Merge #1309
1309: build(deps): bump tempfile from 3.3.0 to 3.4.0 r=delta1 a=dependabot[bot] Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.3.0 to 3.4.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Stebalien/tempfile/blob/master/NEWS">tempfile's changelog</a>.</em></p> <blockquote> <h1>3.4.0</h1> <p>SECURITY: Prior <code>tempfile</code> releases depended on <code>remove_dir_all</code> version 0.5.0 which was vulnerabiel to a <a href="https://github.com/XAMPPRocky/remove_dir_all/security/advisories/GHSA-mc8h-8q98-g5hr">TOCTOU race</a>. This same race is present in rust versions prior to 1.58.1.</p> <p>Features:</p> <ul> <li>Generalized temporary files: <code>NamedTempFile</code> can now abstract over different kinds of files (e.g., unix domain sockets, pipes, etc.): <ul> <li>Add <code>Builder::make</code> and <code>Builder::make_in</code> for generalized temp file creation.</li> <li>Add <code>NamedTempFile::from_parts</code> to complement <code>NamedTempFile::into_parts</code>.</li> <li>Add generic parameter to <code>NamedTempFile</code> to support wrapping non-File types.</li> </ul> </li> </ul> <p>Bug Fixes/Improvements:</p> <ul> <li>Don't try to create a temporary file multiple times if the file path has been fully specified by the user (no random characters).</li> <li><code>NamedTempFile::persist_noclobber</code> is now always atomic on linux when <code>renameat_with</code> is supported. Previously, it would first link the new path, then unlink the previous path.</li> <li>Fix compiler warnings on windows.</li> </ul> <p>Trivia:</p> <ul> <li>Switch from <code>libc</code> to <code>rustix</code> on wasi/unix. This now makes direct syscalls instead of calling through libc.</li> <li>Remove <code>remove_dir_all</code> dependency. The rust standard library has optimized their internal version significantly.</li> <li>Switch to official windows-sys windows bindings.</li> </ul> <p>Breaking:</p> <ul> <li>The minimum rust version is now <code>1.48.0</code>.</li> <li>Mark most functions as <code>must_use</code>.</li> <li>Uses direct syscalls on linux by default, instead of libc.</li> <li>The new type parameter in <code>NamedTempFile</code> may lead to type inference issues in some cases.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Stebalien/tempfile/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tempfile&package-manager=cargo&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting ``@dependabot` rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - ``@dependabot` rebase` will rebase this PR - ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it - ``@dependabot` merge` will merge this PR after your CI passes on it - ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it - ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging - ``@dependabot` reopen` will reopen this PR if it is closed - ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>pull/1312/head
commit
f678f43a24
Loading…
Reference in New Issue