Skip to content

Commit 3b1639e

Browse files
sjoerdsimonssjoerdsimons
authored
Bump tempfile from 3.10.1 to 3.15.0 (#71)
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.10.1 to 3.15.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md">tempfile's changelog</a>.</em></p> <blockquote> <h2>3.15.0</h2> <p>Re-seed the per-thread RNG from system randomness when we repeatedly fail to create temporary files (<a href="https://redirect.github.com/Stebalien/tempfile/issues/314">#314</a>). This resolves a potential DoS vector (<a href="https://redirect.github.com/Stebalien/tempfile/issues/178">#178</a>) while avoiding <code>getrandom</code> in the common case where it's necessary. The feature is optional but enabled by default via the <code>getrandom</code> feature.</p> <p>For libc-free builds, you'll either need to disable this feature or opt-in to a different <a href="https://github.com/rust-random/getrandom?tab=readme-ov-file#opt-in-backends"><code>getrandom</code> backend</a>.</p> <h2>3.14.0</h2> <ul> <li>Make the wasip2 target work (requires tempfile's &quot;nightly&quot; feature to be enabled). <a href="https://redirect.github.com/Stebalien/tempfile/pull/305">#305</a>.</li> <li>Allow older windows-sys versions <a href="https://redirect.github.com/Stebalien/tempfile/pull/304">#304</a>.</li> </ul> <h2>3.13.0</h2> <ul> <li>Add <code>with_suffix</code> constructors for easily creating new temporary files with a specific suffix (e.g., a specific file extension). Thanks to <a href="https://github.com/Borgerr"><code>@​Borgerr</code></a>.</li> <li>Update dependencies (fastrand &amp; rustix).</li> </ul> <h2>3.12.0</h2> <ul> <li>Add a <code>keep(keep: bool)</code> function to builder that suppresses delete-on-drop behavior (thanks to <a href="https://github.com/RalfJung"><code>@​RalfJung</code></a>).</li> <li>Update <code>windows-sys</code> from 0.52 to 0.59.</li> </ul> <h2>3.11.0</h2> <ul> <li>Add the ability to override the default temporary directory. This API shouldn't be used in general, but there are some cases where it's unavoidable.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Stebalien/tempfile/commit/e7a40e3731c609a06fe959c88e8f681e31f17079"><code>e7a40e3</code></a> Release v3.15.0</li> <li><a href="https://github.com/Stebalien/tempfile/commit/ea45f476d72c89ced3b978fa30de8ef648183cb7"><code>ea45f47</code></a> feat: re-seed from system randomness on collision (<a href="https://redirect.github.com/Stebalien/tempfile/issues/314">#314</a>)</li> <li><a href="https://github.com/Stebalien/tempfile/commit/16209da6e651577860f65ff0179ddb7ad071b780"><code>16209da</code></a> Fix link to ticket in changelog (<a href="https://redirect.github.com/Stebalien/tempfile/issues/310">#310</a>)</li> <li><a href="https://github.com/Stebalien/tempfile/commit/ae22b273a1bb539018c748f1613a8f2ca29038c4"><code>ae22b27</code></a> docs: add owasp link on insecure temporary files (<a href="https://redirect.github.com/Stebalien/tempfile/issues/309">#309</a>)</li> <li><a href="https://github.com/Stebalien/tempfile/commit/b232c584c89de0793361e04945f8acd3c35af879"><code>b232c58</code></a> chore: release 3.14.0 (<a href="https://redirect.github.com/Stebalien/tempfile/issues/307">#307</a>)</li> <li><a href="https://github.com/Stebalien/tempfile/commit/a23f396ede61a989ed48c1906c07f20d03d04ff2"><code>a23f396</code></a> fix: enable wasip2 feature for wasm32-wasip2 target (<a href="https://redirect.github.com/Stebalien/tempfile/issues/305">#305</a>)</li> <li><a href="https://github.com/Stebalien/tempfile/commit/f162807fdba5c4fa99c9725e8e3ffcb74fe07450"><code>f162807</code></a> ci: switch from cargo-wasi to directly using the wasip1 target (<a href="https://redirect.github.com/Stebalien/tempfile/issues/306">#306</a>)</li> <li><a href="https://github.com/Stebalien/tempfile/commit/fa8ad0090413475cce8402044a06e724ffc6be0e"><code>fa8ad00</code></a> allow older windows-sys (<a href="https://redirect.github.com/Stebalien/tempfile/issues/304">#304</a>)</li> <li><a href="https://github.com/Stebalien/tempfile/commit/335d91d538953bb535f0839f4daced8d008d1dab"><code>335d91d</code></a> fix: expose SpooledData enum (<a href="https://redirect.github.com/Stebalien/tempfile/issues/301">#301</a>)</li> <li><a href="https://github.com/Stebalien/tempfile/commit/a354f8cb118004cb0c4c6b6aa6bb351e6c191b96"><code>a354f8c</code></a> chore: release 3.13.0</li> <li>Additional commits viewable in <a href="https://github.com/Stebalien/tempfile/compare/v3.10.1...v3.15.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tempfile&package-manager=cargo&previous-version=3.10.1&new-version=3.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
2 parents 83dbeca + 91c74bf commit 3b1639e

File tree

2 files changed

+15
-13
lines changed

2 files changed

+15
-13
lines changed

Cargo.lock

Lines changed: 14 additions & 12 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

gitlab-runner/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ zip = "2.2.2"
2525
pin-project = "1.0.7"
2626
futures = "0.3.15"
2727
async-trait = "0.1.50"
28-
tempfile = "3.2.0"
28+
tempfile = "3.15.0"
2929
parking_lot = "0.12.0"
3030
tracing-subscriber = "0.3.10"
3131
tracing = "0.1.40"

0 commit comments

Comments
 (0)