chore(deps): bump tower-http from 0.6.11 to 0.7.0 in /bots/rhodibot (#301)

Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.6.11
to 0.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tower-rs/tower-http/releases">tower-http's
releases</a>.</em></p>
<blockquote>
<h2>tower-http-0.7.0</h2>
<p><a
href="https://github.com/tower-rs/tower-http/compare/tower-http-0.6.11...tower-http-0.7.0">Changes
since 0.6.11</a></p>
<h2>Added</h2>
<ul>
<li>
<p><code>csrf</code>: add cross-site request forgery (CSRF) protection
middleware, porting the cross-origin protection scheme introduced in Go
1.25 (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/699">#699</a>)</p>
<pre lang="rust"><code>use tower::ServiceBuilder;
use tower_http::csrf::CsrfLayer;
<p>// Rejects cross-origin state-changing requests using
<code>Sec-Fetch-Site</code>,<br />
// an <code>Origin</code> allow-list, and an
<code>Origin</code>/<code>Host</code> fallback. No per-request<br />
// token state required.<br />
let layer = CsrfLayer::new().add_trusted_origin(&quot;<a
href="https://example.com">https://example.com</a>&quot;)?;</p>
<p>let service =
ServiceBuilder::new().layer(layer).service_fn(handler);<br />
</code></pre></p>
</li>
<li>
<p><code>timeout</code>: add <code>DeadlineBody</code> for non-resetting
body timeouts, applied via the new <code>RequestBodyDeadlineLayer</code>
and <code>ResponseBodyDeadlineLayer</code> (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/688">#688</a>)</p>
<p>Unlike <code>TimeoutBody</code>, which resets its deadline on every
frame, <code>DeadlineBody</code> caps the total time of a body transfer.
A slow client trickling one byte at a time never trips an idle timeout
but will trip a deadline.</p>
<pre lang="rust"><code>use std::time::Duration;
use tower::ServiceBuilder;
use tower_http::timeout::RequestBodyDeadlineLayer;
<p>// Abort the request body transfer after 30s total, regardless of
how<br />
// frequently data arrives.<br />
let service = ServiceBuilder::new()<br />
.layer(RequestBodyDeadlineLayer::new(Duration::from_secs(30)))<br />
.service_fn(handler);<br />
</code></pre></p>
</li>
<li>
<p><code>fs</code>: add strong <code>ETag</code> support to
<code>ServeDir</code>, including <code>If-Match</code> and
<code>If-None-Match</code> precondition handling per RFC 9110. <code>304
Not Modified</code> responses now carry the <code>ETag</code> and
<code>Last-Modified</code> validators (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/691">#691</a>)</p>
</li>
<li>
<p><code>fs</code>: add a <code>Backend</code> trait to make
<code>ServeDir</code> work with non-filesystem sources (e.g. embedded
assets or object storage). The default <code>TokioBackend</code>
preserves existing behavior. Use <code>ServeDir::with_backend()</code>
to plug in custom implementations (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/684">#684</a>)</p>
<pre lang="rust"><code>use tower_http::services::fs::ServeDir;
<p>// <code>MyBackend</code> implements
<code>tower_http::services::fs::Backend</code>.<br />
// The default <code>ServeDir::new()</code> continues to use
<code>TokioBackend</code> (local FS).<br />
let service = ServeDir::with_backend(&quot;assets&quot;,
MyBackend::new());<br />
</code></pre></p>
</li>
<li>
<p><code>fs</code>: add <code>html_as_default_extension</code> option to
<code>ServeDir</code>, appending <code>.html</code> when the request
path has no extension (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/519">#519</a>)</p>
</li>
<li>
<p><code>fs</code>: add <code>redirect_path_prefix</code> option to
<code>ServeDir</code>, prepending a prefix on trailing-slash redirects
so the service can be mounted under a sub-path (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/486">#486</a>)</p>
</li>
<li>
<p><code>validate-request</code>: add
<code>ValidateRequestHeaderLayer::has_header_value()</code> to reject
requests when a header does not have an expected value (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/360">#360</a>)</p>
</li>
<li>
<p><code>body</code>: <code>UnsyncBoxBody::new()</code> constructor and
<code>From&lt;ServeFileSystemResponseBody&gt;</code> conversion to avoid
double-boxing when combining <code>ServeDir</code> responses with other
body types (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/537">#537</a>)</p>
</li>
<li>
<p><code>limit</code>: implement <code>Default</code> for
<code>limit::ResponseBody</code> when the wrapped body also implements
<code>Default</code> (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/679">#679</a>)</p>
</li>
</ul>
<h2>Changed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tower-rs/tower-http/commit/b194fcfef350577256750815abdb5b13301af410"><code>b194fcf</code></a>
v0.7.0</li>
<li><a
href="https://github.com/tower-rs/tower-http/commit/af828a6ec99dca9f562fbb534f6c2b806becc7f2"><code>af828a6</code></a>
feat(follow_redirect)!: preserve request extensions across redirects (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/706">#706</a>)</li>
<li><a
href="https://github.com/tower-rs/tower-http/commit/8cb8d99a841ca5c7853275886f2854f0fad6f09c"><code>8cb8d99</code></a>
feat(ValidateRequestHeaderLayer): add
has_header(&quot;...&quot;).with_value(&quot;...&quot;) fun...</li>
<li><a
href="https://github.com/tower-rs/tower-http/commit/3b56d2d2e8be2d3b75e446a9d093c67f50a47d56"><code>3b56d2d</code></a>
feat!: Add configurable Backend trait for ServeDir, bump MSRV 1.65 (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/684">#684</a>)</li>
<li><a
href="https://github.com/tower-rs/tower-http/commit/8508716431a4a90d1c47993618afd72b34c92b87"><code>8508716</code></a>
Add <code>redirect_path_prefix</code> option (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/486">#486</a>)</li>
<li><a
href="https://github.com/tower-rs/tower-http/commit/56327b27f4e9cdb863599ee3a35bc7aa7fca634a"><code>56327b2</code></a>
Add Windows drive-prefix path regression test (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/705">#705</a>)</li>
<li><a
href="https://github.com/tower-rs/tower-http/commit/54c6db85901d18fcaa4d96a9423cb1960030c738"><code>54c6db8</code></a>
feat(compression)!: upgrade SizeAbove threshold from u16 to u64 (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/704">#704</a>)</li>
<li><a
href="https://github.com/tower-rs/tower-http/commit/68cd6d8f3c9ded139295442037682ae88abf7122"><code>68cd6d8</code></a>
Add DeadlineBody for non-resetting body timeouts (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/688">#688</a>)</li>
<li><a
href="https://github.com/tower-rs/tower-http/commit/fa8a98cb3ee22d181e54041d94963df397cbddbe"><code>fa8a98c</code></a>
feat(fs): add strong ETag support to ServeDir (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/691">#691</a>)</li>
<li><a
href="https://github.com/tower-rs/tower-http/commit/36d2205eb630b5ac8ae82b4d1b1a288b9fe7e5ce"><code>36d2205</code></a>
fix: Make SetMultiple*Header Clone for !Clone http bodies (<a
href="https://redirect.github.com/tower-rs/tower-http/issues/703">#703</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tower-rs/tower-http/compare/tower-http-0.6.11...tower-http-0.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tower-http&package-manager=cargo&previous-version=0.6.11&new-version=0.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jonathan D.A. Jewell <6759885+hyperpolymath@users.noreply.github.com>

Author: dependabot[bot]

bots/rhodibot/Cargo.lock

@@ -20,7 +20,7 @@ tokio = { version = "1.52.3", features = ["full"] }
 # Web framework
 axum = "0.8.9"
 tower = "0.5.3"
-tower-http = { version = "0.6.11", features = ["trace", "cors"] }
+tower-http = { version = "0.7.0", features = ["trace", "cors"] }
 
 # HTTP client
 reqwest = { version = "0.12.28", features = ["json", "rustls-tls"], default-features = false }