-compression/zlib",
+    "tokio-util",
+    "tokio",
+]
+compression-full = [
+    "compression-br",
+    "compression-deflate",
+    "compression-gzip",
+]
+compression-gzip = [
+    "async-compression/gzip",
+    "tokio-util",
+    "tokio",
+]
 cors = []
-decompression-br = ["async-compression/brotli", "tokio-util", "tokio"]
-decompression-deflate = ["async-compression/zlib", "tokio-util", "tokio"]
-decompression-full = ["decompression-br", "decompression-deflate", "decompression-gzip"]
-decompression-gzip = ["async-compression/gzip", "tokio-util", "tokio"]
+decompression-br = [
+    "async-compression/brotli",
+    "tokio-util",
+    "tokio",
+]
+decompression-deflate = [
+    "async-compression/zlib",
+    "tokio-util",
+    "tokio",
+]
+decompression-full = [
+    "decompression-br",
+    "decompression-deflate",
+    "decompression-gzip",
+]
+decompression-gzip = [
+    "async-compression/gzip",
+    "tokio-util",
+    "tokio",
+]
 default = []
-follow-redirect = ["iri-string", "tower/util"]
-fs = ["tokio/fs", "tokio-util/io", "tokio/io-util", "mime_guess", "mime", "percent-encoding", "httpdate"]
-full = ["add-extension", "auth", "catch-panic", "compression-full", "cors", "decompression-full", "follow-redirect", "fs", "map-request-body", "map-response-body", "metrics", "propagate-header", "redirect", "request-id", "sensitive-headers", "set-header", "trace", "util"]
+follow-redirect = [
+    "iri-string",
+    "tower/util",
+]
+fs = [
+    "tokio/fs",
+    "tokio-util/io",
+    "tokio/io-util",
+    "mime_guess",
+    "mime",
+    "percent-encoding",
+    "httpdate",
+    "set-status",
+    "futures-util/alloc",
+]
+full = [
+    "add-extension",
+    "auth",
+    "catch-panic",
+    "compression-full",
+    "cors",
+    "decompression-full",
+    "follow-redirect",
+    "fs",
+    "map-request-body",
+    "map-response-body",
+    "metrics",
+    "propagate-header",
+    "redirect",
+    "request-id",
+    "sensitive-headers",
+    "set-header",
+    "set-status",
+    "trace",
+    "util",
+]
 map-request-body = []
 map-response-body = []
 metrics = ["tokio/time"]
 propagate-header = []
 redirect = []
-request-id = []
+request-id = ["uuid"]
 sensitive-headers = []
 set-header = []
+set-status = []
 trace = ["tracing"]
 util = ["tower"]
diff --git a/vendor/tower-http/src/builder.rs b/vendor/tower-http/src/builder.rs
index 0467abd1e2133..067d7c7456f9d 100644
--- a/vendor/tower-http/src/builder.rs
+++ b/vendor/tower-http/src/builder.rs
@@ -40,6 +40,8 @@ use tower_layer::Stack;
 /// # service.ready().await.unwrap().call(Request::new(Body::empty())).await.unwrap();
 /// # }
 /// ```
+#[cfg(feature = "util")]
+// ^ work around rustdoc not inferring doc(cfg)s for cfg's from surrounding scopes
 pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     /// Propagate a header from the request to the response.
     ///
@@ -47,7 +49,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::propagate_header`]: crate::propagate_header
     #[cfg(feature = "propagate-header")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "propagate-header")))]
     fn propagate_header(
         self,
         header: HeaderName,
@@ -60,7 +61,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     /// [`tower_http::add_extension`]: crate::add_extension
     /// [request extensions]: https://docs.rs/http/latest/http/struct.Extensions.html
     #[cfg(feature = "add-extension")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "add-extension")))]
     fn add_extension<T>(
         self,
         value: T,
@@ -72,7 +72,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::map_request_body`]: crate::map_request_body
     #[cfg(feature = "map-request-body")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "map-request-body")))]
     fn map_request_body<F>(
         self,
         f: F,
@@ -84,7 +83,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::map_response_body`]: crate::map_response_body
     #[cfg(feature = "map-response-body")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "map-response-body")))]
     fn map_response_body<F>(
         self,
         f: F,
@@ -100,14 +98,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
         feature = "compression-deflate",
         feature = "compression-gzip"
     ))]
-    #[cfg_attr(
-        docsrs,
-        doc(cfg(any(
-            feature = "compression-br",
-            feature = "compression-deflate",
-            feature = "compression-gzip"
-        )))
-    )]
     fn compression(self) -> ServiceBuilder<Stack<crate::compression::CompressionLayer, L>>;
 
     /// Decompress response bodies.
@@ -120,14 +110,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
         feature = "decompression-deflate",
         feature = "decompression-gzip"
     ))]
-    #[cfg_attr(
-        docsrs,
-        doc(cfg(any(
-            feature = "decompression-br",
-            feature = "decompression-deflate",
-            feature = "decompression-gzip"
-        )))
-    )]
     fn decompression(self) -> ServiceBuilder<Stack<crate::decompression::DecompressionLayer, L>>;
 
     /// High level tracing that classifies responses using HTTP status codes.
@@ -140,7 +122,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     /// [`tower_http::trace`]: crate::trace
     /// [`TraceLayer`]: crate::trace::TraceLayer
     #[cfg(feature = "trace")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "trace")))]
     fn trace_for_http(
         self,
     ) -> ServiceBuilder<Stack<crate::trace::TraceLayer<SharedClassifier<ServerErrorsAsFailures>>, L>>;
@@ -155,7 +136,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     /// [`tower_http::trace`]: crate::trace
     /// [`TraceLayer`]: crate::trace::TraceLayer
     #[cfg(feature = "trace")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "trace")))]
     fn trace_for_grpc(
         self,
     ) -> ServiceBuilder<Stack<crate::trace::TraceLayer<SharedClassifier<GrpcErrorsAsFailures>>, L>>;
@@ -167,7 +147,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     /// [`tower_http::follow_redirect`]: crate::follow_redirect
     /// [`Standard`]: crate::follow_redirect::policy::Standard
     #[cfg(feature = "follow-redirect")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "follow-redirect")))]
     fn follow_redirects(
         self,
     ) -> ServiceBuilder<
@@ -184,7 +163,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     /// [sensitive]: https://docs.rs/http/latest/http/header/struct.HeaderValue.html#method.set_sensitive
     /// [`tower_http::sensitive_headers`]: crate::sensitive_headers
     #[cfg(feature = "sensitive-headers")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "sensitive-headers")))]
     fn sensitive_headers<I>(
         self,
         headers: I,
@@ -199,7 +177,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     /// [sensitive]: https://docs.rs/http/latest/http/header/struct.HeaderValue.html#method.set_sensitive
     /// [`tower_http::sensitive_headers`]: crate::sensitive_headers
     #[cfg(feature = "sensitive-headers")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "sensitive-headers")))]
     fn sensitive_request_headers(
         self,
         headers: std::sync::Arc<[HeaderName]>,
@@ -212,7 +189,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     /// [sensitive]: https://docs.rs/http/latest/http/header/struct.HeaderValue.html#method.set_sensitive
     /// [`tower_http::sensitive_headers`]: crate::sensitive_headers
     #[cfg(feature = "sensitive-headers")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "sensitive-headers")))]
     fn sensitive_response_headers(
         self,
         headers: std::sync::Arc<[HeaderName]>,
@@ -227,7 +203,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::set_header`]: crate::set_header
     #[cfg(feature = "set-header")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "set-header")))]
     fn override_request_header<M>(
         self,
         header_name: HeaderName,
@@ -242,7 +217,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::set_header`]: crate::set_header
     #[cfg(feature = "set-header")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "set-header")))]
     fn append_request_header<M>(
         self,
         header_name: HeaderName,
@@ -255,7 +229,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::set_header`]: crate::set_header
     #[cfg(feature = "set-header")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "set-header")))]
     fn insert_request_header_if_not_present<M>(
         self,
         header_name: HeaderName,
@@ -271,7 +244,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::set_header`]: crate::set_header
     #[cfg(feature = "set-header")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "set-header")))]
     fn override_response_header<M>(
         self,
         header_name: HeaderName,
@@ -286,7 +258,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::set_header`]: crate::set_header
     #[cfg(feature = "set-header")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "set-header")))]
     fn append_response_header<M>(
         self,
         header_name: HeaderName,
@@ -299,7 +270,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::set_header`]: crate::set_header
     #[cfg(feature = "set-header")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "set-header")))]
     fn insert_response_header_if_not_present<M>(
         self,
         header_name: HeaderName,
@@ -312,7 +282,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::request_id`]: crate::request_id
     #[cfg(feature = "request-id")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "request-id")))]
     fn set_request_id<M>(
         self,
         header_name: HeaderName,
@@ -327,7 +296,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::request_id`]: crate::request_id
     #[cfg(feature = "request-id")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "request-id")))]
     fn set_x_request_id<M>(
         self,
         make_request_id: M,
@@ -347,7 +315,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::request_id`]: crate::request_id
     #[cfg(feature = "request-id")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "request-id")))]
     fn propagate_request_id(
         self,
         header_name: HeaderName,
@@ -359,7 +326,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::request_id`]: crate::request_id
     #[cfg(feature = "request-id")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "request-id")))]
     fn propagate_x_request_id(
         self,
     ) -> ServiceBuilder<Stack<crate::request_id::PropagateRequestIdLayer, L>> {
@@ -372,7 +338,6 @@ pub trait ServiceBuilderExt<L>: crate::sealed::Sealed<L> + Sized {
     ///
     /// [`tower_http::catch_panic`]: crate::catch_panic
     #[cfg(feature = "catch-panic")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "catch-panic")))]
     fn catch_panic(
         self,
     ) -> ServiceBuilder<
@@ -420,14 +385,6 @@ impl<L> ServiceBuilderExt<L> for ServiceBuilder<L> {
         feature = "compression-deflate",
         feature = "compression-gzip"
     ))]
-    #[cfg_attr(
-        docsrs,
-        doc(cfg(any(
-            feature = "compression-br",
-            feature = "compression-deflate",
-            feature = "compression-gzip"
-        )))
-    )]
     fn compression(self) -> ServiceBuilder<Stack<crate::compression::CompressionLayer, L>> {
         self.layer(crate::compression::CompressionLayer::new())
     }
@@ -437,14 +394,6 @@ impl<L> ServiceBuilderExt<L> for ServiceBuilder<L> {
         feature = "decompression-deflate",
         feature = "decompression-gzip"
     ))]
-    #[cfg_attr(
-        docsrs,
-        doc(cfg(any(
-            feature = "decompression-br",
-            feature = "decompression-deflate",
-            feature = "decompression-gzip"
-        )))
-    )]
     fn decompression(self) -> ServiceBuilder<Stack<crate::decompression::DecompressionLayer, L>> {
         self.layer(crate::decompression::DecompressionLayer::new())
     }
@@ -466,7 +415,6 @@ impl<L> ServiceBuilderExt<L> for ServiceBuilder<L> {
     }
 
     #[cfg(feature = "follow-redirect")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "follow-redirect")))]
     fn follow_redirects(
         self,
     ) -> ServiceBuilder<
@@ -603,7 +551,6 @@ impl<L> ServiceBuilderExt<L> for ServiceBuilder<L> {
     }
 
     #[cfg(feature = "catch-panic")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "catch-panic")))]
     fn catch_panic(
         self,
     ) -> ServiceBuilder<
diff --git a/vendor/tower-http/src/classify/status_in_range_is_error.rs b/vendor/tower-http/src/classify/status_in_range_is_error.rs
index 51353c54f2da1..ce3202a267a7c 100644
--- a/vendor/tower-http/src/classify/status_in_range_is_error.rs
+++ b/vendor/tower-http/src/classify/status_in_range_is_error.rs
@@ -38,7 +38,7 @@ pub struct StatusInRangeAsFailures {
 }
 
 impl StatusInRangeAsFailures {
-    /// Createa a new `StatusInRangeAsFailures`.
+    /// Creates a new `StatusInRangeAsFailures`.
     ///
     /// # Panics
     ///
@@ -59,7 +59,7 @@ impl StatusInRangeAsFailures {
         Self { range }
     }
 
-    /// Createa a new `StatusInRangeAsFailures` that classifies client and server responses as
+    /// Creates a new `StatusInRangeAsFailures` that classifies client and server responses as
     /// failures.
     ///
     /// This is a convenience for `StatusInRangeAsFailures::new(400..=599)`.
diff --git a/vendor/tower-http/src/compression/layer.rs b/vendor/tower-http/src/compression/layer.rs
index 2a5243cf4fb96..0dd62063e7dc5 100644
--- a/vendor/tower-http/src/compression/layer.rs
+++ b/vendor/tower-http/src/compression/layer.rs
@@ -38,7 +38,6 @@ impl CompressionLayer {
 
     /// Sets whether to enable the gzip encoding.
     #[cfg(feature = "compression-gzip")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "compression-gzip")))]
     pub fn gzip(mut self, enable: bool) -> Self {
         self.accept.set_gzip(enable);
         self
@@ -46,7 +45,6 @@ impl CompressionLayer {
 
     /// Sets whether to enable the Deflate encoding.
     #[cfg(feature = "compression-deflate")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "compression-deflate")))]
     pub fn deflate(mut self, enable: bool) -> Self {
         self.accept.set_deflate(enable);
         self
@@ -54,7 +52,6 @@ impl CompressionLayer {
 
     /// Sets whether to enable the Brotli encoding.
     #[cfg(feature = "compression-br")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "compression-br")))]
     pub fn br(mut self, enable: bool) -> Self {
         self.accept.set_br(enable);
         self
diff --git a/vendor/tower-http/src/compression/service.rs b/vendor/tower-http/src/compression/service.rs
index bc4e0b057464a..91de2b50bfbcd 100644
--- a/vendor/tower-http/src/compression/service.rs
+++ b/vendor/tower-http/src/compression/service.rs
@@ -42,7 +42,6 @@ impl<S, P> Compression<S, P> {
 
     /// Sets whether to enable the gzip encoding.
     #[cfg(feature = "compression-gzip")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "compression-gzip")))]
     pub fn gzip(mut self, enable: bool) -> Self {
         self.accept.set_gzip(enable);
         self
@@ -50,7 +49,6 @@ impl<S, P> Compression<S, P> {
 
     /// Sets whether to enable the Deflate encoding.
     #[cfg(feature = "compression-deflate")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "compression-deflate")))]
     pub fn deflate(mut self, enable: bool) -> Self {
         self.accept.set_deflate(enable);
         self
@@ -58,7 +56,6 @@ impl<S, P> Compression<S, P> {
 
