Skip to content

Bump the dependencies group across 1 directory with 3 updates#232

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/dependencies-dc07026061
Closed

Bump the dependencies group across 1 directory with 3 updates#232
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/dependencies-dc07026061

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

Bumps the dependencies group with 3 updates in the / directory: h2, tokio and http.

Updates h2 from 0.4.14 to 0.4.15

Release notes

Sourced from h2's releases.

v0.4.15

What's Changed

New Contributors

Full Changelog: hyperium/h2@v0.4.14...v0.4.15

Changelog

Sourced from h2's changelog.

0.4.15 (June 15, 2026)

  • Fix closing a connection when header size is "way too large" (currently x4 configured limit).
  • Fix overflow calculating padding length if a DATA frame had 255 bytes of padding.
  • Fix ignoring library-initiated resets in the connection state loop.
  • Fix decoding panic with an absurd amount of headers and no limit to now use try_append().
  • Fix rejecting frames on streams whose HEADERS have not been sent.
  • Fix poll_capacity() to not return Some(Ok(0)).
  • Fix discarding of buffered DATA frames when a reset is scheduled.
Commits
  • 21211d0 v0.4.15
  • 29e209d fix: close connection when header size is way too large (#915)
  • 9231cb0 fix: remove padded_len() u8 overflow in DATA frame padding release (#914)
  • d351036 fix: ignore library resets at connection poll loop level (#913)
  • 4f51fff fix: use HeaderMap::try_append to prevent panics on absurd amounts of headers...
  • c813cc8 refactor: remove unnecessary clones (#911)
  • 810f5ae chore(ci): update actions/checkout to v6 (#910)
  • d361b75 fix: Reject frames on streams whose HEADERS haven't been sent (#899)
  • 93ccead fix: poll_capacity must not return Ready(Some(Ok(0))) (#898)
  • 733bba7 fix: Discard buffered DATA when a scheduled reset is pending (#896)
  • See full diff in compare view

Updates tokio from 1.51.1 to 1.52.3

Release notes

Sourced from tokio's releases.

Tokio v1.52.3

1.52.3 (May 8th, 2026)

Fixed

  • sync: fix underflow in mpsc channel len() (#8062)
  • sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
  • sync: require that an RwLock has max_readers != 0 (#8076)
  • sync: return Empty from try_recv() when mpsc is closed with outstanding permits (#8074)

#8062: tokio-rs/tokio#8062 #8074: tokio-rs/tokio#8074 #8075: tokio-rs/tokio#8075 #8076: tokio-rs/tokio#8076

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

  • runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

  • io: AioSource::register_borrowed for I/O safety support (#7992)
  • net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

  • runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
  • taskdump: add trace_with() for customized task dumps (#8025)
  • taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
  • fs: support io_uring in AsyncRead for File (#7907)

... (truncated)

Commits

Updates http from 1.4.1 to 1.4.2

Changelog

Sourced from http's changelog.

1.4.2 (June 8, 2026)

  • Fix uri::Builder to allow "*" as the path when scheme and authority are also set, used in HTTP/2 requests.
  • Fix Uri to properly reject DEL characters.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies group across 1 directory with 3 updates
8b59334 
Bumps the dependencies group with 3 updates in the / directory: [h2](https://github.com/hyperium/h2), [tokio](https://github.com/tokio-rs/tokio) and [http](https://github.com/hyperium/http).


Updates `h2` from 0.4.14 to 0.4.15
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](hyperium/h2@v0.4.14...v0.4.15)

Updates `tokio` from 1.51.1 to 1.52.3
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.51.1...tokio-1.52.3)

Updates `http` from 1.4.1 to 1.4.2
- [Release notes](https://github.com/hyperium/http/releases)
- [Changelog](https://github.com/hyperium/http/blob/master/CHANGELOG.md)
- [Commits](hyperium/http@v1.4.1...v1.4.2)

---
updated-dependencies:
- dependency-name: h2
  dependency-version: 0.4.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: tokio
  dependency-version: 1.52.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: http
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies rust Pull requests that update rust code labels Jun 16, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 19, 2026
@dependabot dependabot Bot deleted the dependabot/cargo/dependencies-dc07026061 branch June 19, 2026 06:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants