Bump criterion from 0.5.1 to 0.8.2

[dependabot]

Bumps criterion from 0.5.1 to 0.8.2.

Release notes

Sourced from criterion's releases.

criterion-plot-v0.8.2

Other

• Update Readme

criterion-v0.8.2

Fixed

• don't build alloca on unsupported targets

Other

• (deps) bump crate-ci/typos from 1.40.0 to 1.43.0
• Fix panic with uniform iteration durations in benchmarks
• Update Readme
• Exclude development scripts from published package

criterion-plot-v0.8.1

Fixed

• Typo

criterion-v0.8.1

Fixed

• Homepage link

Other

• (deps) bump crate-ci/typos from 1.23.5 to 1.40.0
• (deps) bump jontze/action-mdbook from 3 to 4
• (deps) bump actions/checkout from 4 to 6

criterion-plot-v0.8.0

No release notes provided.

criterion-v0.8.0

BREAKING

• Drop async-std support

Changed

• Bump MSRV to 1.86, stable to 1.91.1

Added

• Add ability to plot throughput on summary page.
• Add support for reporting throughput in elements and bytes - Throughput::ElementsAndBytes allows the text summary to report throughput in both units simultaneously.
• Add alloca-based memory layout randomisation to mitigate memory effects on measurements.

... (truncated)

Changelog

Sourced from criterion's changelog.

0.8.2 - 2026-02-04

Fixed

• don't build alloca on unsupported targets

Other

• (deps) bump crate-ci/typos from 1.40.0 to 1.43.0
• Fix panic with uniform iteration durations in benchmarks
• Update Readme
• Exclude development scripts from published package

0.8.1 - 2025-12-07

Fixed

• Homepage link

Other

• (deps) bump crate-ci/typos from 1.23.5 to 1.40.0
• (deps) bump jontze/action-mdbook from 3 to 4
• (deps) bump actions/checkout from 4 to 6

0.8.0 - 2025-11-29

BREAKING

• Drop async-std support

Changed

• Bump MSRV to 1.86, stable to 1.91.1

Added

• Add ability to plot throughput on summary page.
• Add support for reporting throughput in elements and bytes - Throughput::ElementsAndBytes allows the text summary to report throughput in both units simultaneously.
• Add alloca-based memory layout randomisation to mitigate memory effects on measurements.
• Add doc comment to benchmark runner in criterion_group macro (removes linter warnings)

Fixed

• Fix plotting NaN bug

Other

• Remove Master API Docs links temporarily while we restore the docs publishing.

... (truncated)

Commits

• 7f0d745 chore: release v0.8.2
• 4a467ce chore(deps): bump crate-ci/typos from 1.40.0 to 1.43.0
• b277a75 Fix panic with uniform iteration durations in benchmarks
• 828af14 fix: don't build alloca on unsupported targets
• b01316b Update Readme
• 4c02a3b Exclude development scripts from published package
• e4e06df chore: release v0.8.1
• aa548b9 fix: Homepage link
• 950c3b7 fix: Typo
• 7e3e50c chore(deps): bump crate-ci/typos from 1.23.5 to 1.40.0
• Additional commits viewable in compare view

---

Note

Low Risk
Low risk dependency-only update affecting benchmarking tooling (criterion) and its transitive crates; no production/runtime code changes.

Overview
Bumps the workspace criterion dev-dependency from 0.5.1 to 0.8.2.

Updates Cargo.lock for the new Criterion release, pulling in new transitive deps like alloca/page_size/winapi, updating itertools used by Criterion, and dropping is-terminal from the lockfile.

^{Reviewed by Cursor Bugbot for commit f6a3808. Bugbot is set up for automated code reviews on this repo. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	cargo/​criterion@​0.5.1 ⏵ 0.8.2	+1

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Install-time scripts: cargo alloca Install script: Package overview Source: undefined From: ? → cargo/criterion@0.8.2 → cargo/alloca@0.4.0 ℹ Read more on: This package | This alert | What is an install script? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/alloca@0.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Install-time scripts: cargo winapi-i686-pc-windows-gnu Install script: Package overview Source: undefined From: ? → cargo/criterion@0.8.2 → cargo/winapi-i686-pc-windows-gnu@0.4.0 ℹ Read more on: This package | This alert | What is an install script? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/winapi-i686-pc-windows-gnu@0.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Install-time scripts: cargo winapi-x86_64-pc-windows-gnu Install script: Package overview Source: undefined From: ? → cargo/criterion@0.8.2 → cargo/winapi-x86_64-pc-windows-gnu@0.4.0 ℹ Read more on: This package | This alert | What is an install script? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/winapi-x86_64-pc-windows-gnu@0.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Install-time scripts: cargo winapi Install script: Package overview Source: undefined From: ? → cargo/criterion@0.8.2 → cargo/winapi@0.3.9 ℹ Read more on: This package | This alert | What is an install script? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/winapi@0.3.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Native binaries present: cargo alloca Location: Package overview From: ? → cargo/criterion@0.8.2 → cargo/alloca@0.4.0 ℹ Read more on: This package | This alert | Why is native code a concern? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Verify that the inclusion of native code is expected and necessary for this package's functionality. If it is unnecessary or unexpected, consider using alternative packages without native code to mitigate potential risks. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/alloca@0.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Native binaries present: cargo winapi-i686-pc-windows-gnu Location: Package overview From: ? → cargo/criterion@0.8.2 → cargo/winapi-i686-pc-windows-gnu@0.4.0 ℹ Read more on: This package | This alert | Why is native code a concern? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Verify that the inclusion of native code is expected and necessary for this package's functionality. If it is unnecessary or unexpected, consider using alternative packages without native code to mitigate potential risks. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/winapi-i686-pc-windows-gnu@0.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Native binaries present: cargo winapi-x86_64-pc-windows-gnu Location: Package overview From: ? → cargo/criterion@0.8.2 → cargo/winapi-x86_64-pc-windows-gnu@0.4.0 ℹ Read more on: This package | This alert | Why is native code a concern? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Verify that the inclusion of native code is expected and necessary for this package's functionality. If it is unnecessary or unexpected, consider using alternative packages without native code to mitigate potential risks. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/winapi-x86_64-pc-windows-gnu@0.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Native binaries present: cargo winapi Location: Package overview From: ? → cargo/criterion@0.8.2 → cargo/winapi@0.3.9 ℹ Read more on: This package | This alert | Why is native code a concern? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Verify that the inclusion of native code is expected and necessary for this package's functionality. If it is unnecessary or unexpected, consider using alternative packages without native code to mitigate potential risks. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/winapi@0.3.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[coveralls-official]

Coverage Report for CI Build 25174599638

Coverage remained the same at 87.561%

Details

• Coverage remained the same as the base build.
• Patch coverage: No coverable lines changed in this PR.
• No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.

---

Coverage Stats

Relevant Lines:	8554
Covered Lines:	7490
Line Coverage:	87.56%
Coverage Strength:	30845372.94 hits per line

---

💛 - Coveralls

[emlowe]

@dependabot rebase

[emlowe]

@dependabot rebase