Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update all non-major dependencies #56

Merged
merged 1 commit into from
Dec 25, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 29, 2023

Mend Renovate

This PR contains the following updates:

Package Type Update Change
anyhow dependencies patch 1.0.70 -> 1.0.76
anyhow dev-dependencies patch 1.0.70 -> 1.0.76
chrono dependencies patch 0.4.24 -> 0.4.31
clap dependencies minor 4.2.5 -> 4.4.11
futures (source) dependencies patch 0.3.28 -> 0.3.30
itertools dependencies minor 0.10.5 -> 0.12.0
num_cpus dependencies minor 1.15.0 -> 1.16.0
once_cell dependencies minor 1.17.1 -> 1.19.0
percent-encoding dependencies minor 2.2.0 -> 2.3.1
regex dependencies minor 1.8.1 -> 1.10.2
serde (source) dependencies patch 1.0.160 -> 1.0.193
serde_json dependencies patch 1.0.96 -> 1.0.108
sqlx dependencies minor 0.6.3 -> 0.7.3
thiserror dependencies patch 1.0.40 -> 1.0.52
tokio (source) dependencies minor 1.28.0 -> 1.35.1
tokio (source) dev-dependencies minor 1.28.0 -> 1.35.1
toml dependencies minor 0.7.3 -> 0.8.8
toml_edit dependencies minor 0.19.8 -> 0.21.0
tracing (source) dependencies patch 0.1.38 -> 0.1.40
tracing-subscriber (source) dev-dependencies patch 0.3.17 -> 0.3.18

Release Notes

dtolnay/anyhow (anyhow)

v1.0.76

Compare Source

  • Opt in to unsafe_op_in_unsafe_fn lint (#​329)

v1.0.75

Compare Source

v1.0.74

Compare Source

v1.0.73

Compare Source

v1.0.72

Compare Source

  • Documentation improvements

v1.0.71

Compare Source

  • Documentation improvements
chronotope/chrono (chrono)

v0.4.31: 0.4.31

Compare Source

Another maintenance release.
It was not a planned effort to improve our support for UNIX timestamps, yet most PRs seem related to this.

Deprecations
  • Deprecate timestamp_nanos in favor of the non-panicking timestamp_nanos_opt (#​1275)
Additions
Fixes
  • Format day of month in RFC 2822 without padding (#​1272)
  • Don't allow strange leap seconds which are not on a minute boundary initialization methods (#​1283)
    This makes many methods a little more strict:
    • NaiveTime::from_hms_milli
    • NaiveTime::from_hms_milli_opt
    • NaiveTime::from_hms_micro
    • NaiveTime::from_hms_micro_opt
    • NaiveTime::from_hms_nano
    • NaiveTime::from_hms_nano_opt
    • NaiveTime::from_num_seconds_from_midnight
    • NaiveTime::from_num_seconds_from_midnight_opt
    • NaiveDate::and_hms_milli
    • NaiveDate::and_hms_milli_opt
    • NaiveDate::and_hms_micro
    • NaiveDate::and_hms_micro_opt
    • NaiveDate::and_hms_nano
    • NaiveDate::and_hms_nano_opt
    • NaiveDateTime::from_timestamp
    • NaiveDateTime::from_timestamp_opt
    • TimeZone::timestamp
    • TimeZone::timestamp_opt
  • Fix underflow in NaiveDateTime::timestamp_nanos_opt (#​1294, thanks @​crepererum)
Documentation
  • Add more documentation about the RFC 2822 obsolete date format (#​1267)
Internal
  • Remove internal __doctest feature and doc_comment dependency (#​1276)
  • CI: Bump actions/checkout from 3 to 4 (#​1280)
  • Optimize NaiveDate::add_days for small values (#​1214)
  • Upgrade pure-rust-locales to 0.7.0 (#​1288, thanks @​jeremija wo did good improvements on pure-rust-locales)

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.30: 0.4.30

Compare Source

In this release, we have decided to swap out the chrono::Duration type (which has been a re-export of time 0.1 Duration type) with our own definition, which exposes a strict superset of the time::Duration API. This helps avoid warnings about the CVE-2020-26235 and RUSTSEC-2020-0071 advisories for downstream users and allows us to improve the Duration API going forward.

