fix: bump actix-http from 3.12.0 to 3.13.1

[dependabot]

Bumps actix-http from 3.12.0 to 3.13.1.

Release notes

Sourced from actix-http's releases.

actix-http: v3.13.1

3.13.1

• Fix HTTP/1 WebSocket upgrade responses being overwritten with Connection: close when the upgraded request payload remains open. #4115

#4115: actix/actix-web#4115

actix-http: v3.13.0

3.13.0

• When configured, gracefully close HTTP/1 connections after early responses to unread request bodies. #3967
• Wake HTTP/1 payload receivers with an incomplete-payload error when the sender is dropped before EOF. #3100
• Update foldhash dependency to 0.2.

#3967: actix/actix-web#3967 #3100: actix/actix-web#3100

actix-http: v3.12.1

Notice: This release contains a security fix. Users are encouraged to update to this version ASAP.

• SECURITY: Reject HTTP/1 requests with ambiguous request framing from Content-Length and Transfer-Encoding headers to prevent request smuggling.
• Encode the HTTP/1 Connection: Upgrade header in Camel-Case when camel-case header formatting is enabled.#3953
• Fix HeaderMap iterators' len() and size_hint() implementations for multi-value headers.
• Update rand dependency to 0.10.
• Update sha1 dependency to 0.11.

#3953: actix/actix-web#3953

Commits

• a945e09 fix(http): fix sending responses for upgraded ones on WS (#4117)
• a928601 chore: update rcgen to 0.14 (#4113)
• 696b1fe chore(web): prepare 4.14.0 release (#4114)
• 6c65c46 chore(http): prepare 3.13.0 release (#4112)
• afd2df2 test(multipart,derive): move trybuild tests (#4028)
• 7ded7ee build(deps): bump memchr from 2.8.1 to 2.8.2 (#4107)
• 55cf2e0 build(deps): bump bytesize from 2.3.1 to 2.4.0 (#4104)
• 565b179 build(deps): bump smallvec from 1.15.1 to 1.15.2 (#4106)
• 1605dd0 build(deps): bump taiki-e/install-action from 2.81.7 to 2.81.10 (#4105)
• 5c79f55 build(deps): bump regex from 1.12.3 to 1.12.4 (#4103)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.