     /// Sets whether to enable the Brotli encoding.
     #[cfg(feature = "compression-br")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "compression-br")))]
     pub fn br(mut self, enable: bool) -> Self {
         self.accept.set_br(enable);
         self
diff --git a/vendor/tower-http/src/cors.rs b/vendor/tower-http/src/cors.rs
deleted file mode 100644
index 49c48c9bcbe35..0000000000000
--- a/vendor/tower-http/src/cors.rs
+++ /dev/null
@@ -1,870 +0,0 @@
-//! Middleware which adds headers for [CORS][mdn].
-//!
-//! # Example
-//!
-//! ```
-//! use http::{Request, Response, Method, header};
-//! use hyper::Body;
-//! use tower::{ServiceBuilder, ServiceExt, Service};
-//! use tower_http::cors::{Any, CorsLayer};
-//! use std::convert::Infallible;
-//!
-//! async fn handle(request: Request<Body>) -> Result<Response<Body>, Infallible> {
-//!     Ok(Response::new(Body::empty()))
-//! }
-//!
-//! # #[tokio::main]
-//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
-//! let cors = CorsLayer::new()
-//!     // allow `GET` and `POST` when accessing the resource
-//!     .allow_methods(vec![Method::GET, Method::POST])
-//!     // allow requests from any origin
-//!     .allow_origin(Any);
-//!
-//! let mut service = ServiceBuilder::new()
-//!     .layer(cors)
-//!     .service_fn(handle);
-//!
-//! let request = Request::builder()
-//!     .header(header::ORIGIN, "https://example.com")
-//!     .body(Body::empty())
-//!     .unwrap();
-//!
-//! let response = service
-//!     .ready()
-//!     .await?
-//!     .call(request)
-//!     .await?;
-//!
-//! assert_eq!(
-//!     response.headers().get(header::ACCESS_CONTROL_ALLOW_ORIGIN).unwrap(),
-//!     "*",
-//! );
-//! # Ok(())
-//! # }
-//! ```
-//!
-//! [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
-
-use bytes::{BufMut, BytesMut};
-use futures_core::ready;
-use http::{
-    header::{self, HeaderName, HeaderValue},
-    request::Parts,
-    Method, Request, Response, StatusCode,
-};
-use pin_project_lite::pin_project;
-use std::{
-    fmt,
-    future::Future,
-    pin::Pin,
-    sync::Arc,
-    task::{Context, Poll},
-    time::Duration,
-};
-use tower_layer::Layer;
-use tower_service::Service;
-
-/// Layer that applies the [`Cors`] middleware which adds headers for [CORS][mdn].
-///
-/// See the [module docs](crate::cors) for an example.
-///
-/// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
-#[derive(Debug, Clone)]
-pub struct CorsLayer {
-    allow_credentials: Option<HeaderValue>,
-    allow_headers: Option<HeaderValue>,
-    allow_methods: Option<HeaderValue>,
-    allow_origin: Option<AnyOr<Origin>>,
-    expose_headers: Option<HeaderValue>,
-    max_age: Option<HeaderValue>,
-}
-
-#[allow(clippy::declare_interior_mutable_const)]
-const WILDCARD: HeaderValue = HeaderValue::from_static("*");
-
-impl CorsLayer {
-    /// Create a new `CorsLayer`.
-    ///
-    /// This creates a restrictive configuration. Use the builder methods to
-    /// customize the behavior.
-    pub fn new() -> Self {
-        Self {
-            allow_credentials: None,
-            allow_headers: None,
-            allow_methods: None,
-            allow_origin: None,
-            expose_headers: None,
-            max_age: None,
-        }
-    }
-
-    /// A very permissive configuration suitable for development:
-    ///
-    /// - Credentials allowed.
-    /// - All request headers allowed.
-    /// - All methods allowed.
-    /// - All origins allowed.
-    /// - All headers exposed.
-    /// - Max age set to 1 hour.
-    ///
-    /// Note this is not recommended for production use.
-    pub fn permissive() -> Self {
-        Self::new()
-            .allow_credentials(true)
-            .allow_headers(Any)
-            .allow_methods(Any)
-            .allow_origin(Any)
-            .expose_headers(Any)
-            .max_age(Duration::from_secs(60 * 60))
-    }
-
-    /// Set the [`Access-Control-Allow-Credentials`][mdn] header.
-    ///
-    /// ```
-    /// use tower_http::cors::CorsLayer;
-    ///
-    /// let layer = CorsLayer::new().allow_credentials(true);
-    /// ```
-    ///
-    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
-    pub fn allow_credentials(mut self, allow_credentials: bool) -> Self {
-        self.allow_credentials = allow_credentials.then(|| HeaderValue::from_static("true"));
-        self
-    }
-
-    /// Set the value of the [`Access-Control-Allow-Headers`][mdn] header.
-    ///
-    /// ```
-    /// use tower_http::cors::CorsLayer;
-    /// use http::header::{AUTHORIZATION, ACCEPT};
-    ///
-    /// let layer = CorsLayer::new().allow_headers(vec![AUTHORIZATION, ACCEPT]);
-    /// ```
-    ///
-    /// All headers can be allowed with
-    ///
-    /// ```
-    /// use tower_http::cors::{Any, CorsLayer};
-    ///
-    /// let layer = CorsLayer::new().allow_headers(Any);
-    /// ```
-    ///
-    /// Note that multiple calls to this method will override any previous
-    /// calls.
-    ///
-    /// Also note that `Access-Control-Allow-Headers` is required for requests that have
-    /// `Access-Control-Request-Headers`.
-    ///
-    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
-    pub fn allow_headers<I>(mut self, headers: I) -> Self
-    where
-        I: Into<AnyOr<Vec<HeaderName>>>,
-    {
-        self.allow_headers = match headers.into().0 {
-            AnyOrInner::Any => Some(WILDCARD),
-            AnyOrInner::Value(headers) => separated_by_commas(headers.into_iter().map(Into::into)),
-        };
-        self
-    }
-
-    /// Set the value of the [`Access-Control-Max-Age`][mdn] header.
-    ///
-    /// ```
-    /// use tower_http::cors::CorsLayer;
-    /// use std::time::Duration;
-    ///
-    /// let layer = CorsLayer::new().max_age(Duration::from_secs(60) * 10);
-    /// ```
-    ///
-    /// By default the header will not be set which disables caching and will
-    /// require a preflight call for all requests.
-    ///
-    /// Note that each browser has a maximum internal value that takes
-    /// precedence when the Access-Control-Max-Age is greater. For more details
-    /// see [mdn].
-    ///
-    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
-    pub fn max_age(mut self, max_age: Duration) -> Self {
-        self.max_age = Some(max_age.as_secs().into());
-        self
-    }
-
-    /// Set the value of the [`Access-Control-Allow-Methods`][mdn] header.
-    ///
-    /// ```
-    /// use tower_http::cors::CorsLayer;
-    /// use http::Method;
-    ///
-    /// let layer = CorsLayer::new().allow_methods(vec![Method::GET, Method::POST]);
-    /// ```
-    ///
-    /// All methods can be allowed with
-    ///
-    /// ```
-    /// use tower_http::cors::{Any, CorsLayer};
-    ///
-    /// let layer = CorsLayer::new().allow_methods(Any);
-    /// ```
-    ///
-    /// Note that multiple calls to this method will override any previous
-    /// calls.
-    ///
-    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
-    pub fn allow_methods<T>(mut self, methods: T) -> Self
-    where
-        T: Into<AnyOr<Vec<Method>>>,
-    {
-        self.allow_methods = match methods.into().0 {
-            AnyOrInner::Any => Some(WILDCARD),
-            AnyOrInner::Value(methods) => separated_by_commas(
-                methods
-                    .into_iter()
-                    .map(|m| HeaderValue::from_str(m.as_str()).unwrap()),
-            ),
-        };
-        self
-    }
-
-    /// Set the value of the [`Access-Control-Allow-Origin`][mdn] header.
-    ///
-    /// ```
-    /// use tower_http::cors::{CorsLayer, Origin};
-    ///
-    /// let layer = CorsLayer::new().allow_origin(Origin::exact(
-    ///     "http://example.com".parse().unwrap(),
-    /// ));
-    /// ```
-    ///
-    /// Multiple origins can be allowed with
-    ///
-    /// ```
-    /// use tower_http::cors::{CorsLayer, Origin};
-    ///
-    /// let origins = vec![
-    ///     "http://example.com".parse().unwrap(),
-    ///     "http://api.example.com".parse().unwrap(),
-    /// ];
-    ///
-    /// let layer = CorsLayer::new().allow_origin(Origin::list(origins));
-    /// ```
-    ///
-    /// All origins can be allowed with
-    ///
-    /// ```
-    /// use tower_http::cors::{Any, CorsLayer};
-    ///
-    /// let layer = CorsLayer::new().allow_origin(Any);
-    /// ```
-    ///
-    /// You can also use a closure
-    ///
-    /// ```
-    /// use tower_http::cors::{CorsLayer, Origin};
-    /// use http::{HeaderValue, request::Parts};
-    ///
-    /// let layer = CorsLayer::new().allow_origin(
-    ///     Origin::predicate(|origin: &HeaderValue, _request_head: &Parts| {
-    ///         origin.as_bytes().ends_with(b".rust-lang.org")
-    ///     })
-    /// );
-    /// ```
-    ///
-    /// Note that multiple calls to this method will override any previous
-    /// calls.
-    ///
-    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
-    pub fn allow_origin<T>(mut self, origin: T) -> Self
-    where
-        T: Into<AnyOr<Origin>>,
-    {
-        self.allow_origin = Some(origin.into());
-        self
-    }
-
-    /// Set the value of the [`Access-Control-Expose-Headers`][mdn] header.
-    ///
-    /// ```
-    /// use tower_http::cors::CorsLayer;
-    /// use http::header::CONTENT_ENCODING;
-    ///
-    /// let layer = CorsLayer::new().expose_headers(vec![CONTENT_ENCODING]);
-    /// ```
-    ///
-    /// All headers can be allowed with
-    ///
-    /// ```
-    /// use tower_http::cors::{Any, CorsLayer};
-    ///
-    /// let layer = CorsLayer::new().expose_headers(Any);
-    /// ```
-    ///
-    /// Note that multiple calls to this method will override any previous
-    /// calls.
-    ///
-    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
-    pub fn expose_headers<I>(mut self, headers: I) -> Self
-    where
-        I: Into<AnyOr<Vec<HeaderName>>>,
-    {
-        self.expose_headers = match headers.into().0 {
-            AnyOrInner::Any => Some(WILDCARD),
-            AnyOrInner::Value(headers) => separated_by_commas(headers.into_iter().map(Into::into)),
-        };
-        self
-    }
-}
-
-/// Represents a wildcard value (`*`) used with some CORS headers such as
-/// [`CorsLayer::allow_methods`].
-#[derive(Debug, Clone, Copy)]
-pub struct Any;
-
-/// Represents a wildcard value (`*`) used with some CORS headers such as
-/// [`CorsLayer::allow_methods`].
-#[deprecated = "Use Any as a unit struct literal instead"]
-pub fn any() -> Any {
-    Any
-}
-
-/// Used to make methods like [`CorsLayer::allow_methods`] more convenient to call.
-///
-/// You shouldn't have to use this type directly.
-#[derive(Debug, Clone, Copy)]
-pub struct AnyOr<T>(AnyOrInner<T>);
-
-#[derive(Debug, Clone, Copy)]
-enum AnyOrInner<T> {
-    Any,
-    Value(T),
-}
-
-impl From<Origin> for AnyOr<Origin> {
-    fn from(origin: Origin) -> Self {
-        AnyOr(AnyOrInner::Value(origin))
-    }
-}
-
-impl<T> From<Any> for AnyOr<T> {
-    fn from(_: Any) -> Self {
-        AnyOr(AnyOrInner::Any)
-    }
-}
-
-impl<I> From<I> for AnyOr<Vec<Method>>
-where
-    I: IntoIterator<Item = Method>,
-{
-    fn from(methods: I) -> Self {
-        AnyOr(AnyOrInner::Value(methods.into_iter().collect()))
-    }
-}
-
-impl<I> From<I> for AnyOr<Vec<HeaderName>>
-where
-    I: IntoIterator<Item = HeaderName>,
-{
-    fn from(headers: I) -> Self {
-        AnyOr(AnyOrInner::Value(headers.into_iter().collect()))
-    }
-}
-
-fn separated_by_commas<I>(mut iter: I) -> Option<HeaderValue>
-where
-    I: Iterator<Item = HeaderValue>,
-{
-    match iter.next() {
-        Some(fst) => {
-            let mut result = BytesMut::from(fst.as_bytes());
-            for val in iter {
-                result.reserve(val.len() + 1);
-                result.put_u8(b',');
-                result.extend_from_slice(val.as_bytes());
-            }
-
-            Some(HeaderValue::from_maybe_shared(result.freeze()).unwrap())
-        }
-        None => None,
-    }
-}
-
-impl Default for CorsLayer {
-    fn default() -> Self {
-        Self::new()
-    }
-}
-
-impl<S> Layer<S> for CorsLayer {
-    type Service = Cors<S>;
-
-    fn layer(&self, inner: S) -> Self::Service {
-        Cors {
-            inner,
-            layer: self.clone(),
-        }
-    }
-}
-
-/// Middleware which adds headers for [CORS][mdn].
-///
-/// See the [module docs](crate::cors) for an example.
-///
-/// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
-#[derive(Debug, Clone)]
-pub struct Cors<S> {
-    inner: S,
-    layer: CorsLayer,
-}
-
-impl<S> Cors<S> {
-    /// Create a new `Cors`.
-    ///
-    /// This creates a restrictive configuration. Use the builder methods to
-    /// customize the behavior.
-    pub fn new(inner: S) -> Self {
-        Self {
-            inner,
-            layer: CorsLayer::new(),
-        }
-    }
-
-    /// A very permissive configuration suitable for development.
-    ///
-    /// See [`CorsLayer::permissive`] for more details.
-    pub fn permissive(inner: S) -> Self {
-        Self {
-            inner,
-            layer: CorsLayer::permissive(),
-        }
-    }
-
-    define_inner_service_accessors!();
-
-    /// Returns a new [`Layer`] that wraps services with a [`Cors`] middleware.
-    ///
-    /// [`Layer`]: tower_layer::Layer
-    pub fn layer() -> CorsLayer {
-        CorsLayer::new()
-    }
-
-    /// Set the [`Access-Control-Allow-Credentials`][mdn] header.
-    ///
-    /// See [`CorsLayer::allow_credentials`] for more details.
-    ///
-    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
-    pub fn allow_credentials(self, allow_credentials: bool) -> Self {
-        self.map_layer(|layer| layer.allow_credentials(allow_credentials))
-    }
-
-    /// Set the value of the [`Access-Control-Allow-Headers`][mdn] header.
-    ///
-    /// See [`CorsLayer::allow_headers`] for more details.
-    ///
-    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
-    pub fn allow_headers<I>(self, headers: I) -> Self
-    where
-        I: Into<AnyOr<Vec<HeaderName>>>,
-    {
-        self.map_layer(|layer| layer.allow_headers(headers))
-    }
-
-    /// Set the value of the [`Access-Control-Max-Age`][mdn] header.
-    ///
-    /// See [`CorsLayer::max_age`] for more details.
-    ///
-    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
-    pub fn max_age(self, max_age: Duration) -> Self {
-        self.map_layer(|layer| layer.max_age(max_age))
-    }
-
-    /// Set the value of the [`Access-Control-Allow-Methods`][mdn] header.
-    ///
-    /// See [`CorsLayer::allow_methods`] for more details.
-    ///
-    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
-    pub fn allow_methods<T>(self, methods: T) -> Self
-    where
-        T: Into<AnyOr<Vec<Method>>>,
-    {
-        self.map_layer(|layer| layer.allow_methods(methods))
-    }
-
-    /// Set the value of the [`Access-Control-Allow-Origin`][mdn] header.
-    ///
-    /// See [`CorsLayer::allow_origin`] for more details.
-    ///
-    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
-    pub fn allow_origin<T>(self, origin: T) -> Self
-    where
-        T: Into<AnyOr<Origin>>,
-    {
-        self.map_layer(|layer| layer.allow_origin(origin))
-    }
-
-    /// Set the value of the [`Access-Control-Expose-Headers`][mdn] header.
-    ///
-    /// See [`CorsLayer::expose_headers`] for more details.
-    ///
-    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
-    pub fn expose_headers<I>(self, headers: I) -> Self
-    where
-        I: Into<AnyOr<Vec<HeaderName>>>,
-    {
-        self.map_layer(|layer| layer.expose_headers(headers))
-    }
-
-    fn map_layer<F>(mut self, f: F) -> Self
-    where
-        F: FnOnce(CorsLayer) -> CorsLayer,
-    {
-        self.layer = f(self.layer);
-        self
-    }
-
-    fn is_valid_origin(&self, origin: &HeaderValue, parts: &Parts) -> bool {
-        if let Some(allow_origin) = &self.layer.allow_origin {
-            match &allow_origin.0 {
-                AnyOrInner::Any => true,
-                AnyOrInner::Value(allow_origin) => match &allow_origin.0 {
-                    OriginInner::Exact(s) => s == origin,
-                    OriginInner::List(list) => list.contains(origin),
-                    OriginInner::Closure(f) => f(origin, parts),
-                },
-            }
-        } else {
-            false
-        }
-    }
-
-    fn is_valid_request_method(&self, method: &HeaderValue) -> bool {
-        if let Some(allow_methods) = &self.layer.allow_methods {
-            #[allow(clippy::borrow_interior_mutable_const)]
-            if allow_methods == WILDCARD {
-                return true;
-            }
-
-            allow_methods
-                .as_bytes()
-                .split(|&byte| byte == b',')
-                .any(|bytes| bytes == method.as_bytes())
-        } else {
-            false
-        }
-    }
-
-    fn build_preflight_response<B>(&self, origin: HeaderValue) -> Response<B>
-    where
-        B: Default,
-    {
-        let mut response = Response::new(B::default());
-
-        response
-            .headers_mut()
-            .insert(header::ACCESS_CONTROL_ALLOW_ORIGIN, origin);
-
-        if let Some(allow_methods) = &self.layer.allow_methods {
-            response
-                .headers_mut()
-                .insert(header::ACCESS_CONTROL_ALLOW_METHODS, allow_methods.clone());
-        }
-
-        if let Some(allow_headers) = &self.layer.allow_headers {
-            response
-                .headers_mut()
-                .insert(header::ACCESS_CONTROL_ALLOW_HEADERS, allow_headers.clone());
-        }
-
-        if let Some(max_age) = self.layer.max_age.clone() {
-            response
-                .headers_mut()
-                .insert(header::ACCESS_CONTROL_MAX_AGE, max_age);
-        }
-
-        if let Some(allow_credentials) = self.layer.allow_credentials.clone() {
-            response
-                .headers_mut()
-                .insert(header::ACCESS_CONTROL_ALLOW_CREDENTIALS, allow_credentials);
-        }
-
-        if let Some(expose_headers) = self.layer.expose_headers.clone() {
-            response
-                .headers_mut()
-                .insert(header::ACCESS_CONTROL_EXPOSE_HEADERS, expose_headers);
-        }
-
-        response
-    }
-}
-
-/// Represents a [`Access-Control-Allow-Origin`][mdn] header.
-///
-/// See [`CorsLayer::allow_origin`] for more details.
-///
-/// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
-#[derive(Clone)]
-pub struct Origin(OriginInner);
-
-impl Origin {
-    /// Set a single allow origin target
-    ///
-    /// See [`CorsLayer::allow_origin`] for more details.
-    pub fn exact(origin: HeaderValue) -> Self {
-        Self(OriginInner::Exact(origin))
-    }
-
-    /// Set multiple allow origin targets
-    ///
-    /// See [`CorsLayer::allow_origin`] for more details.
-    pub fn list<I>(origins: I) -> Self
-    where
-        I: IntoIterator<Item = HeaderValue>,
-    {
-        let origins = origins.into_iter().collect::<Vec<_>>().into();
-        Self(OriginInner::List(origins))
-    }
-
-    /// Set the allowed origins from a predicate
-    ///
-    /// See [`CorsLayer::allow_origin`] for more details.
-    pub fn predicate<F>(f: F) -> Self
-    where
-        F: Fn(&HeaderValue, &Parts) -> bool + Send + Sync + 'static,
-    {
-        Self(OriginInner::Closure(Arc::new(f)))
-    }
-}
-
-impl fmt::Debug for Origin {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        match &self.0 {
-            OriginInner::Exact(inner) => f.debug_tuple("Exact").field(inner).finish(),
-            OriginInner::List(inner) => f.debug_tuple("List").field(inner).finish(),
-            OriginInner::Closure(_) => f.debug_tuple("Closure").finish(),
-        }
-    }
-}
-
-#[derive(Clone)]
-enum OriginInner {
-    Exact(HeaderValue),
-    List(Arc<[HeaderValue]>),
-    Closure(Arc<dyn for<'a> Fn(&'a HeaderValue, &'a Parts) -> bool + Send + Sync + 'static>),
-}
-
-impl<S, ReqBody, ResBody> Service<Request<ReqBody>> for Cors<S>
-where
-    S: Service<Request<ReqBody>, Response = Response<ResBody>>,
-    ResBody: Default,
-{
-    type Response = S::Response;
-    type Error = S::Error;
-    type Future = ResponseFuture<S::Future, ResBody>;
-
-    fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
-        self.inner.poll_ready(cx)
-    }
-
-    fn call(&mut self, req: Request<ReqBody>) -> Self::Future {
-        let origin = req.headers().get(&header::ORIGIN).cloned();
-
-        let origin = if let Some(origin) = origin {
-            origin
-        } else {
-            // This is not a CORS request if there is no Origin header
-            return ResponseFuture {
-                inner: Kind::NonCorsCall {
-                    future: self.inner.call(req),
-                },
-            };
-        };
-
-        let (parts, body) = req.into_parts();
-
-        let origin = if self.is_valid_origin(&origin, &parts) {
-            origin
-        } else {
-            return ResponseFuture {
-                inner: Kind::Error {
-                    response: Some(
-                        Response::builder()
-                            .status(StatusCode::UNAUTHORIZED)
-                            .body(ResBody::default())
-                            .unwrap(),
-                    ),
-                },
-            };
-        };
-
-        let req = Request::from_parts(parts, body);
-
-        // Return results immediately upon preflight request
-        if req.method() == Method::OPTIONS {
-            // the method the real request will be made with
-            match req.headers().get(header::ACCESS_CONTROL_REQUEST_METHOD) {
-                Some(request_method) if self.is_valid_request_method(request_method) => {}
-                _ => {
-                    return ResponseFuture {
-                        inner: Kind::Error {
-                            response: Some(
-                                Response::builder()
-                                    .status(StatusCode::OK)
-                                    .body(ResBody::default())
-                                    .unwrap(),
-                            ),
-                        },
-                    };
-                }
-            }
-
-            return ResponseFuture {
-                inner: Kind::PreflightCall {
-                    response: Some(self.build_preflight_response(origin)),
-                },
-            };
-        }
-
-        ResponseFuture {
-            inner: Kind::CorsCall {
-                future: self.inner.call(req),
-                allow_origin: self.layer.allow_origin.clone(),
-                origin,
-                allow_credentials: self.layer.allow_credentials.clone(),
-                expose_headers: self.layer.expose_headers.clone(),
-            },
-        }
-    }
-}
-
-pin_project! {
-    /// Response future for [`Cors`].
-    pub struct ResponseFuture<F, B> {
-        #[pin]
-        inner: Kind<F, B>,
-    }
-}
-
-pin_project! {
-    #[project = KindProj]
-    enum Kind<F, B> {
-        NonCorsCall {
-            #[pin]
-            future: F,
-        },
-        CorsCall {
-            #[pin]
-            future: F,
-            allow_origin: Option<AnyOr<Origin>>,
-            origin: HeaderValue,
-            allow_credentials: Option<HeaderValue>,
-            expose_headers: Option<HeaderValue>,
-        },
-        PreflightCall {
-            response: Option<Response<B>>,
-        },
-        Error {
-            response: Option<Response<B>>,
-        },
-    }
-}
-
-impl<F, B, E> Future for ResponseFuture<F, B>
-where
-    F: Future<Output = Result<Response<B>, E>>,
-{
-    type Output = Result<Response<B>, E>;
-
-    fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
-        match self.project().inner.project() {
-            KindProj::CorsCall {
-                future,
-                allow_origin,
-                origin,
-                allow_credentials,
-                expose_headers,
-            } => {
-                let mut response: Response<B> = ready!(future.poll(cx))?;
-                let headers = response.headers_mut();
-
-                headers.insert(
-                    header::ACCESS_CONTROL_ALLOW_ORIGIN,
-                    response_origin(allow_origin.take().unwrap(), origin),
-                );
-
-                if let Some(allow_credentials) = allow_credentials {
-                    headers.insert(
-                        header::ACCESS_CONTROL_ALLOW_CREDENTIALS,
-                        allow_credentials.clone(),
-                    );
-                }
-
-                if let Some(expose_headers) = expose_headers {
-                    headers.insert(
-                        header::ACCESS_CONTROL_EXPOSE_HEADERS,
-                        expose_headers.clone(),
-                    );
-                }
-
-                apply_vary_headers(headers);
-
-                Poll::Ready(Ok(response))
-            }
-            KindProj::NonCorsCall { future } => future.poll(cx),
-            KindProj::PreflightCall { response } => {
-                let mut response = response.take().unwrap();
-
-                apply_vary_headers(response.headers_mut());
-
-                Poll::Ready(Ok(response))
-            }
-            KindProj::Error { response } => Poll::Ready(Ok(response.take().unwrap())),
-        }
-    }
-}
-
-fn apply_vary_headers(headers: &mut http::HeaderMap) {
-    const VARY_HEADERS: [HeaderName; 3] = [
-        header::ORIGIN,
-        header::ACCESS_CONTROL_REQUEST_METHOD,
-        header::ACCESS_CONTROL_REQUEST_HEADERS,
-    ];
-
-    for h in &VARY_HEADERS {
-        headers.append(header::VARY, HeaderValue::from_static(h.as_str()));
-    }
-}
-
-fn response_origin(allow_origin: AnyOr<Origin>, origin: &HeaderValue) -> HeaderValue {
-    if let AnyOrInner::Any = allow_origin.0 {
-        WILDCARD
-    } else {
-        origin.clone()
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    #[allow(unused_imports)]
-    use super::*;
-
-    #[test]
-    fn test_is_valid_request_method() {
-        let cors = Cors::new(()).allow_methods(vec![Method::GET, Method::POST]);
-        assert!(cors.is_valid_request_method(&HeaderValue::from_static("GET")));
-        assert!(cors.is_valid_request_method(&HeaderValue::from_static("POST")));
-
-        let cors = Cors::new(());
-        assert!(!cors.is_valid_request_method(&HeaderValue::from_static("GET")));
-        assert!(!cors.is_valid_request_method(&HeaderValue::from_static("POST")));
-        assert!(!cors.is_valid_request_method(&HeaderValue::from_static("OPTIONS")));
-
-        let cors = Cors::new(()).allow_methods(Any);
-        assert!(cors.is_valid_request_method(&HeaderValue::from_static("GET")));
-        assert!(cors.is_valid_request_method(&HeaderValue::from_static("POST")));
-        assert!(cors.is_valid_request_method(&HeaderValue::from_static("OPTIONS")));
-
-        let cors = Cors::new(()).allow_methods(Any);
-        assert!(cors.is_valid_request_method(&HeaderValue::from_static("GET")));
-        assert!(cors.is_valid_request_method(&HeaderValue::from_static("POST")));
-        assert!(cors.is_valid_request_method(&HeaderValue::from_static("OPTIONS")));
-    }
-}
diff --git a/vendor/tower-http/src/cors/allow_credentials.rs b/vendor/tower-http/src/cors/allow_credentials.rs
new file mode 100644
index 0000000000000..3843def86184a
--- /dev/null
+++ b/vendor/tower-http/src/cors/allow_credentials.rs
@@ -0,0 +1,94 @@
+use std::{fmt, sync::Arc};
+
+use http::{
+    header::{self, HeaderName, HeaderValue},
+    request::Parts as RequestParts,
+};
+
+/// Holds configuration for how to set the [`Access-Control-Allow-Credentials`][mdn] header.
+///
+/// See [`CorsLayer::allow_credentials`] for more details.
+///
+/// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
+/// [`CorsLayer::allow_credentials`]: super::CorsLayer::allow_credentials
+#[derive(Clone, Default)]
+#[must_use]
+pub struct AllowCredentials(AllowCredentialsInner);
+
+impl AllowCredentials {
+    /// Allow credentials for all requests
+    ///
+    /// See [`CorsLayer::allow_credentials`] for more details.
+    ///
+    /// [`CorsLayer::allow_credentials`]: super::CorsLayer::allow_credentials
+    pub fn yes() -> Self {
+        Self(AllowCredentialsInner::Yes)
+    }
+
+    /// Allow credentials for some requests, based on a given predicate
+    ///
+    /// See [`CorsLayer::allow_credentials`] for more details.
+    ///
+    /// [`CorsLayer::allow_credentials`]: super::CorsLayer::allow_credentials
+    pub fn predicate<F>(f: F) -> Self
+    where
+        F: Fn(&HeaderValue, &RequestParts) -> bool + Send + Sync + 'static,
+    {
+        Self(AllowCredentialsInner::Predicate(Arc::new(f)))
+    }
+
+    pub(super) fn is_true(&self) -> bool {
+        matches!(&self.0, AllowCredentialsInner::Yes)
+    }
+
+    pub(super) fn to_header(
+        &self,
+        origin: Option<&HeaderValue>,
+        parts: &RequestParts,
+    ) -> Option<(HeaderName, HeaderValue)> {
+        #[allow(clippy::declare_interior_mutable_const)]
+        const TRUE: HeaderValue = HeaderValue::from_static("true");
+
+        let allow_creds = match &self.0 {
+            AllowCredentialsInner::Yes => true,
+            AllowCredentialsInner::No => false,
+            AllowCredentialsInner::Predicate(c) => c(origin?, parts),
+        };
+
+        allow_creds.then(|| (header::ACCESS_CONTROL_ALLOW_CREDENTIALS, TRUE))
+    }
+}
+
+impl From<bool> for AllowCredentials {
+    fn from(v: bool) -> Self {
+        match v {
+            true => Self(AllowCredentialsInner::Yes),
+            false => Self(AllowCredentialsInner::No),
+        }
+    }
+}
+
+impl fmt::Debug for AllowCredentials {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self.0 {
+            AllowCredentialsInner::Yes => f.debug_tuple("Yes").finish(),
+            AllowCredentialsInner::No => f.debug_tuple("No").finish(),
+            AllowCredentialsInner::Predicate(_) => f.debug_tuple("Predicate").finish(),
+        }
+    }
+}
+
+#[derive(Clone)]
+enum AllowCredentialsInner {
+    Yes,
+    No,
+    Predicate(
+        Arc<dyn for<'a> Fn(&'a HeaderValue, &'a RequestParts) -> bool + Send + Sync + 'static>,
+    ),
+}
+
+impl Default for AllowCredentialsInner {
+    fn default() -> Self {
+        Self::No
+    }
+}
diff --git a/vendor/tower-http/src/cors/allow_headers.rs b/vendor/tower-http/src/cors/allow_headers.rs
new file mode 100644
index 0000000000000..06c199280c809
--- /dev/null
+++ b/vendor/tower-http/src/cors/allow_headers.rs
@@ -0,0 +1,112 @@
+use std::{array, fmt};
+
+use http::{
+    header::{self, HeaderName, HeaderValue},
+    request::Parts as RequestParts,
+};
+
+use super::{separated_by_commas, Any, WILDCARD};
+
+/// Holds configuration for how to set the [`Access-Control-Allow-Headers`][mdn] header.
+///
+/// See [`CorsLayer::allow_headers`] for more details.
+///
+/// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
+/// [`CorsLayer::allow_headers`]: super::CorsLayer::allow_headers
+#[derive(Clone, Default)]
+#[must_use]
+pub struct AllowHeaders(AllowHeadersInner);
+
+impl AllowHeaders {
+    /// Allow any headers by sending a wildcard (`*`)
+    ///
+    /// See [`CorsLayer::allow_headers`] for more details.
+    ///
+    /// [`CorsLayer::allow_headers`]: super::CorsLayer::allow_headers
+    pub fn any() -> Self {
+        Self(AllowHeadersInner::Const(Some(WILDCARD)))
+    }
+
+    /// Set multiple allowed headers
+    ///
+    /// See [`CorsLayer::allow_headers`] for more details.
+    ///
+    /// [`CorsLayer::allow_headers`]: super::CorsLayer::allow_headers
+    pub fn list<I>(headers: I) -> Self
+    where
+        I: IntoIterator<Item = HeaderName>,
+    {
+        Self(AllowHeadersInner::Const(separated_by_commas(
+            headers.into_iter().map(Into::into),
+        )))
+    }
+
+    /// Allow any headers, by mirroring the preflight [`Access-Control-Request-Headers`][mdn]
+    /// header.
+    ///
+    /// See [`CorsLayer::allow_headers`] for more details.
+    ///
+    /// [`CorsLayer::allow_headers`]: super::CorsLayer::allow_headers
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers
+    pub fn mirror_request() -> Self {
+        Self(AllowHeadersInner::MirrorRequest)
+    }
+
+    #[allow(clippy::borrow_interior_mutable_const)]
+    pub(super) fn is_wildcard(&self) -> bool {
+        matches!(&self.0, AllowHeadersInner::Const(Some(v)) if v == WILDCARD)
+    }
+
+    pub(super) fn to_header(&self, parts: &RequestParts) -> Option<(HeaderName, HeaderValue)> {
+        let allow_headers = match &self.0 {
+            AllowHeadersInner::Const(v) => v.clone()?,
+            AllowHeadersInner::MirrorRequest => parts
+                .headers
+                .get(header::ACCESS_CONTROL_REQUEST_HEADERS)?
+                .clone(),
+        };
+
+        Some((header::ACCESS_CONTROL_ALLOW_HEADERS, allow_headers))
+    }
+}
+
+impl fmt::Debug for AllowHeaders {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match &self.0 {
+            AllowHeadersInner::Const(inner) => f.debug_tuple("Const").field(inner).finish(),
+            AllowHeadersInner::MirrorRequest => f.debug_tuple("MirrorRequest").finish(),
+        }
+    }
+}
+
+impl From<Any> for AllowHeaders {
+    fn from(_: Any) -> Self {
+        Self::any()
+    }
+}
+
+impl<const N: usize> From<[HeaderName; N]> for AllowHeaders {
+    fn from(arr: [HeaderName; N]) -> Self {
+        #[allow(deprecated)] // Can be changed when MSRV >= 1.53
+        Self::list(array::IntoIter::new(arr))
+    }
+}
+
+impl From<Vec<HeaderName>> for AllowHeaders {
+    fn from(vec: Vec<HeaderName>) -> Self {
+        Self::list(vec)
+    }
+}
+
+#[derive(Clone)]
+enum AllowHeadersInner {
+    Const(Option<HeaderValue>),
+    MirrorRequest,
+}
+
+impl Default for AllowHeadersInner {
+    fn default() -> Self {
+        Self::Const(None)
+    }
+}
diff --git a/vendor/tower-http/src/cors/allow_methods.rs b/vendor/tower-http/src/cors/allow_methods.rs
new file mode 100644
index 0000000000000..df1a3cbde6e2c
--- /dev/null
+++ b/vendor/tower-http/src/cors/allow_methods.rs
@@ -0,0 +1,132 @@
+use std::{array, fmt};
+
+use http::{
+    header::{self, HeaderName, HeaderValue},
+    request::Parts as RequestParts,
+    Method,
+};
+
+use super::{separated_by_commas, Any, WILDCARD};
+
+/// Holds configuration for how to set the [`Access-Control-Allow-Methods`][mdn] header.
+///
+/// See [`CorsLayer::allow_methods`] for more details.
+///
+/// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
+/// [`CorsLayer::allow_methods`]: super::CorsLayer::allow_methods
+#[derive(Clone, Default)]
+#[must_use]
+pub struct AllowMethods(AllowMethodsInner);
+
+impl AllowMethods {
+    /// Allow any method by sending a wildcard (`*`)
+    ///
+    /// See [`CorsLayer::allow_methods`] for more details.
+    ///
+    /// [`CorsLayer::allow_methods`]: super::CorsLayer::allow_methods
+    pub fn any() -> Self {
+        Self(AllowMethodsInner::Const(Some(WILDCARD)))
+    }
+
+    /// Set a single allowed method
+    ///
+    /// See [`CorsLayer::allow_methods`] for more details.
+    ///
+    /// [`CorsLayer::allow_methods`]: super::CorsLayer::allow_methods
+    pub fn exact(method: Method) -> Self {
+        Self(AllowMethodsInner::Const(Some(
+            HeaderValue::from_str(method.as_str()).unwrap(),
+        )))
+    }
+
+    /// Set multiple allowed methods
+    ///
+    /// See [`CorsLayer::allow_methods`] for more details.
+    ///
+    /// [`CorsLayer::allow_methods`]: super::CorsLayer::allow_methods
+    pub fn list<I>(methods: I) -> Self
+    where
+        I: IntoIterator<Item = Method>,
+    {
+        Self(AllowMethodsInner::Const(separated_by_commas(
+            methods
+                .into_iter()
+                .map(|m| HeaderValue::from_str(m.as_str()).unwrap()),
+        )))
+    }
+
+    /// Allow any method, by mirroring the preflight [`Access-Control-Request-Method`][mdn]
+    /// header.
+    ///
+    /// See [`CorsLayer::allow_methods`] for more details.
+    ///
+    /// [`CorsLayer::allow_methods`]: super::CorsLayer::allow_methods
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method
+    pub fn mirror_request() -> Self {
+        Self(AllowMethodsInner::MirrorRequest)
+    }
+
+    #[allow(clippy::borrow_interior_mutable_const)]
+    pub(super) fn is_wildcard(&self) -> bool {
+        matches!(&self.0, AllowMethodsInner::Const(Some(v)) if v == WILDCARD)
+    }
+
+    pub(super) fn to_header(&self, parts: &RequestParts) -> Option<(HeaderName, HeaderValue)> {
+        let allow_methods = match &self.0 {
+            AllowMethodsInner::Const(v) => v.clone()?,
+            AllowMethodsInner::MirrorRequest => parts
+                .headers
+                .get(header::ACCESS_CONTROL_REQUEST_METHOD)?
+                .clone(),
+        };
+
+        Some((header::ACCESS_CONTROL_ALLOW_METHODS, allow_methods))
+    }
+}
+
+impl fmt::Debug for AllowMethods {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match &self.0 {
+            AllowMethodsInner::Const(inner) => f.debug_tuple("Const").field(inner).finish(),
+            AllowMethodsInner::MirrorRequest => f.debug_tuple("MirrorRequest").finish(),
+        }
+    }
+}
+
+impl From<Any> for AllowMethods {
+    fn from(_: Any) -> Self {
+        Self::any()
+    }
+}
+
+impl From<Method> for AllowMethods {
+    fn from(method: Method) -> Self {
+        Self::exact(method)
+    }
+}
+
+impl<const N: usize> From<[Method; N]> for AllowMethods {
+    fn from(arr: [Method; N]) -> Self {
+        #[allow(deprecated)] // Can be changed when MSRV >= 1.53
+        Self::list(array::IntoIter::new(arr))
+    }
+}
+
+impl From<Vec<Method>> for AllowMethods {
+    fn from(vec: Vec<Method>) -> Self {
+        Self::list(vec)
+    }
+}
+
+#[derive(Clone)]
+enum AllowMethodsInner {
+    Const(Option<HeaderValue>),
+    MirrorRequest,
+}
+
+impl Default for AllowMethodsInner {
+    fn default() -> Self {
+        Self::Const(None)
+    }
+}
diff --git a/vendor/tower-http/src/cors/allow_origin.rs b/vendor/tower-http/src/cors/allow_origin.rs
new file mode 100644
index 0000000000000..fc1c820363c63
--- /dev/null
+++ b/vendor/tower-http/src/cors/allow_origin.rs
@@ -0,0 +1,143 @@
+use std::{array, fmt, sync::Arc};
+
+use http::{
+    header::{self, HeaderName, HeaderValue},
+    request::Parts as RequestParts,
+};
+
+use super::{Any, WILDCARD};
+
+/// Holds configuration for how to set the [`Access-Control-Allow-Origin`][mdn] header.
+///
+/// See [`CorsLayer::allow_origin`] for more details.
+///
+/// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
+/// [`CorsLayer::allow_origin`]: super::CorsLayer::allow_origin
+#[derive(Clone, Default)]
+#[must_use]
+pub struct AllowOrigin(OriginInner);
+
+impl AllowOrigin {
+    /// Allow any origin by sending a wildcard (`*`)
+    ///
+    /// See [`CorsLayer::allow_origin`] for more details.
+    ///
+    /// [`CorsLayer::allow_origin`]: super::CorsLayer::allow_origin
+    pub fn any() -> Self {
+        Self(OriginInner::Const(WILDCARD))
+    }
+
+    /// Set a single allowed origin
+    ///
+    /// See [`CorsLayer::allow_origin`] for more details.
+    ///
+    /// [`CorsLayer::allow_origin`]: super::CorsLayer::allow_origin
+    pub fn exact(origin: HeaderValue) -> Self {
+        Self(OriginInner::Const(origin))
+    }
+
+    /// Set multiple allowed origins
+    ///
+    /// See [`CorsLayer::allow_origin`] for more details.
+    ///
+    /// [`CorsLayer::allow_origin`]: super::CorsLayer::allow_origin
+    pub fn list<I>(origins: I) -> Self
+    where
+        I: IntoIterator<Item = HeaderValue>,
+    {
+        Self(OriginInner::List(origins.into_iter().collect()))
+    }
+
+    /// Set the allowed origins from a predicate
+    ///
+    /// See [`CorsLayer::allow_origin`] for more details.
+    ///
+    /// [`CorsLayer::allow_origin`]: super::CorsLayer::allow_origin
+    pub fn predicate<F>(f: F) -> Self
+    where
+        F: Fn(&HeaderValue, &RequestParts) -> bool + Send + Sync + 'static,
+    {
+        Self(OriginInner::Predicate(Arc::new(f)))
+    }
+
+    /// Allow any origin, by mirroring the request origin
+    ///
+    /// This is equivalent to
+    /// [`AllowOrigin::predicate(|_, _| true)`][Self::predicate].
+    ///
+    /// See [`CorsLayer::allow_origin`] for more details.
+    ///
+    /// [`CorsLayer::allow_origin`]: super::CorsLayer::allow_origin
+    pub fn mirror_request() -> Self {
+        Self::predicate(|_, _| true)
+    }
+
+    #[allow(clippy::borrow_interior_mutable_const)]
+    pub(super) fn is_wildcard(&self) -> bool {
+        matches!(&self.0, OriginInner::Const(v) if v == WILDCARD)
+    }
+
+    pub(super) fn to_header(
+        &self,
+        origin: Option<&HeaderValue>,
+        parts: &RequestParts,
+    ) -> Option<(HeaderName, HeaderValue)> {
+        let allow_origin = match &self.0 {
+            OriginInner::Const(v) => v.clone(),
+            OriginInner::List(l) => origin.filter(|o| l.contains(o))?.clone(),
+            OriginInner::Predicate(c) => origin.filter(|origin| c(origin, parts))?.clone(),
+        };
+
+        Some((header::ACCESS_CONTROL_ALLOW_ORIGIN, allow_origin))
+    }
+}
+
+impl fmt::Debug for AllowOrigin {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match &self.0 {
+            OriginInner::Const(inner) => f.debug_tuple("Const").field(inner).finish(),
+            OriginInner::List(inner) => f.debug_tuple("List").field(inner).finish(),
+            OriginInner::Predicate(_) => f.debug_tuple("Predicate").finish(),
+        }
+    }
+}
+
+impl From<Any> for AllowOrigin {
+    fn from(_: Any) -> Self {
+        Self::any()
+    }
+}
+
+impl From<HeaderValue> for AllowOrigin {
+    fn from(val: HeaderValue) -> Self {
+        Self::exact(val)
+    }
+}
+
+impl<const N: usize> From<[HeaderValue; N]> for AllowOrigin {
+    fn from(arr: [HeaderValue; N]) -> Self {
+        #[allow(deprecated)] // Can be changed when MSRV >= 1.53
+        Self::list(array::IntoIter::new(arr))
+    }
+}
+
+impl From<Vec<HeaderValue>> for AllowOrigin {
+    fn from(vec: Vec<HeaderValue>) -> Self {
+        Self::list(vec)
+    }
+}
+
+#[derive(Clone)]
+enum OriginInner {
+    Const(HeaderValue),
+    List(Vec<HeaderValue>),
+    Predicate(
+        Arc<dyn for<'a> Fn(&'a HeaderValue, &'a RequestParts) -> bool + Send + Sync + 'static>,
+    ),
+}
+
+impl Default for OriginInner {
+    fn default() -> Self {
+        Self::List(Vec::new())
+    }
+}
diff --git a/vendor/tower-http/src/cors/expose_headers.rs b/vendor/tower-http/src/cors/expose_headers.rs
new file mode 100644
index 0000000000000..2b1a2267128a6
--- /dev/null
+++ b/vendor/tower-http/src/cors/expose_headers.rs
@@ -0,0 +1,94 @@
+use std::{array, fmt};
+
+use http::{
+    header::{self, HeaderName, HeaderValue},
+    request::Parts as RequestParts,
+};
+
+use super::{separated_by_commas, Any, WILDCARD};
+
+/// Holds configuration for how to set the [`Access-Control-Expose-Headers`][mdn] header.
+///
+/// See [`CorsLayer::expose_headers`] for more details.
+///
+/// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
+/// [`CorsLayer::expose_headers`]: super::CorsLayer::expose_headers
+#[derive(Clone, Default)]
+#[must_use]
+pub struct ExposeHeaders(ExposeHeadersInner);
+
+impl ExposeHeaders {
+    /// Expose any / all headers by sending a wildcard (`*`)
+    ///
+    /// See [`CorsLayer::expose_headers`] for more details.
+    ///
+    /// [`CorsLayer::expose_headers`]: super::CorsLayer::expose_headers
+    pub fn any() -> Self {
+        Self(ExposeHeadersInner::Const(Some(WILDCARD)))
+    }
+
+    /// Set multiple exposed header names
+    ///
+    /// See [`CorsLayer::expose_headers`] for more details.
+    ///
+    /// [`CorsLayer::expose_headers`]: super::CorsLayer::expose_headers
+    pub fn list<I>(headers: I) -> Self
+    where
+        I: IntoIterator<Item = HeaderName>,
+    {
+        Self(ExposeHeadersInner::Const(separated_by_commas(
+            headers.into_iter().map(Into::into),
+        )))
+    }
+
+    #[allow(clippy::borrow_interior_mutable_const)]
+    pub(super) fn is_wildcard(&self) -> bool {
+        matches!(&self.0, ExposeHeadersInner::Const(Some(v)) if v == WILDCARD)
+    }
+
+    pub(super) fn to_header(&self, _parts: &RequestParts) -> Option<(HeaderName, HeaderValue)> {
+        let expose_headers = match &self.0 {
+            ExposeHeadersInner::Const(v) => v.clone()?,
+        };
+
+        Some((header::ACCESS_CONTROL_EXPOSE_HEADERS, expose_headers))
+    }
+}
+
+impl fmt::Debug for ExposeHeaders {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match &self.0 {
+            ExposeHeadersInner::Const(inner) => f.debug_tuple("Const").field(inner).finish(),
+        }
+    }
+}
+
+impl From<Any> for ExposeHeaders {
+    fn from(_: Any) -> Self {
+        Self::any()
+    }
+}
+
+impl<const N: usize> From<[HeaderName; N]> for ExposeHeaders {
+    fn from(arr: [HeaderName; N]) -> Self {
+        #[allow(deprecated)] // Can be changed when MSRV >= 1.53
+        Self::list(array::IntoIter::new(arr))
+    }
+}
+
+impl From<Vec<HeaderName>> for ExposeHeaders {
+    fn from(vec: Vec<HeaderName>) -> Self {
+        Self::list(vec)
+    }
+}
+
+#[derive(Clone)]
+enum ExposeHeadersInner {
+    Const(Option<HeaderValue>),
+}
+
+impl Default for ExposeHeadersInner {
+    fn default() -> Self {
+        ExposeHeadersInner::Const(None)
+    }
+}
diff --git a/vendor/tower-http/src/cors/max_age.rs b/vendor/tower-http/src/cors/max_age.rs
new file mode 100644
index 0000000000000..981899263333c
--- /dev/null
+++ b/vendor/tower-http/src/cors/max_age.rs
@@ -0,0 +1,74 @@
+use std::{fmt, sync::Arc, time::Duration};
+
+use http::{
+    header::{self, HeaderName, HeaderValue},
+    request::Parts as RequestParts,
+};
+
+/// Holds configuration for how to set the [`Access-Control-Max-Age`][mdn] header.
+///
+/// See [`CorsLayer::max_age`][super::CorsLayer::max_age] for more details.
+///
+/// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
+#[derive(Clone, Default)]
+#[must_use]
+pub struct MaxAge(MaxAgeInner);
+
+impl MaxAge {
+    /// Set a static max-age value
+    ///
+    /// See [`CorsLayer::max_age`][super::CorsLayer::max_age] for more details.
+    pub fn exact(max_age: Duration) -> Self {
+        Self(MaxAgeInner::Exact(Some(max_age.as_secs().into())))
+    }
+
+    /// Set the max-age based on the preflight request parts
+    ///
+    /// See [`CorsLayer::max_age`][super::CorsLayer::max_age] for more details.
+    pub fn dynamic<F>(f: F) -> Self
+    where
+        F: Fn(&HeaderValue, &RequestParts) -> Duration + Send + Sync + 'static,
+    {
+        Self(MaxAgeInner::Fn(Arc::new(f)))
+    }
+
+    pub(super) fn to_header(
+        &self,
+        origin: Option<&HeaderValue>,
+        parts: &RequestParts,
+    ) -> Option<(HeaderName, HeaderValue)> {
+        let max_age = match &self.0 {
+            MaxAgeInner::Exact(v) => v.clone()?,
+            MaxAgeInner::Fn(c) => c(origin?, parts).as_secs().into(),
+        };
+
+        Some((header::ACCESS_CONTROL_MAX_AGE, max_age))
+    }
+}
+
+impl fmt::Debug for MaxAge {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match &self.0 {
+            MaxAgeInner::Exact(inner) => f.debug_tuple("Exact").field(inner).finish(),
+            MaxAgeInner::Fn(_) => f.debug_tuple("Fn").finish(),
+        }
+    }
+}
+
+impl From<Duration> for MaxAge {
+    fn from(max_age: Duration) -> Self {
+        Self::exact(max_age)
+    }
+}
+
+#[derive(Clone)]
+enum MaxAgeInner {
+    Exact(Option<HeaderValue>),
+    Fn(Arc<dyn for<'a> Fn(&'a HeaderValue, &'a RequestParts) -> Duration + Send + Sync + 'static>),
+}
+
+impl Default for MaxAgeInner {
+    fn default() -> Self {
+        Self::Exact(None)
+    }
+}
diff --git a/vendor/tower-http/src/cors/mod.rs b/vendor/tower-http/src/cors/mod.rs
new file mode 100644
index 0000000000000..32f18461a1cac
--- /dev/null
+++ b/vendor/tower-http/src/cors/mod.rs
@@ -0,0 +1,715 @@
+//! Middleware which adds headers for [CORS][mdn].
+//!
+//! # Example
+//!
+//! ```
+//! use http::{Request, Response, Method, header};
+//! use hyper::Body;
+//! use tower::{ServiceBuilder, ServiceExt, Service};
+//! use tower_http::cors::{Any, CorsLayer};
+//! use std::convert::Infallible;
+//!
+//! async fn handle(request: Request<Body>) -> Result<Response<Body>, Infallible> {
+//!     Ok(Response::new(Body::empty()))
+//! }
+//!
+//! # #[tokio::main]
+//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
+//! let cors = CorsLayer::new()
+//!     // allow `GET` and `POST` when accessing the resource
+//!     .allow_methods([Method::GET, Method::POST])
+//!     // allow requests from any origin
+//!     .allow_origin(Any);
+//!
+//! let mut service = ServiceBuilder::new()
+//!     .layer(cors)
+//!     .service_fn(handle);
+//!
+//! let request = Request::builder()
+//!     .header(header::ORIGIN, "https://example.com")
+//!     .body(Body::empty())
+//!     .unwrap();
+//!
+//! let response = service
+//!     .ready()
+//!     .await?
+//!     .call(request)
+//!     .await?;
+//!
+//! assert_eq!(
+//!     response.headers().get(header::ACCESS_CONTROL_ALLOW_ORIGIN).unwrap(),
+//!     "*",
+//! );
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
+
+#![allow(clippy::enum_variant_names)]
+
+use bytes::{BufMut, BytesMut};
+use futures_core::ready;
+use http::{
+    header::{self, HeaderName},
+    HeaderMap, HeaderValue, Method, Request, Response,
+};
+use pin_project_lite::pin_project;
+use std::{
+    array,
+    future::Future,
+    mem,
+    pin::Pin,
+    task::{Context, Poll},
+};
+use tower_layer::Layer;
+use tower_service::Service;
+
+mod allow_credentials;
+mod allow_headers;
+mod allow_methods;
+mod allow_origin;
+mod expose_headers;
+mod max_age;
+mod vary;
+
+pub use self::{
+    allow_credentials::AllowCredentials, allow_headers::AllowHeaders, allow_methods::AllowMethods,
+    allow_origin::AllowOrigin, expose_headers::ExposeHeaders, max_age::MaxAge, vary::Vary,
+};
+
+/// Layer that applies the [`Cors`] middleware which adds headers for [CORS][mdn].
+///
+/// See the [module docs](crate::cors) for an example.
+///
+/// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
+#[derive(Debug, Clone)]
+#[must_use]
+pub struct CorsLayer {
+    allow_credentials: AllowCredentials,
+    allow_headers: AllowHeaders,
+    allow_methods: AllowMethods,
+    allow_origin: AllowOrigin,
+    expose_headers: ExposeHeaders,
+    max_age: MaxAge,
+    vary: Vary,
+}
+
+#[allow(clippy::declare_interior_mutable_const)]
+const WILDCARD: HeaderValue = HeaderValue::from_static("*");
+
+impl CorsLayer {
+    /// Create a new `CorsLayer`.
+    ///
+    /// No headers are sent by default. Use the builder methods to customize
+    /// the behavior.
+    ///
+    /// You need to set at least an allowed origin for browsers to make
+    /// successful cross-origin requests to your service.
+    pub fn new() -> Self {
+        Self {
+            allow_credentials: Default::default(),
+            allow_headers: Default::default(),
+            allow_methods: Default::default(),
+            allow_origin: Default::default(),
+            expose_headers: Default::default(),
+            max_age: Default::default(),
+            vary: Default::default(),
+        }
+    }
+
+    /// A permissive configuration:
+    ///
+    /// - All request headers allowed.
+    /// - All methods allowed.
+    /// - All origins allowed.
+    /// - All headers exposed.
+    pub fn permissive() -> Self {
+        Self::new()
+            .allow_headers(Any)
+            .allow_methods(Any)
+            .allow_origin(Any)
+            .expose_headers(Any)
+    }
+
+    /// A very permissive configuration:
+    ///
+    /// - **Credentials allowed.**
+    /// - The method received in `Access-Control-Request-Method` is sent back
+    ///   as an allowed method.
+    /// - The origin of the preflight request is sent back as an allowed origin.
+    /// - The header names received in `Access-Control-Request-Headers` are sent
+    ///   back as allowed headers.
+    /// - No headers are currently exposed, but this may change in the future.
+    pub fn very_permissive() -> Self {
+        Self::new()
+            .allow_headers(AllowHeaders::mirror_request())
+            .allow_methods(AllowMethods::mirror_request())
+            .allow_origin(AllowOrigin::mirror_request())
+    }
+
+    /// Set the [`Access-Control-Allow-Credentials`][mdn] header.
+    ///
+    /// ```
+    /// use tower_http::cors::CorsLayer;
+    ///
+    /// let layer = CorsLayer::new().allow_credentials(true);
+    /// ```
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
+    pub fn allow_credentials<T>(mut self, allow_credentials: T) -> Self
+    where
+        T: Into<AllowCredentials>,
+    {
+        self.allow_credentials = allow_credentials.into();
+        self
+    }
+
+    /// Set the value of the [`Access-Control-Allow-Headers`][mdn] header.
+    ///
+    /// ```
+    /// use tower_http::cors::CorsLayer;
+    /// use http::header::{AUTHORIZATION, ACCEPT};
+    ///
+    /// let layer = CorsLayer::new().allow_headers([AUTHORIZATION, ACCEPT]);
+    /// ```
+    ///
+    /// All headers can be allowed with
+    ///
+    /// ```
+    /// use tower_http::cors::{Any, CorsLayer};
+    ///
+    /// let layer = CorsLayer::new().allow_headers(Any);
+    /// ```
+    ///
+    /// Note that multiple calls to this method will override any previous
+    /// calls.
+    ///
+    /// Also note that `Access-Control-Allow-Headers` is required for requests that have
+    /// `Access-Control-Request-Headers`.
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
+    pub fn allow_headers<T>(mut self, headers: T) -> Self
+    where
+        T: Into<AllowHeaders>,
+    {
+        self.allow_headers = headers.into();
+        self
+    }
+
+    /// Set the value of the [`Access-Control-Max-Age`][mdn] header.
+    ///
+    /// ```
+    /// use std::time::Duration;
+    /// use tower_http::cors::CorsLayer;
+    ///
+    /// let layer = CorsLayer::new().max_age(Duration::from_secs(60) * 10);
+    /// ```
+    ///
+    /// By default the header will not be set which disables caching and will
+    /// require a preflight call for all requests.
+    ///
+    /// Note that each browser has a maximum internal value that takes
+    /// precedence when the Access-Control-Max-Age is greater. For more details
+    /// see [mdn].
+    ///
+    /// If you need more flexibility, you can use supply a function which can
+    /// dynamically decide the max-age based on the origin and other parts of
+    /// each preflight request:
+    ///
+    /// ```
+    /// # struct MyServerConfig { cors_max_age: Duration }
+    /// use std::time::Duration;
+    ///
+    /// use http::{request::Parts as RequestParts, HeaderValue};
+    /// use tower_http::cors::{CorsLayer, MaxAge};
+    ///
+    /// let layer = CorsLayer::new().max_age(MaxAge::dynamic(
+    ///     |_origin: &HeaderValue, parts: &RequestParts| -> Duration {
+    ///         // Let's say you want to be able to reload your config at
+    ///         // runtime and have another middleware that always inserts
+    ///         // the current config into the request extensions
+    ///         let config = parts.extensions.get::<MyServerConfig>().unwrap();
+    ///         config.cors_max_age
+    ///     },
+    /// ));
+    /// ```
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
+    pub fn max_age<T>(mut self, max_age: T) -> Self
+    where
+        T: Into<MaxAge>,
+    {
+        self.max_age = max_age.into();
+        self
+    }
+
+    /// Set the value of the [`Access-Control-Allow-Methods`][mdn] header.
+    ///
+    /// ```
+    /// use tower_http::cors::CorsLayer;
+    /// use http::Method;
+    ///
+    /// let layer = CorsLayer::new().allow_methods([Method::GET, Method::POST]);
+    /// ```
+    ///
+    /// All methods can be allowed with
+    ///
+    /// ```
+    /// use tower_http::cors::{Any, CorsLayer};
+    ///
+    /// let layer = CorsLayer::new().allow_methods(Any);
+    /// ```
+    ///
+    /// Note that multiple calls to this method will override any previous
+    /// calls.
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
+    pub fn allow_methods<T>(mut self, methods: T) -> Self
+    where
+        T: Into<AllowMethods>,
+    {
+        self.allow_methods = methods.into();
+        self
+    }
+
+    /// Set the value of the [`Access-Control-Allow-Origin`][mdn] header.
+    ///
+    /// ```
+    /// use http::HeaderValue;
+    /// use tower_http::cors::CorsLayer;
+    ///
+    /// let layer = CorsLayer::new().allow_origin(
+    ///     "http://example.com".parse::<HeaderValue>().unwrap(),
+    /// );
+    /// ```
+    ///
+    /// Multiple origins can be allowed with
+    ///
+    /// ```
+    /// use tower_http::cors::CorsLayer;
+    ///
+    /// let origins = [
+    ///     "http://example.com".parse().unwrap(),
+    ///     "http://api.example.com".parse().unwrap(),
+    /// ];
+    ///
+    /// let layer = CorsLayer::new().allow_origin(origins);
+    /// ```
+    ///
+    /// All origins can be allowed with
+    ///
+    /// ```
+    /// use tower_http::cors::{Any, CorsLayer};
+    ///
+    /// let layer = CorsLayer::new().allow_origin(Any);
+    /// ```
+    ///
+    /// You can also use a closure
+    ///
+    /// ```
+    /// use tower_http::cors::{CorsLayer, AllowOrigin};
+    /// use http::{request::Parts as RequestParts, HeaderValue};
+    ///
+    /// let layer = CorsLayer::new().allow_origin(AllowOrigin::predicate(
+    ///     |origin: &HeaderValue, _request_parts: &RequestParts| {
+    ///         origin.as_bytes().ends_with(b".rust-lang.org")
+    ///     },
+    /// ));
+    /// ```
+    ///
+    /// Note that multiple calls to this method will override any previous
+    /// calls.
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
+    pub fn allow_origin<T>(mut self, origin: T) -> Self
+    where
+        T: Into<AllowOrigin>,
+    {
+        self.allow_origin = origin.into();
+        self
+    }
+
+    /// Set the value of the [`Access-Control-Expose-Headers`][mdn] header.
+    ///
+    /// ```
+    /// use tower_http::cors::CorsLayer;
+    /// use http::header::CONTENT_ENCODING;
+    ///
+    /// let layer = CorsLayer::new().expose_headers([CONTENT_ENCODING]);
+    /// ```
+    ///
+    /// All headers can be allowed with
+    ///
+    /// ```
+    /// use tower_http::cors::{Any, CorsLayer};
+    ///
+    /// let layer = CorsLayer::new().expose_headers(Any);
+    /// ```
+    ///
+    /// Note that multiple calls to this method will override any previous
+    /// calls.
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
+    pub fn expose_headers<T>(mut self, headers: T) -> Self
+    where
+        T: Into<ExposeHeaders>,
+    {
+        self.expose_headers = headers.into();
+        self
+    }
+
+    /// Set the value(s) of the [`Vary`][mdn] header.
+    ///
+    /// In contrast to the other headers, this one has a non-empty default of
+    /// [`preflight_request_headers()`].
+    ///
+    /// You only need to set this is you want to remove some of these defaults,
+    /// or if you use a closure for one of the other headers and want to add a
+    /// vary header accordingly.
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Vary
+    pub fn vary<T>(mut self, headers: T) -> Self
+    where
+        T: Into<Vary>,
+    {
+        self.vary = headers.into();
+        self
+    }
+}
+
+/// Represents a wildcard value (`*`) used with some CORS headers such as
+/// [`CorsLayer::allow_methods`].
+#[derive(Debug, Clone, Copy)]
+#[must_use]
+pub struct Any;
+
+/// Represents a wildcard value (`*`) used with some CORS headers such as
+/// [`CorsLayer::allow_methods`].
+#[deprecated = "Use Any as a unit struct literal instead"]
+pub fn any() -> Any {
+    Any
+}
+
+fn separated_by_commas<I>(mut iter: I) -> Option<HeaderValue>
+where
+    I: Iterator<Item = HeaderValue>,
+{
+    match iter.next() {
+        Some(fst) => {
+            let mut result = BytesMut::from(fst.as_bytes());
+            for val in iter {
+                result.reserve(val.len() + 1);
+                result.put_u8(b',');
+                result.extend_from_slice(val.as_bytes());
+            }
+
+            Some(HeaderValue::from_maybe_shared(result.freeze()).unwrap())
+        }
+        None => None,
+    }
+}
+
+impl Default for CorsLayer {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl<S> Layer<S> for CorsLayer {
+    type Service = Cors<S>;
+
+    fn layer(&self, inner: S) -> Self::Service {
+        ensure_usable_cors_rules(self);
+
+        Cors {
+            inner,
+            layer: self.clone(),
+        }
+    }
+}
+
+/// Middleware which adds headers for [CORS][mdn].
+///
+/// See the [module docs](crate::cors) for an example.
+///
+/// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
+#[derive(Debug, Clone)]
+#[must_use]
+pub struct Cors<S> {
+    inner: S,
+    layer: CorsLayer,
+}
+
+impl<S> Cors<S> {
+    /// Create a new `Cors`.
+    ///
+    /// See [`CorsLayer::new`] for more details.
+    pub fn new(inner: S) -> Self {
+        Self {
+            inner,
+            layer: CorsLayer::new(),
+        }
+    }
+
+    /// A permissive configuration.
+    ///
+    /// See [`CorsLayer::permissive`] for more details.
+    pub fn permissive(inner: S) -> Self {
+        Self {
+            inner,
+            layer: CorsLayer::permissive(),
+        }
+    }
+
+    /// A very permissive configuration.
+    ///
+    /// See [`CorsLayer::very_permissive`] for more details.
+    pub fn very_permissive(inner: S) -> Self {
+        Self {
+            inner,
+            layer: CorsLayer::very_permissive(),
+        }
+    }
+
+    define_inner_service_accessors!();
+
+    /// Returns a new [`Layer`] that wraps services with a [`Cors`] middleware.
+    ///
+    /// [`Layer`]: tower_layer::Layer
+    pub fn layer() -> CorsLayer {
+        CorsLayer::new()
+    }
+
+    /// Set the [`Access-Control-Allow-Credentials`][mdn] header.
+    ///
+    /// See [`CorsLayer::allow_credentials`] for more details.
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
+    pub fn allow_credentials<T>(self, allow_credentials: T) -> Self
+    where
+        T: Into<AllowCredentials>,
+    {
+        self.map_layer(|layer| layer.allow_credentials(allow_credentials))
+    }
+
+    /// Set the value of the [`Access-Control-Allow-Headers`][mdn] header.
+    ///
+    /// See [`CorsLayer::allow_headers`] for more details.
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
+    pub fn allow_headers<T>(self, headers: T) -> Self
+    where
+        T: Into<AllowHeaders>,
+    {
+        self.map_layer(|layer| layer.allow_headers(headers))
+    }
+
+    /// Set the value of the [`Access-Control-Max-Age`][mdn] header.
+    ///
+    /// See [`CorsLayer::max_age`] for more details.
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
+    pub fn max_age<T>(self, max_age: T) -> Self
+    where
+        T: Into<MaxAge>,
+    {
+        self.map_layer(|layer| layer.max_age(max_age))
+    }
+
+    /// Set the value of the [`Access-Control-Allow-Methods`][mdn] header.
+    ///
+    /// See [`CorsLayer::allow_methods`] for more details.
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
+    pub fn allow_methods<T>(self, methods: T) -> Self
+    where
+        T: Into<AllowMethods>,
+    {
+        self.map_layer(|layer| layer.allow_methods(methods))
+    }
+
+    /// Set the value of the [`Access-Control-Allow-Origin`][mdn] header.
+    ///
+    /// See [`CorsLayer::allow_origin`] for more details.
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
+    pub fn allow_origin<T>(self, origin: T) -> Self
+    where
+        T: Into<AllowOrigin>,
+    {
+        self.map_layer(|layer| layer.allow_origin(origin))
+    }
+
+    /// Set the value of the [`Access-Control-Expose-Headers`][mdn] header.
+    ///
+    /// See [`CorsLayer::expose_headers`] for more details.
+    ///
+    /// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
+    pub fn expose_headers<T>(self, headers: T) -> Self
+    where
+        T: Into<ExposeHeaders>,
+    {
+        self.map_layer(|layer| layer.expose_headers(headers))
+    }
+
+    fn map_layer<F>(mut self, f: F) -> Self
+    where
+        F: FnOnce(CorsLayer) -> CorsLayer,
+    {
+        self.layer = f(self.layer);
+        self
+    }
+}
+
+impl<S, ReqBody, ResBody> Service<Request<ReqBody>> for Cors<S>
+where
+    S: Service<Request<ReqBody>, Response = Response<ResBody>>,
+    ResBody: Default,
+{
+    type Response = S::Response;
+    type Error = S::Error;
+    type Future = ResponseFuture<S::Future>;
+
+    fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
+        ensure_usable_cors_rules(&self.layer);
+        self.inner.poll_ready(cx)
+    }
+
+    fn call(&mut self, req: Request<ReqBody>) -> Self::Future {
+        let (parts, body) = req.into_parts();
+        let origin = parts.headers.get(&header::ORIGIN);
+
+        let mut headers = HeaderMap::new();
+
+        // These headers are applied to both preflight and subsequent regular CORS requests:
+        // https://fetch.spec.whatwg.org/#http-responses
+
+        headers.extend(self.layer.allow_origin.to_header(origin, &parts));
+        headers.extend(self.layer.allow_credentials.to_header(origin, &parts));
+
+        let mut vary_headers = self.layer.vary.values();
+        if let Some(first) = vary_headers.next() {
+            let mut header = match headers.entry(header::VARY) {
+                header::Entry::Occupied(_) => {
+                    unreachable!("no vary header inserted up to this point")
+                }
+                header::Entry::Vacant(v) => v.insert_entry(first),
+            };
+
+            for val in vary_headers {
+                header.append(val);
+            }
+        }
+
+        // Return results immediately upon preflight request
+        if parts.method == Method::OPTIONS {
+            // These headers are applied only to preflight requests
+            headers.extend(self.layer.allow_methods.to_header(&parts));
+            headers.extend(self.layer.allow_headers.to_header(&parts));
+            headers.extend(self.layer.max_age.to_header(origin, &parts));
+
+            ResponseFuture {
+                inner: Kind::PreflightCall { headers },
+            }
+        } else {
+            // This header is applied only to non-preflight requests
+            headers.extend(self.layer.expose_headers.to_header(&parts));
+
+            let req = Request::from_parts(parts, body);
+            ResponseFuture {
+                inner: Kind::CorsCall {
+                    future: self.inner.call(req),
+                    headers,
+                },
+            }
+        }
+    }
+}
+
+pin_project! {
+    /// Response future for [`Cors`].
+    pub struct ResponseFuture<F> {
+        #[pin]
+        inner: Kind<F>,
+    }
+}
+
+pin_project! {
+    #[project = KindProj]
+    enum Kind<F> {
+        CorsCall {
+            #[pin]
+            future: F,
+            headers: HeaderMap,
+        },
+        PreflightCall {
+            headers: HeaderMap,
+        },
+    }
+}
+
+impl<F, B, E> Future for ResponseFuture<F>
+where
+    F: Future<Output = Result<Response<B>, E>>,
+    B: Default,
+{
+    type Output = Result<Response<B>, E>;
+
+    fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
+        match self.project().inner.project() {
+            KindProj::CorsCall { future, headers } => {
+                let mut response: Response<B> = ready!(future.poll(cx))?;
+                response.headers_mut().extend(headers.drain());
+
+                Poll::Ready(Ok(response))
+            }
+            KindProj::PreflightCall { headers } => {
+                let mut response = Response::new(B::default());
+                mem::swap(response.headers_mut(), headers);
+
+                Poll::Ready(Ok(response))
+            }
+        }
+    }
+}
+
+fn ensure_usable_cors_rules(layer: &CorsLayer) {
+    if layer.allow_credentials.is_true() {
+        assert!(
+            !layer.allow_headers.is_wildcard(),
+            "Invalid CORS configuration: Cannot combine `Access-Control-Allow-Credentials: true` \
+             with `Access-Control-Allow-Headers: *`"
+        );
+
+        assert!(
+            !layer.allow_methods.is_wildcard(),
+            "Invalid CORS configuration: Cannot combine `Access-Control-Allow-Credentials: true` \
+             with `Access-Control-Allow-Methods: *`"
+        );
+
+        assert!(
+            !layer.allow_origin.is_wildcard(),
+            "Invalid CORS configuration: Cannot combine `Access-Control-Allow-Credentials: true` \
+             with `Access-Control-Allow-Origin: *`"
+        );
+
+        assert!(
+            !layer.expose_headers.is_wildcard(),
+            "Invalid CORS configuration: Cannot combine `Access-Control-Allow-Credentials: true` \
+             with `Access-Control-Expose-Headers: *`"
+        );
+    }
+}
+
+/// Returns an iterator over the three request headers that may be involved in a CORS preflight request.
+///
+/// This is the default set of header names returned in the `vary` header
+pub fn preflight_request_headers() -> impl Iterator<Item = HeaderName> {
+    #[allow(deprecated)] // Can be changed when MSRV >= 1.53
+    array::IntoIter::new([
+        header::ORIGIN,
+        header::ACCESS_CONTROL_REQUEST_METHOD,
+        header::ACCESS_CONTROL_REQUEST_HEADERS,
+    ])
+}
diff --git a/vendor/tower-http/src/cors/vary.rs b/vendor/tower-http/src/cors/vary.rs
new file mode 100644
index 0000000000000..b1dddc3676ee2
--- /dev/null
+++ b/vendor/tower-http/src/cors/vary.rs
@@ -0,0 +1,51 @@
+use std::array;
+
+use http::{header::HeaderName, HeaderValue};
+
+use super::preflight_request_headers;
+
+/// Holds configuration for how to set the [`Vary`][mdn] header.
+///
+/// See [`CorsLayer::vary`] for more details.
+///
+/// [mdn]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Vary
+/// [`CorsLayer::vary`]: super::CorsLayer::vary
+#[derive(Clone, Debug)]
+pub struct Vary(Vec<HeaderValue>);
+
+impl Vary {
+    /// Set the list of header names to return as vary header values
+    ///
+    /// See [`CorsLayer::vary`] for more details.
+    ///
+    /// [`CorsLayer::vary`]: super::CorsLayer::vary
+    pub fn list<I>(headers: I) -> Self
+    where
+        I: IntoIterator<Item = HeaderName>,
+    {
+        Self(headers.into_iter().map(Into::into).collect())
+    }
+
+    pub(super) fn values(&self) -> impl Iterator<Item = HeaderValue> + '_ {
+        self.0.iter().cloned()
+    }
+}
+
+impl Default for Vary {
+    fn default() -> Self {
+        Self::list(preflight_request_headers())
+    }
+}
+
+impl<const N: usize> From<[HeaderName; N]> for Vary {
+    fn from(arr: [HeaderName; N]) -> Self {
+        #[allow(deprecated)] // Can be changed when MSRV >= 1.53
+        Self::list(array::IntoIter::new(arr))
+    }
+}
+
+impl From<Vec<HeaderName>> for Vary {
+    fn from(vec: Vec<HeaderName>) -> Self {
+        Self::list(vec)
+    }
+}
diff --git a/vendor/tower-http/src/decompression/layer.rs b/vendor/tower-http/src/decompression/layer.rs
index 37b89af0c5431..2c1c8911d5b54 100644
--- a/vendor/tower-http/src/decompression/layer.rs
+++ b/vendor/tower-http/src/decompression/layer.rs
@@ -32,7 +32,6 @@ impl DecompressionLayer {
 
     /// Sets whether to request the gzip encoding.
     #[cfg(feature = "decompression-gzip")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "decompression-gzip")))]
     pub fn gzip(mut self, enable: bool) -> Self {
         self.accept.set_gzip(enable);
         self
@@ -40,7 +39,6 @@ impl DecompressionLayer {
 
     /// Sets whether to request the Deflate encoding.
     #[cfg(feature = "decompression-deflate")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "decompression-deflate")))]
     pub fn deflate(mut self, enable: bool) -> Self {
         self.accept.set_deflate(enable);
         self
@@ -48,7 +46,6 @@ impl DecompressionLayer {
 
     /// Sets whether to request the Brotli encoding.
     #[cfg(feature = "decompression-br")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "decompression-br")))]
     pub fn br(mut self, enable: bool) -> Self {
         self.accept.set_br(enable);
         self
diff --git a/vendor/tower-http/src/decompression/service.rs b/vendor/tower-http/src/decompression/service.rs
index 9ccd937c7d6ec..a61b5c7ebcb5e 100644
--- a/vendor/tower-http/src/decompression/service.rs
+++ b/vendor/tower-http/src/decompression/service.rs
@@ -40,7 +40,6 @@ impl<S> Decompression<S> {
 
     /// Sets whether to request the gzip encoding.
     #[cfg(feature = "decompression-gzip")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "decompression-gzip")))]
     pub fn gzip(mut self, enable: bool) -> Self {
         self.accept.set_gzip(enable);
         self
@@ -48,7 +47,6 @@ impl<S> Decompression<S> {
 
     /// Sets whether to request the Deflate encoding.
     #[cfg(feature = "decompression-deflate")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "decompression-deflate")))]
     pub fn deflate(mut self, enable: bool) -> Self {
         self.accept.set_deflate(enable);
         self
@@ -56,7 +54,6 @@ impl<S> Decompression<S> {
 
     /// Sets whether to request the Brotli encoding.
     #[cfg(feature = "decompression-br")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "decompression-br")))]
     pub fn br(mut self, enable: bool) -> Self {
         self.accept.set_br(enable);
         self
diff --git a/vendor/tower-http/src/lib.rs b/vendor/tower-http/src/lib.rs
index 987a3b3d941a0..6dd72b6625324 100644
--- a/vendor/tower-http/src/lib.rs
+++ b/vendor/tower-http/src/lib.rs
@@ -217,22 +217,19 @@
     clippy::type_complexity
 )]
 #![forbid(unsafe_code)]
-#![cfg_attr(docsrs, feature(doc_cfg))]
+#![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![cfg_attr(test, allow(clippy::float_cmp))]
 
 #[macro_use]
 pub(crate) mod macros;
 
 #[cfg(feature = "auth")]
-#[cfg_attr(docsrs, doc(cfg(feature = "auth")))]
 pub mod auth;
 
 #[cfg(feature = "set-header")]
-#[cfg_attr(docsrs, doc(cfg(feature = "set-header")))]
 pub mod set_header;
 
 #[cfg(feature = "propagate-header")]
-#[cfg_attr(docsrs, doc(cfg(feature = "propagate-header")))]
 pub mod propagate_header;
 
 #[cfg(any(
@@ -240,22 +237,12 @@ pub mod propagate_header;
     feature = "compression-deflate",
     feature = "compression-gzip"
 ))]
-#[cfg_attr(
-    docsrs,
-    doc(cfg(any(
-        feature = "compression-br",
-        feature = "compression-deflate",
-        feature = "compression-gzip"
-    )))
-)]
 pub mod compression;
 
 #[cfg(feature = "add-extension")]
-#[cfg_attr(docsrs, doc(cfg(feature = "add-extension")))]
 pub mod add_extension;
 
 #[cfg(feature = "sensitive-headers")]
-#[cfg_attr(docsrs, doc(cfg(feature = "sensitive-headers")))]
 pub mod sensitive_headers;
 
 #[cfg(any(
@@ -263,14 +250,6 @@ pub mod sensitive_headers;
     feature = "decompression-deflate",
     feature = "decompression-gzip"
 ))]
-#[cfg_attr(
-    docsrs,
-    doc(cfg(any(
-        feature = "decompression-br",
-        feature = "decompression-deflate",
-        feature = "decompression-gzip"
-    )))
-)]
 pub mod decompression;
 
 #[cfg(any(
@@ -295,37 +274,32 @@ mod content_encoding;
 mod compression_utils;
 
 #[cfg(feature = "map-response-body")]
-#[cfg_attr(docsrs, doc(cfg(feature = "map-response-body")))]
 pub mod map_response_body;
 
 #[cfg(feature = "map-request-body")]
-#[cfg_attr(docsrs, doc(cfg(feature = "map-request-body")))]
 pub mod map_request_body;
 
 #[cfg(feature = "trace")]
-#[cfg_attr(docsrs, doc(cfg(feature = "trace")))]
 pub mod trace;
 
 #[cfg(feature = "follow-redirect")]
-#[cfg_attr(docsrs, doc(cfg(feature = "follow-redirect")))]
 pub mod follow_redirect;
 
 #[cfg(feature = "metrics")]
-#[cfg_attr(docsrs, doc(cfg(feature = "metrics")))]
 pub mod metrics;
 
 #[cfg(feature = "cors")]
-#[cfg_attr(docsrs, doc(cfg(feature = "cors")))]
 pub mod cors;
 
 #[cfg(feature = "request-id")]
-#[cfg_attr(docsrs, doc(cfg(feature = "request-id")))]
 pub mod request_id;
 
 #[cfg(feature = "catch-panic")]
-#[cfg_attr(docsrs, doc(cfg(feature = "catch-panic")))]
 pub mod catch_panic;
 
+#[cfg(feature = "set-status")]
+pub mod set_status;
+
 pub mod classify;
 pub mod services;
 
@@ -333,7 +307,6 @@ pub mod services;
 mod builder;
 
 #[cfg(feature = "util")]
-#[cfg_attr(docsrs, doc(cfg(feature = "util")))]
 #[doc(inline)]
 pub use self::builder::ServiceBuilderExt;
 
diff --git a/vendor/tower-http/src/request_id.rs b/vendor/tower-http/src/request_id.rs
index e91266341c4d0..dac679fe1f656 100644
--- a/vendor/tower-http/src/request_id.rs
+++ b/vendor/tower-http/src/request_id.rs
@@ -157,52 +157,6 @@
 //! # }
 //! ```
 //!
-//! # Using `UUID`s
-//!
-//! Generating request ids from [`Uuid`]s can be done like so:
-//!
-//! ```
-//! use tower_http::ServiceBuilderExt;
-//! use http::{Request, Response, header::HeaderName};
-//! use tower::{Service, ServiceExt, ServiceBuilder};
-//! use tower_http::request_id::{
-//!     SetRequestIdLayer, PropagateRequestIdLayer, MakeRequestId, RequestId,
-//! };
-//! use uuid::Uuid;
-//! # use hyper::Body;
-//! # #[tokio::main]
-//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
-//! # let handler = tower::service_fn(|request: Request<Body>| async move {
-//! #     Ok::<_, std::convert::Infallible>(Response::new(request.into_body()))
-//! # });
-//!
-//! #[derive(Clone, Copy)]
-//! struct MakeRequestUuid;
-//!
-//! impl MakeRequestId for MakeRequestUuid {
-//!     fn make_request_id<B>(&mut self, request: &Request<B>) -> Option<RequestId> {
-//!         let request_id = Uuid::new_v4()
-//!             .to_string()
-//!             .parse()
-//!             .unwrap();
-//!         Some(RequestId::new(request_id))
-//!     }
-//! }
-//!
-//! let mut svc = ServiceBuilder::new()
-//!     .set_x_request_id(MakeRequestUuid)
-//!     .propagate_x_request_id()
-//!     .service(handler);
-//!
-//! let request = Request::new(Body::empty());
-//! let response = svc.ready().await?.call(request).await?;
-//!
-//! assert!(response.headers().get("x-request-id").is_some());
-//! #
-//! # Ok(())
-//! # }
-//! ```
-//!
 //! # Doesn't override existing headers
 //!
 //! [`SetRequestId`] and [`PropagateRequestId`] wont override request ids if its already present on
@@ -213,9 +167,6 @@
 //! [`Uuid`]: https://crates.io/crates/uuid
 //! [`Trace`]: crate::trace::Trace
 
-// NOTE: when uuid 1.0 is shipped we can include a `MakeRequestId` that uses that
-// See https://github.com/uuid-rs/uuid/issues/113
-
 use http::{
     header::{HeaderName, HeaderValue},
     Request, Response,
@@ -225,6 +176,7 @@ use std::task::{Context, Poll};
 use std::{future::Future, pin::Pin};
 use tower_layer::Layer;
 use tower_service::Service;
+use uuid::Uuid;
 
 pub(crate) const X_REQUEST_ID: &str = "x-request-id";
 
@@ -516,6 +468,17 @@ where
     }
 }
 
+/// A [`MakeRequestId`] that generates `UUID`s.
+#[derive(Clone, Copy)]
+pub struct MakeRequestUuid;
+
+impl MakeRequestId for MakeRequestUuid {
+    fn make_request_id<B>(&mut self, _request: &Request<B>) -> Option<RequestId> {
+        let request_id = Uuid::new_v4().to_string().parse().unwrap();
+        Some(RequestId::new(request_id))
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use crate::ServiceBuilderExt as _;
@@ -624,4 +587,18 @@ mod tests {
     async fn handler(_: Request<Body>) -> Result<Response<Body>, Infallible> {
         Ok(Response::new(Body::empty()))
     }
+
+    #[tokio::test]
+    async fn uuid() {
+        let svc = ServiceBuilder::new()
+            .set_x_request_id(MakeRequestUuid)
+            .propagate_x_request_id()
+            .service_fn(handler);
+
+        // header on response
+        let req = Request::builder().body(Body::empty()).unwrap();
+        let mut res = svc.clone().oneshot(req).await.unwrap();
+        let id = res.headers_mut().remove("x-request-id").unwrap();
+        id.to_str().unwrap().parse::<Uuid>().unwrap();
+    }
 }
diff --git a/vendor/tower-http/src/services/fs/mod.rs b/vendor/tower-http/src/services/fs/mod.rs
index f5aca03d9954e..ce6ef4630189b 100644
--- a/vendor/tower-http/src/services/fs/mod.rs
+++ b/vendor/tower-http/src/services/fs/mod.rs
@@ -2,138 +2,31 @@
 
 use bytes::Bytes;
 use futures_util::Stream;
-use http::{HeaderMap, Response, StatusCode};
-use http_body::{combinators::BoxBody, Body, Empty};
-use httpdate::HttpDate;
+use http::HeaderMap;
+use http_body::Body;
 use pin_project_lite::pin_project;
-use std::fs::Metadata;
-use std::{ffi::OsStr, path::PathBuf};
 use std::{
     io,
     pin::Pin,
     task::{Context, Poll},
-    time::SystemTime,
 };
-use tokio::fs::File;
 use tokio::io::{AsyncRead, AsyncReadExt, Take};
 use tokio_util::io::ReaderStream;
 
 mod serve_dir;
 mod serve_file;
 
-// default capacity 64KiB
-const DEFAULT_CAPACITY: usize = 65536;
-
-use crate::content_encoding::{Encoding, QValue, SupportedEncodings};
-
 pub use self::{
     serve_dir::{
+        future::ResponseFuture as ServeFileSystemResponseFuture,
+        DefaultServeDirFallback,
         // The response body and future are used for both ServeDir and ServeFile
         ResponseBody as ServeFileSystemResponseBody,
-        ResponseFuture as ServeFileSystemResponseFuture,
         ServeDir,
     },
     serve_file::ServeFile,
 };
 
-#[derive(Clone, Copy, Debug, Default)]
-struct PrecompressedVariants {
-    gzip: bool,
-    deflate: bool,
-    br: bool,
-}
-
-impl SupportedEncodings for PrecompressedVariants {
-    fn gzip(&self) -> bool {
-        self.gzip
-    }
-
-    fn deflate(&self) -> bool {
-        self.deflate
-    }
-
-    fn br(&self) -> bool {
-        self.br
-    }
-}
-
-// Returns the preferred_encoding encoding and modifies the path extension
-// to the corresponding file extension for the encoding.
-fn preferred_encoding(
-    path: &mut PathBuf,
-    negotiated_encoding: &[(Encoding, QValue)],
-) -> Option<Encoding> {
-    let preferred_encoding = Encoding::preferred_encoding(negotiated_encoding);
-    if let Some(file_extension) =
-        preferred_encoding.and_then(|encoding| encoding.to_file_extension())
-    {
-        let new_extension = path
-            .extension()
-            .map(|extension| {
-                let mut os_string = extension.to_os_string();
-                os_string.push(file_extension);
-                os_string
-            })
-            .unwrap_or_else(|| file_extension.to_os_string());
-        path.set_extension(new_extension);
-    }
-    preferred_encoding
-}
-
-// Attempts to open the file with any of the possible negotiated_encodings in the
-// preferred order. If none of the negotiated_encodings have a corresponding precompressed
-// file the uncompressed file is used as a fallback.
-async fn open_file_with_fallback(
-    mut path: PathBuf,
-    mut negotiated_encoding: Vec<(Encoding, QValue)>,
-) -> io::Result<(File, Option<Encoding>)> {
-    let (file, encoding) = loop {
-        // Get the preferred encoding among the negotiated ones.
-        let encoding = preferred_encoding(&mut path, &negotiated_encoding);
-        match (File::open(&path).await, encoding) {
-            (Ok(file), maybe_encoding) => break (file, maybe_encoding),
-            (Err(err), Some(encoding)) if err.kind() == io::ErrorKind::NotFound => {
-                // Remove the extension corresponding to a precompressed file (.gz, .br, .zz)
-                // to reset the path before the next iteration.
-                path.set_extension(OsStr::new(""));
-                // Remove the encoding from the negotiated_encodings since the file doesn't exist
-                negotiated_encoding
-                    .retain(|(negotiated_encoding, _)| *negotiated_encoding != encoding);
-                continue;
-            }
-            (Err(err), _) => return Err(err),
-        };
-    };
-    Ok((file, encoding))
-}
-
-// Attempts to get the file metadata with any of the possible negotiated_encodings in the
-// preferred order. If none of the negotiated_encodings have a corresponding precompressed
-// file the uncompressed file is used as a fallback.
-async fn file_metadata_with_fallback(
-    mut path: PathBuf,
-    mut negotiated_encoding: Vec<(Encoding, QValue)>,
-) -> io::Result<(Metadata, Option<Encoding>)> {
-    let (file, encoding) = loop {
-        // Get the preferred encoding among the negotiated ones.
-        let encoding = preferred_encoding(&mut path, &negotiated_encoding);
-        match (tokio::fs::metadata(&path).await, encoding) {
-            (Ok(file), maybe_encoding) => break (file, maybe_encoding),
-            (Err(err), Some(encoding)) if err.kind() == io::ErrorKind::NotFound => {
-                // Remove the extension corresponding to a precompressed file (.gz, .br, .zz)
-                // to reset the path before the next iteration.
-                path.set_extension(OsStr::new(""));
-                // Remove the encoding from the negotiated_encodings since the file doesn't exist
-                negotiated_encoding
-                    .retain(|(negotiated_encoding, _)| *negotiated_encoding != encoding);
-                continue;
-            }
-            (Err(err), _) => return Err(err),
-        };
-    };
-    Ok((file, encoding))
-}
-
 pin_project! {
     // NOTE: This could potentially be upstreamed to `http-body`.
     /// Adapter that turns an `impl AsyncRead` to an `impl Body`.
@@ -188,90 +81,3 @@ where
         Poll::Ready(Ok(None))
     }
 }
-
-fn response_from_io_error(
-    err: io::Error,
-) -> Result<Response<BoxBody<Bytes, io::Error>>, io::Error> {
-    match err.kind() {
-        io::ErrorKind::NotFound | io::ErrorKind::PermissionDenied => {
-            let res = Response::builder()
-                .status(StatusCode::NOT_FOUND)
-                .body(Empty::new().map_err(|err| match err {}).boxed())
-                .unwrap();
-
-            Ok(res)
-        }
-        _ => Err(err),
-    }
-}
-
-struct LastModified(HttpDate);
-
-impl From<SystemTime> for LastModified {
-    fn from(time: SystemTime) -> Self {
-        LastModified(time.into())
-    }
-}
-
-struct IfUnmodifiedSince(HttpDate);
-struct IfModifiedSince(HttpDate);
-
-impl IfModifiedSince {
-    /// Check if the supplied time means the resource has been modified.
-    fn is_modified(&self, last_modified: &LastModified) -> bool {
-        self.0 < last_modified.0
-    }
-
-    /// convert a header value into a IfModifiedSince, invalid values are silentely ignored
-    fn from_header_value(value: &http::header::HeaderValue) -> Option<IfModifiedSince> {
-        std::str::from_utf8(value.as_bytes())
-            .ok()
-            .and_then(|value| httpdate::parse_http_date(&value).ok())
-            .map(|time| IfModifiedSince(time.into()))
-    }
-}
-
-impl IfUnmodifiedSince {
-    /// Check if the supplied time passes the precondtion.
-    fn precondition_passes(&self, last_modified: &LastModified) -> bool {
-        self.0 >= last_modified.0
-    }
-
-    /// convert a header value into a IfModifiedSince, invalid values are silentely ignored
-    fn from_header_value(value: &http::header::HeaderValue) -> Option<IfUnmodifiedSince> {
-        std::str::from_utf8(value.as_bytes())
-            .ok()
-            .and_then(|value| httpdate::parse_http_date(&value).ok())
-            .map(|time| IfUnmodifiedSince(time.into()))
-    }
-}
-
-fn check_modified_headers(
-    modified: Option<&LastModified>,
-    if_unmodified_since: Option<IfUnmodifiedSince>,
-    if_modified_since: Option<IfModifiedSince>,
-) -> Option<StatusCode> {
-    if let Some(since) = if_unmodified_since {
-        let precondition = modified
-            .as_ref()
-            .map(|time| since.precondition_passes(time))
-            .unwrap_or(false);
-
-        if !precondition {
-            return Some(StatusCode::PRECONDITION_FAILED);
-        }
-    }
-
-    if let Some(since) = if_modified_since {
-        let unmodified = modified
-            .as_ref()
-            .map(|time| !since.is_modified(&time))
-            // no last_modified means its always modified
-            .unwrap_or(false);
-        if unmodified {
-            return Some(StatusCode::NOT_MODIFIED);
-        }
-    }
-
-    None
-}
diff --git a/vendor/tower-http/src/services/fs/serve_dir.rs b/vendor/tower-http/src/services/fs/serve_dir.rs
deleted file mode 100644
index cc5d2f3ee9b4c..0000000000000
--- a/vendor/tower-http/src/services/fs/serve_dir.rs
+++ /dev/null
@@ -1,1230 +0,0 @@
-use super::{
-    check_modified_headers, open_file_with_fallback, AsyncReadBody, IfModifiedSince,
-    IfUnmodifiedSince, LastModified, PrecompressedVariants,
-};
-use crate::services::fs::file_metadata_with_fallback;
-use crate::{
-    content_encoding::{encodings, Encoding},
-    services::fs::DEFAULT_CAPACITY,
-};
-use bytes::Bytes;
-use futures_util::ready;
-use http::response::Builder;
-use http::{header, HeaderValue, Method, Request, Response, StatusCode, Uri};
-use http_body::{combinators::BoxBody, Body, Empty, Full};
-use http_range_header::RangeUnsatisfiableError;
-use percent_encoding::percent_decode;
-use std::fs::Metadata;
-use std::io::SeekFrom;
-use std::ops::RangeInclusive;
-use std::path::Component;
-use std::{
-    future::Future,
-    io,
-    path::{Path, PathBuf},
-    pin::Pin,
-    task::{Context, Poll},
-};
-use tokio::fs::File;
-use tokio::io::AsyncSeekExt;
-use tower_service::Service;
-
-/// Service that serves files from a given directory and all its sub directories.
-///
-/// The `Content-Type` will be guessed from the file extension.
-///
-/// An empty response with status `404 Not Found` will be returned if:
-///
-/// - The file doesn't exist
-/// - Any segment of the path contains `..`
-/// - Any segment of the path contains a backslash
-/// - We don't have necessary permissions to read the file
-///
-/// # Example
-///
-/// ```
-/// use tower_http::services::ServeDir;
-///
-/// // This will serve files in the "assets" directory and
-/// // its subdirectories
-/// let service = ServeDir::new("assets");
-///
-/// # async {
-/// // Run our service using `hyper`
-/// let addr = std::net::SocketAddr::from(([127, 0, 0, 1], 3000));
-/// hyper::Server::bind(&addr)
-///     .serve(tower::make::Shared::new(service))
-///     .await
-///     .expect("server error");
-/// # };
-/// ```
-///
-/// # Handling files not found
-///
-/// By default `ServeDir` will return an empty `404 Not Found` response if there
-/// is no file at the requested path. That can be customized by using
-/// [`and_then`](tower::ServiceBuilder::and_then) to change the response:
-///
-/// ```
-/// use tower_http::services::fs::{ServeDir, ServeFileSystemResponseBody};
-/// use tower::ServiceBuilder;
-/// use http::{StatusCode, Response};
-/// use http_body::{Body as _, Full};
-/// use std::io;
-///
-/// let service = ServiceBuilder::new()
-///     .and_then(|response: Response<ServeFileSystemResponseBody>| async move {
-///         let response = if response.status() == StatusCode::NOT_FOUND {
-///             let body = Full::from("Not Found")
-///                 .map_err(|err| match err {})
-///                 .boxed();
-///             Response::builder()
-///                 .status(StatusCode::NOT_FOUND)
-///                 .body(body)
-///                 .unwrap()
-///         } else {
-///             response.map(|body| body.boxed())
-///         };
-///
-///         Ok::<_, io::Error>(response)
-///     })
-///     .service(ServeDir::new("assets"));
-/// # async {
-/// # let addr = std::net::SocketAddr::from(([127, 0, 0, 1], 3000));
-/// # hyper::Server::bind(&addr)
-/// #     .serve(tower::make::Shared::new(service))
-/// #     .await
-/// #     .expect("server error");
-/// # };
-/// ```
-#[derive(Clone, Debug)]
-pub struct ServeDir {
-    base: PathBuf,
-    buf_chunk_size: usize,
-    precompressed_variants: Option<PrecompressedVariants>,
-    // This is used to specialise implementation for
-    // single files
-    variant: ServeVariant,
-}
-
-// Allow the ServeDir service to be used in the ServeFile service
-// with almost no overhead
-#[derive(Clone, Debug)]
-enum ServeVariant {
-    Directory {
-        append_index_html_on_directories: bool,
-    },
-    SingleFile {
-        mime: HeaderValue,
-    },
-}
-
-impl ServeVariant {
-    fn full_path(&self, base_path: &Path, requested_path: &str) -> Option<PathBuf> {
-        match self {
-            ServeVariant::Directory {
-                append_index_html_on_directories: _,
-            } => {
-                let full_path = build_and_validate_path(base_path, requested_path)?;
-                Some(full_path)
-            }
-            ServeVariant::SingleFile { mime: _ } => Some(base_path.to_path_buf()),
-        }
-    }
-}
-
-fn build_and_validate_path(base_path: &Path, requested_path: &str) -> Option<PathBuf> {
-    let path = requested_path.trim_start_matches('/');
-
-    let path_decoded = percent_decode(path.as_ref()).decode_utf8().ok()?;
-    let path_decoded = Path::new(&*path_decoded);
-
-    let mut full_path = base_path.to_path_buf();
-    for component in path_decoded.components() {
-        match component {
-            Component::Normal(comp) => {
-                // protect against paths like `/foo/c:/bar/baz` (#204)
-                if Path::new(&comp)
-                    .components()
-                    .all(|c| matches!(c, Component::Normal(_)))
-                {
-                    full_path.push(comp)
-                } else {
-                    return None;
-                }
-            }
-            Component::CurDir => {}
-            Component::Prefix(_) | Component::RootDir | Component::ParentDir => return None,
-        }
-    }
-    Some(full_path)
-}
-
-impl ServeDir {
-    /// Create a new [`ServeDir`].
-    pub fn new<P: AsRef<Path>>(path: P) -> Self {
-        let mut base = PathBuf::from(".");
-        base.push(path.as_ref());
-
-        Self {
-            base,
-            buf_chunk_size: DEFAULT_CAPACITY,
-            precompressed_variants: None,
-            variant: ServeVariant::Directory {
-                append_index_html_on_directories: true,
-            },
-        }
-    }
-
-    pub(crate) fn new_single_file<P: AsRef<Path>>(path: P, mime: HeaderValue) -> Self {
-        Self {
-            base: path.as_ref().to_owned(),
-            buf_chunk_size: DEFAULT_CAPACITY,
-            precompressed_variants: None,
-            variant: ServeVariant::SingleFile { mime },
-        }
-    }
-
-    /// If the requested path is a directory append `index.html`.
-    ///
-    /// This is useful for static sites.
-    ///
-    /// Defaults to `true`.
-    pub fn append_index_html_on_directories(mut self, append: bool) -> Self {
-        match &mut self.variant {
-            ServeVariant::Directory {
-                append_index_html_on_directories,
-            } => {
-                *append_index_html_on_directories = append;
-                self
-            }
-            ServeVariant::SingleFile { mime: _ } => self,
-        }
-    }
-
-    /// Set a specific read buffer chunk size.
-    ///
-    /// The default capacity is 64kb.
-    pub fn with_buf_chunk_size(mut self, chunk_size: usize) -> Self {
-        self.buf_chunk_size = chunk_size;
-        self
-    }
-
-    /// Informs the service that it should also look for a precompressed gzip
-    /// version of _any_ file in the directory.
-    ///
-    /// Assuming the `dir` directory is being served and `dir/foo.txt` is requested,
-    /// a client with an `Accept-Encoding` header that allows the gzip encoding
-    /// will receive the file `dir/foo.txt.gz` instead of `dir/foo.txt`.
-    /// If the precompressed file is not available, or the client doesn't support it,
-    /// the uncompressed version will be served instead.
-    /// Both the precompressed version and the uncompressed version are expected
-    /// to be present in the directory. Different precompressed variants can be combined.
-    pub fn precompressed_gzip(mut self) -> Self {
-        self.precompressed_variants
-            .get_or_insert(Default::default())
-            .gzip = true;
-        self
-    }
-
-    /// Informs the service that it should also look for a precompressed brotli
-    /// version of _any_ file in the directory.
-    ///
-    /// Assuming the `dir` directory is being served and `dir/foo.txt` is requested,
-    /// a client with an `Accept-Encoding` header that allows the brotli encoding
-    /// will receive the file `dir/foo.txt.br` instead of `dir/foo.txt`.
-    /// If the precompressed file is not available, or the client doesn't support it,
-    /// the uncompressed version will be served instead.
-    /// Both the precompressed version and the uncompressed version are expected
-    /// to be present in the directory. Different precompressed variants can be combined.
-    pub fn precompressed_br(mut self) -> Self {
-        self.precompressed_variants
-            .get_or_insert(Default::default())
-            .br = true;
-        self
-    }
-
-    /// Informs the service that it should also look for a precompressed deflate
-    /// version of _any_ file in the directory.
-    ///
-    /// Assuming the `dir` directory is being served and `dir/foo.txt` is requested,
-    /// a client with an `Accept-Encoding` header that allows the deflate encoding
-    /// will receive the file `dir/foo.txt.zz` instead of `dir/foo.txt`.
-    /// If the precompressed file is not available, or the client doesn't support it,
-    /// the uncompressed version will be served instead.
-    /// Both the precompressed version and the uncompressed version are expected
-    /// to be present in the directory. Different precompressed variants can be combined.
-    pub fn precompressed_deflate(mut self) -> Self {
-        self.precompressed_variants
-            .get_or_insert(Default::default())
-            .deflate = true;
-        self
-    }
-}
-
-async fn maybe_redirect_or_append_path(
-    full_path: &mut PathBuf,
-    uri: Uri,
-    append_index_html_on_directories: bool,
-) -> Option<Output> {
-    if !uri.path().ends_with('/') {
-        if is_dir(full_path).await {
-            let location = HeaderValue::from_str(&append_slash_on_path(uri).to_string()).unwrap();
-            return Some(Output::Redirect(location));
-        } else {
-            return None;
-        }
-    } else if is_dir(full_path).await {
-        if append_index_html_on_directories {
-            full_path.push("index.html");
-            return None;
-        } else {
-            return Some(Output::StatusCode(StatusCode::NOT_FOUND));
-        }
-    }
-    None
-}
-
-impl<ReqBody> Service<Request<ReqBody>> for ServeDir {
-    type Response = Response<ResponseBody>;
-    type Error = io::Error;
-    type Future = ResponseFuture;
-
-    #[inline]
-    fn poll_ready(&mut self, _cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
-        Poll::Ready(Ok(()))
-    }
-
-    fn call(&mut self, req: Request<ReqBody>) -> Self::Future {
-        let mut full_path = match self.variant.full_path(&self.base, req.uri().path()) {
-            Some(full_path) => full_path,
-            None => {
-                return ResponseFuture {
-                    inner: Inner::Invalid,
-                }
-            }
-        };
-
-        let buf_chunk_size = self.buf_chunk_size;
-        let uri = req.uri().clone();
-        let range_header = req
-            .headers()
-            .get(header::RANGE)
-            .and_then(|value| value.to_str().ok().map(|s| s.to_owned()));
-
-        // The negotiated encodings based on the Accept-Encoding header and
-        // precompressed variants
-        let negotiated_encodings = encodings(
-            req.headers(),
-            self.precompressed_variants.unwrap_or_default(),
-        );
-
-        let if_unmodified_since = req
-            .headers()
-            .get(header::IF_UNMODIFIED_SINCE)
-            .and_then(IfUnmodifiedSince::from_header_value);
-        let if_modified_since = req
-            .headers()
-            .get(header::IF_MODIFIED_SINCE)
-            .and_then(IfModifiedSince::from_header_value);
-
-        let request_method = req.method().clone();
-        let variant = self.variant.clone();
-
-        let open_file_future = Box::pin(async move {
-            let mime = match variant {
-                ServeVariant::Directory {
-                    append_index_html_on_directories,
-                } => {
-                    // Might already at this point know a redirect or not found result should be
-                    // returned which corresponds to a Some(output). Otherwise the path might be
-                    // modified and proceed to the open file/metadata future.
-                    if let Some(output) = maybe_redirect_or_append_path(
-                        &mut full_path,
-                        uri,
-                        append_index_html_on_directories,
-                    )
-                    .await
-                    {
-                        return Ok(output);
-                    }
-                    let guess = mime_guess::from_path(&full_path);
-                    guess
-                        .first_raw()
-                        .map(|mime| HeaderValue::from_static(mime))
-                        .unwrap_or_else(|| {
-                            HeaderValue::from_str(mime::APPLICATION_OCTET_STREAM.as_ref()).unwrap()
-                        })
-                }
-                ServeVariant::SingleFile { mime } => mime,
-            };
-
-            match request_method {
-                Method::HEAD => {
-                    let (meta, maybe_encoding) =
-                        file_metadata_with_fallback(full_path, negotiated_encodings).await?;
-
-                    let last_modified = meta.modified().ok().map(LastModified::from);
-                    if let Some(status_code) = check_modified_headers(
-                        last_modified.as_ref(),
-                        if_unmodified_since,
-                        if_modified_since,
-                    ) {
-                        return Ok(Output::StatusCode(status_code));
-                    }
-
-                    let maybe_range = try_parse_range(range_header.as_ref(), meta.len());
-                    Ok(Output::File(FileRequest {
-                        extent: FileRequestExtent::Head(meta),
-                        chunk_size: buf_chunk_size,
-                        mime_header_value: mime,
-                        maybe_encoding,
-                        maybe_range,
-                        last_modified,
-                    }))
-                }
-                _ => {
-                    let (mut file, maybe_encoding) =
-                        open_file_with_fallback(full_path, negotiated_encodings).await?;
-                    let meta = file.metadata().await?;
-                    let last_modified = meta.modified().ok().map(LastModified::from);
-                    if let Some(status_code) = check_modified_headers(
-                        last_modified.as_ref(),
-                        if_unmodified_since,
-                        if_modified_since,
-                    ) {
-                        return Ok(Output::StatusCode(status_code));
-                    }
-
-                    let maybe_range = try_parse_range(range_header.as_ref(), meta.len());
-                    if let Some(Ok(ranges)) = maybe_range.as_ref() {
-                        // If there is any other amount of ranges than 1 we'll return an unsatisfiable later as there isn't yet support for multipart ranges
-                        if ranges.len() == 1 {
-                            file.seek(SeekFrom::Start(*ranges[0].start())).await?;
-                        }
-                    }
-                    Ok(Output::File(FileRequest {
-                        extent: FileRequestExtent::Full(file, meta),
-                        chunk_size: buf_chunk_size,
-                        mime_header_value: mime,
-                        maybe_encoding,
-                        maybe_range,
-                        last_modified,
-                    }))
-                }
-            }
-        });
-
-        ResponseFuture {
-            inner: Inner::Valid(open_file_future),
-        }
-    }
-}
-
-fn try_parse_range(
-    maybe_range_ref: Option<&String>,
-    file_size: u64,
-) -> Option<Result<Vec<RangeInclusive<u64>>, RangeUnsatisfiableError>> {
-    maybe_range_ref.map(|header_value| {
-        http_range_header::parse_range_header(header_value)
-            .and_then(|first_pass| first_pass.validate(file_size))
-    })
-}
-
-async fn is_dir(full_path: &Path) -> bool {
-    tokio::fs::metadata(full_path)
-        .await
-        .map(|m| m.is_dir())
-        .unwrap_or(false)
-}
-
-fn append_slash_on_path(uri: Uri) -> Uri {
-    let http::uri::Parts {
-        scheme,
-        authority,
-        path_and_query,
-        ..
-    } = uri.into_parts();
-
-    let mut builder = Uri::builder();
-    if let Some(scheme) = scheme {
-        builder = builder.scheme(scheme);
-    }
-    if let Some(authority) = authority {
-        builder = builder.authority(authority);
-    }
-    if let Some(path_and_query) = path_and_query {
-        if let Some(query) = path_and_query.query() {
-            builder = builder.path_and_query(format!("{}/?{}", path_and_query.path(), query));
-        } else {
-            builder = builder.path_and_query(format!("{}/", path_and_query.path()));
-        }
-    } else {
-        builder = builder.path_and_query("/");
-    }
-
-    builder.build().unwrap()
-}
-
-enum Output {
-    File(FileRequest),
-    Redirect(HeaderValue),
-    StatusCode(StatusCode),
-}
-
-struct FileRequest {
-    extent: FileRequestExtent,
-    chunk_size: usize,
-    mime_header_value: HeaderValue,
-    maybe_encoding: Option<Encoding>,
-    maybe_range: Option<Result<Vec<RangeInclusive<u64>>, RangeUnsatisfiableError>>,
-    last_modified: Option<LastModified>,
-}
-
-enum FileRequestExtent {
-    Full(File, Metadata),
-    Head(Metadata),
-}
-
-type BoxFuture<T> = Pin<Box<dyn Future<Output = T> + Send + Sync + 'static>>;
-
-enum Inner {
-    Valid(BoxFuture<io::Result<Output>>),
-    Invalid,
-}
-
-/// Response future of [`ServeDir`].
-pub struct ResponseFuture {
-    inner: Inner,
-}
-
-impl Future for ResponseFuture {
-    type Output = io::Result<Response<ResponseBody>>;
-
-    fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
-        match &mut self.inner {
-            Inner::Valid(open_file_future) => {
-                return match ready!(Pin::new(open_file_future).poll(cx)) {
-                    Ok(Output::File(file_request)) => {
-                        let (maybe_file, size) = match file_request.extent {
-                            FileRequestExtent::Full(file, meta) => (Some(file), meta.len()),
-                            FileRequestExtent::Head(meta) => (None, meta.len()),
-                        };
-                        let mut builder = Response::builder()
-                            .header(header::CONTENT_TYPE, file_request.mime_header_value)
-                            .header(header::ACCEPT_RANGES, "bytes")
-                            .header(header::CONTENT_LENGTH, size.to_string());
-                        if let Some(encoding) = file_request.maybe_encoding {
-                            builder = builder
-                                .header(header::CONTENT_ENCODING, encoding.into_header_value());
-                        }
-                        if let Some(last_modified) = file_request.last_modified {
-                            builder =
-                                builder.header(header::LAST_MODIFIED, last_modified.0.to_string());
-                        }
-
-                        let res = handle_file_request(
-                            builder,
-                            maybe_file,
-                            file_request.maybe_range,
-                            file_request.chunk_size,
-                            size,
-                        );
-                        Poll::Ready(Ok(res.unwrap()))
-                    }
-
-                    Ok(Output::Redirect(location)) => {
-                        let res = Response::builder()
-                            .header(http::header::LOCATION, location)
-                            .status(StatusCode::TEMPORARY_REDIRECT)
-                            .body(empty_body())
-                            .unwrap();
-                        Poll::Ready(Ok(res))
-                    }
-
-                    Ok(Output::StatusCode(code)) => {
-                        let res = Response::builder().status(code).body(empty_body()).unwrap();
-
-                        Poll::Ready(Ok(res))
-                    }
-
-                    Err(err) => Poll::Ready(
-                        super::response_from_io_error(err).map(|res| res.map(ResponseBody::new)),
-                    ),
-                };
-            }
-            Inner::Invalid => {
-                let res = Response::builder()
-                    .status(StatusCode::NOT_FOUND)
-                    .body(empty_body())
-                    .unwrap();
-
-                Poll::Ready(Ok(res))
-            }
-        }
-    }
-}
-
-fn handle_file_request(
-    builder: Builder,
-    maybe_file: Option<File>,
-    maybe_range: Option<Result<Vec<RangeInclusive<u64>>, RangeUnsatisfiableError>>,
-    chunk_size: usize,
-    size: u64,
-) -> Result<Response<ResponseBody>, http::Error> {
-    match maybe_range {
-        Some(Ok(ranges)) => {
-            if let Some(range) = ranges.first() {
-                if ranges.len() > 1 {
-                    builder
-                        .header(header::CONTENT_RANGE, format!("bytes */{}", size))
-                        .status(StatusCode::RANGE_NOT_SATISFIABLE)
-                        .body(body_from_bytes(Bytes::from(
-                            "Cannot serve multipart range requests",
-                        )))
-                } else {
-                    let range_size = range.end() - range.start() + 1;
-                    let body = if let Some(file) = maybe_file {
-                        let body =
-                            AsyncReadBody::with_capacity_limited(file, chunk_size, range_size)
-                                .boxed();
-                        ResponseBody::new(body)
-                    } else {
-                        empty_body()
-                    };
-                    builder
-                        .header(
-                            header::CONTENT_RANGE,
-                            format!("bytes {}-{}/{}", range.start(), range.end(), size),
-                        )
-                        .status(StatusCode::PARTIAL_CONTENT)
-                        .body(body)
-                }
-            } else {
-                builder
-                    .header(header::CONTENT_RANGE, format!("bytes */{}", size))
-                    .status(StatusCode::RANGE_NOT_SATISFIABLE)
-                    .body(body_from_bytes(Bytes::from(
-                        "No range found after parsing range header, please file an issue",
-                    )))
-            }
-        }
-        Some(Err(_)) => builder
-            .header(header::CONTENT_RANGE, format!("bytes */{}", size))
-            .status(StatusCode::RANGE_NOT_SATISFIABLE)
-            .body(empty_body()),
-        // Not a range request
-        None => {
-            let body = if let Some(file) = maybe_file {
-                let box_body = AsyncReadBody::with_capacity(file, chunk_size).boxed();
-                ResponseBody::new(box_body)
-            } else {
-                empty_body()
-            };
-            builder.body(body)
-        }
-    }
-}
-
-fn empty_body() -> ResponseBody {
-    let body = Empty::new().map_err(|err| match err {}).boxed();
-    ResponseBody::new(body)
-}
-
-fn body_from_bytes(bytes: Bytes) -> ResponseBody {
-    let body = Full::from(bytes).map_err(|err| match err {}).boxed();
-    ResponseBody::new(body)
-}
-
-opaque_body! {
-    /// Response body for [`ServeDir`] and [`ServeFile`].
-    pub type ResponseBody = BoxBody<Bytes, io::Error>;
-}
-
-#[cfg(test)]
-mod tests {
-    use std::io::Read;
-
-    #[allow(unused_imports)]
-    use super::*;
-    use brotli::BrotliDecompress;
-    use flate2::bufread::{DeflateDecoder, GzDecoder};
-    use http::{Request, StatusCode};
-    use http_body::Body as HttpBody;
-    use hyper::Body;
-    use tower::ServiceExt;
-
-    #[tokio::test]
-    async fn basic() {
-        let svc = ServeDir::new("..");
-
-        let req = Request::builder()
-            .uri("/README.md")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.status(), StatusCode::OK);
-        assert_eq!(res.headers()["content-type"], "text/markdown");
-
-        let body = body_into_text(res.into_body()).await;
-
-        let contents = std::fs::read_to_string("../README.md").unwrap();
-        assert_eq!(body, contents);
-    }
-
-    #[tokio::test]
-    async fn basic_with_index() {
-        let svc = ServeDir::new("../test-files");
-
-        let req = Request::new(Body::empty());
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.status(), StatusCode::OK);
-        assert_eq!(res.headers()[header::CONTENT_TYPE], "text/html");
-
-        let body = body_into_text(res.into_body()).await;
-        assert_eq!(body, "<b>HTML!</b>\n");
-    }
-
-    #[tokio::test]
-    async fn head_request() {
-        let svc = ServeDir::new("../test-files");
-
-        let req = Request::builder()
-            .uri("/precompressed.txt")
-            .method(Method::HEAD)
-            .body(Body::empty())
-            .unwrap();
-
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.headers()["content-type"], "text/plain");
-        assert_eq!(res.headers()["content-length"], "23");
-
-        let body = res.into_body().data().await;
-        assert!(body.is_none());
-    }
-
-    #[tokio::test]
-    async fn precompresed_head_request() {
-        let svc = ServeDir::new("../test-files").precompressed_gzip();
-
-        let req = Request::builder()
-            .uri("/precompressed.txt")
-            .header("Accept-Encoding", "gzip")
-            .method(Method::HEAD)
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.headers()["content-type"], "text/plain");
-        assert_eq!(res.headers()["content-encoding"], "gzip");
-        assert_eq!(res.headers()["content-length"], "59");
-
-        let body = res.into_body().data().await;
-        assert!(body.is_none());
-    }
-
-    #[tokio::test]
-    async fn with_custom_chunk_size() {
-        let svc = ServeDir::new("..").with_buf_chunk_size(1024 * 32);
-
-        let req = Request::builder()
-            .uri("/README.md")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.status(), StatusCode::OK);
-        assert_eq!(res.headers()["content-type"], "text/markdown");
-
-        let body = body_into_text(res.into_body()).await;
-
-        let contents = std::fs::read_to_string("../README.md").unwrap();
-        assert_eq!(body, contents);
-    }
-
-    #[tokio::test]
-    async fn precompressed_gzip() {
-        let svc = ServeDir::new("../test-files").precompressed_gzip();
-
-        let req = Request::builder()
-            .uri("/precompressed.txt")
-            .header("Accept-Encoding", "gzip")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.headers()["content-type"], "text/plain");
-        assert_eq!(res.headers()["content-encoding"], "gzip");
-
-        let body = res.into_body().data().await.unwrap().unwrap();
-        let mut decoder = GzDecoder::new(&body[..]);
-        let mut decompressed = String::new();
-        decoder.read_to_string(&mut decompressed).unwrap();
-        assert!(decompressed.starts_with("\"This is a test file!\""));
-    }
-
-    #[tokio::test]
-    async fn precompressed_br() {
-        let svc = ServeDir::new("../test-files").precompressed_br();
-
-        let req = Request::builder()
-            .uri("/precompressed.txt")
-            .header("Accept-Encoding", "br")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.headers()["content-type"], "text/plain");
-        assert_eq!(res.headers()["content-encoding"], "br");
-
-        let body = res.into_body().data().await.unwrap().unwrap();
-        let mut decompressed = Vec::new();
-        BrotliDecompress(&mut &body[..], &mut decompressed).unwrap();
-        let decompressed = String::from_utf8(decompressed.to_vec()).unwrap();
-        assert!(decompressed.starts_with("\"This is a test file!\""));
-    }
-
-    #[tokio::test]
-    async fn precompressed_deflate() {
-        let svc = ServeDir::new("../test-files").precompressed_deflate();
-        let request = Request::builder()
-            .uri("/precompressed.txt")
-            .header("Accept-Encoding", "deflate,br")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(request).await.unwrap();
-
-        assert_eq!(res.headers()["content-type"], "text/plain");
-        assert_eq!(res.headers()["content-encoding"], "deflate");
-
-        let body = res.into_body().data().await.unwrap().unwrap();
-        let mut decoder = DeflateDecoder::new(&body[..]);
-        let mut decompressed = String::new();
-        decoder.read_to_string(&mut decompressed).unwrap();
-        assert!(decompressed.starts_with("\"This is a test file!\""));
-    }
-
-    #[tokio::test]
-    async fn unsupported_precompression_alogrithm_fallbacks_to_uncompressed() {
-        let svc = ServeDir::new("../test-files").precompressed_gzip();
-
-        let request = Request::builder()
-            .uri("/precompressed.txt")
-            .header("Accept-Encoding", "br")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(request).await.unwrap();
-
-        assert_eq!(res.headers()["content-type"], "text/plain");
-        assert!(res.headers().get("content-encoding").is_none());
-
-        let body = res.into_body().data().await.unwrap().unwrap();
-        let body = String::from_utf8(body.to_vec()).unwrap();
-        assert!(body.starts_with("\"This is a test file!\""));
-    }
-
-    #[tokio::test]
-    async fn only_precompressed_variant_existing() {
-        let svc = ServeDir::new("../test-files").precompressed_gzip();
-
-        let request = Request::builder()
-            .uri("/only_gzipped.txt")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.clone().oneshot(request).await.unwrap();
-
-        assert_eq!(res.status(), StatusCode::NOT_FOUND);
-
-        // Should reply with gzipped file if client supports it
-        let request = Request::builder()
-            .uri("/only_gzipped.txt")
-            .header("Accept-Encoding", "gzip")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(request).await.unwrap();
-
-        assert_eq!(res.headers()["content-type"], "text/plain");
-        assert_eq!(res.headers()["content-encoding"], "gzip");
-
-        let body = res.into_body().data().await.unwrap().unwrap();
-        let mut decoder = GzDecoder::new(&body[..]);
-        let mut decompressed = String::new();
-        decoder.read_to_string(&mut decompressed).unwrap();
-        assert!(decompressed.starts_with("\"This is a test file\""));
-    }
-
-    #[tokio::test]
-    async fn missing_precompressed_variant_fallbacks_to_uncompressed() {
-        let svc = ServeDir::new("../test-files").precompressed_gzip();
-
-        let request = Request::builder()
-            .uri("/missing_precompressed.txt")
-            .header("Accept-Encoding", "gzip")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(request).await.unwrap();
-
-        assert_eq!(res.headers()["content-type"], "text/plain");
-        // Uncompressed file is served because compressed version is missing
-        assert!(res.headers().get("content-encoding").is_none());
-
-        let body = res.into_body().data().await.unwrap().unwrap();
-        let body = String::from_utf8(body.to_vec()).unwrap();
-        assert!(body.starts_with("Test file!"));
-    }
-
-    #[tokio::test]
-    async fn missing_precompressed_variant_fallbacks_to_uncompressed_for_head_request() {
-        let svc = ServeDir::new("../test-files").precompressed_gzip();
-
-        let request = Request::builder()
-            .uri("/missing_precompressed.txt")
-            .header("Accept-Encoding", "gzip")
-            .method(Method::HEAD)
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(request).await.unwrap();
-
-        assert_eq!(res.headers()["content-type"], "text/plain");
-        assert_eq!(res.headers()["content-length"], "11");
-        // Uncompressed file is served because compressed version is missing
-        assert!(res.headers().get("content-encoding").is_none());
-
-        assert!(res.into_body().data().await.is_none());
-    }
-
-    #[tokio::test]
-    async fn access_to_sub_dirs() {
-        let svc = ServeDir::new("..");
-
-        let req = Request::builder()
-            .uri("/tower-http/Cargo.toml")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.status(), StatusCode::OK);
-        assert_eq!(res.headers()["content-type"], "text/x-toml");
-
-        let body = body_into_text(res.into_body()).await;
-
-        let contents = std::fs::read_to_string("Cargo.toml").unwrap();
-        assert_eq!(body, contents);
-    }
-
-    #[tokio::test]
-    async fn not_found() {
-        let svc = ServeDir::new("..");
-
-        let req = Request::builder()
-            .uri("/not-found")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.status(), StatusCode::NOT_FOUND);
-        assert!(res.headers().get(header::CONTENT_TYPE).is_none());
-
-        let body = body_into_text(res.into_body()).await;
-        assert!(body.is_empty());
-    }
-
-    #[tokio::test]
-    async fn not_found_precompressed() {
-        let svc = ServeDir::new("../test-files").precompressed_gzip();
-
-        let req = Request::builder()
-            .uri("/not-found")
-            .header("Accept-Encoding", "gzip")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.status(), StatusCode::NOT_FOUND);
-        assert!(res.headers().get(header::CONTENT_TYPE).is_none());
-
-        let body = body_into_text(res.into_body()).await;
-        assert!(body.is_empty());
-    }
-
-    #[tokio::test]
-    async fn fallbacks_to_different_precompressed_variant_if_not_found_for_head_request() {
-        let svc = ServeDir::new("../test-files")
-            .precompressed_gzip()
-            .precompressed_br();
-
-        let req = Request::builder()
-            .uri("/precompressed_br.txt")
-            .header("Accept-Encoding", "gzip,br,deflate")
-            .method(Method::HEAD)
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.headers()["content-type"], "text/plain");
-        assert_eq!(res.headers()["content-encoding"], "br");
-        assert_eq!(res.headers()["content-length"], "15");
-
-        assert!(res.into_body().data().await.is_none());
-    }
-
-    #[tokio::test]
-    async fn fallbacks_to_different_precompressed_variant_if_not_found() {
-        let svc = ServeDir::new("../test-files")
-            .precompressed_gzip()
-            .precompressed_br();
-
-        let req = Request::builder()
-            .uri("/precompressed_br.txt")
-            .header("Accept-Encoding", "gzip,br,deflate")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.headers()["content-type"], "text/plain");
-        assert_eq!(res.headers()["content-encoding"], "br");
-
-        let body = res.into_body().data().await.unwrap().unwrap();
-        let mut decompressed = Vec::new();
-        BrotliDecompress(&mut &body[..], &mut decompressed).unwrap();
-        let decompressed = String::from_utf8(decompressed.to_vec()).unwrap();
-        assert!(decompressed.starts_with("Test file"));
-    }
-
-    #[tokio::test]
-    async fn redirect_to_trailing_slash_on_dir() {
-        let svc = ServeDir::new(".");
-
-        let req = Request::builder().uri("/src").body(Body::empty()).unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.status(), StatusCode::TEMPORARY_REDIRECT);
-
-        let location = &res.headers()[http::header::LOCATION];
-        assert_eq!(location, "/src/");
-    }
-
-    #[tokio::test]
-    async fn empty_directory_without_index() {
-        let svc = ServeDir::new(".").append_index_html_on_directories(false);
-
-        let req = Request::new(Body::empty());
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.status(), StatusCode::NOT_FOUND);
-        assert!(res.headers().get(header::CONTENT_TYPE).is_none());
-
-        let body = body_into_text(res.into_body()).await;
-        assert!(body.is_empty());
-    }
-
-    async fn body_into_text<B>(body: B) -> String
-    where
-        B: HttpBody<Data = bytes::Bytes> + Unpin,
-        B::Error: std::fmt::Debug,
-    {
-        let bytes = hyper::body::to_bytes(body).await.unwrap();
-        String::from_utf8(bytes.to_vec()).unwrap()
-    }
-
-    #[tokio::test]
-    async fn access_cjk_percent_encoded_uri_path() {
-        // percent encoding present of 你好世界.txt
-        let cjk_filename_encoded = "%E4%BD%A0%E5%A5%BD%E4%B8%96%E7%95%8C.txt";
-
-        let svc = ServeDir::new("../test-files");
-
-        let req = Request::builder()
-            .uri(format!("/{}", cjk_filename_encoded))
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.status(), StatusCode::OK);
-        assert_eq!(res.headers()["content-type"], "text/plain");
-    }
-
-    #[tokio::test]
-    async fn access_space_percent_encoded_uri_path() {
-        let encoded_filename = "filename%20with%20space.txt";
-
-        let svc = ServeDir::new("../test-files");
-
-        let req = Request::builder()
-            .uri(format!("/{}", encoded_filename))
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.status(), StatusCode::OK);
-        assert_eq!(res.headers()["content-type"], "text/plain");
-    }
-
-    #[tokio::test]
-    async fn read_partial_in_bounds() {
-        let svc = ServeDir::new("..");
-        let bytes_start_incl = 9;
-        let bytes_end_incl = 1023;
-
-        let req = Request::builder()
-            .uri("/README.md")
-            .header(
-                "Range",
-                format!("bytes={}-{}", bytes_start_incl, bytes_end_incl),
-            )
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        let file_contents = std::fs::read("../README.md").unwrap();
-        assert_eq!(res.status(), StatusCode::PARTIAL_CONTENT);
-        assert_eq!(
-            res.headers()["content-length"],
-            file_contents.len().to_string()
-        );
-        assert!(res.headers()["content-range"]
-            .to_str()
-            .unwrap()
-            .starts_with(&format!(
-                "bytes {}-{}/{}",
-                bytes_start_incl,
-                bytes_end_incl,
-                file_contents.len()
-            )));
-        assert_eq!(res.headers()["content-type"], "text/markdown");
-
-        let body = hyper::body::to_bytes(res.into_body()).await.ok().unwrap();
-        let source = Bytes::from(file_contents[bytes_start_incl..=bytes_end_incl].to_vec());
-        assert_eq!(body, source);
-    }
-
-    #[tokio::test]
-    async fn read_partial_rejects_out_of_bounds_range() {
-        let svc = ServeDir::new("..");
-        let bytes_start_incl = 0;
-        let bytes_end_excl = 9999999;
-        let requested_len = bytes_end_excl - bytes_start_incl;
-
-        let req = Request::builder()
-            .uri("/README.md")
-            .header(
-                "Range",
-                format!("bytes={}-{}", bytes_start_incl, requested_len - 1),
-            )
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-
-        assert_eq!(res.status(), StatusCode::RANGE_NOT_SATISFIABLE);
-        let file_contents = std::fs::read("../README.md").unwrap();
-        assert_eq!(
-            res.headers()["content-range"],
-            &format!("bytes */{}", file_contents.len())
-        )
-    }
-
-    #[tokio::test]
-    async fn read_partial_errs_on_garbage_header() {
-        let svc = ServeDir::new("..");
-        let req = Request::builder()
-            .uri("/README.md")
-            .header("Range", "bad_format")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-        assert_eq!(res.status(), StatusCode::RANGE_NOT_SATISFIABLE);
-        let file_contents = std::fs::read("../README.md").unwrap();
-        assert_eq!(
-            res.headers()["content-range"],
-            &format!("bytes */{}", file_contents.len())
-        )
-    }
-
-    #[tokio::test]
-    async fn read_partial_errs_on_bad_range() {
-        let svc = ServeDir::new("..");
-        let req = Request::builder()
-            .uri("/README.md")
-            .header("Range", "bytes=-1-15")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-        assert_eq!(res.status(), StatusCode::RANGE_NOT_SATISFIABLE);
-        let file_contents = std::fs::read("../README.md").unwrap();
-        assert_eq!(
-            res.headers()["content-range"],
-            &format!("bytes */{}", file_contents.len())
-        )
-    }
-    #[tokio::test]
-    async fn last_modified() {
-        let svc = ServeDir::new("..");
-        let req = Request::builder()
-            .uri("/README.md")
-            .body(Body::empty())
-            .unwrap();
-        let res = svc.oneshot(req).await.unwrap();
-        assert_eq!(res.status(), StatusCode::OK);
-
-        let last_modified = res
-            .headers()
-            .get(header::LAST_MODIFIED)
-            .expect("Missing last modified header!");
-
-        // -- If-Modified-Since
-
-        let svc = ServeDir::new("..");
-        let req = Request::builder()
-            .uri("/README.md")
-            .header(header::IF_MODIFIED_SINCE, last_modified)
-            .body(Body::empty())
-            .unwrap();
-
-        let res = svc.oneshot(req).await.unwrap();
-        assert_eq!(res.status(), StatusCode::NOT_MODIFIED);
-        let body = res.into_body().data().await;
-        assert!(body.is_none());
-
-        let svc = ServeDir::new("..");
-        let req = Request::builder()
-            .uri("/README.md")
-            .header(header::IF_MODIFIED_SINCE, "Fri, 09 Aug 1996 14:21:40 GMT")
-            .body(Body::empty())
-            .unwrap();
-
-        let res = svc.oneshot(req).await.unwrap();
-        assert_eq!(res.status(), StatusCode::OK);
-        let readme_bytes = include_bytes!("../../../../README.md");
-        let body = res.into_body().data().await.unwrap().unwrap();
-        assert_eq!(body.as_ref(), readme_bytes);
-
-        // -- If-Unmodified-Since
-
-        let svc = ServeDir::new("..");
-        let req = Request::builder()
-            .uri("/README.md")
-            .header(header::IF_UNMODIFIED_SINCE, last_modified)
-            .body(Body::empty())
-            .unwrap();
-
-        let res = svc.oneshot(req).await.unwrap();
-        assert_eq!(res.status(), StatusCode::OK);
-        let body = res.into_body().data().await.unwrap().unwrap();
-        assert_eq!(body.as_ref(), readme_bytes);
-
-        let svc = ServeDir::new("..");
-        let req = Request::builder()
-            .uri("/README.md")
-            .header(header::IF_UNMODIFIED_SINCE, "Fri, 09 Aug 1996 14:21:40 GMT")
-            .body(Body::empty())
-            .unwrap();
-
-        let res = svc.oneshot(req).await.unwrap();
-        assert_eq!(res.status(), StatusCode::PRECONDITION_FAILED);
-        let body = res.into_body().data().await;
-        assert!(body.is_none());
-    }
-}
diff --git a/vendor/tower-http/src/services/fs/serve_dir/future.rs b/vendor/tower-http/src/services/fs/serve_dir/future.rs
new file mode 100644
index 0000000000000..5a0c1b3be683a
--- /dev/null
+++ b/vendor/tower-http/src/services/fs/serve_dir/future.rs
@@ -0,0 +1,296 @@
+use super::{
+    open_file::{FileOpened, FileRequestExtent, OpenFileOutput},
+    DefaultServeDirFallback, ResponseBody,
+};
+use crate::{services::fs::AsyncReadBody, BoxError};
+use bytes::Bytes;
+use futures_util::{
+    future::{BoxFuture, FutureExt, TryFutureExt},
+    ready,
+};
+use http::{
+    header::{self, ALLOW},
+    HeaderValue, Request, Response, StatusCode,
+};
+use http_body::{Body, Empty, Full};
+use pin_project_lite::pin_project;
+use std::{
+    future::Future,
+    io,
+    pin::Pin,
+    task::{Context, Poll},
+};
+use tower_service::Service;
+
+pin_project! {
+    /// Response future of [`ServeDir`].
+    pub struct ResponseFuture<ReqBody, F = DefaultServeDirFallback> {
+        #[pin]
+        pub(super) inner: ResponseFutureInner<ReqBody, F>,
+    }
+}
+
+impl<ReqBody, F> ResponseFuture<ReqBody, F> {
+    pub(super) fn open_file_future(
+        future: BoxFuture<'static, io::Result<OpenFileOutput>>,
+        fallback_and_request: Option<(F, Request<ReqBody>)>,
+    ) -> Self {
+        Self {
+            inner: ResponseFutureInner::OpenFileFuture {
+                future,
+                fallback_and_request,
+            },
+        }
+    }
+
+    pub(super) fn invalid_path() -> Self {
+        Self {
+            inner: ResponseFutureInner::InvalidPath,
+        }
+    }
+
+    pub(super) fn method_not_allowed() -> Self {
+        Self {
+            inner: ResponseFutureInner::MethodNotAllowed,
+        }
+    }
+}
+
+pin_project! {
+    #[project = ResponseFutureInnerProj]
+    pub(super) enum ResponseFutureInner<ReqBody, F> {
+        OpenFileFuture {
+            #[pin]
+            future: BoxFuture<'static, io::Result<OpenFileOutput>>,
+            fallback_and_request: Option<(F, Request<ReqBody>)>,
+        },
+        FallbackFuture {
+            future: BoxFuture<'static, io::Result<Response<ResponseBody>>>,
+        },
+        InvalidPath,
+        MethodNotAllowed,
+    }
+}
+
+impl<F, ReqBody, ResBody> Future for ResponseFuture<ReqBody, F>
+where
+    F: Service<Request<ReqBody>, Response = Response<ResBody>> + Clone,
+    F::Error: Into<io::Error>,
+    F::Future: Send + 'static,
+    ResBody: http_body::Body<Data = Bytes> + Send + 'static,
+    ResBody::Error: Into<Box<dyn std::error::Error + Send + Sync>>,
+{
+    type Output = io::Result<Response<ResponseBody>>;
+
+    fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
+        loop {
+            let mut this = self.as_mut().project();
+
+            let new_state = match this.inner.as_mut().project() {
+                ResponseFutureInnerProj::OpenFileFuture {
+                    future: open_file_future,
+                    fallback_and_request,
+                } => match ready!(open_file_future.poll(cx)) {
+                    Ok(OpenFileOutput::FileOpened(file_output)) => {
+                        break Poll::Ready(Ok(build_response(*file_output)));
+                    }
+
+                    Ok(OpenFileOutput::Redirect { location }) => {
+                        let mut res = response_with_status(StatusCode::TEMPORARY_REDIRECT);
+                        res.headers_mut().insert(http::header::LOCATION, location);
+                        break Poll::Ready(Ok(res));
+                    }
+
+                    Ok(OpenFileOutput::FileNotFound) => {
+                        if let Some((mut fallback, request)) = fallback_and_request.take() {
+                            call_fallback(&mut fallback, request)
+                        } else {
+                            break Poll::Ready(Ok(not_found()));
+                        }
+                    }
+
+                    Ok(OpenFileOutput::PreconditionFailed) => {
+                        break Poll::Ready(Ok(response_with_status(
+                            StatusCode::PRECONDITION_FAILED,
+                        )));
+                    }
+
+                    Ok(OpenFileOutput::NotModified) => {
+                        break Poll::Ready(Ok(response_with_status(StatusCode::NOT_MODIFIED)));
+                    }
+
+                    Err(err) => {
+                        if let io::ErrorKind::NotFound | io::ErrorKind::PermissionDenied =
+                            err.kind()
+                        {
+                            if let Some((mut fallback, request)) = fallback_and_request.take() {
+                                call_fallback(&mut fallback, request)
+                            } else {
+                                break Poll::Ready(Ok(not_found()));
+                            }
+                        } else {
+                            break Poll::Ready(Err(err));
+                        }
+                    }
+                },
+
+                ResponseFutureInnerProj::FallbackFuture { future } => {
+                    break Pin::new(future).poll(cx)
+                }
+
+                ResponseFutureInnerProj::InvalidPath => {
+                    break Poll::Ready(Ok(not_found()));
+                }
+
+                ResponseFutureInnerProj::MethodNotAllowed => {
+                    let mut res = response_with_status(StatusCode::METHOD_NOT_ALLOWED);
+                    res.headers_mut()
+                        .insert(ALLOW, HeaderValue::from_static("GET,HEAD"));
+                    break Poll::Ready(Ok(res));
+                }
+            };
+
+            this.inner.set(new_state);
+        }
+    }
+}
+
+fn response_with_status(status: StatusCode) -> Response<ResponseBody> {
+    Response::builder()
+        .status(status)
+        .body(empty_body())
+        .unwrap()
+}
+
+fn not_found() -> Response<ResponseBody> {
+    response_with_status(StatusCode::NOT_FOUND)
+}
+
+pub(super) fn call_fallback<F, B, FResBody>(
+    fallback: &mut F,
+    req: Request<B>,
+) -> ResponseFutureInner<B, F>
+where
+    F: Service<Request<B>, Response = Response<FResBody>> + Clone,
+    F::Error: Into<io::Error>,
+    F::Future: Send + 'static,
+    FResBody: http_body::Body<Data = Bytes> + Send + 'static,
+    FResBody::Error: Into<BoxError>,
+{
+    let future = fallback
+        .call(req)
+        .err_into()
+        .map_ok(|response| {
+            response
+                .map(|body| {
+                    body.map_err(|err| match err.into().downcast::<io::Error>() {
+                        Ok(err) => *err,
+                        Err(err) => io::Error::new(io::ErrorKind::Other, err),
+                    })
+                    .boxed_unsync()
+                })
+                .map(ResponseBody::new)
+        })
+        .boxed();
+
+    ResponseFutureInner::FallbackFuture { future }
+}
+
+fn build_response(output: FileOpened) -> Response<ResponseBody> {
+    let (maybe_file, size) = match output.extent {
+        FileRequestExtent::Full(file, meta) => (Some(file), meta.len()),
+        FileRequestExtent::Head(meta) => (None, meta.len()),
+    };
+
+    let mut builder = Response::builder()
+        .header(header::CONTENT_TYPE, output.mime_header_value)
+        .header(header::ACCEPT_RANGES, "bytes");
+
+    if let Some(encoding) = output.maybe_encoding {
+        builder = builder.header(header::CONTENT_ENCODING, encoding.into_header_value());
+    }
+
+    if let Some(last_modified) = output.last_modified {
+        builder = builder.header(header::LAST_MODIFIED, last_modified.0.to_string());
+    }
+
+    match output.maybe_range {
+        Some(Ok(ranges)) => {
+            if let Some(range) = ranges.first() {
+                if ranges.len() > 1 {
+                    builder
+                        .header(header::CONTENT_RANGE, format!("bytes */{}", size))
+                        .status(StatusCode::RANGE_NOT_SATISFIABLE)
+                        .body(body_from_bytes(Bytes::from(
+                            "Cannot serve multipart range requests",
+                        )))
+                        .unwrap()
+                } else {
+                    let body = if let Some(file) = maybe_file {
+                        let range_size = range.end() - range.start() + 1;
+                        ResponseBody::new(
+                            AsyncReadBody::with_capacity_limited(
+                                file,
+                                output.chunk_size,
+                                range_size,
+                            )
+                            .boxed_unsync(),
+                        )
+                    } else {
+                        empty_body()
+                    };
+
+                    builder
+                        .header(
+                            header::CONTENT_RANGE,
+                            format!("bytes {}-{}/{}", range.start(), range.end(), size),
+                        )
+                        .header(header::CONTENT_LENGTH, range.end() - range.start() + 1)
+                        .status(StatusCode::PARTIAL_CONTENT)
+                        .body(body)
+                        .unwrap()
+                }
+            } else {
+                builder
+                    .header(header::CONTENT_RANGE, format!("bytes */{}", size))
+                    .status(StatusCode::RANGE_NOT_SATISFIABLE)
+                    .body(body_from_bytes(Bytes::from(
+                        "No range found after parsing range header, please file an issue",
+                    )))
+                    .unwrap()
+            }
+        }
+
+        Some(Err(_)) => builder
+            .header(header::CONTENT_RANGE, format!("bytes */{}", size))
+            .status(StatusCode::RANGE_NOT_SATISFIABLE)
+            .body(empty_body())
+            .unwrap(),
+
+        // Not a range request
+        None => {
+            let body = if let Some(file) = maybe_file {
+                ResponseBody::new(
+                    AsyncReadBody::with_capacity(file, output.chunk_size).boxed_unsync(),
+                )
+            } else {
+                empty_body()
+            };
+
+            builder
+                .header(header::CONTENT_LENGTH, size.to_string())
+                .body(body)
+                .unwrap()
+        }
+    }
+}
+
+fn body_from_bytes(bytes: Bytes) -> ResponseBody {
+    let body = Full::from(bytes).map_err(|err| match err {}).boxed_unsync();
+    ResponseBody::new(body)
+}
+
+fn empty_body() -> ResponseBody {
+    let body = Empty::new().map_err(|err| match err {}).boxed_unsync();
+    ResponseBody::new(body)
+}
diff --git a/vendor/tower-http/src/services/fs/serve_dir/headers.rs b/vendor/tower-http/src/services/fs/serve_dir/headers.rs
new file mode 100644
index 0000000000000..e9e809073fb09
--- /dev/null
+++ b/vendor/tower-http/src/services/fs/serve_dir/headers.rs
@@ -0,0 +1,45 @@
+use http::header::HeaderValue;
+use httpdate::HttpDate;
+use std::time::SystemTime;
+
+pub(super) struct LastModified(pub(super) HttpDate);
+
+impl From<SystemTime> for LastModified {
+    fn from(time: SystemTime) -> Self {
+        LastModified(time.into())
+    }
+}
+
+pub(super) struct IfModifiedSince(HttpDate);
+
+impl IfModifiedSince {
+    /// Check if the supplied time means the resource has been modified.
+    pub(super) fn is_modified(&self, last_modified: &LastModified) -> bool {
+        self.0 < last_modified.0
+    }
+
+    /// convert a header value into a IfModifiedSince, invalid values are silentely ignored
+    pub(super) fn from_header_value(value: &HeaderValue) -> Option<IfModifiedSince> {
+        std::str::from_utf8(value.as_bytes())
+            .ok()
+            .and_then(|value| httpdate::parse_http_date(value).ok())
+            .map(|time| IfModifiedSince(time.into()))
+    }
+}
+
+pub(super) struct IfUnmodifiedSince(HttpDate);
+
+impl IfUnmodifiedSince {
+    /// Check if the supplied time passes the precondtion.
+    pub(super) fn precondition_passes(&self, last_modified: &LastModified) -> bool {
+        self.0 >= last_modified.0
+    }
+
+    /// Convert a header value into a IfModifiedSince, invalid values are silentely ignored
+    pub(super) fn from_header_value(value: &HeaderValue) -> Option<IfUnmodifiedSince> {
+        std::str::from_utf8(value.as_bytes())
+            .ok()
+            .and_then(|value| httpdate::parse_http_date(value).ok())
+            .map(|time| IfUnmodifiedSince(time.into()))
+    }
+}
diff --git a/vendor/tower-http/src/services/fs/serve_dir/mod.rs b/vendor/tower-http/src/services/fs/serve_dir/mod.rs
new file mode 100644
index 0000000000000..4921a3f2f1efa
--- /dev/null
+++ b/vendor/tower-http/src/services/fs/serve_dir/mod.rs
@@ -0,0 +1,448 @@
+use self::future::ResponseFuture;
+use crate::{
+    content_encoding::{encodings, SupportedEncodings},
+    set_status::SetStatus,
+};
+use bytes::Bytes;
+use http::{header, HeaderValue, Method, Request, Response, StatusCode};
+use http_body::{combinators::UnsyncBoxBody, Empty};
+use percent_encoding::percent_decode;
+use std::{
+    convert::Infallible,
+    io,
+    path::{Component, Path, PathBuf},
+    task::{Context, Poll},
+};
+use tower_service::Service;
+
+pub(crate) mod future;
+mod headers;
+mod open_file;
+
+#[cfg(test)]
+mod tests;
+
+// default capacity 64KiB
+const DEFAULT_CAPACITY: usize = 65536;
+
+/// Service that serves files from a given directory and all its sub directories.
+///
+/// The `Content-Type` will be guessed from the file extension.
+///
+/// An empty response with status `404 Not Found` will be returned if:
+///
+/// - The file doesn't exist
+/// - Any segment of the path contains `..`
+/// - Any segment of the path contains a backslash
+/// - We don't have necessary permissions to read the file
+///
+/// # Example
+///
+/// ```
+/// use tower_http::services::ServeDir;
+///
+/// // This will serve files in the "assets" directory and
+/// // its subdirectories
+/// let service = ServeDir::new("assets");
+///
+/// # async {
+/// // Run our service using `hyper`
+/// let addr = std::net::SocketAddr::from(([127, 0, 0, 1], 3000));
+/// hyper::Server::bind(&addr)
+///     .serve(tower::make::Shared::new(service))
+///     .await
+///     .expect("server error");
+/// # };
+/// ```
+#[derive(Clone, Debug)]
+pub struct ServeDir<F = DefaultServeDirFallback> {
+    base: PathBuf,
+    buf_chunk_size: usize,
+    precompressed_variants: Option<PrecompressedVariants>,
+    // This is used to specialise implementation for
+    // single files
+    variant: ServeVariant,
+    fallback: Option<F>,
+    call_fallback_on_method_not_allowed: bool,
+}
+
+impl ServeDir<DefaultServeDirFallback> {
+    /// Create a new [`ServeDir`].
+    pub fn new<P>(path: P) -> Self
+    where
+        P: AsRef<Path>,
+    {
+        let mut base = PathBuf::from(".");
+        base.push(path.as_ref());
+
+        Self {
+            base,
+            buf_chunk_size: DEFAULT_CAPACITY,
+            precompressed_variants: None,
+            variant: ServeVariant::Directory {
+                append_index_html_on_directories: true,
+            },
+            fallback: None,
+            call_fallback_on_method_not_allowed: false,
+        }
+    }
+
+    pub(crate) fn new_single_file<P>(path: P, mime: HeaderValue) -> Self
+    where
+        P: AsRef<Path>,
+    {
+        Self {
+            base: path.as_ref().to_owned(),
+            buf_chunk_size: DEFAULT_CAPACITY,
+            precompressed_variants: None,
+            variant: ServeVariant::SingleFile { mime },
+            fallback: None,
+            call_fallback_on_method_not_allowed: false,
+        }
+    }
+}
+
+impl<F> ServeDir<F> {
+    /// If the requested path is a directory append `index.html`.
+    ///
+    /// This is useful for static sites.
+    ///
+    /// Defaults to `true`.
+    pub fn append_index_html_on_directories(mut self, append: bool) -> Self {
+        match &mut self.variant {
+            ServeVariant::Directory {
+                append_index_html_on_directories,
+            } => {
+                *append_index_html_on_directories = append;
+                self
+            }
+            ServeVariant::SingleFile { mime: _ } => self,
+        }
+    }
+
+    /// Set a specific read buffer chunk size.
+    ///
+    /// The default capacity is 64kb.
+    pub fn with_buf_chunk_size(mut self, chunk_size: usize) -> Self {
+        self.buf_chunk_size = chunk_size;
+        self
+    }
+
+    /// Informs the service that it should also look for a precompressed gzip
+    /// version of _any_ file in the directory.
+    ///
+    /// Assuming the `dir` directory is being served and `dir/foo.txt` is requested,
+    /// a client with an `Accept-Encoding` header that allows the gzip encoding
+    /// will receive the file `dir/foo.txt.gz` instead of `dir/foo.txt`.
+    /// If the precompressed file is not available, or the client doesn't support it,
+    /// the uncompressed version will be served instead.
+    /// Both the precompressed version and the uncompressed version are expected
+    /// to be present in the directory. Different precompressed variants can be combined.
+    pub fn precompressed_gzip(mut self) -> Self {
+        self.precompressed_variants
+            .get_or_insert(Default::default())
+            .gzip = true;
+        self
+    }
+
+    /// Informs the service that it should also look for a precompressed brotli
+    /// version of _any_ file in the directory.
+    ///
+    /// Assuming the `dir` directory is being served and `dir/foo.txt` is requested,
+    /// a client with an `Accept-Encoding` header that allows the brotli encoding
+    /// will receive the file `dir/foo.txt.br` instead of `dir/foo.txt`.
+    /// If the precompressed file is not available, or the client doesn't support it,
+    /// the uncompressed version will be served instead.
+    /// Both the precompressed version and the uncompressed version are expected
+    /// to be present in the directory. Different precompressed variants can be combined.
+    pub fn precompressed_br(mut self) -> Self {
+        self.precompressed_variants
+            .get_or_insert(Default::default())
+            .br = true;
+        self
+    }
+
+    /// Informs the service that it should also look for a precompressed deflate
+    /// version of _any_ file in the directory.
+    ///
+    /// Assuming the `dir` directory is being served and `dir/foo.txt` is requested,
+    /// a client with an `Accept-Encoding` header that allows the deflate encoding
+    /// will receive the file `dir/foo.txt.zz` instead of `dir/foo.txt`.
+    /// If the precompressed file is not available, or the client doesn't support it,
+    /// the uncompressed version will be served instead.
+    /// Both the precompressed version and the uncompressed version are expected
+    /// to be present in the directory. Different precompressed variants can be combined.
+    pub fn precompressed_deflate(mut self) -> Self {
+        self.precompressed_variants
+            .get_or_insert(Default::default())
+            .deflate = true;
+        self
+    }
+
+    /// Set the fallback service.
+    ///
+    /// This service will be called if there is no file at the path of the request.
+    ///
+    /// The status code returned by the fallback will not be altered. Use
+    /// [`ServeDir::not_found_service`] to set a fallback and always respond with `404 Not Found`.
+    ///
+    /// # Example
+    ///
+    /// This can be used to respond with a different file:
+    ///
+    /// ```rust
+    /// use tower_http::services::{ServeDir, ServeFile};
+    ///
+    /// let service = ServeDir::new("assets")
+    ///     // respond with `not_found.html` for missing files
+    ///     .fallback(ServeFile::new("assets/not_found.html"));
+    ///
+    /// # async {
+    /// // Run our service using `hyper`
+    /// let addr = std::net::SocketAddr::from(([127, 0, 0, 1], 3000));
+    /// hyper::Server::bind(&addr)
+    ///     .serve(tower::make::Shared::new(service))
+    ///     .await
+    ///     .expect("server error");
+    /// # };
+    /// ```
+    pub fn fallback<F2>(self, new_fallback: F2) -> ServeDir<F2> {
+        ServeDir {
+            base: self.base,
+            buf_chunk_size: self.buf_chunk_size,
+            precompressed_variants: self.precompressed_variants,
+            variant: self.variant,
+            fallback: Some(new_fallback),
+            call_fallback_on_method_not_allowed: self.call_fallback_on_method_not_allowed,
+        }
+    }
+
+    /// Set the fallback service and override the fallback's status code to `404 Not Found`.
+    ///
+    /// This service will be called if there is no file at the path of the request.
+    ///
+    /// # Example
+    ///
+    /// This can be used to respond with a different file:
+    ///
+    /// ```rust
+    /// use tower_http::services::{ServeDir, ServeFile};
+    ///
+    /// let service = ServeDir::new("assets")
+    ///     // respond with `404 Not Found` and the contents of `not_found.html` for missing files
+    ///     .not_found_service(ServeFile::new("assets/not_found.html"));
+    ///
+    /// # async {
+    /// // Run our service using `hyper`
+    /// let addr = std::net::SocketAddr::from(([127, 0, 0, 1], 3000));
+    /// hyper::Server::bind(&addr)
+    ///     .serve(tower::make::Shared::new(service))
+    ///     .await
+    ///     .expect("server error");
+    /// # };
+    /// ```
+    ///
+    /// Setups like this are often found in single page applications.
+    pub fn not_found_service<F2>(self, new_fallback: F2) -> ServeDir<SetStatus<F2>> {
+        self.fallback(SetStatus::new(new_fallback, StatusCode::NOT_FOUND))
+    }
+
+    /// Customize whether or not to call the fallback for requests that aren't `GET` or `HEAD`.
+    ///
+    /// Defaults to not calling the fallback and instead returning `405 Method Not Allowed`.
+    pub fn call_fallback_on_method_not_allowed(mut self, call_fallback: bool) -> Self {
+        self.call_fallback_on_method_not_allowed = call_fallback;
+        self
+    }
+}
+
+impl<ReqBody, F, FResBody> Service<Request<ReqBody>> for ServeDir<F>
+where
+    F: Service<Request<ReqBody>, Response = Response<FResBody>> + Clone,
+    F::Error: Into<io::Error>,
+    F::Future: Send + 'static,
+    FResBody: http_body::Body<Data = Bytes> + Send + 'static,
+    FResBody::Error: Into<Box<dyn std::error::Error + Send + Sync>>,
+{
+    type Response = Response<ResponseBody>;
+    type Error = io::Error;
+    type Future = ResponseFuture<ReqBody, F>;
+
+    #[inline]
+    fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
+        if let Some(fallback) = &mut self.fallback {
+            fallback.poll_ready(cx).map_err(Into::into)
+        } else {
+            Poll::Ready(Ok(()))
+        }
+    }
+
+    fn call(&mut self, req: Request<ReqBody>) -> Self::Future {
+        if req.method() != Method::GET && req.method() != Method::HEAD {
+            if self.call_fallback_on_method_not_allowed {
+                if let Some(fallback) = &mut self.fallback {
+                    return ResponseFuture {
+                        inner: future::call_fallback(fallback, req),
+                    };
+                }
+            } else {
+                return ResponseFuture::method_not_allowed();
+            }
+        }
+
+        // `ServeDir` doesn't care about the request body but the fallback might. So move out the
+        // body and pass it to the fallback, leaving an empty body in its place
+        //
+        // this is necessary because we cannot clone bodies
+        let (mut parts, body) = req.into_parts();
+        // same goes for extensions
+        let extensions = std::mem::take(&mut parts.extensions);
+        let req = Request::from_parts(parts, Empty::<Bytes>::new());
+
+        let path_to_file = match self
+            .variant
+            .build_and_validate_path(&self.base, req.uri().path())
+        {
+            Some(path_to_file) => path_to_file,
+            None => {
+                return ResponseFuture::invalid_path();
+            }
+        };
+
+        let fallback_and_request = self.fallback.as_mut().map(|fallback| {
+            let mut fallback_req = Request::new(body);
+            *fallback_req.method_mut() = req.method().clone();
+            *fallback_req.uri_mut() = req.uri().clone();
+            *fallback_req.headers_mut() = req.headers().clone();
+            *fallback_req.extensions_mut() = extensions;
+
+            // get the ready fallback and leave a non-ready clone in its place
+            let clone = fallback.clone();
+            let fallback = std::mem::replace(fallback, clone);
+
+            (fallback, fallback_req)
+        });
+
+        let buf_chunk_size = self.buf_chunk_size;
+        let range_header = req
+            .headers()
+            .get(header::RANGE)
+            .and_then(|value| value.to_str().ok())
+            .map(|s| s.to_owned());
+
+        let negotiated_encodings = encodings(
+            req.headers(),
+            self.precompressed_variants.unwrap_or_default(),
+        );
+
+        let variant = self.variant.clone();
+
+        let open_file_future = Box::pin(open_file::open_file(
+            variant,
+            path_to_file,
+            req,
+            negotiated_encodings,
+            range_header,
+            buf_chunk_size,
+        ));
+
+        ResponseFuture::open_file_future(open_file_future, fallback_and_request)
+    }
+}
+
+// Allow the ServeDir service to be used in the ServeFile service
+// with almost no overhead
+#[derive(Clone, Debug)]
+enum ServeVariant {
+    Directory {
+        append_index_html_on_directories: bool,
+    },
+    SingleFile {
+        mime: HeaderValue,
+    },
+}
+
+impl ServeVariant {
+    fn build_and_validate_path(&self, base_path: &Path, requested_path: &str) -> Option<PathBuf> {
+        match self {
+            ServeVariant::Directory {
+                append_index_html_on_directories: _,
+            } => {
+                let path = requested_path.trim_start_matches('/');
+
+                let path_decoded = percent_decode(path.as_ref()).decode_utf8().ok()?;
+                let path_decoded = Path::new(&*path_decoded);
+
+                let mut path_to_file = base_path.to_path_buf();
+                for component in path_decoded.components() {
+                    match component {
+                        Component::Normal(comp) => {
+                            // protect against paths like `/foo/c:/bar/baz` (#204)
+                            if Path::new(&comp)
+                                .components()
+                                .all(|c| matches!(c, Component::Normal(_)))
+                            {
+                                path_to_file.push(comp)
+                            } else {
+                                return None;
+                            }
+                        }
+                        Component::CurDir => {}
+                        Component::Prefix(_) | Component::RootDir | Component::ParentDir => {
+                            return None;
+                        }
+                    }
+                }
+                Some(path_to_file)
+            }
+            ServeVariant::SingleFile { mime: _ } => Some(base_path.to_path_buf()),
+        }
+    }
+}
+
+opaque_body! {
+    /// Response body for [`ServeDir`] and [`ServeFile`].
+    pub type ResponseBody = UnsyncBoxBody<Bytes, io::Error>;
+}
+
+/// The default fallback service used with [`ServeDir`].
+#[derive(Debug, Clone, Copy)]
+pub struct DefaultServeDirFallback(Infallible);
+
+impl<ReqBody> Service<Request<ReqBody>> for DefaultServeDirFallback
+where
+    ReqBody: Send + 'static,
+{
+    type Response = Response<ResponseBody>;
+    type Error = io::Error;
+    type Future = ResponseFuture<ReqBody>;
+
+    fn poll_ready(&mut self, _cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
+        match self.0 {}
+    }
+
+    fn call(&mut self, _req: Request<ReqBody>) -> Self::Future {
+        match self.0 {}
+    }
+}
+
+#[derive(Clone, Copy, Debug, Default)]
+struct PrecompressedVariants {
+    gzip: bool,
+    deflate: bool,
+    br: bool,
+}
+
+impl SupportedEncodings for PrecompressedVariants {
+    fn gzip(&self) -> bool {
+        self.gzip
+    }
+
+    fn deflate(&self) -> bool {
+        self.deflate
+    }
+
+    fn br(&self) -> bool {
+        self.br
+    }
+}
diff --git a/vendor/tower-http/src/services/fs/serve_dir/open_file.rs b/vendor/tower-http/src/services/fs/serve_dir/open_file.rs
new file mode 100644
index 0000000000000..a24aa0882342e
--- /dev/null
+++ b/vendor/tower-http/src/services/fs/serve_dir/open_file.rs
@@ -0,0 +1,323 @@
+use super::{
+    headers::{IfModifiedSince, IfUnmodifiedSince, LastModified},
+    ServeVariant,
+};
+use crate::content_encoding::{Encoding, QValue};
+use bytes::Bytes;
+use http::{header, HeaderValue, Method, Request, Uri};
+use http_body::Empty;
+use http_range_header::RangeUnsatisfiableError;
+use std::{
+    ffi::OsStr,
+    fs::Metadata,
+    io::{self, SeekFrom},
+    ops::RangeInclusive,
+    path::{Path, PathBuf},
+};
+use tokio::{fs::File, io::AsyncSeekExt};
+
+pub(super) enum OpenFileOutput {
+    FileOpened(Box<FileOpened>),
+    Redirect { location: HeaderValue },
+    FileNotFound,
+    PreconditionFailed,
+    NotModified,
+}
+
+pub(super) struct FileOpened {
+    pub(super) extent: FileRequestExtent,
+    pub(super) chunk_size: usize,
+    pub(super) mime_header_value: HeaderValue,
+    pub(super) maybe_encoding: Option<Encoding>,
+    pub(super) maybe_range: Option<Result<Vec<RangeInclusive<u64>>, RangeUnsatisfiableError>>,
+    pub(super) last_modified: Option<LastModified>,
+}
+
+pub(super) enum FileRequestExtent {
+    Full(File, Metadata),
+    Head(Metadata),
+}
+
+pub(super) async fn open_file(
+    variant: ServeVariant,
+    mut path_to_file: PathBuf,
+    req: Request<Empty<Bytes>>,
+    negotiated_encodings: Vec<(Encoding, QValue)>,
+    range_header: Option<String>,
+    buf_chunk_size: usize,
+) -> io::Result<OpenFileOutput> {
+    let if_unmodified_since = req
+        .headers()
+        .get(header::IF_UNMODIFIED_SINCE)
+        .and_then(IfUnmodifiedSince::from_header_value);
+
+    let if_modified_since = req
+        .headers()
+        .get(header::IF_MODIFIED_SINCE)
+        .and_then(IfModifiedSince::from_header_value);
+
+    let mime = match variant {
+        ServeVariant::Directory {
+            append_index_html_on_directories,
+        } => {
+            // Might already at this point know a redirect or not found result should be
+            // returned which corresponds to a Some(output). Otherwise the path might be
+            // modified and proceed to the open file/metadata future.
+            if let Some(output) = maybe_redirect_or_append_path(
+                &mut path_to_file,
+                req.uri(),
+                append_index_html_on_directories,
+            )
+            .await
+            {
+                return Ok(output);
+            }
+
+            mime_guess::from_path(&path_to_file)
+                .first_raw()
+                .map(HeaderValue::from_static)
+                .unwrap_or_else(|| {
+                    HeaderValue::from_str(mime::APPLICATION_OCTET_STREAM.as_ref()).unwrap()
+                })
+        }
+
+        ServeVariant::SingleFile { mime } => mime,
+    };
+
+    if req.method() == Method::HEAD {
+        let (meta, maybe_encoding) =
+            file_metadata_with_fallback(path_to_file, negotiated_encodings).await?;
+
+        let last_modified = meta.modified().ok().map(LastModified::from);
+        if let Some(output) = check_modified_headers(
+            last_modified.as_ref(),
+            if_unmodified_since,
+            if_modified_since,
+        ) {
+            return Ok(output);
+        }
+
+        let maybe_range = try_parse_range(range_header.as_deref(), meta.len());
+
+        Ok(OpenFileOutput::FileOpened(Box::new(FileOpened {
+            extent: FileRequestExtent::Head(meta),
+            chunk_size: buf_chunk_size,
+            mime_header_value: mime,
+            maybe_encoding,
+            maybe_range,
+            last_modified,
+        })))
+    } else {
+        let (mut file, maybe_encoding) =
+            open_file_with_fallback(path_to_file, negotiated_encodings).await?;
+        let meta = file.metadata().await?;
+        let last_modified = meta.modified().ok().map(LastModified::from);
+        if let Some(output) = check_modified_headers(
+            last_modified.as_ref(),
+            if_unmodified_since,
+            if_modified_since,
+        ) {
+            return Ok(output);
+        }
+
+        let maybe_range = try_parse_range(range_header.as_deref(), meta.len());
+        if let Some(Ok(ranges)) = maybe_range.as_ref() {
+            // if there is any other amount of ranges than 1 we'll return an
+            // unsatisfiable later as there isn't yet support for multipart ranges
+            if ranges.len() == 1 {
+                file.seek(SeekFrom::Start(*ranges[0].start())).await?;
+            }
+        }
+
+        Ok(OpenFileOutput::FileOpened(Box::new(FileOpened {
+            extent: FileRequestExtent::Full(file, meta),
+            chunk_size: buf_chunk_size,
+            mime_header_value: mime,
+            maybe_encoding,
+            maybe_range,
+            last_modified,
+        })))
+    }
+}
+
+fn check_modified_headers(
+    modified: Option<&LastModified>,
+    if_unmodified_since: Option<IfUnmodifiedSince>,
+    if_modified_since: Option<IfModifiedSince>,
+) -> Option<OpenFileOutput> {
+    if let Some(since) = if_unmodified_since {
+        let precondition = modified
+            .as_ref()
+            .map(|time| since.precondition_passes(time))
+            .unwrap_or(false);
+
+        if !precondition {
+            return Some(OpenFileOutput::PreconditionFailed);
+        }
+    }
+
+    if let Some(since) = if_modified_since {
+        let unmodified = modified
+            .as_ref()
+            .map(|time| !since.is_modified(time))
+            // no last_modified means its always modified
+            .unwrap_or(false);
+        if unmodified {
+            return Some(OpenFileOutput::NotModified);
+        }
+    }
+
+    None
+}
+
+// Returns the preferred_encoding encoding and modifies the path extension
+// to the corresponding file extension for the encoding.
+fn preferred_encoding(
+    path: &mut PathBuf,
+    negotiated_encoding: &[(Encoding, QValue)],
+) -> Option<Encoding> {
+    let preferred_encoding = Encoding::preferred_encoding(negotiated_encoding);
+
+    if let Some(file_extension) =
+        preferred_encoding.and_then(|encoding| encoding.to_file_extension())
+    {
+        let new_extension = path
+            .extension()
+            .map(|extension| {
+                let mut os_string = extension.to_os_string();
+                os_string.push(file_extension);
+                os_string
+            })
+            .unwrap_or_else(|| file_extension.to_os_string());
+
+        path.set_extension(new_extension);
+    }
+
+    preferred_encoding
+}
+
+// Attempts to open the file with any of the possible negotiated_encodings in the
+// preferred order. If none of the negotiated_encodings have a corresponding precompressed
+// file the uncompressed file is used as a fallback.
+async fn open_file_with_fallback(
+    mut path: PathBuf,
+    mut negotiated_encoding: Vec<(Encoding, QValue)>,
+) -> io::Result<(File, Option<Encoding>)> {
+    let (file, encoding) = loop {
+        // Get the preferred encoding among the negotiated ones.
+        let encoding = preferred_encoding(&mut path, &negotiated_encoding);
+        match (File::open(&path).await, encoding) {
+            (Ok(file), maybe_encoding) => break (file, maybe_encoding),
+            (Err(err), Some(encoding)) if err.kind() == io::ErrorKind::NotFound => {
+                // Remove the extension corresponding to a precompressed file (.gz, .br, .zz)
+                // to reset the path before the next iteration.
+                path.set_extension(OsStr::new(""));
+                // Remove the encoding from the negotiated_encodings since the file doesn't exist
+                negotiated_encoding
+                    .retain(|(negotiated_encoding, _)| *negotiated_encoding != encoding);
+                continue;
+            }
+            (Err(err), _) => return Err(err),
+        };
+    };
+    Ok((file, encoding))
+}
+
+// Attempts to get the file metadata with any of the possible negotiated_encodings in the
+// preferred order. If none of the negotiated_encodings have a corresponding precompressed
+// file the uncompressed file is used as a fallback.
+async fn file_metadata_with_fallback(
+    mut path: PathBuf,
+    mut negotiated_encoding: Vec<(Encoding, QValue)>,
+) -> io::Result<(Metadata, Option<Encoding>)> {
+    let (file, encoding) = loop {
+        // Get the preferred encoding among the negotiated ones.
+        let encoding = preferred_encoding(&mut path, &negotiated_encoding);
+        match (tokio::fs::metadata(&path).await, encoding) {
+            (Ok(file), maybe_encoding) => break (file, maybe_encoding),
+            (Err(err), Some(encoding)) if err.kind() == io::ErrorKind::NotFound => {
+                // Remove the extension corresponding to a precompressed file (.gz, .br, .zz)
+                // to reset the path before the next iteration.
+                path.set_extension(OsStr::new(""));
+                // Remove the encoding from the negotiated_encodings since the file doesn't exist
+                negotiated_encoding
+                    .retain(|(negotiated_encoding, _)| *negotiated_encoding != encoding);
+                continue;
+            }
+            (Err(err), _) => return Err(err),
+        };
+    };
+    Ok((file, encoding))
+}
+
+async fn maybe_redirect_or_append_path(
+    path_to_file: &mut PathBuf,
+    uri: &Uri,
+    append_index_html_on_directories: bool,
+) -> Option<OpenFileOutput> {
+    if !uri.path().ends_with('/') {
+        if is_dir(path_to_file).await {
+            let location =
+                HeaderValue::from_str(&append_slash_on_path(uri.clone()).to_string()).unwrap();
+            Some(OpenFileOutput::Redirect { location })
+        } else {
+            None
+        }
+    } else if is_dir(path_to_file).await {
+        if append_index_html_on_directories {
+            path_to_file.push("index.html");
+            None
+        } else {
+            Some(OpenFileOutput::FileNotFound)
+        }
+    } else {
+        None
+    }
+}
+
+fn try_parse_range(
+    maybe_range_ref: Option<&str>,
+    file_size: u64,
+) -> Option<Result<Vec<RangeInclusive<u64>>, RangeUnsatisfiableError>> {
+    maybe_range_ref.map(|header_value| {
+        http_range_header::parse_range_header(header_value)
+            .and_then(|first_pass| first_pass.validate(file_size))
+    })
+}
+
+async fn is_dir(path_to_file: &Path) -> bool {
+    tokio::fs::metadata(path_to_file)
+        .await
+        .map_or(false, |meta_data| meta_data.is_dir())
+}
+
+fn append_slash_on_path(uri: Uri) -> Uri {
+    let http::uri::Parts {
+        scheme,
+        authority,
+        path_and_query,
+        ..
+    } = uri.into_parts();
+
+    let mut uri_builder = Uri::builder();
+
+    if let Some(scheme) = scheme {
+        uri_builder = uri_builder.scheme(scheme);
+    }
+
+    if let Some(authority) = authority {
+        uri_builder = uri_builder.authority(authority);
+    }
+
+    let uri_builder = if let Some(path_and_query) = path_and_query {
+        if let Some(query) = path_and_query.query() {
+            uri_builder.path_and_query(format!("{}/?{}", path_and_query.path(), query))
+        } else {
+            uri_builder.path_and_query(format!("{}/", path_and_query.path()))
+        }
+    } else {
+        uri_builder.path_and_query("/")
+    };
+
+    uri_builder.build().unwrap()
+}
diff --git a/vendor/tower-http/src/services/fs/serve_dir/tests.rs b/vendor/tower-http/src/services/fs/serve_dir/tests.rs
new file mode 100644
index 0000000000000..6388db933e446
--- /dev/null
+++ b/vendor/tower-http/src/services/fs/serve_dir/tests.rs
@@ -0,0 +1,690 @@
+use crate::services::{ServeDir, ServeFile};
+use brotli::BrotliDecompress;
+use bytes::Bytes;
+use flate2::bufread::{DeflateDecoder, GzDecoder};
+use http::header::ALLOW;
+use http::{header, Method, Response};
+use http::{Request, StatusCode};
+use http_body::Body as HttpBody;
+use hyper::Body;
+use std::io::{self, Read};
+use tower::ServiceExt;
+
+#[tokio::test]
+async fn basic() {
+    let svc = ServeDir::new("..");
+
+    let req = Request::builder()
+        .uri("/README.md")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::OK);
+    assert_eq!(res.headers()["content-type"], "text/markdown");
+
+    let body = body_into_text(res.into_body()).await;
+
+    let contents = std::fs::read_to_string("../README.md").unwrap();
+    assert_eq!(body, contents);
+}
+
+#[tokio::test]
+async fn basic_with_index() {
+    let svc = ServeDir::new("../test-files");
+
+    let req = Request::new(Body::empty());
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::OK);
+    assert_eq!(res.headers()[header::CONTENT_TYPE], "text/html");
+
+    let body = body_into_text(res.into_body()).await;
+    assert_eq!(body, "<b>HTML!</b>\n");
+}
+
+#[tokio::test]
+async fn head_request() {
+    let svc = ServeDir::new("../test-files");
+
+    let req = Request::builder()
+        .uri("/precompressed.txt")
+        .method(Method::HEAD)
+        .body(Body::empty())
+        .unwrap();
+
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.headers()["content-type"], "text/plain");
+    assert_eq!(res.headers()["content-length"], "23");
+
+    let body = res.into_body().data().await;
+    assert!(body.is_none());
+}
+
+#[tokio::test]
+async fn precompresed_head_request() {
+    let svc = ServeDir::new("../test-files").precompressed_gzip();
+
+    let req = Request::builder()
+        .uri("/precompressed.txt")
+        .header("Accept-Encoding", "gzip")
+        .method(Method::HEAD)
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.headers()["content-type"], "text/plain");
+    assert_eq!(res.headers()["content-encoding"], "gzip");
+    assert_eq!(res.headers()["content-length"], "59");
+
+    let body = res.into_body().data().await;
+    assert!(body.is_none());
+}
+
+#[tokio::test]
+async fn with_custom_chunk_size() {
+    let svc = ServeDir::new("..").with_buf_chunk_size(1024 * 32);
+
+    let req = Request::builder()
+        .uri("/README.md")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::OK);
+    assert_eq!(res.headers()["content-type"], "text/markdown");
+
+    let body = body_into_text(res.into_body()).await;
+
+    let contents = std::fs::read_to_string("../README.md").unwrap();
+    assert_eq!(body, contents);
+}
+
+#[tokio::test]
+async fn precompressed_gzip() {
+    let svc = ServeDir::new("../test-files").precompressed_gzip();
+
+    let req = Request::builder()
+        .uri("/precompressed.txt")
+        .header("Accept-Encoding", "gzip")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.headers()["content-type"], "text/plain");
+    assert_eq!(res.headers()["content-encoding"], "gzip");
+
+    let body = res.into_body().data().await.unwrap().unwrap();
+    let mut decoder = GzDecoder::new(&body[..]);
+    let mut decompressed = String::new();
+    decoder.read_to_string(&mut decompressed).unwrap();
+    assert!(decompressed.starts_with("\"This is a test file!\""));
+}
+
+#[tokio::test]
+async fn precompressed_br() {
+    let svc = ServeDir::new("../test-files").precompressed_br();
+
+    let req = Request::builder()
+        .uri("/precompressed.txt")
+        .header("Accept-Encoding", "br")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.headers()["content-type"], "text/plain");
+    assert_eq!(res.headers()["content-encoding"], "br");
+
+    let body = res.into_body().data().await.unwrap().unwrap();
+    let mut decompressed = Vec::new();
+    BrotliDecompress(&mut &body[..], &mut decompressed).unwrap();
+    let decompressed = String::from_utf8(decompressed.to_vec()).unwrap();
+    assert!(decompressed.starts_with("\"This is a test file!\""));
+}
+
+#[tokio::test]
+async fn precompressed_deflate() {
+    let svc = ServeDir::new("../test-files").precompressed_deflate();
+    let request = Request::builder()
+        .uri("/precompressed.txt")
+        .header("Accept-Encoding", "deflate,br")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(request).await.unwrap();
+
+    assert_eq!(res.headers()["content-type"], "text/plain");
+    assert_eq!(res.headers()["content-encoding"], "deflate");
+
+    let body = res.into_body().data().await.unwrap().unwrap();
+    let mut decoder = DeflateDecoder::new(&body[..]);
+    let mut decompressed = String::new();
+    decoder.read_to_string(&mut decompressed).unwrap();
+    assert!(decompressed.starts_with("\"This is a test file!\""));
+}
+
+#[tokio::test]
+async fn unsupported_precompression_alogrithm_fallbacks_to_uncompressed() {
+    let svc = ServeDir::new("../test-files").precompressed_gzip();
+
+    let request = Request::builder()
+        .uri("/precompressed.txt")
+        .header("Accept-Encoding", "br")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(request).await.unwrap();
+
+    assert_eq!(res.headers()["content-type"], "text/plain");
+    assert!(res.headers().get("content-encoding").is_none());
+
+    let body = res.into_body().data().await.unwrap().unwrap();
+    let body = String::from_utf8(body.to_vec()).unwrap();
+    assert!(body.starts_with("\"This is a test file!\""));
+}
+
+#[tokio::test]
+async fn only_precompressed_variant_existing() {
+    let svc = ServeDir::new("../test-files").precompressed_gzip();
+
+    let request = Request::builder()
+        .uri("/only_gzipped.txt")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.clone().oneshot(request).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::NOT_FOUND);
+
+    // Should reply with gzipped file if client supports it
+    let request = Request::builder()
+        .uri("/only_gzipped.txt")
+        .header("Accept-Encoding", "gzip")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(request).await.unwrap();
+
+    assert_eq!(res.headers()["content-type"], "text/plain");
+    assert_eq!(res.headers()["content-encoding"], "gzip");
+
+    let body = res.into_body().data().await.unwrap().unwrap();
+    let mut decoder = GzDecoder::new(&body[..]);
+    let mut decompressed = String::new();
+    decoder.read_to_string(&mut decompressed).unwrap();
+    assert!(decompressed.starts_with("\"This is a test file\""));
+}
+
+#[tokio::test]
+async fn missing_precompressed_variant_fallbacks_to_uncompressed() {
+    let svc = ServeDir::new("../test-files").precompressed_gzip();
+
+    let request = Request::builder()
+        .uri("/missing_precompressed.txt")
+        .header("Accept-Encoding", "gzip")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(request).await.unwrap();
+
+    assert_eq!(res.headers()["content-type"], "text/plain");
+    // Uncompressed file is served because compressed version is missing
+    assert!(res.headers().get("content-encoding").is_none());
+
+    let body = res.into_body().data().await.unwrap().unwrap();
+    let body = String::from_utf8(body.to_vec()).unwrap();
+    assert!(body.starts_with("Test file!"));
+}
+
+#[tokio::test]
+async fn missing_precompressed_variant_fallbacks_to_uncompressed_for_head_request() {
+    let svc = ServeDir::new("../test-files").precompressed_gzip();
+
+    let request = Request::builder()
+        .uri("/missing_precompressed.txt")
+        .header("Accept-Encoding", "gzip")
+        .method(Method::HEAD)
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(request).await.unwrap();
+
+    assert_eq!(res.headers()["content-type"], "text/plain");
+    assert_eq!(res.headers()["content-length"], "11");
+    // Uncompressed file is served because compressed version is missing
+    assert!(res.headers().get("content-encoding").is_none());
+
+    assert!(res.into_body().data().await.is_none());
+}
+
+#[tokio::test]
+async fn access_to_sub_dirs() {
+    let svc = ServeDir::new("..");
+
+    let req = Request::builder()
+        .uri("/tower-http/Cargo.toml")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::OK);
+    assert_eq!(res.headers()["content-type"], "text/x-toml");
+
+    let body = body_into_text(res.into_body()).await;
+
+    let contents = std::fs::read_to_string("Cargo.toml").unwrap();
+    assert_eq!(body, contents);
+}
+
+#[tokio::test]
+async fn not_found() {
+    let svc = ServeDir::new("..");
+
+    let req = Request::builder()
+        .uri("/not-found")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::NOT_FOUND);
+    assert!(res.headers().get(header::CONTENT_TYPE).is_none());
+
+    let body = body_into_text(res.into_body()).await;
+    assert!(body.is_empty());
+}
+
+#[tokio::test]
+async fn not_found_precompressed() {
+    let svc = ServeDir::new("../test-files").precompressed_gzip();
+
+    let req = Request::builder()
+        .uri("/not-found")
+        .header("Accept-Encoding", "gzip")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::NOT_FOUND);
+    assert!(res.headers().get(header::CONTENT_TYPE).is_none());
+
+    let body = body_into_text(res.into_body()).await;
+    assert!(body.is_empty());
+}
+
+#[tokio::test]
+async fn fallbacks_to_different_precompressed_variant_if_not_found_for_head_request() {
+    let svc = ServeDir::new("../test-files")
+        .precompressed_gzip()
+        .precompressed_br();
+
+    let req = Request::builder()
+        .uri("/precompressed_br.txt")
+        .header("Accept-Encoding", "gzip,br,deflate")
+        .method(Method::HEAD)
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.headers()["content-type"], "text/plain");
+    assert_eq!(res.headers()["content-encoding"], "br");
+    assert_eq!(res.headers()["content-length"], "15");
+
+    assert!(res.into_body().data().await.is_none());
+}
+
+#[tokio::test]
+async fn fallbacks_to_different_precompressed_variant_if_not_found() {
+    let svc = ServeDir::new("../test-files")
+        .precompressed_gzip()
+        .precompressed_br();
+
+    let req = Request::builder()
+        .uri("/precompressed_br.txt")
+        .header("Accept-Encoding", "gzip,br,deflate")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.headers()["content-type"], "text/plain");
+    assert_eq!(res.headers()["content-encoding"], "br");
+
+    let body = res.into_body().data().await.unwrap().unwrap();
+    let mut decompressed = Vec::new();
+    BrotliDecompress(&mut &body[..], &mut decompressed).unwrap();
+    let decompressed = String::from_utf8(decompressed.to_vec()).unwrap();
+    assert!(decompressed.starts_with("Test file"));
+}
+
+#[tokio::test]
+async fn redirect_to_trailing_slash_on_dir() {
+    let svc = ServeDir::new(".");
+
+    let req = Request::builder().uri("/src").body(Body::empty()).unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::TEMPORARY_REDIRECT);
+
+    let location = &res.headers()[http::header::LOCATION];
+    assert_eq!(location, "/src/");
+}
+
+#[tokio::test]
+async fn empty_directory_without_index() {
+    let svc = ServeDir::new(".").append_index_html_on_directories(false);
+
+    let req = Request::new(Body::empty());
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::NOT_FOUND);
+    assert!(res.headers().get(header::CONTENT_TYPE).is_none());
+
+    let body = body_into_text(res.into_body()).await;
+    assert!(body.is_empty());
+}
+
+async fn body_into_text<B>(body: B) -> String
+where
+    B: HttpBody<Data = bytes::Bytes> + Unpin,
+    B::Error: std::fmt::Debug,
+{
+    let bytes = hyper::body::to_bytes(body).await.unwrap();
+    String::from_utf8(bytes.to_vec()).unwrap()
+}
+
+#[tokio::test]
+async fn access_cjk_percent_encoded_uri_path() {
+    // percent encoding present of 你好世界.txt
+    let cjk_filename_encoded = "%E4%BD%A0%E5%A5%BD%E4%B8%96%E7%95%8C.txt";
+
+    let svc = ServeDir::new("../test-files");
+
+    let req = Request::builder()
+        .uri(format!("/{}", cjk_filename_encoded))
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::OK);
+    assert_eq!(res.headers()["content-type"], "text/plain");
+}
+
+#[tokio::test]
+async fn access_space_percent_encoded_uri_path() {
+    let encoded_filename = "filename%20with%20space.txt";
+
+    let svc = ServeDir::new("../test-files");
+
+    let req = Request::builder()
+        .uri(format!("/{}", encoded_filename))
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::OK);
+    assert_eq!(res.headers()["content-type"], "text/plain");
+}
+
+#[tokio::test]
+async fn read_partial_in_bounds() {
+    let svc = ServeDir::new("..");
+    let bytes_start_incl = 9;
+    let bytes_end_incl = 1023;
+
+    let req = Request::builder()
+        .uri("/README.md")
+        .header(
+            "Range",
+            format!("bytes={}-{}", bytes_start_incl, bytes_end_incl),
+        )
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    let file_contents = std::fs::read("../README.md").unwrap();
+    assert_eq!(res.status(), StatusCode::PARTIAL_CONTENT);
+    assert_eq!(
+        res.headers()["content-length"],
+        (bytes_end_incl - bytes_start_incl + 1).to_string()
+    );
+    assert!(res.headers()["content-range"]
+        .to_str()
+        .unwrap()
+        .starts_with(&format!(
+            "bytes {}-{}/{}",
+            bytes_start_incl,
+            bytes_end_incl,
+            file_contents.len()
+        )));
+    assert_eq!(res.headers()["content-type"], "text/markdown");
+
+    let body = hyper::body::to_bytes(res.into_body()).await.ok().unwrap();
+    let source = Bytes::from(file_contents[bytes_start_incl..=bytes_end_incl].to_vec());
+    assert_eq!(body, source);
+}
+
+#[tokio::test]
+async fn read_partial_rejects_out_of_bounds_range() {
+    let svc = ServeDir::new("..");
+    let bytes_start_incl = 0;
+    let bytes_end_excl = 9999999;
+    let requested_len = bytes_end_excl - bytes_start_incl;
+
+    let req = Request::builder()
+        .uri("/README.md")
+        .header(
+            "Range",
+            format!("bytes={}-{}", bytes_start_incl, requested_len - 1),
+        )
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::RANGE_NOT_SATISFIABLE);
+    let file_contents = std::fs::read("../README.md").unwrap();
+    assert_eq!(
+        res.headers()["content-range"],
+        &format!("bytes */{}", file_contents.len())
+    )
+}
+
+#[tokio::test]
+async fn read_partial_errs_on_garbage_header() {
+    let svc = ServeDir::new("..");
+    let req = Request::builder()
+        .uri("/README.md")
+        .header("Range", "bad_format")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+    assert_eq!(res.status(), StatusCode::RANGE_NOT_SATISFIABLE);
+    let file_contents = std::fs::read("../README.md").unwrap();
+    assert_eq!(
+        res.headers()["content-range"],
+        &format!("bytes */{}", file_contents.len())
+    )
+}
+
+#[tokio::test]
+async fn read_partial_errs_on_bad_range() {
+    let svc = ServeDir::new("..");
+    let req = Request::builder()
+        .uri("/README.md")
+        .header("Range", "bytes=-1-15")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+    assert_eq!(res.status(), StatusCode::RANGE_NOT_SATISFIABLE);
+    let file_contents = std::fs::read("../README.md").unwrap();
+    assert_eq!(
+        res.headers()["content-range"],
+        &format!("bytes */{}", file_contents.len())
+    )
+}
+#[tokio::test]
+async fn last_modified() {
+    let svc = ServeDir::new("..");
+    let req = Request::builder()
+        .uri("/README.md")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+    assert_eq!(res.status(), StatusCode::OK);
+
+    let last_modified = res
+        .headers()
+        .get(header::LAST_MODIFIED)
+        .expect("Missing last modified header!");
+
+    // -- If-Modified-Since
+
+    let svc = ServeDir::new("..");
+    let req = Request::builder()
+        .uri("/README.md")
+        .header(header::IF_MODIFIED_SINCE, last_modified)
+        .body(Body::empty())
+        .unwrap();
+
+    let res = svc.oneshot(req).await.unwrap();
+    assert_eq!(res.status(), StatusCode::NOT_MODIFIED);
+    let body = res.into_body().data().await;
+    assert!(body.is_none());
+
+    let svc = ServeDir::new("..");
+    let req = Request::builder()
+        .uri("/README.md")
+        .header(header::IF_MODIFIED_SINCE, "Fri, 09 Aug 1996 14:21:40 GMT")
+        .body(Body::empty())
+        .unwrap();
+
+    let res = svc.oneshot(req).await.unwrap();
+    assert_eq!(res.status(), StatusCode::OK);
+    let readme_bytes = include_bytes!("../../../../../README.md");
+    let body = res.into_body().data().await.unwrap().unwrap();
+    assert_eq!(body.as_ref(), readme_bytes);
+
+    // -- If-Unmodified-Since
+
+    let svc = ServeDir::new("..");
+    let req = Request::builder()
+        .uri("/README.md")
+        .header(header::IF_UNMODIFIED_SINCE, last_modified)
+        .body(Body::empty())
+        .unwrap();
+
+    let res = svc.oneshot(req).await.unwrap();
+    assert_eq!(res.status(), StatusCode::OK);
+    let body = res.into_body().data().await.unwrap().unwrap();
+    assert_eq!(body.as_ref(), readme_bytes);
+
+    let svc = ServeDir::new("..");
+    let req = Request::builder()
+        .uri("/README.md")
+        .header(header::IF_UNMODIFIED_SINCE, "Fri, 09 Aug 1996 14:21:40 GMT")
+        .body(Body::empty())
+        .unwrap();
+
+    let res = svc.oneshot(req).await.unwrap();
+    assert_eq!(res.status(), StatusCode::PRECONDITION_FAILED);
+    let body = res.into_body().data().await;
+    assert!(body.is_none());
+}
+
+#[tokio::test]
+async fn with_fallback_svc() {
+    async fn fallback<B>(req: Request<B>) -> io::Result<Response<Body>> {
+        Ok(Response::new(Body::from(format!(
+            "from fallback {}",
+            req.uri().path()
+        ))))
+    }
+
+    let svc = ServeDir::new("..").fallback(tower::service_fn(fallback));
+
+    let req = Request::builder()
+        .uri("/doesnt-exist")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::OK);
+
+    let body = body_into_text(res.into_body()).await;
+    assert_eq!(body, "from fallback /doesnt-exist");
+}
+
+#[tokio::test]
+async fn with_fallback_serve_file() {
+    let svc = ServeDir::new("..").fallback(ServeFile::new("../README.md"));
+
+    let req = Request::builder()
+        .uri("/doesnt-exist")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::OK);
+    assert_eq!(res.headers()["content-type"], "text/markdown");
+
+    let body = body_into_text(res.into_body()).await;
+
+    let contents = std::fs::read_to_string("../README.md").unwrap();
+    assert_eq!(body, contents);
+}
+
+#[tokio::test]
+async fn method_not_allowed() {
+    let svc = ServeDir::new("..");
+
+    let req = Request::builder()
+        .method(Method::POST)
+        .uri("/README.md")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::METHOD_NOT_ALLOWED);
+    assert_eq!(res.headers()[ALLOW], "GET,HEAD");
+}
+
+#[tokio::test]
+async fn calling_fallback_on_not_allowed() {
+    async fn fallback<B>(req: Request<B>) -> io::Result<Response<Body>> {
+        Ok(Response::new(Body::from(format!(
+            "from fallback {}",
+            req.uri().path()
+        ))))
+    }
+
+    let svc = ServeDir::new("..")
+        .call_fallback_on_method_not_allowed(true)
+        .fallback(tower::service_fn(fallback));
+
+    let req = Request::builder()
+        .method(Method::POST)
+        .uri("/doesnt-exist")
+        .body(Body::empty())
+        .unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::OK);
+
+    let body = body_into_text(res.into_body()).await;
+    assert_eq!(body, "from fallback /doesnt-exist");
+}
+
+#[tokio::test]
+async fn with_fallback_svc_and_not_append_index_html_on_directories() {
+    async fn fallback<B>(req: Request<B>) -> io::Result<Response<Body>> {
+        Ok(Response::new(Body::from(format!(
+            "from fallback {}",
+            req.uri().path()
+        ))))
+    }
+
+    let svc = ServeDir::new("..")
+        .append_index_html_on_directories(false)
+        .fallback(tower::service_fn(fallback));
+
+    let req = Request::builder().uri("/").body(Body::empty()).unwrap();
+    let res = svc.oneshot(req).await.unwrap();
+
+    assert_eq!(res.status(), StatusCode::OK);
+
+    let body = body_into_text(res.into_body()).await;
+    assert_eq!(body, "from fallback /");
+}
diff --git a/vendor/tower-http/src/services/fs/serve_file.rs b/vendor/tower-http/src/services/fs/serve_file.rs
index 0826561565f95..25a9cdf0ee973 100644
--- a/vendor/tower-http/src/services/fs/serve_file.rs
+++ b/vendor/tower-http/src/services/fs/serve_file.rs
@@ -12,6 +12,7 @@ use tower_service::Service;
 /// Service that serves a file.
 #[derive(Clone, Debug)]
 pub struct ServeFile(ServeDir);
+
 // Note that this is just a special case of ServeDir
 impl ServeFile {
     /// Create a new [`ServeFile`].
@@ -21,7 +22,7 @@ impl ServeFile {
         let guess = mime_guess::from_path(path.as_ref());
         let mime = guess
             .first_raw()
-            .map(|mime| HeaderValue::from_static(mime))
+            .map(HeaderValue::from_static)
             .unwrap_or_else(|| {
                 HeaderValue::from_str(mime::APPLICATION_OCTET_STREAM.as_ref()).unwrap()
             });
@@ -91,7 +92,10 @@ impl ServeFile {
     }
 }
 
-impl<ReqBody> Service<Request<ReqBody>> for ServeFile {
+impl<ReqBody> Service<Request<ReqBody>> for ServeFile
+where
+    ReqBody: Send + 'static,
+{
     type Error = <ServeDir as Service<Request<ReqBody>>>::Error;
     type Response = <ServeDir as Service<Request<ReqBody>>>::Response;
     type Future = <ServeDir as Service<Request<ReqBody>>>::Future;
@@ -101,6 +105,7 @@ impl<ReqBody> Service<Request<ReqBody>> for ServeFile {
         Poll::Ready(Ok(()))
     }
 
+    #[inline]
     fn call(&mut self, req: Request<ReqBody>) -> Self::Future {
         self.0.call(req)
     }
@@ -108,11 +113,7 @@ impl<ReqBody> Service<Request<ReqBody>> for ServeFile {
 
 #[cfg(test)]
 mod tests {
-    use std::io::Read;
-    use std::str::FromStr;
-
-    #[allow(unused_imports)]
-    use super::*;
+    use crate::services::ServeFile;
     use brotli::BrotliDecompress;
     use flate2::bufread::DeflateDecoder;
     use flate2::bufread::GzDecoder;
@@ -121,6 +122,9 @@ mod tests {
     use http::{Request, StatusCode};
     use http_body::Body as _;
     use hyper::Body;
+    use mime::Mime;
+    use std::io::Read;
+    use std::str::FromStr;
     use tower::ServiceExt;
 
     #[tokio::test]
@@ -446,6 +450,7 @@ mod tests {
         assert_eq!(res.status(), StatusCode::NOT_FOUND);
         assert!(res.headers().get(header::CONTENT_TYPE).is_none());
     }
+
     #[tokio::test]
     async fn last_modified() {
         let svc = ServeFile::new("../README.md");
diff --git a/vendor/tower-http/src/services/mod.rs b/vendor/tower-http/src/services/mod.rs
index 75b95a0f753ff..737d2fa195282 100644
--- a/vendor/tower-http/src/services/mod.rs
+++ b/vendor/tower-http/src/services/mod.rs
@@ -7,19 +7,15 @@
 //! [tree]: https://en.wikipedia.org/wiki/Tree_(data_structure)
 
 #[cfg(feature = "redirect")]
-#[cfg_attr(docsrs, doc(cfg(feature = "redirect")))]
 pub mod redirect;
 
 #[cfg(feature = "redirect")]
-#[cfg_attr(docsrs, doc(cfg(feature = "redirect")))]
 #[doc(inline)]
 pub use self::redirect::Redirect;
 
 #[cfg(feature = "fs")]
-#[cfg_attr(docsrs, doc(cfg(feature = "fs")))]
 pub mod fs;
 
 #[cfg(feature = "fs")]
-#[cfg_attr(docsrs, doc(cfg(feature = "fs")))]
 #[doc(inline)]
 pub use self::fs::{ServeDir, ServeFile};
diff --git a/vendor/tower-http/src/set_status.rs b/vendor/tower-http/src/set_status.rs
new file mode 100644
index 0000000000000..00e1f792d1f0f
--- /dev/null
+++ b/vendor/tower-http/src/set_status.rs
@@ -0,0 +1,141 @@
+//! Middleware to override status codes.
+//!
+//! # Example
+//!
+//! ```
+//! use tower_http::set_status::SetStatusLayer;
+//! use http::{Request, Response, StatusCode};
+//! use hyper::Body;
+//! use std::{iter::once, convert::Infallible};
+//! use tower::{ServiceBuilder, Service, ServiceExt};
+//!
+//! async fn handle(req: Request<Body>) -> Result<Response<Body>, Infallible> {
+//!     // ...
+//!     # Ok(Response::new(Body::empty()))
+//! }
+//!
+//! # #[tokio::main]
+//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
+//! async fn handle(req: Request<Body>) -> Result<Response<Body>, Infallible> {
+//!     // ...
+//!     # Ok(Response::new(Body::empty()))
+//! }
+//!
+//! let mut service = ServiceBuilder::new()
+//!     // change the status to `404 Not Found` regardless what the inner service returns
+//!     .layer(SetStatusLayer::new(StatusCode::NOT_FOUND))
+//!     .service_fn(handle);
+//!
+//! // Call the service.
+//! let request = Request::builder().body(Body::empty())?;
+//!
+//! let response = service.ready().await?.call(request).await?;
+//!
+//! assert_eq!(response.status(), StatusCode::NOT_FOUND);
+//! #
+//! # Ok(())
+//! # }
+//! ```
+
+use http::{Request, Response, StatusCode};
+use pin_project_lite::pin_project;
+use std::{
+    future::Future,
+    pin::Pin,
+    task::{Context, Poll},
+};
+use tower_layer::Layer;
+use tower_service::Service;
+
+/// Layer that applies [`SetStatus`] which overrides the status codes.
+#[derive(Debug, Clone, Copy)]
+pub struct SetStatusLayer {
+    status: StatusCode,
+}
+
+impl SetStatusLayer {
+    /// Create a new [`SetStatusLayer`].
+    ///
+    /// The response status code will be `status` regardless of what the inner service returns.
+    pub fn new(status: StatusCode) -> Self {
+        SetStatusLayer { status }
+    }
+}
+
+impl<S> Layer<S> for SetStatusLayer {
+    type Service = SetStatus<S>;
+
+    fn layer(&self, inner: S) -> Self::Service {
+        SetStatus::new(inner, self.status)
+    }
+}
+
+/// Middleware to override status codes.
+///
+/// See the [module docs](self) for more details.
+#[derive(Debug, Clone, Copy)]
+pub struct SetStatus<S> {
+    inner: S,
+    status: StatusCode,
+}
+
+impl<S> SetStatus<S> {
+    /// Create a new [`SetStatus`].
+    ///
+    /// The response status code will be `status` regardless of what the inner service returns.
+    pub fn new(inner: S, status: StatusCode) -> Self {
+        Self { status, inner }
+    }
+
+    define_inner_service_accessors!();
+
+    /// Returns a new [`Layer`] that wraps services with a `SetStatus` middleware.
+    ///
+    /// [`Layer`]: tower_layer::Layer
+    pub fn layer(status: StatusCode) -> SetStatusLayer {
+        SetStatusLayer::new(status)
+    }
+}
+
+impl<S, ReqBody, ResBody> Service<Request<ReqBody>> for SetStatus<S>
+where
+    S: Service<Request<ReqBody>, Response = Response<ResBody>>,
+{
+    type Response = S::Response;
+    type Error = S::Error;
+    type Future = ResponseFuture<S::Future>;
+
+    fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
+        self.inner.poll_ready(cx)
+    }
+
+    fn call(&mut self, req: Request<ReqBody>) -> Self::Future {
+        ResponseFuture {
+            inner: self.inner.call(req),
+            status: Some(self.status),
+        }
+    }
+}
+
+pin_project! {
+    /// Response future for [`SetStatus`].
+    pub struct ResponseFuture<F> {
+        #[pin]
+        inner: F,
+        status: Option<StatusCode>,
+    }
+}
+
+impl<F, B, E> Future for ResponseFuture<F>
+where
+    F: Future<Output = Result<Response<B>, E>>,
+{
+    type Output = F::Output;
+
+    fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
+        let this = self.project();
+        let mut response = futures_core::ready!(this.inner.poll(cx)?);
+        *response.status_mut() = this.status.take().expect("future polled after completion");
+        Poll::Ready(Ok(response))
+    }
+}