While this is technically a SemVer-breaking change, we expect the risk of downstream users experiencing actual incompatibility to be exceedingly limited (see our analysis of public code using a crater-like experiment), and not enough justification for the large ecosystem churn of a 0.5 release. If you have any feedback on these changes, please let us know in #​1268.

Additions
Documentation

Relation between chrono and time 0.1

Rust first had a time module added to std in its 0.7 release. It later moved to libextra, and then to a libtime library shipped alongside the standard library. In 2014 work on chrono started in order to provide a full-featured date and time library in Rust. Some improvements from chrono made it into the standard library; notably, chrono::Duration was included as std::time::Duration (rust#15934) in 2014.

In preparation of Rust 1.0 at the end of 2014 libtime was moved out of the Rust distro and into the time crate to eventually be redesigned (rust#18832, rust#18858), like the num and rand crates. Of course chrono kept its dependency on this time crate. time started re-exporting std::time::Duration during this period. Later, the standard library was changed to have a more limited unsigned Duration type (rust#24920, RFC 1040), while the time crate kept the full functionality with time::Duration. time::Duration had been a part of chrono's public API.

By 2016 time 0.1 lived under the rust-lang-deprecated organisation and was not actively maintained (time#136). chrono absorbed the platform functionality and Duration type of the time crate in chrono#478 (the work started in chrono#286). In order to preserve compatibility with downstream crates depending on time and chrono sharing a Duration type, chrono kept depending on time 0.1. chrono offered the option to opt out of the time dependency by disabling the oldtime feature (swapping it out for an effectively similar chrono type). In 2019, @​jhpratt took over maintenance on the time crate and released what amounts to a new crate as time 0.2.

Security advisories

In November of 2020 CVE-2020-26235 and RUSTSEC-2020-0071 were opened against the time crate. @​quininer had found that calls to localtime_r may be unsound (chrono#499). Eventually, almost a year later, this was also made into a security advisory against chrono as RUSTSEC-2020-0159, which had platform code similar to time.

On Unix-like systems a process is given a timezone id or description via the TZ environment variable. We need this timezone data to calculate the current local time from a value that is in UTC, such as the time from the system clock. time 0.1 and chrono used the POSIX function localtime_r to do the conversion to local time, which reads the TZ variable.

Rust assumes the environment to be writable and uses locks to access it from multiple threads. Some other programming languages and libraries use similar locking strategies, but these are typically not shared across languages. More importantly, POSIX declares modifying the environment in a multi-threaded process as unsafe, and getenv in libc can't be changed to take a lock because it returns a pointer to the data (see rust#27970 for more discussion).

Since version 4.20 chrono no longer uses localtime_r, instead using Rust code to query the timezone (from the TZ variable or via iana-time-zone as a fallback) and work with data from the system timezone database directly. The code for this was forked from the tz-rs crate by @​x-hgg-x. As such, chrono now respects the Rust lock when reading the TZ environment variable. In general, code should avoid modifying the environment.

Removing time 0.1

Because time 0.1 has been unmaintained for years, however, the security advisory mentioned above has not been addressed. While chrono maintainers were careful not to break backwards compatibility with the time::Duration type, there has been a long stream of issues from users inquiring about the time 0.1 dependency with the vulnerability. We investigated the potential breakage of removing the time 0.1 dependency in chrono#1095 using a crater-like experiment and determined that the potential for breaking (public) dependencies is very low. We reached out to those few crates that did still depend on compatibility with time 0.1.

As such, for chrono 0.4.30 we have decided to swap out the time 0.1 Duration implementation for a local one that will offer a strict superset of the existing API going forward. This will prevent most downstream users from being affected by the security vulnerability in time 0.1 while minimizing the ecosystem impact of semver-incompatible version churn.

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.29: 0.4.29

Compare Source

This release fixes a panic introduced in chrono 0.4.27 in FromStr<DateTime<Utc>> (#​1253).

Chrono now has a Discord channel.

Fixes

  • Fix arbitrary string slicing in parse_rfc3339_relaxed (#​1254)

Deprecations

  • Deprecate TimeZone::datetime_from_str (#​1251)

Documentation

Internal improvements

  • Revert "add test_issue_866" (#​1238)
  • CI: run tests on i686 and wasm32-wasi (#​1237)
  • CI: Include doctests for code coverage (#​1248)
  • Move benchmarks to a separate crate (#​1243)
    This allows us to upgrade the criterion dependency to 5.1 without changing our MSRV.
  • Add Discord link to README (#​1240, backported in #​1256)

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.28: 0.4.28

Compare Source

This release fixes a test failure on 32-bit targets introduced with 0.4.27, see https://github.com/chronotope/chrono/issues/1234.

v0.4.27: 0.4.27

Compare Source

This release bumps the MSRV from 1.56 to 1.57. This allows us to take advantage of the panicking in const feature. In this release most methods on NaiveDate and NaiveTime are made const, NaiveDateTime and others will follow in a later release.

The parser for the %+ formatting specifier and the RFC3339 formatting item is switched from a strict to a relaxed parser (see https://github.com/chronotope/chrono/pull/1145). This matches the existing documentation, and the parser used by DateTime::from_str. If you need to validate the input, consider using DateTime::from_rfc3339.

Deprecations

Additions

Fixes

Documentation

Internal improvements

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.26: 0.4.26

Compare Source

The changes from #​807 we merged for 0.4.25 unfortunately restricted parsing in a way that was incompatible with earlier 0.4.x releases. We reverted this in #​1113. A small amount of other changes were merged since.

Thanks on behalf of the chrono team (@​djc and @​esheppa) to all contributors!

v0.4.25: 0.4.25

Compare Source

Time for another maintenance release. This release bumps the MSRV to 1.56; given MSRV bumps in chrono's dependencies (notably for syn 2), we felt that it no longer made sense to support any older versions. Feedback welcome in our issue tracker!

Additions

Fixes

Refactoring

Documentation

Internal improvements

On behalf of @​djc and @​esheppa, thanks to all contributors!

clap-rs/clap (clap)

v4.4.11

Compare Source

Features
  • Add Command::mut_group

v4.4.10

Compare Source

Documentation
  • Link out to changelog
  • Cross link derive's attribute reference to derive tutorial

v4.4.9

Compare Source

Fixes
  • (help) Show correct Command::about under flattened headings
  • (help) Respect hide when flattening subcommands

v4.4.8

Compare Source

Features
  • Add Command::flatten_help to allow git stash -h like help for subcommands

v4.4.7

Compare Source

Performance
  • Reduced code size

v4.4.6

Compare Source

Internal
  • Upgrade anstream

v4.4.5

Compare Source

Fixes
  • (parser) When inferring subcommand name or long_flag, allow ambiguous-looking matches that unambiguously map back to the same command
  • (parser) When inferring subcommand long_flag, don't panic
  • (assert) Clarify what action is causing a positional that doesn't set values which is especially useful for derive users

v4.4.4

Compare Source

Internal
  • Update terminal_size to 0.3

v4.4.3

Compare Source

Documentation
  • (derive) Clarify use of attributes within the tutorial
  • Split sections in the builder and derive tutorials into separate modules

v4.4.2

Compare Source

Performance
  • Improve build times by removing once_cell dependency

v4.4.1

Compare Source

Features
  • Add Command::mut_group

v4.4.0

Compare Source

Compatibility
  • Update MSRV to 1.70.0

v4.3.24

Compare Source

Fixes
  • Ensure column padding is preserved in --help with custom templates

v4.3.23

Compare Source

Fixes
  • Fixed UnknownArgumentValueParser to not error on flag's absence

v4.3.22

Compare Source

Features
  • Add UnknownArgumentValueParser for injecting errors for improving the experience with errors

v4.3.21

Compare Source

Features
  • Expose TryMapValueParser so the type can be named

v4.3.20

Compare Source

Features
  • Command::mut_args for modifying all arguments en masse

v4.3.19

Compare Source

Fixes
  • (parse) Respect value_terminator even in the presence of later multiple-value positional arguments

v4.3.18

Compare Source

Fixes
  • (parse) Suggest -- in fewer places where it won't work

v4.3.17

Compare Source

Fixes
  • (help) Address a regression in wrapping PossibleValue descriptions in --help

v4.3.16

Compare Source

Fixes
  • Don't assert when stateful value parsers fail on defaults (e.g. checking if a path exists)

v4.3.15

Compare Source

Features
  • (unstable-styles) Re-export anstyle
Documentation
  • (unstable-styles) Provide more examples

v4.3.14

Compare Source

Features
  • ArgAction::HelpShort and ArgAction::HelpLong for explicitly specifying which style of help to display
Fixes
  • Skip [OPTIONS] in usage if a help or version ArgAction is used

v4.3.13

Compare Source

v4.3.12

Compare Source

Fixes
  • (derive) Don't error on enum variant field attributes

v4.3.11

Compare Source

Features
  • (derive) Support fields wrapped in num::Wrapping, Box, or Arc
  • (derive) Support Box<str>, Box<OsStr>, and Box<Path>

v4.3.10

Compare Source

Performance
  • Drop a dependency, reducing binary size by 1.3 KiB

v4.3.9

Compare Source

Fixes
  • Command::ignore_errors no longer masks help/version

v4.3.8

Compare Source

Fixes
  • Error on ambiguity with infer_long_arg, rather than arbitrarily picking one, matching the documentation and subcommand's behavior

v4.3.7

Compare Source

Documentation
  • Further clarify magic behavior in derive tutorial
  • Further clarify derive API's relationship to builder within the tutorial

v4.3.6

Compare Source

Documentation
  • Suggest clio

v4.3.5

Compare Source

  • ColorChoice::possible_values is added to simplify things for builder users
Fixes
  • ColorChoice::to_possible_value no longer includes descriptions, encouraging shorter help where possible

v4.3.4

Compare Source

Features
  • Add Error::exit_code

v4.3.3

Compare Source

Features
  • Command::defer for delayed initialization of subcommands to reduce startup times of large applications like deno

v4.3.2

Compare Source

Fixes
  • Ensure column padding is preserved in --help with custom templates

v4.3.1

Compare Source

Fixes
  • (parse) Respect value_terminator even in the presence of later multiple-value positional arguments

v4.3.0

Compare Source

Fixes
  • (assert) Allow multiple, value-terminated, positional arguments
  • (assert) Clear up language on last assertion
  • (parser) Correctly assign values to arguments when using multiple, value-termianted, positional arguments
  • (parser) Ensure value_terminator has higher precedence than allow_hyphen_values
  • (help) Only use next-line-help on subcommand list when explicitly specified, not just with --help
  • (help) Correctly align possible values list
  • (help) Don't waste code, vertical space in moving possible value descriptions to next line

v4.2.7

Compare Source

Fixes
  • Correctly track remaining length for iterators provided by ArgMatches

v4.2.6

Compare Source

Features
  • impl Eq<std::any::TypeId> for clap_builder::util::AnyValueId
rust-lang/futures-rs (futures)

v0.3.30

Compare Source

  • Add {BiLock,SplitStream,SplitSink,ReadHalf,WriteHalf}::is_pair_of (#​2797)
  • Fix panic in FuturesUnordered::clear (#​2809)
  • Fix panic in AsyncBufReadExt::fill_buf (#​2801, #​2812)
  • Improve support for targets without atomic CAS (#​2811)
  • Remove build scripts (#​2811)

v0.3.29

Compare Source

  • Add TryStreamExt::try_ready_chunks (#​2757)
  • Add TryStreamExt::{try_all,try_any} (#​2783)
  • Add UnboundedSender::{len,is_empty} (#​2750)
  • Fix Sync impl of FuturesUnordered (#​2788)
  • Fix infinite loop caused by invalid UTF-8 bytes (#​2785)
  • Fix build error with -Z minimal-versions (#​2761)
rust-itertools/itertools (itertools)

v0.12.0

Compare Source

Breaking
  • Made take_while_inclusive consume iterator by value (#​709)
  • Added Clone bound to Unique (#​777)
Added
  • Added Itertools::try_len (#​723)
  • Added free function sort_unstable (#​796)
  • Added GroupMap::fold_with (#​778, #​785)
  • Added PeekNth::{peek_mut, peek_nth_mut} (#​716)
  • Added PeekNth::{next_if, next_if_eq} (#​734)
  • Added conversion into (Option<A>,Option<B>) to EitherOrBoth (#​713)
  • Added conversion from Either<A, B> to EitherOrBoth<A, B> (#​715)
  • Implemented ExactSizeIterator for Tuples (#​761)
  • Implemented ExactSizeIterator for (Circular)TupleWindows (#​752)
  • Made EitherOrBoth<T> a shorthand for EitherOrBoth<T, T> (#​719)
Changed
  • Added missing #[must_use] annotations on iterator adaptors (#​794)
  • Made Combinations lazy (#​795)
  • Made Intersperse(With) lazy (#​797)
  • Made Permutations lazy (#​793)
  • Made Product lazy (#​800)
  • Made TupleWindows lazy (#​602)
  • Specialized Combinations::{count, size_hint} (#​729)
  • Specialized CombinationsWithReplacement::{count, size_hint} (#​737)
  • Specialized Powerset::fold (#​765)
  • Specialized Powerset::count (#​735)
  • Specialized TupleCombinations::{count, size_hint} (#​763)
  • Specialized TupleCombinations::fold (#​775)
  • Specialized WhileSome::fold (#​780)
  • Specialized WithPosition::fold (#​772)
  • Specialized ZipLongest::fold (#​774)
  • Changed {min, max}_set* operations require alloc feature, instead of std (#​760)
  • Improved documentation of tree_fold1 (#​787)
  • Improved documentation of permutations (#​724)
  • Fixed typo in documentation of multiunzip (#​770)
Notable Internal Changes

v0.11.0

Compare Source

Breaking
  • Make Itertools::merge_join_by also accept functions returning bool (#​704)
  • Implement PeekingNext transitively over mutable references (#​643)
  • Change with_position to yield (Position, Item) instead of Position<Item> (#​699)
Added
  • Add Itertools::take_while_inclusive (#​616)
  • Implement PeekingNext for PeekingTakeWhile (#​644)
  • Add EitherOrBoth::{just_left, just_right, into_left, into_right, as_deref, as_deref_mut, left_or_insert, right_or_insert, left_or_insert_with, right_or_insert_with, insert_left, insert_right, insert_both} (#​629)
  • Implement Clone for CircularTupleWindows (#​686)
  • Implement Clone for Chunks (#​683)
  • Add Itertools::process_results (#​680)
Changed

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot changed the title chore(deps): update rust crate anyhow to 1.0.71 chore(deps): update all non-major dependencies May 2, 2023
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 0cd578f to def961a Compare May 5, 2023 03:11
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 049a892 to 36590f1 Compare May 11, 2023 04:12
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 57624bd to cd340b9 Compare May 23, 2023 23:35
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from dbe870a to c73874a Compare May 30, 2023 20:56
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from e5e2443 to 2eeb142 Compare June 8, 2023 08:13
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 25778d7 to 7d1dbcc Compare June 16, 2023 06:24
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 0642380 to d354aba Compare June 23, 2023 22:24
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from 8e8e356 to 227b9d0 Compare October 30, 2023 19:54
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from a5f891a to 8c54403 Compare November 10, 2023 23:04
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 34f3c4e to 66c534a Compare November 14, 2023 20:00
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 1d34926 to bddad15 Compare November 27, 2023 18:58
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 2dcd7ed to d560aa4 Compare December 4, 2023 20:25
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from dd15b8f to 5d504f5 Compare December 9, 2023 00:01
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from e1ebfbf to cf46176 Compare December 21, 2023 01:25
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 5f20f71 to 9d2607b Compare December 25, 2023 19:59
@leo91000 leo91000 force-pushed the renovate/all-minor-patch branch from 9d2607b to 150cdad Compare December 25, 2023 20:45
@leo91000 leo91000 force-pushed the renovate/all-minor-patch branch from 150cdad to 2178620 Compare December 25, 2023 21:13
@leo91000 leo91000 merged commit 554a4c0 into main Dec 25, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant