Skip to content
This repository was archived by the owner on Feb 16, 2026. It is now read-only.

chore: bump dependencies#296

Merged
quettabit merged 1 commit intomainfrom
dependabot/cargo/all-dependencies-ae3629ef3a
Feb 10, 2026
Merged

chore: bump dependencies#296
quettabit merged 1 commit intomainfrom
dependabot/cargo/all-dependencies-ae3629ef3a

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 8, 2026

Bumps the all-dependencies group with 5 updates:

Package From To
async-compression 0.4.37 0.4.39
reqwest 0.13.1 0.13.2
s2-api 0.27.1 0.27.3
s2-common 0.27.1 0.27.4
time 0.3.46 0.3.47

Updates async-compression from 0.4.37 to 0.4.39

Commits
  • b1da57f chore(async-compression): release v0.4.39 (#447)
  • f95a4b9 Revert "Fix decoding of empty response streams." (#446)
  • b4e46d8 chore(async-compression): release v0.4.38 (#443)
  • e67f0b1 Fix decoding of empty response streams. (#444)
  • f5e532e chore(deps): update proptest-derive requirement from 0.7 to 0.8 (#442)
  • See full diff in compare view

Updates reqwest from 0.13.1 to 0.13.2

Changelog

Sourced from reqwest's changelog.

v0.13.2

  • Fix HTTP/2 and native-tls ALPN feature combinations.
  • Fix HTTP/3 to send h3 ALPN.
  • (wasm) fix RequestBuilder::json() from override previously set content-type.
Commits

Updates s2-api from 0.27.1 to 0.27.3

Commits

Updates s2-common from 0.27.1 to 0.27.4

Commits

Updates time from 0.3.46 to 0.3.47

Release notes

Sourced from time's releases.

v0.3.47

See the changelog for details.

Changelog

Sourced from time's changelog.

0.3.47 [2026-02-05]

Security

  • The possibility of a stack exhaustion denial of service attack when parsing RFC 2822 has been eliminated. Previously, it was possible to craft input that would cause unbounded recursion. Now, the depth of the recursion is tracked, causing an error to be returned if it exceeds a reasonable limit.

    This attack vector requires parsing user-provided input, with any type, using the RFC 2822 format.

Compatibility

  • Attempting to format a value with a well-known format (i.e. RFC 3339, RFC 2822, or ISO 8601) will error at compile time if the type being formatted does not provide sufficient information. This would previously fail at runtime. Similarly, attempting to format a value with ISO 8601 that is only configured for parsing (i.e. Iso8601::PARSING) will error at compile time.

Added

  • Builder methods for format description modifiers, eliminating the need for verbose initialization when done manually.
  • date!(2026-W01-2) is now supported. Previously, a space was required between W and 01.
  • [end] now has a trailing_input modifier which can either be prohibit (the default) or discard. When it is discard, all remaining input is ignored. Note that if there are components after [end], they will still attempt to be parsed, likely resulting in an error.

Changed

  • More performance gains when parsing.

Fixed

  • If manually formatting a value, the number of bytes written was one short for some components. This has been fixed such that the number of bytes written is always correct.
  • The possibility of integer overflow when parsing an owned format description has been effectively eliminated. This would previously wrap when overflow checks were disabled. Instead of storing the depth as u8, it is stored as u32. This would require multiple gigabytes of nested input to overflow, at which point we've got other problems and trivial mitigations are available by downstream users.
Commits
  • d5144cd v0.3.47 release
  • f6206b0 Guard against integer overflow in release mode
  • 1c63dc7 Avoid denial of service when parsing Rfc2822
  • 5940df6 Add builder methods to avoid verbose construction
  • 00881a4 Manually format macros everywhere
  • bb723b6 Add trailing_input modifier to end
  • 31c4f8e Permit W12 in date! macro
  • 490a17b Mark error paths in well-known formats as cold
  • 6cb1896 Optimize Rfc2822 parsing
  • 6d264d5 Remove erroneous #[inline(never)] attributes
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Feb 8, 2026
@dependabot dependabot bot requested a review from a team as a code owner February 8, 2026 11:23
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Feb 8, 2026
@greptile-apps
Copy link

greptile-apps bot commented Feb 8, 2026

PR author is not in the allowed authors list.

@quettabit quettabit changed the title chore(deps): bump the all-dependencies group with 5 updates chore: bump dependencies Feb 10, 2026
@dependabot @quettabit
chore(deps): bump the all-dependencies group with 5 updates
5266896 
Bumps the all-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [async-compression](https://github.com/Nullus157/async-compression) | `0.4.37` | `0.4.39` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.13.1` | `0.13.2` |
| [s2-api](https://github.com/s2-streamstore/s2) | `0.27.1` | `0.27.3` |
| [s2-common](https://github.com/s2-streamstore/s2) | `0.27.1` | `0.27.4` |
| [time](https://github.com/time-rs/time) | `0.3.46` | `0.3.47` |


Updates `async-compression` from 0.4.37 to 0.4.39
- [Release notes](https://github.com/Nullus157/async-compression/releases)
- [Commits](Nullus157/async-compression@async-compression-v0.4.37...async-compression-v0.4.39)

