Skip to content

Bump lz4_flex from 0.13.0 to 0.14.0 in /rust in the dependabot group#381

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/rust/dependabot-b8347b7767
Open

Bump lz4_flex from 0.13.0 to 0.14.0 in /rust in the dependabot group#381
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/rust/dependabot-b8347b7767

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependabot group in /rust with 1 update: lz4_flex.

Updates lz4_flex from 0.13.0 to 0.14.0

Release notes

Sourced from lz4_flex's releases.

0.13.1

What's Changed

New Contributors

Full Changelog: PSeitz/lz4_flex@0.13.0...0.13.1

Changelog

Sourced from lz4_flex's changelog.

0.14.0 (2026-07-14)

Features

  • Add alloc feature to allow no_std operation without an allocator. The std feature now implies alloc. Without alloc only the _into variants of the block API are available, e.g. compress_into; the compression hash table is placed on the stack or can be provided via compress_into_with_table.
Note: Users with `default-features = false` need to additionally enable the `alloc`
feature to keep the APIs returning `Vec`, e.g. `compress` and `decompress`.

0.13.1 (2026-05-09)

Fixes

  • Fix compression with short dictionaries (less than 4 bytes), avoiding a panic/out-of-bounds read #222
Compression with dictionaries shorter than the minimum match length of 4 now falls
back to compression without a dictionary instead of panicking or reading past
the dictionary. 

This is a security fix for unsafe compression with untrusted dictionaries.
Users on 0.13.0 should upgrade to 0.13.1.

  • Fix panic in From<io::Error> implementation for frame::Error #221 (thanks @​phoerious)
Commits
  • 1bffdcb Merge pull request #229 from PSeitz/release/0.14.0-changelog
  • a5973e4 Update CHANGELOG for 0.14.0 release, bump version to 0.14.0
  • 43cdb22 Merge pull request #228 from PSeitz/0.14.x
  • 08fd47e add release skill
  • a6c6135 Merge pull request #225 from fbrozovic/alloc-feature
  • ca019ec Add alloc feature to support no_std without an allocator
  • 19194f9 Merge pull request #223 from PSeitz/0.13.x
  • 5a1962c update CHANGELOG
  • ce548ab fix: handle short compression dictionaries
  • 1756d13 Fix panic in From<io::Error> implementation for frame::Error
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependabot group in /rust with 1 update: [lz4_flex](https://github.com/pseitz/lz4_flex).


Updates `lz4_flex` from 0.13.0 to 0.14.0
- [Release notes](https://github.com/pseitz/lz4_flex/releases)
- [Changelog](https://github.com/PSeitz/lz4_flex/blob/main/CHANGELOG.md)
- [Commits](PSeitz/lz4_flex@0.13.0...0.14.0)

---
updated-dependencies:
- dependency-name: lz4_flex
  dependency-version: 0.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependabot
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust labels Jul 15, 2026
@github-actions

Copy link
Copy Markdown

🐰 Bencher Report

Branchdependabot/cargo/rust/dependabot-b8347b7767
Testbedubuntu-latest

🚨 2 Alerts

BenchmarkMeasure
Units
ViewBenchmark Result
(Result Δ%)
Upper Boundary
(Limit %)
ExampleIteratorLatency
milliseconds (ms)
📈 plot
🚷 threshold
🚨 alert (🔔)
221.72 ms
(+771.98%)Baseline: 25.43 ms
43.13 ms
(514.05%)

parallel_mapLatency
milliseconds (ms)
📈 plot
🚷 threshold
🚨 alert (🔔)
88.86 ms
(+415.63%)Baseline: 17.23 ms
30.30 ms
(293.23%)

Click to view all benchmark results
BenchmarkLatencyBenchmark Result
milliseconds (ms)
(Result Δ%)
Upper Boundary
milliseconds (ms)
(Limit %)
BatchIterator📈 view plot
🚷 view threshold
171.98 ms
BatchIterator #2📈 view plot
🚷 view threshold
292.94 ms
ExampleIterator📈 view plot
🚷 view threshold
🚨 view alert (🔔)
221.72 ms
(+771.98%)Baseline: 25.43 ms
43.13 ms
(514.05%)

parallel_map📈 view plot
🚷 view threshold
🚨 view alert (🔔)
88.86 ms
(+415.63%)Baseline: 17.23 ms
30.30 ms
(293.23%)

🐰 View full continuous benchmarking report in Bencher

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants