Bump tempfile from 3.3.0 to 3.4.0 (#8329)

Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.3.0 to
3.4.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Stebalien/tempfile/blob/master/NEWS">tempfile's
changelog</a>.</em></p>
<blockquote>
<h1>3.4.0</h1>
<p>SECURITY: Prior <code>tempfile</code> releases depended on
<code>remove_dir_all</code> version 0.5.0 which was vulnerable to a <a
href="https://github.com/XAMPPRocky/remove_dir_all/security/advisories/GHSA-mc8h-8q98-g5hr">TOCTOU
race</a>. This same race is present in rust versions prior to
1.58.1.</p>
<p>Features:</p>
<ul>
<li>Generalized temporary files: <code>NamedTempFile</code> can now
abstract over different kinds of files (e.g.,
unix domain sockets, pipes, etc.):
<ul>
<li>Add <code>Builder::make</code> and <code>Builder::make_in</code> for
generalized temp file
creation.</li>
<li>Add <code>NamedTempFile::from_parts</code> to complement
<code>NamedTempFile::into_parts</code>.</li>
<li>Add generic parameter to <code>NamedTempFile</code> to support
wrapping non-File types.</li>
</ul>
</li>
</ul>
<p>Bug Fixes/Improvements:</p>
<ul>
<li>Don't try to create a temporary file multiple times if the file path
has been fully specified by
the user (no random characters).</li>
<li><code>NamedTempFile::persist_noclobber</code> is now always atomic
on linux when <code>renameat_with</code> is
supported. Previously, it would first link the new path, then unlink the
previous path.</li>
<li>Fix compiler warnings on windows.</li>
</ul>
<p>Trivia:</p>
<ul>
<li>Switch from <code>libc</code> to <code>rustix</code> on wasi/unix.
This now makes direct syscalls instead of calling
through libc.</li>
<li>Remove <code>remove_dir_all</code> dependency. The rust standard
library has optimized their internal version
significantly.</li>
<li>Switch to official windows-sys windows bindings.</li>
</ul>
<p>Breaking:</p>
<ul>
<li>The minimum rust version is now <code>1.48.0</code>.</li>
<li>Mark most functions as <code>must_use</code>.</li>
<li>Uses direct syscalls on linux by default, instead of libc.</li>
<li>The new type parameter in <code>NamedTempFile</code> may lead to
type inference issues in some cases.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/Stebalien/tempfile/commits">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tempfile&package-manager=cargo&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
dependabot[bot] 2023-03-05 19:31:43 -08:00 committed by GitHub
parent a4952bc029
commit df60793e3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 15 deletions

18
Cargo.lock generated
View File

@ -4282,15 +4282,6 @@ version = "0.6.27"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a3f87b73ce11b1619a3c6332f45341e0047173771e8b8b73f87bfeefb7b56244"
[[package]]
name = "remove_dir_all"
version = "0.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"
dependencies = [
"winapi",
]
[[package]]
name = "retain_mut"
version = "0.1.9"
@ -5118,16 +5109,15 @@ dependencies = [
[[package]]
name = "tempfile"
version = "3.3.0"
version = "3.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4"
checksum = "af18f7ae1acd354b992402e9ec5864359d693cd8a79dcbef59f76891701c1e95"
dependencies = [
"cfg-if",
"fastrand",
"libc",
"redox_syscall",
"remove_dir_all",
"winapi",
"rustix 0.36.8",
"windows-sys 0.42.0",
]
[[package]]

View File

@ -90,7 +90,7 @@ atty = "0.2"
[dev-dependencies]
nu-test-support = { path = "./crates/nu-test-support", version = "0.76.1" }
tempfile = "3.2.0"
tempfile = "3.4.0"
assert_cmd = "2.0.2"
criterion = "0.4"
pretty_assertions = "1.0.0"