Skip to content

chore(deps): update lol_html requirement from 2.7 to 3.0 in /pagefind#1196

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/pagefind/lol_html-3.0
Open

chore(deps): update lol_html requirement from 2.7 to 3.0 in /pagefind#1196
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/pagefind/lol_html-3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on lol_html to permit the latest version.

Release notes

Sourced from lol_html's releases.

v3.0.0

  • Added MemorySettings::with_graceful_bail_out_on_memory_limit_exceeded(): when set, the rewriter flushes every input byte it has received but not yet emitted to the sink (as-is) before returning MemoryLimitExceededError, so callers can continue the response by writing subsequent bytes directly to their downstream sink instead of breaking it.
  • Added Settings::with_graceful_bail_out_on_content_handler_error(): symmetric to the memory setting above, but for RewritingError::ContentHandlerError. When set, the rewriter flushes remaining input bytes before propagating a handler error, preserving the response. Currently exposed via the Rust API only; the C API still uses the original behavior.
  • Added Settings::append_bail_out_handler() and the matching bail_out! macro, BailOut rewritable unit, and BailOutHandler / BailOutHandlerSend type aliases. Bail-out handlers fire immediately before the raw flush of remaining unparsed input on a graceful bail-out (memory or content-handler error). Handlers receive the RewritingError and a BailOut through which they can append final bytes to the sink via BailOut::append(content, content_type). Intended for handlers that buffer state across the document (e.g. text-buffering handlers that defer emission) and need to flush that state on bail-out.
  • Marked RewritingError #[non_exhaustive] so future error variants can be added without a major version bump. External callers can still match on it, but must include a catch-all _ => arm.
  • Reworked Settings, MemorySettings and RewriteStrSettings to use a consuming-builder API. Fields are now private; construction is via ::new() plus chained with_* setters and append_* methods for the content-handler vectors. This makes future field additions non-breaking. Migration:
    // before
    Settings {
        element_content_handlers: vec![element!("div", |el| { /* ... */ Ok(()) })],
        strict: false,
        ..Settings::new()
    }
    // after
    Settings::new()
        .with_strict(false)
        .append_element_content_handler(element!("div", |el| { /* ... */ Ok(()) }))
  • Renamed the internal-use feature integration_test to _integration_test. The leading underscore signals to cargo-semver-checks and similar tools that the feature is not part of the public API.
  • Comment::set_text now also rejects --!>, a leading >, and a leading ->, which WHATWG-conformant browsers treat as comment terminators. Previously only --> was rejected, so a caller passing attacker-influenced data could let an attacker break out of the comment and inject HTML (security fix).
Changelog

Sourced from lol_html's changelog.

v3.0.0

  • Added MemorySettings::with_graceful_bail_out_on_memory_limit_exceeded(): when set, the rewriter flushes every input byte it has received but not yet emitted to the sink (as-is) before returning MemoryLimitExceededError, so callers can continue the response by writing subsequent bytes directly to their downstream sink instead of breaking it.
  • Added Settings::with_graceful_bail_out_on_content_handler_error(): symmetric to the memory setting above, but for RewritingError::ContentHandlerError. When set, the rewriter flushes remaining input bytes before propagating a handler error, preserving the response. Currently exposed via the Rust API only; the C API still uses the original behavior.
  • Added Settings::append_bail_out_handler() and the matching bail_out! macro, BailOut rewritable unit, and BailOutHandler / BailOutHandlerSend type aliases. Bail-out handlers fire immediately before the raw flush of remaining unparsed input on a graceful bail-out (memory or content-handler error). Handlers receive the RewritingError and a BailOut through which they can append final bytes to the sink via BailOut::append(content, content_type). Intended for handlers that buffer state across the document (e.g. text-buffering handlers that defer emission) and need to flush that state on bail-out.
  • Marked RewritingError #[non_exhaustive] so future error variants can be added without a major version bump. External callers can still match on it, but must include a catch-all _ => arm.
  • Reworked Settings, MemorySettings and RewriteStrSettings to use a consuming-builder API. Fields are now private; construction is via ::new() plus chained with_* setters and append_* methods for the content-handler vectors. This makes future field additions non-breaking. Migration:
    // before
    Settings {
        element_content_handlers: vec![element!("div", |el| { /* ... */ Ok(()) })],
        strict: false,
        ..Settings::new()
    }
    // after
    Settings::new()
        .with_strict(false)
        .append_element_content_handler(element!("div", |el| { /* ... */ Ok(()) }))
  • Renamed the internal-use feature integration_test to _integration_test. The leading underscore signals to cargo-semver-checks and similar tools that the feature is not part of the public API.
  • Comment::set_text now also rejects --!>, a leading >, and a leading ->, which WHATWG-conformant browsers treat as comment terminators. Previously only --> was rejected, so a caller passing attacker-influenced data could let an attacker break out of the comment and inject HTML (security fix).

v2.9.0

  • Added OutputSink::set_encoding
  • Fixed rewrite_str to ignore non-UTF-8 encoding declarations (it takes a UTF-8 string)

... (truncated)

Commits
  • 02f139c Add bail-out handler API for flushing buffered state on graceful bail-out.
  • ba25359 Reject all browser-recognized comment-closing sequences in Comment::set_text.
  • b00626a Convert settings structs to consuming builders.
  • 776b44a Rename integration_test feature to _integration_test.
  • e97d16c Bump to v3.0.0.
  • 31ed2fa Allow rewriter to gracefully bail out on content handler errors.
  • 3674c38 Allow rewriter to gracefully bail out on memory limit exceeded.
  • 92b690d Bump versions
  • 46b5344 Document esi setting inconsistency
  • 943ad33 Branch name fix
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Jun 10, 2026
@dependabot dependabot Bot requested a review from bglw as a code owner June 10, 2026 23:15
@pagefinder pagefinder Bot enabled auto-merge June 10, 2026 23:15
@dependabot dependabot Bot force-pushed the dependabot/cargo/pagefind/lol_html-3.0 branch from 64ba797 to 1f37376 Compare June 17, 2026 23:49
@dependabot dependabot Bot force-pushed the dependabot/cargo/pagefind/lol_html-3.0 branch 3 times, most recently from d18f8b1 to 2d2d847 Compare July 1, 2026 23:59
Updates the requirements on [lol_html](https://github.com/cloudflare/lol-html) to permit the latest version.
- [Release notes](https://github.com/cloudflare/lol-html/releases)
- [Changelog](https://github.com/cloudflare/lol-html/blob/main/CHANGELOG.md)
- [Commits](cloudflare/lol-html@v2.7.0...v3.0.0)

---
updated-dependencies:
- dependency-name: lol_html
  dependency-version: 3.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/pagefind/lol_html-3.0 branch from 2d2d847 to a6ecdf2 Compare July 9, 2026 00:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants