Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump mio from 0.8.4 to 0.8.11 #338

Merged
merged 1 commit into from
Mar 5, 2024
Merged

Bump mio from 0.8.4 to 0.8.11 #338

merged 1 commit into from
Mar 5, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 4, 2024

Bumps mio from 0.8.4 to 0.8.11.

Changelog

Sourced from mio's changelog.

0.8.11

0.8.10

Added

0.8.9

Added

Fixed

0.8.8

Fixed

0.8.7

Added

  • Add/fix support for tvOS and watchOS, Mio should now build for tvOS and

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump mio from 0.8.4 to 0.8.11
2312532 
Bumps [mio](https://github.com/tokio-rs/mio) from 0.8.4 to 0.8.11.
- [Release notes](https://github.com/tokio-rs/mio/releases)
- [Changelog](https://github.com/tokio-rs/mio/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/mio@v0.8.4...v0.8.11)

---
updated-dependencies:
- dependency-name: mio
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Mar 4, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 4, 2024

[puLL-Merge] - tokio-rs/[email protected]

Description

This pull request modifies the Mio library, focusing on various files across the system, network, and tests modules. It includes enhancements, bug fixes, and refactoring to improve code readability, performance, and compatibility across different platforms such as Unix, Windows, and WebAssembly Interface (WASI).

Changes

Changes

  • System Module (sys):

    • Updates to TCP, UDP, AFD, IOCP, Waker, and Selector implementations across different OS-specific modules like Unix and Windows.
    • Modifications include adding support for out-of-band (OOB) data in TCP streams, graceful handling of socket closure and error states, and refactoring the event loop mechanism for efficiency and reliability.

  • Network Module (net):

    • Enhancements to TCP and UDP socket handling, including better support for non-blocking operations, socket option adjustments, and error handling improvements.
    • Added new functionality for Unix domain sockets (UDS), improving the API for binding, connecting, and managing UDS endpoints.

  • Tests Module (tests):

    • Comprehensive updates to test cases to cover the recent changes in system and network modules.
    • Addition of new tests for recently implemented features such as OOB data handling in TCP and Unix domain socket enhancements.

Security Hotspots

  • sys/unix/waker.rs and sys/windows/waker.rs:

    • These changes introduce modifications to the event notification mechanism, which is critical for the security and stability of asynchronous operations. Special attention should be paid to ensure that the wake-up signals do not produce any race conditions or deadlocks, particularly in multi-threaded environments.

  • net/udp.rs and net/tcp.rs:

    • Modifications in socket option handling could potentially introduce vulnerabilities if not correctly managed, especially concerning the BIND operation's security implications on Unix domain sockets and IP sockets.

  • test modules:

    • While not directly a security concern, ensuring the robustness and coverage of tests is crucial for identifying potential vulnerabilities early in the development process.

@antonok-edm antonok-edm merged commit 2948b35 into master Mar 5, 2024
6 of 7 checks passed
@antonok-edm antonok-edm deleted the dependabot/cargo/mio-0.8.11 branch March 5, 2024 02:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antonok-edm antonok-edm Awaiting requested review from antonok-edm

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file puLL-Merge rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@antonok-edm