Updates `reqwest` from 0.13.1 to 0.13.2
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](seanmonstar/reqwest@v0.13.1...v0.13.2)

Updates `s2-api` from 0.27.1 to 0.27.3
- [Release notes](https://github.com/s2-streamstore/s2/releases)
- [Changelog](https://github.com/s2-streamstore/s2/blob/main/release-plz.toml)
- [Commits](s2-streamstore/s2@s2-api-v0.27.1...s2-api-v0.27.3)

Updates `s2-common` from 0.27.1 to 0.27.4
- [Release notes](https://github.com/s2-streamstore/s2/releases)
- [Changelog](https://github.com/s2-streamstore/s2/blob/main/release-plz.toml)
- [Commits](s2-streamstore/s2@s2-api-v0.27.1...s2-common-v0.27.4)

Updates `time` from 0.3.46 to 0.3.47
- [Release notes](https://github.com/time-rs/time/releases)
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md)
- [Commits](time-rs/time@v0.3.46...v0.3.47)

---
updated-dependencies:
- dependency-name: async-compression
  dependency-version: 0.4.39
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: reqwest
  dependency-version: 0.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: s2-api
  dependency-version: 0.27.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: s2-common
  dependency-version: 0.27.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: time
  dependency-version: 0.3.47
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@quettabit quettabit force-pushed the dependabot/cargo/all-dependencies-ae3629ef3a branch from 170fc94 to 5266896 Compare February 10, 2026 06:21
@quettabit quettabit merged commit b167159 into main Feb 10, 2026
5 checks passed
@quettabit quettabit deleted the dependabot/cargo/all-dependencies-ae3629ef3a branch February 10, 2026 06:28
@github-actions github-actions bot mentioned this pull request Feb 10, 2026
Merged
shikhar pushed a commit that referenced this pull request Feb 15, 2026
@github-actions
chore: release v0.24.0 (#299)
e1bb42c 
## 🤖 New release

* `s2-sdk`: 0.23.8 -> 0.24.0 (⚠ API breaking changes)

### ⚠ `s2-sdk` breaking changes

```text
--- failure inherent_method_missing: pub method removed or renamed ---

Description:
A publicly-visible method or associated fn is no longer available under its prior name. It may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.46.0/src/lints/inherent_method_missing.ron

Failed in:
  CreateBasinInput::with_idempotency_token, previously in file /tmp/.tmpoNf48h/s2-sdk/src/types.rs:913
  CreateStreamInput::with_idempotency_token, previously in file /tmp/.tmpoNf48h/s2-sdk/src/types.rs:2583

--- failure struct_pub_field_missing: pub struct's pub field removed or renamed ---

Description:
A publicly-visible struct has at least one public field that is no longer available under its prior name. It may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.46.0/src/lints/struct_pub_field_missing.ron

Failed in:
  field idempotency_token of struct CreateBasinInput, previously in file /tmp/.tmpoNf48h/s2-sdk/src/types.rs:882
  field idempotency_token of struct CreateStreamInput, previously in file /tmp/.tmpoNf48h/s2-sdk/src/types.rs:2561

--- failure struct_pub_field_now_doc_hidden: pub struct field is now #[doc(hidden)] ---

Description:
A pub field of a pub struct is now marked #[doc(hidden)] and is no longer part of the public API.
        ref: https://doc.rust-lang.org/rustdoc/write-documentation/the-doc-attribute.html#hidden
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.46.0/src/lints/struct_pub_field_now_doc_hidden.ron

Failed in:
  field CreateBasinInput.idempotency_token in file /tmp/.tmp5yfqnq/s2-sdk-rust/src/types.rs:868
  field CreateStreamInput.idempotency_token in file /tmp/.tmp5yfqnq/s2-sdk-rust/src/types.rs:2539
```

<details><summary><i><b>Changelog</b></i></summary><p>

<blockquote>

## [0.24.0] - 2026-02-15

### Features

- Add accessors for `AppendRecord`
([#305](#305))
- [**breaking**] Add lower bounds for `max_batch_bytes` and
`max_batch_records`
([#309](#309))
- [**breaking**] Reduce default `max_unacked_bytes` to `5MiB`
([#311](#311))

### Refactor

- Replace `reqwest` with `hyper-util` and add client pooling
([#298](#298))
- [**breaking**] Make `idempotency_token` private
([#306](#306))
- [**breaking**] Remove unnecessary `Result` from
`with_max_unacked_batches`
([#307](#307))
- Remove unnecessary compression for GET and DELETE requests
([#308](#308))
- Rename fields, methods, and vars related to `RetryBackoff`
([#310](#310))
- [**breaking**] Make `S2DateTime` conversion from
`time::OffsetDateTime` fallible
([#312](#312))

### Testing

- Metrics
([#297](#297))
- Basin & stream api
([#300](#300))

### Miscellaneous Tasks

- Bump dependencies
([#296](#296))
- Dep updates
([#314](#314))

<!-- generated by git-cliff -->
</blockquote>


</p></details>

---
This PR was generated with
[release-plz](https://github.com/release-plz/release-plz/).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@quettabit