Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the cargo group with 8 updates #12

Open
wants to merge 1 commit into
base: dev-v1
Choose a base branch
from
Open

Bump the cargo group with 8 updates #12

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Nov 5, 2024

Bumps the cargo group with 8 updates:

Package From To
sqlx 0.5.13 0.6.3
h2 0.3.21 0.3.26
mio 0.8.9 0.8.11
rustls 0.19.1 0.20.9
snow 0.9.3 0.9.6
webpki 0.21.4 0.22.4
whoami 1.4.1 1.5.2
zerocopy 0.7.20 0.7.35

Updates sqlx from 0.5.13 to 0.6.3

Changelog

Sourced from sqlx's changelog.

0.6.3 - 2023-03-21

This is a hotfix to address the breakage caused by transitive dependencies upgrading to syn = "2".

We set default-features = false for our dependency on syn = "1" to be good crates.io citizens, but failed to enable the features we actually used, which went undetected because we transitively depended on syn with the default features enabled through other crates, and so they were also on for us because features are additive.

When those other dependencies upgraded to syn = "2" it was no longer enabling those features for us, and so compilation broke for projects that don't also depend on syn = "1", transitively or otherwise.

There is no PR for this fix as there was no longer a dedicated development branch for 0.6, but discussion can be found in [issue #2418].

As of this release, the 0.7 release is in alpha and so development is no longer occurring against 0.6. This fix will be forward-ported to 0.7.

[issue #2418]: launchbadge/sqlx#2418

0.6.2 - 2022-09-14

[25 pull requests][0.6.2-prs] were merged this release cycle.

Added

  • [#1081]: Add try_from attribute for FromRow derive [[@​zzhengzhuo]]
    • Exemplifies "out of sight, out of mind." It's surprisingly easy to forget about PRs when they get pushed onto the second page. We'll be sure to clean out the backlog for 0.7.0.
  • [#2014]: Support additional SQLCipher options in SQLite driver. [[@​szymek156]]
  • [#2052]: Add issue templates [[@​abonander]]
  • [#2053]: Add documentation for IpAddr support in Postgres [[@​rakshith-ravi]]
  • [#2062]: Add extension support for SQLite [[@​bradfier]]
  • [#2063]: customizable db locking during migration [[@​fuzzbuck]]

Changed

Fixed

... (truncated)

Commits
  • bb064e3 chore: CHANGELOG entry for 0.6.3
  • c6f8a41 fix: non-binding let in SQLite driver
  • 7d4333e fix(ci): backport change enabling CI on *-dev
  • 2ab9156 0.6.3 hotfix: don't rely on transitive deps enabling syn features
  • ef17af3 fix: cannot publish with wildcard dep
  • b6cddcd prepare 0.6.2 release (#2092)
  • 8fca760 Sqlite explain plan log efficiency (#2091)
  • f38c739 fix: make begin,commit,rollback cancel-safe in sqlite (#2054) (#2057)
  • 09717e1 fix: Remove default chrono dep on time for sqlx-cli (#2089)
  • 5e56da8 fix: ensure migration progress is not lost for PG, mysql and sqlite (#1991)
  • Additional commits viewable in compare view

Updates h2 from 0.3.21 to 0.3.26

Release notes

Sourced from h2's releases.

v0.3.26

What's Changed

  • Limit number of CONTINUATION frames for misbehaving connections.

See https://seanmonstar.com/blog/hyper-http2-continuation-flood/ for more info.

v0.3.25

What's Changed

Full Changelog: hyperium/h2@v0.3.24...v0.3.25

v0.3.24

Fixed

  • Limit error resets for misbehaving connections.

v0.3.23

What's Changed

v0.3.22

What's Changed

  • Add header_table_size(usize) option to client and server builders.
  • Improve throughput when vectored IO is not available.
  • Update indexmap to 2.

New Contributors

Changelog

Sourced from h2's changelog.

0.3.26 (April 3, 2024)

  • Limit number of CONTINUATION frames for misbehaving connections.

0.3.25 (March 15, 2024)

  • Improve performance decoding many headers.

0.3.24 (January 17, 2024)

  • Limit error resets for misbehaving connections.

0.3.23 (January 10, 2024)

  • Backport fix from 0.4.1 for stream capacity assignment.

0.3.22 (November 15, 2023)

  • Add header_table_size(usize) option to client and server builders.
  • Improve throughput when vectored IO is not available.
  • Update indexmap to 2.
Commits

Updates mio from 0.8.9 to 0.8.11

Changelog

Sourced from mio's changelog.

0.8.11

0.8.10

Added

Commits

Updates rustls from 0.19.1 to 0.20.9

Commits
  • d1345fc Cargo: bump version v0.20.8 -> v0.20.9.
  • ba13bb5 Cargo: bump MSRV 1.57 -> 1.60.
  • 22b8f70 Remove calls to PhantomData::default
  • aae5f19 client: detect HRR with incorrect session_id
  • 43fb7be Regression test for echoing session id in HRR
  • 5e34398 server: echo client's session_id in HRR
  • 9b5bb50 Prepare 0.20.8
  • d4cf464 Use the enums exposed in 5dab6ed6 in tests
  • cba4d0c add a README for BoGo
  • b177e4c move doc(cfg(feature = …)) to original definitions (#1156)
  • Additional commits viewable in compare view

Updates snow from 0.9.3 to 0.9.6

Release notes

Sourced from snow's releases.

v0.9.6

  • Validate invalid PSK positions when building a Noise protocol.
  • Raise errors in various typos/mistakes in Noise patterns when parsing.
  • Deprecate the sodiumoxide backend, as that crate is no longer maintained. We may eventually migrate it to a maintaned version of the crate, but for now it's best to warn users.
  • Set a hard limit in read_message() in transport mode to 65535 to be fully compliant with the Noise specification.

Full Changelog: mcginty/snow@v0.9.5...v0.9.6

v0.9.5

This is a security release that fixes a logic flaw in decryption in TransportState (i.e. the stateful one), where the nonce could increase even when decryption failed, which can cause a desync between the sender and receiver, opening this up as a denial of service vector if the attacker has the ability to inject packets in the channel Noise is talking over.

More details can be found in the advisory: GHSA-7g9j-g5jg-3vv3

All users are encouraged to update.

v0.9.4

This is a dependency version bump release because a couple of important dependencies released new versions that needed a Cargo.toml bump:

  • ring 0.17
  • pqcrypto-kyber 0.8
  • aes-gcm 0.10
  • chacha20poly1305 0.10
Commits
  • a4be73f meta: v0.9.6 release
  • 9e53dcf TransportState: limit read_message size to 65535
  • faf0560 Deprecate sodiumoxide resolver
  • 308a24d Add warnings about multiple calls to same method in Builder
  • f280991 Error when extraneous parameters are included in string to parse
  • dbdcc48 Error on duplicate modifiers in parameter string
  • 8b1a819 Validate PSK index in pattern to avoid panic
  • 74e30cf meta: v0.9.5 release
  • 12e8ae5 Stateful nonce desync fix
  • 02c26b7 Remove clap from simple example
  • Additional commits viewable in compare view

Updates webpki from 0.21.4 to 0.22.4

Commits

Updates whoami from 1.4.1 to 1.5.2

Changelog

Sourced from whoami's changelog.

[1.5.2] - 2024-09-02

Changed

  • Updated redox_syscall to 0.5
  • Replace target_os = daku with daku cfg
  • Improved repository documentation

[1.5.1] - 2024-03-09

Fixed

  • Broken link in docs

[1.5.0] - 2024-03-03

Added

  • WASI support
  • Redox support
  • Fallible functions
    • whoami::fallible::devicename()
    • whoami::fallible::devicename_os()
    • whoami::fallible::distro()
    • whoami::fallible::hostname() - notably doesn't normalize to lowercase
    • whoami::fallible::realname()
    • whoami::fallible::realname_os()
    • whoami::fallible::username()
    • whoami::fallible::username_os()
  • whoami::Language
  • whoami::Country
  • whoami::langs()
  • whoami::fallible::account()
  • whoami::fallible::account_os()
  • whoami::DesktopEnv::is_gtk()
  • whoami::DesktopEnv::is_kde()

Removed

  • Generated device names that infer casing based on the hostname when the device name is not available - now returns the hostname unchanged
  • Partial (potentially unsound) support for Android, iOS, watchOS, tvOS, Fuchsia, Haiku, Solaris, and a few others. These targets now use the "fake" implementation.

Changed

  • Deprecated whoami::distro_os()
  • Deprecated whoami::hostname()
  • Deprecated whoami::hostname_os()

... (truncated)

Commits

Updates zerocopy from 0.7.20 to 0.7.35

Release notes

Sourced from zerocopy's releases.

v0.7.35

What's Changed

Full Changelog: google/zerocopy@v0.7.34...v0.7.35

v0.7.34

What's Changed

Full Changelog: google/zerocopy@v0.7.33...v0.7.34

v0.7.33

What's Changed

Full Changelog: google/zerocopy@v0.7.32...v0.7.33

v0.7.32

What's Changed

... (truncated)

Changelog

Sourced from zerocopy's changelog.

Changelog

Releases

We track releases and release notes using GitHub Releases.

Yanks and Regressions

0.2.2 through 0.2.8, 0.3.0 through 0.3.1, 0.4.0, 0.5.0, 0.6.0 through 0.6.5, 0.7.0 through 0.7.30

Security advisories for this bug have been published as RUSTSEC-2023-0074 and GHSA-3mv5-343c-w2qg.

In these versions, the Ref methods into_ref, into_mut, into_slice, and into_mut_slice were permitted in combination with the standard library cell::Ref and cell::RefMut types for Ref<B, T>'s B type parameter. These combinations are unsound, and may permit safe code to exhibit undefined behavior. Fixes have been published to each affected minor version which do not permit this code to compile.

See #716issue-716 for more details.

0.7.27, 0.7.28

These versions were briefly yanked due to a non-soundness regression reported in #672pull-672. After reconsidering our yanking policy in #679issue-679, we un-yanked these versions.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the cargo group with 8 updates
adf9fce 
Bumps the cargo group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [sqlx](https://github.com/launchbadge/sqlx) | `0.5.13` | `0.6.3` |
| [h2](https://github.com/hyperium/h2) | `0.3.21` | `0.3.26` |
| [mio](https://github.com/tokio-rs/mio) | `0.8.9` | `0.8.11` |
| [rustls](https://github.com/rustls/rustls) | `0.19.1` | `0.20.9` |
| [snow](https://github.com/mcginty/snow) | `0.9.3` | `0.9.6` |
| [webpki](https://github.com/briansmith/webpki) | `0.21.4` | `0.22.4` |
| [whoami](https://github.com/ardaku/whoami) | `1.4.1` | `1.5.2` |
| [zerocopy](https://github.com/google/zerocopy) | `0.7.20` | `0.7.35` |


Updates `sqlx` from 0.5.13 to 0.6.3
- [Changelog](https://github.com/launchbadge/sqlx/blob/main/CHANGELOG.md)
- [Commits](launchbadge/sqlx@v0.5.13...v0.6.3)

Updates `h2` from 0.3.21 to 0.3.26
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/v0.3.26/CHANGELOG.md)
- [Commits](hyperium/h2@v0.3.21...v0.3.26)

Updates `mio` from 0.8.9 to 0.8.11
- [Release notes](https://github.com/tokio-rs/mio/releases)
- [Changelog](https://github.com/tokio-rs/mio/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/mio@v0.8.9...v0.8.11)

Updates `rustls` from 0.19.1 to 0.20.9
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.19.1...v/0.20.9)

Updates `snow` from 0.9.3 to 0.9.6
- [Release notes](https://github.com/mcginty/snow/releases)
- [Commits](mcginty/snow@v0.9.3...v0.9.6)

Updates `webpki` from 0.21.4 to 0.22.4
- [Commits](https://github.com/briansmith/webpki/commits)

Updates `whoami` from 1.4.1 to 1.5.2
- [Changelog](https://github.com/ardaku/whoami/blob/v1/CHANGELOG.md)
- [Commits](ardaku/whoami@v1.4.1...v1.5.2)

Updates `zerocopy` from 0.7.20 to 0.7.35
- [Release notes](https://github.com/google/zerocopy/releases)
- [Changelog](https://github.com/google/zerocopy/blob/main/CHANGELOG.md)
- [Commits](google/zerocopy@v0.7.20...v0.7.35)

---
updated-dependencies:
- dependency-name: sqlx
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: h2
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: mio
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rustls
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: snow
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: webpki
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: whoami
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: zerocopy
  dependency-type: indirect
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants