chore(deps): update rust crate brotli to v8.0.4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
brotli	dependencies	patch	8.0.2 → 8.0.4

---

Release Notes

dropbox/rust-brotli (brotli)

v8.0.4

Compare Source

v8.0.3

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[doubleword-code]

Summary

This PR updates the brotli crate dependency from version 8.0.2 to 8.0.3 via a Cargo.lock checksum update. This is a routine patch version bump from a well-maintained library (dropbox/rust-brotli). The change is minimal and low-risk.

Verdict: Ready to approve — no issues identified.

Research notes

• Crates.io metadata for 8.0.3: Verified checksum 8119e4516436f5708bbc474a9d395bf12f1b5395e93a92a56e647ac3388c8610 matches exactly what's in the diff. Version published May 28, 2026 by user danielrh. Not yanked. License: BSD-3-Clause AND MIT.
• RustSec advisories: No known vulnerabilities for brotli crate versions 8.x. Historical advisories RUSTSEC-2021-0132 and RUSTSEC-2021-0131 affect compu-brotli-sys and brotli-sys respectively (different packages bundling the C library), not this pure-Rust implementation.
• Feature parity: Features list is identical between 8.0.2 and 8.0.3 (std, validation, simd, etc.). No breaking API changes expected in a patch version.
• Codebase usage: The brotli crate is used in src/response_id.rs for decompressing HTTP response bodies with Content-Encoding: br. The API usage (brotli::Decompressor::new() and brotli::CompressorWriter::new()) is stable across minor/patch versions.

Suggested next steps

1. Merge as-is — this is a safe, routine dependency update.
2. If your CI includes dependency vulnerability scanning (e.g., cargo audit), verify it passes (expected to pass given no RustSec advisories for this version).

General findings

No blocking or non-blocking issues identified. The PR is a straightforward lockfile update for a patch version bump of a compression library with no API surface changes.

[doubleword-code]

Summary

This PR updates the brotli crate from version 8.0.2 to 8.0.4 via an automated Renovate dependency bump. The change only modifies Cargo.lock with updated version and checksum fields—no source code changes are involved.

Verdict: Approved ✅

Research notes

• Change scope: Single dependency update in Cargo.lock (version + checksum only)
• Semver compliance: Cargo.toml specifies brotli = "8", allowing any 8.x.x version per Cargo's semver resolution
• Transitive dependencies: None affected—brotli-decompressor remains at 5.0.0
• Package legitimacy: Checksums follow expected SHA-256 format for crates.io packages
• Security considerations: Brotli is a compression/decompression library. No known public CVEs were identified for versions 8.0.2–8.0.4 during review. Patch-level updates in compression libraries typically contain bug fixes and minor performance improvements rather than breaking changes.

Suggested next steps

1. Merge as-is — This is a routine patch-level dependency update with minimal risk.
2. Optional verification — After merge, run the test suite to confirm no regressions from the dependency update (standard practice for any dependency change).

General findings

No issues found. The PR follows best practices:

• Automated dependency management via Renovate
• Clear commit message following conventional commits (chore(deps):)
• Minimal diff surface (2 lines changed)
• Within declared version constraints