Skip to content

chore(deps): bump pingora from 0.5.0 to 0.6.0 #325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump pingora from 0.5.0 to 0.6.0 #325

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 26, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps pingora from 0.5.0 to 0.6.0.

Release notes

Sourced from pingora's releases.

Pingora 0.6.0

0.6.0 - 2025-08-15

Highlights

  • This release bumps the minimum h2 crate dependency to guard against the MadeYouReset H2 attack

🚀 Features

  • Log runtime names during Server shutdown
  • Enabling tracking the execution phase of a server
  • Allow using in-memory compression dicts
  • Make H2Options configurable at HttpServer, HttpProxy Also adds HttpServerOptions to the HttpServer implementation, and updates the HttpEchoApp to use HttpServer for easier adhoc testing.

🐛 Bug Fixes

  • Fix: read body without discard

Everything Else

  • Try loading each LRU shard individually and warn on errors
  • Update LRU save to disk to be atomic
  • Allow cache to spawn_async_purge
  • Pass hit handler in hit filter
  • Cache hit filter can mutate cache, allow resetting cache lock
  • Persist keepalive_timeout between requests on same stream
  • Properly check for H2 io ReadError retry types
  • Add cache lock wait timeout for readers
  • Fix CacheLock status timeout conditions
  • Handle close on partial chunk head
  • Allow optional to reset session timeouts
  • Clippy fixes for 1.87, add 1.87 to GitHub CI
  • Run range_{header,body}_filter after disabling cache
  • Convert InterpretCacheControl members to Duration
  • Disable downstream ranging on max file size
  • Allow explicit infinite keepalive timeout to be respected Note that a necessary follow up is to refactor the infinite keepalive timeout to only apply to first read between requests on reused conns.
  • Add method to disable keepalive if downstream is unfinished
  • Discard extra upstream body and disable keepalive
  • Explicitly disable keepalive on upstream connection when excess body (content-length) is detected.
  • Add brief sleep to shutdown signal tests to avoid flake
  • Allow override of cache lock timeouts
  • Allow arbitrary bytes in CacheKey instead of just Strings
  • Corrects out-of-order data return after multiple peek calls with different buffer sizes.
  • Mark previously too large chunked assets as cacheable

... (truncated)

Changelog

Sourced from pingora's changelog.

0.6.0 - 2025-08-15

Highlights

  • This release bumps the minimum h2 crate dependency to guard against the MadeYouReset H2 attack

🚀 Features

  • Log runtime names during Server shutdown
  • Enabling tracking the execution phase of a server
  • Allow using in-memory compression dicts
  • Make H2Options configurable at HttpServer, HttpProxy Also adds HttpServerOptions to the HttpServer implementation, and updates the HttpEchoApp to use HttpServer for easier adhoc testing.

🐛 Bug Fixes

  • Fix: read body without discard

Everything Else

  • Try loading each LRU shard individually and warn on errors
  • Update LRU save to disk to be atomic
  • Allow cache to spawn_async_purge
  • Pass hit handler in hit filter
  • Cache hit filter can mutate cache, allow resetting cache lock
  • Persist keepalive_timeout between requests on same stream
  • Properly check for H2 io ReadError retry types
  • Add cache lock wait timeout for readers
  • Fix CacheLock status timeout conditions
  • Handle close on partial chunk head
  • Allow optional to reset session timeouts
  • Clippy fixes for 1.87, add 1.87 to GitHub CI
  • Run range_{header,body}_filter after disabling cache
  • Convert InterpretCacheControl members to Duration
  • Disable downstream ranging on max file size
  • Allow explicit infinite keepalive timeout to be respected Note that a necessary follow up is to refactor the infinite keepalive timeout to only apply to first read between requests on reused conns.
  • Add method to disable keepalive if downstream is unfinished
  • Discard extra upstream body and disable keepalive
  • Explicitly disable keepalive on upstream connection when excess body (content-length) is detected.
  • Add brief sleep to shutdown signal tests to avoid flake
  • Allow override of cache lock timeouts
  • Allow arbitrary bytes in CacheKey instead of just Strings
  • Corrects out-of-order data return after multiple peek calls with different buffer sizes.
  • Mark previously too large chunked assets as cacheable
  • Boring/OpenSSL load cert chain from connector options
  • Add initial support for multipart range requests

... (truncated)

Commits
  • b3c1861 Bumping version to 0.6.0
  • 1f992b8 Set reuseport on unix only
  • 21703df Make H2Options configurable at HttpServer, HttpProxy
  • f69219d Update the certificates that are expired
  • 8c9972f bump h2 dependency
  • 6489f6d add for_each method to ConcurrentHashTable
  • 67d6863 Multipart range filter state fixes
  • acce9b1 Adds a callback to HttpHealthCheck for collecting detailed backend summary in...
  • da725df Add initial support for multipart range requests
  • 4de912e feat(cache): Allow using in-memory compression dicts
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Aug 26, 2025
@dependabot dependabot bot force-pushed the dependabot/cargo/pingora-0.6.0 branch from b6d8ced to 26d0a90 Compare August 26, 2025 02:30
@dependabot
chore(deps): bump pingora from 0.5.0 to 0.6.0
f6f49b2 
Bumps [pingora](https://github.com/cloudflare/pingora) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/cloudflare/pingora/releases)
- [Changelog](https://github.com/cloudflare/pingora/blob/main/CHANGELOG.md)
- [Commits](cloudflare/pingora@0.5.0...0.6.0)

---
updated-dependencies:
- dependency-name: pingora
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/cargo/pingora-0.6.0 branch from 26d0a90 to f6f49b2 Compare September 15, 2025 08:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants