Skip to content

chore(deps): bump maxminddb from 0.27.3 to 0.28.1#25302

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/cargo/maxminddb-0.28.1
Open

chore(deps): bump maxminddb from 0.27.3 to 0.28.1#25302
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/cargo/maxminddb-0.28.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026
edited
Loading

Bumps maxminddb from 0.27.3 to 0.28.1.

Release notes

Sourced from maxminddb's releases.

0.28.1

  • Fixed: Databases with an impossible declared search tree size are now rejected during open/verify instead of causing runaway allocation during validation.
  • Fixed: within() now rejects IPv6 CIDRs on IPv4-only databases instead of yielding unrelated networks.
  • Fixed: Verification now rejects truncated scalar/string payloads instead of skipping past them and reporting the database as valid.
  • Fixed: LookupResult::network() now uses the reader's measured IPv4 subtree depth instead of assuming it always begins at bit 96.

0.28.0

  • Performance improvement: Faster search-tree traversal by dispatching on the database's record size to monomorphized node readers, replacing per-step branching on the record size.
  • Performance improvement: Direct deserialization of scalars, sequences, maps, and structs through dedicated fast paths instead of routing through deserialize_any.
  • Performance improvement: IPv4 and IPv6 lookups dispatch to dedicated paths, avoiding per-call address-kind checks on the hot path.
  • Behavior change: Deserializing a database array into a tuple or tuple struct now returns a decoding error when the lengths do not match. Previously the mismatch was silently ignored.
  • Fixed: A corrupt data pointer that would underflow during resolution now returns an InvalidDatabase error instead of panicking.
Changelog

Sourced from maxminddb's changelog.

0.28.1 - 2026-04-26

  • Fixed: Databases with an impossible declared search tree size are now rejected during open/verify instead of causing runaway allocation during validation.
  • Fixed: within() now rejects IPv6 CIDRs on IPv4-only databases instead of yielding unrelated networks.
  • Fixed: Verification now rejects truncated scalar/string payloads instead of skipping past them and reporting the database as valid.
  • Fixed: LookupResult::network() now uses the reader's measured IPv4 subtree depth instead of assuming it always begins at bit 96.

0.28.0 - 2026-04-25

  • Performance improvement: Faster search-tree traversal by dispatching on the database's record size to monomorphized node readers, replacing per-step branching on the record size.
  • Performance improvement: Direct deserialization of scalars, sequences, maps, and structs through dedicated fast paths instead of routing through deserialize_any.
  • Performance improvement: IPv4 and IPv6 lookups dispatch to dedicated paths, avoiding per-call address-kind checks on the hot path.
  • Behavior change: Deserializing a database array into a tuple or tuple struct now returns a decoding error when the lengths do not match. Previously the mismatch was silently ignored.
  • Fixed: A corrupt data pointer that would underflow during resolution now returns an InvalidDatabase error instead of panicking.
Commits
  • 8e86128 Prepare v0.28.1 release
  • e762e0c Set release date
  • b730a7c Merge pull request #113 from oschwald/greg/fixes
  • 3ce5264 Use actual IPv4 subtree depth for network
  • 6ce0c23 Tighten decoder verification bounds
  • 536242a Reject IPv6 CIDRs in within() with IPv4 trees
  • 6a74e9a Improve test coverage of bad-database handling
  • 1cd81bb Validate search tree layout in reader
  • df493e2 Update MaxMind-DB fixtures
  • 429baa5 Prepare v0.28.0 release
  • Additional commits viewable in compare view

@dependabot dependabot Bot added domain: deps Anything related to Vector's dependencies no-changelog Changes in this PR do not need user-facing explanations in the release changelog labels Apr 27, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 27, 2026 15:37
@dependabot dependabot Bot added domain: deps Anything related to Vector's dependencies no-changelog Changes in this PR do not need user-facing explanations in the release changelog labels Apr 27, 2026
@dependabot dependabot Bot force-pushed the dependabot/cargo/maxminddb-0.28.1 branch from 3213b79 to e5245b4 Compare April 28, 2026 15:53
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e5245b4cc8

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread Cargo.lock
[[package]]
name = "maxminddb"
version = "0.27.3"
version = "0.28.1"
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Align locked maxminddb version with manifest constraint

Cargo.toml:407 still requires maxminddb = "0.27.0" (caret semantics means <0.28.0), but this change locks maxminddb to 0.28.1. In environments that run Cargo with --locked (typical for CI/release reproducibility), dependency resolution will fail because the lockfile version no longer satisfies the manifest requirement. Please either bump the manifest constraint to 0.28.x in the same change or keep the lockfile on a 0.27.x release.

Useful? React with 👍 / 👎.

@dependabot dependabot Bot force-pushed the dependabot/cargo/maxminddb-0.28.1 branch 5 times, most recently from 1077af1 to 6ebe631 Compare May 5, 2026 00:08
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6ebe631278

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread Cargo.lock
[[package]]
name = "maxminddb"
version = "0.27.3"
version = "0.28.1"
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep maxminddb lockfile entry within manifest range

Bumping maxminddb to 0.28.1 in the lockfile without changing the manifest constraint introduces an invalid dependency state: Cargo.toml still requires ^0.27.0, which does not admit 0.28.1, so workflows that enforce lock/manifest consistency will fail when resolving dependencies. Fresh evidence: Cargo.toml currently still declares maxminddb = { version = "0.27.0", ... } (line 408), making this updated lock entry out of range.

Useful? React with 👍 / 👎.

@dependabot dependabot Bot force-pushed the dependabot/cargo/maxminddb-0.28.1 branch from 6ebe631 to 27f253c Compare May 6, 2026 16:14
@dependabot
chore(deps): bump maxminddb from 0.27.3 to 0.28.1
449be8e 
Bumps [maxminddb](https://github.com/oschwald/maxminddb-rust) from 0.27.3 to 0.28.1.
- [Release notes](https://github.com/oschwald/maxminddb-rust/releases)
- [Changelog](https://github.com/oschwald/maxminddb-rust/blob/main/CHANGELOG.md)
- [Commits](oschwald/maxminddb-rust@v0.27.3...v0.28.1)

---
updated-dependencies:
- dependency-name: maxminddb
  dependency-version: 0.28.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/maxminddb-0.28.1 branch from 27f253c to 449be8e Compare May 6, 2026 18:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

domain: deps Anything related to Vector's dependencies no-changelog Changes in this PR do not need user-facing explanations in the release changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants