Skip to content

Bump pingora from 0.4.0 to 0.6.0#57

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/pingora-0.6.0
Open

Bump pingora from 0.4.0 to 0.6.0#57
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/pingora-0.6.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Sep 2, 2025

Copy link
Copy Markdown
Contributor

Bumps pingora from 0.4.0 to 0.6.0.

Release notes

Sourced from pingora's releases.

Pingora 0.6.0

0.6.0 - 2025-08-15

Highlights

  • This release bumps the minimum h2 crate dependency to guard against the MadeYouReset H2 attack

🚀 Features

  • Log runtime names during Server shutdown
  • Enabling tracking the execution phase of a server
  • Allow using in-memory compression dicts
  • Make H2Options configurable at HttpServer, HttpProxy Also adds HttpServerOptions to the HttpServer implementation, and updates the HttpEchoApp to use HttpServer for easier adhoc testing.

🐛 Bug Fixes

  • Fix: read body without discard

Everything Else

  • Try loading each LRU shard individually and warn on errors
  • Update LRU save to disk to be atomic
  • Allow cache to spawn_async_purge
  • Pass hit handler in hit filter
  • Cache hit filter can mutate cache, allow resetting cache lock
  • Persist keepalive_timeout between requests on same stream
  • Properly check for H2 io ReadError retry types
  • Add cache lock wait timeout for readers
  • Fix CacheLock status timeout conditions
  • Handle close on partial chunk head
  • Allow optional to reset session timeouts
  • Clippy fixes for 1.87, add 1.87 to GitHub CI
  • Run range_{header,body}_filter after disabling cache
  • Convert InterpretCacheControl members to Duration
  • Disable downstream ranging on max file size
  • Allow explicit infinite keepalive timeout to be respected Note that a necessary follow up is to refactor the infinite keepalive timeout to only apply to first read between requests on reused conns.
  • Add method to disable keepalive if downstream is unfinished
  • Discard extra upstream body and disable keepalive
  • Explicitly disable keepalive on upstream connection when excess body (content-length) is detected.
  • Add brief sleep to shutdown signal tests to avoid flake
  • Allow override of cache lock timeouts
  • Allow arbitrary bytes in CacheKey instead of just Strings
  • Corrects out-of-order data return after multiple peek calls with different buffer sizes.
  • Mark previously too large chunked assets as cacheable

... (truncated)

Changelog

Sourced from pingora's changelog.

0.6.0 - 2025-08-15

Highlights

  • This release bumps the minimum h2 crate dependency to guard against the MadeYouReset H2 attack

🚀 Features

  • Log runtime names during Server shutdown
  • Enabling tracking the execution phase of a server
  • Allow using in-memory compression dicts
  • Make H2Options configurable at HttpServer, HttpProxy Also adds HttpServerOptions to the HttpServer implementation, and updates the HttpEchoApp to use HttpServer for easier adhoc testing.

🐛 Bug Fixes

  • Fix: read body without discard

Everything Else

  • Try loading each LRU shard individually and warn on errors
  • Update LRU save to disk to be atomic
  • Allow cache to spawn_async_purge
  • Pass hit handler in hit filter
  • Cache hit filter can mutate cache, allow resetting cache lock
  • Persist keepalive_timeout between requests on same stream
  • Properly check for H2 io ReadError retry types
  • Add cache lock wait timeout for readers
  • Fix CacheLock status timeout conditions
  • Handle close on partial chunk head
  • Allow optional to reset session timeouts
  • Clippy fixes for 1.87, add 1.87 to GitHub CI
  • Run range_{header,body}_filter after disabling cache
  • Convert InterpretCacheControl members to Duration
  • Disable downstream ranging on max file size
  • Allow explicit infinite keepalive timeout to be respected Note that a necessary follow up is to refactor the infinite keepalive timeout to only apply to first read between requests on reused conns.
  • Add method to disable keepalive if downstream is unfinished
  • Discard extra upstream body and disable keepalive
  • Explicitly disable keepalive on upstream connection when excess body (content-length) is detected.
  • Add brief sleep to shutdown signal tests to avoid flake
  • Allow override of cache lock timeouts
  • Allow arbitrary bytes in CacheKey instead of just Strings
  • Corrects out-of-order data return after multiple peek calls with different buffer sizes.
  • Mark previously too large chunked assets as cacheable
  • Boring/OpenSSL load cert chain from connector options
  • Add initial support for multipart range requests

... (truncated)

Commits
  • b3c1861 Bumping version to 0.6.0
  • 1f992b8 Set reuseport on unix only
  • 21703df Make H2Options configurable at HttpServer, HttpProxy
  • f69219d Update the certificates that are expired
  • 8c9972f bump h2 dependency
  • 6489f6d add for_each method to ConcurrentHashTable
  • 67d6863 Multipart range filter state fixes
  • acce9b1 Adds a callback to HttpHealthCheck for collecting detailed backend summary in...
  • da725df Add initial support for multipart range requests
  • 4de912e feat(cache): Allow using in-memory compression dicts
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [pingora](https://github.com/cloudflare/pingora) from 0.4.0 to 0.6.0.
- [Release notes](https://github.com/cloudflare/pingora/releases)
- [Changelog](https://github.com/cloudflare/pingora/blob/main/CHANGELOG.md)
- [Commits](cloudflare/pingora@0.4.0...0.6.0)

---
updated-dependencies:
- dependency-name: pingora
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Sep 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants