mirror of
https://github.com/nushell/nushell.git
synced 2024-11-07 09:04:18 +01:00
Bump tempfile from 3.3.0 to 3.4.0 (#8329)
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.3.0 to 3.4.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Stebalien/tempfile/blob/master/NEWS">tempfile's changelog</a>.</em></p> <blockquote> <h1>3.4.0</h1> <p>SECURITY: Prior <code>tempfile</code> releases depended on <code>remove_dir_all</code> version 0.5.0 which was vulnerable to a <a href="https://github.com/XAMPPRocky/remove_dir_all/security/advisories/GHSA-mc8h-8q98-g5hr">TOCTOU race</a>. This same race is present in rust versions prior to 1.58.1.</p> <p>Features:</p> <ul> <li>Generalized temporary files: <code>NamedTempFile</code> can now abstract over different kinds of files (e.g., unix domain sockets, pipes, etc.): <ul> <li>Add <code>Builder::make</code> and <code>Builder::make_in</code> for generalized temp file creation.</li> <li>Add <code>NamedTempFile::from_parts</code> to complement <code>NamedTempFile::into_parts</code>.</li> <li>Add generic parameter to <code>NamedTempFile</code> to support wrapping non-File types.</li> </ul> </li> </ul> <p>Bug Fixes/Improvements:</p> <ul> <li>Don't try to create a temporary file multiple times if the file path has been fully specified by the user (no random characters).</li> <li><code>NamedTempFile::persist_noclobber</code> is now always atomic on linux when <code>renameat_with</code> is supported. Previously, it would first link the new path, then unlink the previous path.</li> <li>Fix compiler warnings on windows.</li> </ul> <p>Trivia:</p> <ul> <li>Switch from <code>libc</code> to <code>rustix</code> on wasi/unix. This now makes direct syscalls instead of calling through libc.</li> <li>Remove <code>remove_dir_all</code> dependency. The rust standard library has optimized their internal version significantly.</li> <li>Switch to official windows-sys windows bindings.</li> </ul> <p>Breaking:</p> <ul> <li>The minimum rust version is now <code>1.48.0</code>.</li> <li>Mark most functions as <code>must_use</code>.</li> <li>Uses direct syscalls on linux by default, instead of libc.</li> <li>The new type parameter in <code>NamedTempFile</code> may lead to type inference issues in some cases.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Stebalien/tempfile/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tempfile&package-manager=cargo&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
parent
a4952bc029
commit
df60793e3b
18
Cargo.lock
generated
18
Cargo.lock
generated
@ -4282,15 +4282,6 @@ version = "0.6.27"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a3f87b73ce11b1619a3c6332f45341e0047173771e8b8b73f87bfeefb7b56244"
|
||||
|
||||
[[package]]
|
||||
name = "remove_dir_all"
|
||||
version = "0.5.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"
|
||||
dependencies = [
|
||||
"winapi",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "retain_mut"
|
||||
version = "0.1.9"
|
||||
@ -5118,16 +5109,15 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "tempfile"
|
||||
version = "3.3.0"
|
||||
version = "3.4.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4"
|
||||
checksum = "af18f7ae1acd354b992402e9ec5864359d693cd8a79dcbef59f76891701c1e95"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"fastrand",
|
||||
"libc",
|
||||
"redox_syscall",
|
||||
"remove_dir_all",
|
||||
"winapi",
|
||||
"rustix 0.36.8",
|
||||
"windows-sys 0.42.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -90,7 +90,7 @@ atty = "0.2"
|
||||
|
||||
[dev-dependencies]
|
||||
nu-test-support = { path = "./crates/nu-test-support", version = "0.76.1" }
|
||||
tempfile = "3.2.0"
|
||||
tempfile = "3.4.0"
|
||||
assert_cmd = "2.0.2"
|
||||
criterion = "0.4"
|
||||
pretty_assertions = "1.0.0"
|
||||
|
Loading…
Reference in New Issue
Block a user