Skip to content

deps(cargo): bump pingora-core from 0.8.0 to 0.8.1#4

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/pingora-core-0.8.1
Open

deps(cargo): bump pingora-core from 0.8.0 to 0.8.1#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/pingora-core-0.8.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 5, 2026

Copy link
Copy Markdown
Contributor

Bumps pingora-core from 0.8.0 to 0.8.1.

Release notes

Sourced from pingora-core's releases.

Pingora 0.8.1

0.8.1 - 2026-06-04

🔒 Security

  • Bound default HTTP/2 server limits to mitigate memory exhaustion.
  • Upgrade Rustls-related dev-dependencies to address rustls-webpki security advisories.

⚙️ Miscellaneous Tasks

  • Pin tracing dependencies to preserve Rust 1.84 compatibility.
  • Use cargo check for MSRV verification instead of compiling dev-dependencies during tests.
  • Update the Semgrep OSS scanning workflow.
  • Use valid paths in header serialization tests.
  • Gate HTTP/1 CONNECT tests on patched HTTP/1 support.
Changelog

Sourced from pingora-core's changelog.

0.8.1 - 2026-06-04

🔒 Security

  • Bound default HTTP/2 server limits to mitigate memory exhaustion.
  • Upgrade Rustls-related dev-dependencies to address rustls-webpki security advisories.

⚙️ Miscellaneous Tasks

  • Pin tracing dependencies to preserve Rust 1.84 compatibility.
  • Use cargo check for MSRV verification instead of compiling dev-dependencies during tests.
  • Update the Semgrep OSS scanning workflow.
  • Use valid paths in header serialization tests.
  • Gate HTTP/1 CONNECT tests on patched HTTP/1 support.
Commits
  • 719ef6c Release 0.8.1
  • 2e59680 RUSTSEC-2026-0098 and RUSTSEC-2026-0099 fixes
  • a444389 Gate CONNECT tests on patched HTTP/1 support
  • 45dbece Use valid paths in header serialization tests
  • f7ad7ce ci: add Semgrep OSS scanning workflow
  • 5eeddba ci: use cargo check for MSRV instead of cargo test
  • 783b673 Pin cf-rustracing and cf-rustracing-jaeger due to rand 0.10 edition 2024 depe...
  • d193c8d Bound default HTTP/2 server limits to mitigate memory exhaustion
  • See full diff in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [pingora-core](https://github.com/cloudflare/pingora) from 0.8.0 to 0.8.1.
- [Release notes](https://github.com/cloudflare/pingora/releases)
- [Changelog](https://github.com/cloudflare/pingora/blob/0.8.1/CHANGELOG.md)
- [Commits](cloudflare/pingora@0.8.0...0.8.1)

---
updated-dependencies:
- dependency-name: pingora-core
  dependency-version: 0.8.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added cargo dependencies Pull requests that update a dependency file labels Jun 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cargo dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants