Skip to content

Update trillium requirement from 0.2.20 to 1.3.0#13

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/main/trillium-1.3.0
Open

Update trillium requirement from 0.2.20 to 1.3.0#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/main/trillium-1.3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on trillium to permit the latest version.

Release notes

Sourced from trillium's releases.

trillium-http-v1.3.0

Added

  • Upgrade::send_trailers(self, &Headers) -> io::Result<()> — emit trailing headers and finish the outbound stream. On HTTP/1.1 with Transfer-Encoding: chunked set on the response, writes the last-chunk marker, trailer section, and final CRLF, then closes the transport. On HTTP/2, enqueues a trailing HEADERS frame with END_STREAM via the connection driver. On HTTP/3, encodes a trailing HEADERS frame via QPACK and closes the stream. On HTTP/1.x without chunked framing trailers are dropped with a log::warn!.
  • Upgrade::received_trailers() -> Option<&Headers> (with _mut and take_ variants) — inbound trailers carried across the upgrade transition or decoded by the post-upgrade inbound state machine.

Changed

  • Upgrade::request_headers and associated accessors are deprecated in preference to Upgrade::received_headers
  • Upgrade::response_headers and associated accessors are deprecated in preference to Upgrade::sent_headers

Fixed

  • HTTP/2 requests did not prevent graceful shutdown. Now they do.
  • The AsyncWrite/AsyncRead implementations on Upgrade now correctly applies per-protocol framing/deframing instead of raw passthrough. Previously, only HTTP/2 applied framing. Now, HTTP/1.1 with Transfer-Encoding: chunked headers encodes/decodes appropriate chunk framing, and HTTP/3 encodes/decodes DATA framing. HTTP/1.x without Transfer-Encoding: Chunked continues to pass through transparently.
  • Reading an HTTP/1.1 chunked-encoded body — request bodies in the server role, response bodies in the client role — could in rare cases fail to decode despite the wire being well-formed, surfacing as one of chunk header too long, invalid chunk size, ConnectionAborted, or UnexpectedEof. The triggers all sat at the intersection of partial chunk-size headers (caused by transport segmentation landing inside the few-byte chunk-size header window) and content already buffered for processing (either residual from the conn's pre-read scratch, or partial header bytes stashed by a prior poll). Well-behaved clients use sensible chunk sizes, and reverse proxies typically re-frame chunked bodies before forwarding to the backend, so traffic in typical deployments was very unlikely to hit any of these. Decode errors are now surfaced only for genuinely malformed bodies or actual transport closure. Outbound chunked encoding (the write path in either role) was never affected.
  • Client-role responses from HTTP/1.0 servers that omit Content-Length (read-to-close framing) now decode correctly. Previously these surfaced as chunked-decode errors because the inbound body was routed through the chunked decoder.
Commits
  • 2a246ba docs: fix intra doc links
  • b669200 feat(smol): add reuseport fanout
  • 9fc0969 chore: release Listeners/ListenerConfig
  • 422121c feat: Listeners and ListenerConfig
  • 185ee0a feat(logger): Logger::without_init_message
  • c9bbdaa chore(static): release 0.6.1
  • 1a383cc feat(static): resolved directory
  • 34299f1 chore(rustls): release 0.11.2
  • 55f097d feat(rustls): add RustlsClientConfig::from_root_cert_pem and dangerously_acce...
  • f79ac12 fix(rustls): add support for ip-based certs
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Updates the requirements on [trillium](https://github.com/trillium-rs/trillium) to permit the latest version.
- [Release notes](https://github.com/trillium-rs/trillium/releases)
- [Commits](trillium-rs/trillium@trillium-v0.2.20...trillium-v1.3.0)

---
updated-dependencies:
- dependency-name: trillium
  dependency-version: 1.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants