Skip to content

build(deps): bump tempfile from 3.8.1 to 3.17.1 #157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

build(deps): bump tempfile from 3.8.1 to 3.17.1 #157

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 17, 2025

Bumps tempfile from 3.8.1 to 3.17.1.

Changelog

Sourced from tempfile's changelog.

3.17.1

  • Fix build with windows-sys 0.52. Unfortunately, we have no CI for older windows-sys versions at the moment...

3.17.0

  • Make sure to use absolute paths in when creating unnamed temporary files (avoids a small race in the "immediate unlink" logic) and in Builder::make_in (when creating temporary files of arbitrary types).
  • Prevent a theoretical crash that could (maybe) happen when a temporary file is created from a drop function run in a TLS destructor. Nobody has actually reported a case of this happening in practice and I have been unable to create this scenario in a test.
  • When reseeding with getrandom, use platform (e.g., CPU) specific randomness sources where possible.
  • Clarify some documentation.
  • Unlink unnamed temporary files on windows immediately when possible instead of waiting for the handle to be closed. We open files with "Unix" semantics, so this is generally possible.

3.16.0

  • Update getrandom to 0.3.0 (thanks to @​paolobarbolini).
  • Allow windows-sys versions 0.59.x in addition to 0.59.0 (thanks @​ErichDonGubler).
  • Improved security documentation (thanks to @​n0toose for collaborating with me on this).

3.15.0

Re-seed the per-thread RNG from system randomness when we repeatedly fail to create temporary files (#314). This resolves a potential DoS vector (#178) while avoiding getrandom in the common case where it's necessary. The feature is optional but enabled by default via the getrandom feature.

For libc-free builds, you'll either need to disable this feature or opt-in to a different getrandom backend.

3.14.0

  • Make the wasip2 target work (requires tempfile's "nightly" feature to be enabled). #305.
  • Allow older windows-sys versions #304.

3.13.0

  • Add with_suffix constructors for easily creating new temporary files with a specific suffix (e.g., a specific file extension). Thanks to @​Borgerr.
  • Update dependencies (fastrand & rustix).

3.12.0

  • Add a keep(keep: bool) function to builder that suppresses delete-on-drop behavior (thanks to @​RalfJung).
  • Update windows-sys from 0.52 to 0.59.

3.11.0

  • Add the ability to override the default temporary directory. This API shouldn't be used in general, but there are some cases where it's unavoidable.

3.10.1

  • Handle potential integer overflows in 32-bit systems when seeking/truncating "spooled" temporary files past 4GiB (2³²).
  • Handle a theoretical 32-bit overflow when generating a temporary file name larger than 4GiB. Now it'll panic (on allocation failure) rather than silently succeeding due to wraparound.

Thanks to @​stoeckmann for finding and fixing both of these issues.

... (truncated)

Commits
  • 714a259 chore: release 3.17.1
  • 78309ed fix: cast handle to the windows crate HANDLE (#332)
  • 6e7d167 chore: release 3.17.0
  • 3718075 doc: remove incorrect documentation about windows and open files
  • 461369f feat: delete unnamed temporary files on windows immediately
  • 78d30a2 doc: clarify "inner file will be deleted" documentation (#329)
  • 0fe11c4 doc: document how to "keep" temporary files/dirs after creation (#328)
  • 35e0629 feat: simplify getrandom call (#325)
  • 1e5059f fix: handle TLS deallocation (#324)
  • c7b2e1a chore: simplify reborrow
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump tempfile from 3.8.1 to 3.17.1
05e0283 
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.8.1 to 3.17.1.
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](Stebalien/tempfile@v3.8.1...v3.17.1)

---
updated-dependencies:
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Feb 17, 2025
@dependabot dependabot bot mentioned this pull request Feb 17, 2025
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 6, 2025

Superseded by #160.

@dependabot dependabot bot closed this Mar 6, 2025
@dependabot dependabot bot deleted the dependabot/cargo/tempfile-3.17.1 branch March 6, 2025 23:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant