Skip to content

Bump http from 1.4.0 to 1.4.2#3

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/master/http-1.4.2
Closed

Bump http from 1.4.0 to 1.4.2#3
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/master/http-1.4.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown

Bumps http from 1.4.0 to 1.4.2.

Release notes

Sourced from http's releases.

v1.4.1

tl;dr

  • Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.
  • Fix Extend for HeaderMap to clamp max size hint and not overflow.
  • Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.
  • Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

What's Changed

New Contributors

Full Changelog: hyperium/http@v1.4.0...v1.4.1

Changelog

Sourced from http's changelog.

1.4.2 (June 8, 2026)

  • Fix uri::Builder to allow "*" as the path when scheme and authority are also set, used in HTTP/2 requests.
  • Fix Uri to properly reject DEL characters.

1.4.1 (May 25, 2026)

  • Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.
  • Fix Extend for HeaderMap to clamp max size hint and not overflow.
  • Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.
  • Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jul 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/cargo/master/http-1.4.2 branch 3 times, most recently from 886a81d to 95d49ec Compare July 10, 2026 12:33
Bumps [http](https://github.com/hyperium/http) from 1.4.0 to 1.4.2.
- [Release notes](https://github.com/hyperium/http/releases)
- [Changelog](https://github.com/hyperium/http/blob/master/CHANGELOG.md)
- [Commits](hyperium/http@v1.4.0...v1.4.2)

---
updated-dependencies:
- dependency-name: http
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/master/http-1.4.2 branch from 95d49ec to 4f0c517 Compare July 12, 2026 00:05
@dependabot @github

dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown
Author

Looks like http is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 12, 2026
@dependabot dependabot Bot deleted the dependabot/cargo/master/http-1.4.2 branch July 12, 2026 00:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants