Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update rust dependencies #428

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Dec 12, 2022

Mend Renovate

This PR contains the following updates:

Package Type Update Change
anyhow dependencies patch 1.0.66 -> 1.0.86
async-trait dependencies patch 0.1.59 -> 0.1.80
base64 dependencies minor 0.13.1 -> 0.22.0
byte-strings dependencies minor 0.2.2 -> 0.3.0
chrono dependencies patch 0.4.23 -> 0.4.38
ciborium dependencies patch 0.2.0 -> 0.2.2
clap dependencies patch 3.2.23 -> 3.2.25
ctrlc dependencies minor 3.2.3 -> 3.4.4
der-parser dependencies minor 8.1.0 -> 8.2.0
fastly dependencies minor ^0.8.9 -> ^0.10.0
form_urlencoded dependencies minor 1.1.0 -> 1.2.1
futures (source) dependencies patch 0.3.25 -> 0.3.30
getrandom dependencies patch 0.2.8 -> 0.2.15
http dependencies patch 0.2.8 -> 0.2.12
hyper (source) dependencies patch 0.14.23 -> 0.14.28
hyper-rustls dependencies minor 0.23.2 -> 0.27.0
hyper-tls (source) dependencies minor 0.5.0 -> 0.6.0
js-sys (source) dependencies patch 0.3.60 -> 0.3.69
log dependencies patch 0.4.17 -> 0.4.21
log-fastly dependencies minor 0.8.9 -> 0.10.0
lol_html dependencies minor 0.3.1 -> 0.4.0
lru dependencies minor 0.8.1 -> 0.12.0
nom dependencies patch 7.1.1 -> 7.1.3
once_cell dependencies minor 1.16.0 -> 1.19.0
p256 (source) dependencies minor 0.11.1 -> 0.13.0
pem (source) dependencies patch 1.1.0 -> 1.1.1
percent-encoding dependencies minor 2.2.0 -> 2.3.1
regex dependencies minor 1.7.0 -> 1.10.4
rustls dependencies minor 0.20.7 -> 0.23.0
rustls-pemfile dependencies patch 1.0.1 -> 1.0.4
serde (source) dependencies patch 1.0.149 -> 1.0.202
serde-wasm-bindgen dependencies minor 0.4.5 -> 0.6.0
serde_json dependencies patch 1.0.89 -> 1.0.117
serde_yaml dependencies patch 0.9.14 -> 0.9.34
sha1 dependencies patch 0.10.5 -> 0.10.6
sha2 dependencies patch 0.10.6 -> 0.10.8
thiserror dependencies patch 1.0.37 -> 1.0.61
tokio-rustls dependencies minor 0.23.4 -> 0.26.0
tokio-test (source) dev-dependencies patch 0.4.2 -> 0.4.4
toml dependencies minor 0.5.9 -> 0.8.0
url dependencies minor 2.3.1 -> 2.5.0
warp dependencies patch 0.3.3 -> 0.3.7
wasm-bindgen (source) dependencies patch 0.2.83 -> 0.2.92
wasm-bindgen-futures (source) dependencies patch 0.4.33 -> 0.4.42
web-sys (source) dependencies patch 0.3.60 -> 0.3.69
wrangler dependencies minor 1.19.13 -> 1.21.0
x509-parser dependencies minor 0.14.0 -> 0.16.0

Release Notes

dtolnay/anyhow (anyhow)

v1.0.86

Compare Source

  • Fix parse error in ensure! with non-literal after minus sign (#​373)

v1.0.85

Compare Source

  • Improve ensure! macro's rules to unblock some rustc pretty-printer improvements (#​368, #​371)

v1.0.84

Compare Source

  • Disallow calling ensure! through a Not impl for a type that is not bool (#​367)

v1.0.83

Compare Source

  • Integrate compile-time checking of cfgs (#​363)

v1.0.82

Compare Source

  • Documentation improvements

v1.0.81

Compare Source

  • Make backtrace support available when using -Dwarnings (#​354)

v1.0.80

Compare Source

  • Fix unused_imports warnings when compiled by rustc 1.78

v1.0.79

Compare Source

  • Work around improperly cached build script result by sccache (#​340)

v1.0.78

Compare Source

  • Reduce spurious rebuilds under RustRover IDE when using a nightly toolchain (#​337)

v1.0.77

Compare Source

v1.0.76

Compare Source

  • Opt in to unsafe_op_in_unsafe_fn lint (#​329)

v1.0.75

Compare Source

v1.0.74

Compare Source

v1.0.73

Compare Source

v1.0.72

Compare Source

  • Documentation improvements

v1.0.71

Compare Source

  • Documentation improvements

v1.0.70

Compare Source

  • Update syn dependency to 2.x

v1.0.69

Compare Source

  • Documentation improvements

v1.0.68

Compare Source

  • Opt out of -Zrustdoc-scrape-examples on docs.rs for now

v1.0.67

Compare Source

  • Improve the backtrace captured when context() is used on an Option (#​280)
dtolnay/async-trait (async-trait)

v0.1.80

Compare Source

v0.1.79

Compare Source

  • Clean up some dead code

v0.1.78

Compare Source

  • Prevent unused_qualifications lint being triggered in generated code in nightly-2024-03-05 and up (#​260)

v0.1.77

Compare Source

  • Update proc-macro2 to fix caching issue when using a rustc-wrapper such as sccache

v0.1.76

Compare Source

  • Documentation improvements

v0.1.75

Compare Source

  • Documentation improvements

v0.1.74

Compare Source

  • Documentation improvements

v0.1.73

Compare Source

  • Prevent generated code from triggering ignored_unit_patterns pedantic clippy lint

v0.1.72

Compare Source

  • Documentation improvements

v0.1.71

Compare Source

  • Documentation improvements

v0.1.70

Compare Source

v0.1.69

Compare Source

  • Resolve new diverging_sub_expression clippy lint in generated code

v0.1.68

Compare Source

  • Improve error message if an async fn is written without a function body in an impl block

v0.1.67

Compare Source

  • Update syn dependency to 2.x

v0.1.66

Compare Source

  • Set html_root_url attribute

v0.1.65

Compare Source

  • Fix interaction with rustc's single_use_lifetimes lint (#​238, #​239)

v0.1.64

Compare Source

  • Suppress async_yields_async clippy correctness lint in generated code (#​236, #​237)

v0.1.63

Compare Source

  • Do not require Sync on unused shared reference arguments (#​232, #​233)
  • Make expansion of nested _ and .. patterns edition independent (#​234, #​235)

v0.1.62

Compare Source

  • Improve error message involving elided lifetimes (#​229)

v0.1.61

Compare Source

  • Fix async function signatures that involve #[cfg(...)] attributes on parameters (#​227, thanks @​azriel91)

v0.1.60

Compare Source

  • Documentation improvements
marshallpierce/rust-base64 (base64)

v0.22.1

Compare Source

  • Correct the symbols used for the predefined alphabet::BIN_HEX.

v0.22.0

Compare Source

  • DecodeSliceError::OutputSliceTooSmall is now conservative rather than precise. That is, the error will only occur if the decoded output cannot fit, meaning that Engine::decode_slice can now be used with exactly-sized output slices. As part of this, Engine::internal_decode now returns DecodeSliceError instead of DecodeError, but that is not expected to affect any external callers.
  • DecodeError::InvalidLength now refers specifically to the number of valid symbols being invalid (i.e. len % 4 == 1), rather than just the number of input bytes. This avoids confusing scenarios when based on interpretation you could make a case for either InvalidLength or InvalidByte being appropriate.
  • Decoding is somewhat faster (5-10%)

v0.21.7

Compare Source

  • Support getting an alphabet's contents as a str via Alphabet::as_str()

v0.21.6

Compare Source

  • Improved introductory documentation and example

v0.21.5

Compare Source

  • Add Debug and Clone impls for the general purpose Engine

v0.21.4

Compare Source

  • Make encoded_len const, allowing the creation of arrays sized to encode compile-time-known data lengths

v0.21.3

Compare Source

  • Implement source instead of cause on Error types
  • Roll back MSRV to 1.48.0 so Debian can continue to live in a time warp
  • Slightly faster chunked encoding for short inputs
  • Decrease binary size

v0.21.2

Compare Source

  • Rollback MSRV to 1.57.0 -- only dev dependencies need 1.60, not the main code

v0.21.1

Compare Source

  • Remove the possibility of panicking during decoded length calculations
  • DecoderReader no longer sometimes erroneously ignores
    padding #​226

Breaking changes

  • Engine.internal_decode return type changed
  • Update MSRV to 1.60.0

v0.21.0

Compare Source

Migration

Functions
< 0.20 function 0.21 equivalent
encode() engine::general_purpose::STANDARD.encode() or prelude::BASE64_STANDARD.encode()
encode_config() engine.encode()
encode_config_buf() engine.encode_string()
encode_config_slice() engine.encode_slice()
decode() engine::general_purpose::STANDARD.decode() or prelude::BASE64_STANDARD.decode()
decode_config() engine.decode()
decode_config_buf() engine.decode_vec()
decode_config_slice() engine.decode_slice()

The short-lived 0.20 functions were the 0.13 functions with config replaced with engine.

Padding

If applicable, use the preset engines engine::STANDARD, engine::STANDARD_NO_PAD, engine::URL_SAFE,
or engine::URL_SAFE_NO_PAD.
The NO_PAD ones require that padding is absent when decoding, and the others require that
canonical padding is present .

If you need the < 0.20 behavior that did not care about padding, or want to recreate < 0.20.0's predefined Configs
precisely, see the following table.

0.13.1 Config 0.20.0+ alphabet encode_padding decode_padding_mode
STANDARD STANDARD true Indifferent
STANDARD_NO_PAD STANDARD false Indifferent
URL_SAFE URL_SAFE true Indifferent
URL_SAFE_NO_PAD URL_SAFE false Indifferent

v0.20.0

Compare Source

Breaking changes

  • Update MSRV to 1.57.0
  • Decoding can now either ignore padding, require correct padding, or require no padding. The default is to require
    correct padding.
    • The NO_PAD config now requires that padding be absent when decoding.

0.20.0-alpha.1

Breaking changes
  • Extended the Config concept into the Engine abstraction, allowing the user to pick different encoding / decoding
    implementations.
    • What was formerly the only algorithm is now the FastPortable engine, so named because it's portable (works on
      any CPU) and relatively fast.
    • This opens the door to a portable constant-time
      implementation (#​153,
      presumably ConstantTimePortable?) for security-sensitive applications that need side-channel resistance, and
      CPU-specific SIMD implementations for more speed.
    • Standard base64 per the RFC is available via DEFAULT_ENGINE. To use different alphabets or other settings (
      padding, etc), create your own engine instance.
  • CharacterSet is now Alphabet (per the RFC), and allows creating custom alphabets. The corresponding tables that
    were previously code-generated are now built dynamically.
  • Since there are already multiple breaking changes, various functions are renamed to be more consistent and
    discoverable.
  • MSRV is now 1.47.0 to allow various things to use const fn.
  • DecoderReader now owns its inner reader, and can expose it via into_inner(). For symmetry, EncoderWriter can do
    the same with its writer.
  • encoded_len is now public so you can size encode buffers precisely.
danielhenrymantilla/byte-strings-rs (byte-strings)

v0.3.1

Compare Source

What's Changed

Full Changelog: danielhenrymantilla/byte-strings-rs@v0.3.0...v0.3.1

v0.3.0

Compare Source

chronotope/chrono (chrono)

v0.4.38

Compare Source

This release bring a ca. 20% improvement to the performance of the formatting code, and a convenient days_since method for the Weekday type.

Chrono 0.4.38 also removes the long deprecated rustc-serialize feature. Support for rustc-serialize will be soft-destabilized in the next Rust edition. Removing the feature will not break existing users of the feature; Cargo will just not update dependents that rely on it to newer versions of chrono.

In chrono 0.4.36 we made an accidental breaking change by switching to derive(Copy) for DateTime instead of a manual implementation. It is reverted in this release.

Removals

Additions

Fixes

  • Return error when rounding with a zero duration (#​1474, thanks @​Dav1dde)
  • Manually implement Copy for DateTime if offset is Copy (#​1573)

Internal

  • Inline test_encodable_json and test_decodable_json functions (#​1550)
  • CI: Reduce combinations in cargo hack check (#​1553)
  • Refactor formatting code (#​1335)
  • Optimize number formatting (#​1558)
  • Only package files needed for building and testing (#​1554)

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.37

Compare Source

Version 0.4.36 introduced an unexpected breaking change and was yanked. In it LocalResult was renamed to MappedLocalTime to avoid the impression that it is a Result type were some of the results are errors. For backwards compatibility a type alias with the old name was added.

As it turns out there is one case where a type alias behaves differently from the regular enum: you can't import enum variants from a type alias with use chrono::LocalResult::*. With 0.4.37 we make the new name MappedLocalTime the alias, but keep using it in function signatures and the documentation as much as possible.

See also the release notes of chrono 0.4.36 from yesterday for the yanked release.

v0.4.36

Compare Source

This release un-deprecates the methods on TimeDelta that were deprecated with the 0.4.35 release because of the churn they are causing for the ecosystem.

New is the DateTime::with_time() method. As an example of when it is useful:

use chrono::{Local, NaiveTime};
// Today at 12:00:00
let today_noon = Local::now().with_time(NaiveTime::from_hms_opt(12, 0, 0).unwrap());

Additions

Deprecations

  • Revert TimeDelta deprecations (#​1543)
  • Deprecate TimeStamp::timestamp_subsec_nanos, which was missed in the 0.4.35 release (#​1486)

Documentation

  • Correct version number of deprecation notices (#​1486)
  • Fix some typos (#​1505)
  • Slightly improve serde documentation (#​1519)
  • Main documentation: simplify links and reflow text (#​1535)

Internal

  • CI: Lint benchmarks (#​1489)
  • Remove unnessary Copy and Send impls (#​1492, thanks @​erickt)
  • Backport streamlined NaiveDate unit tests (#​1500, thanks @​Zomtir)
  • Rename LocalResult to TzResolution, add alias (#​1501)
  • Update windows-bindgen to 0.55 (#​1504)
  • Avoid duplicate imports, which generate warnings on nightly (#​1507)
  • Add extra debug assertions to NaiveDate::from_yof (#​1518)
  • Some small simplifications to DateTime::date_naive and NaiveDate::diff_months (#​1530)
  • Remove unwrap in Unix Local type (#​1533)
  • Use different method to ignore feature-dependent doctests (#​1534)

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.35

Compare Source

Most of our efforts have shifted to improving the API for a 0.5 release, for which cleanups and refactorings are landing on the 0.4.x branch.

The most significant changes in this release are two sets of deprecations.

  • We deprecated all timestamp-related methods on NaiveDateTime. The reason is that a timestamp is defined to be in UTC. The NaiveDateTime type doesn't know the offset from UTC, so it was technically wrong to have these methods. The alternative is to use the similar methods on the DateTime<Utc> type, or from the TimeZone trait.

    Converting from NaiveDateTime to DateTime<Utc> is simple with .and_utc(), and in the other direction with .naive_utc().

  • The panicking constructors of TimeDelta (the new name of the Duration type) are deprecated. This was the last part of chrono that defaulted to panicking on error, dating from before rust 1.0.

  • A nice change is that NaiveDate now includes a niche. So now Option<NaiveDate>, Option<NaiveDateTime> and Option<DateTime<Tz>> are the same size as their base types.

  • format::Numeric and format::Fixed are marked as non_exhaustive. This will allow us to improve our formatting and parsing support, and we have reason to believe this breaking change will have little to no impact on users.

Additions

  • Add DateTime::{from_timestamp_micros, from_timestamp_nanos} (#​1234)
  • Add getters to Parsed (#​1465)

Deprecations

  • Deprecate timestamp methods on NaiveDateTime (#​1473)
  • Deprecate panicking constructors of TimeDelta (#​1450)

Changes/fixes

  • Use NonZeroI32 inside NaiveDate (#​1207)
  • Mark format::Numeric and format::Fixed as non_exhaustive (#​1430)
  • Parsed fixes to error values (#​1439)
  • Use overflowing_naive_local in DateTime::checked_add* (#​1333)
  • Do complete range checks in Parsed::set_* (#​1465)

Documentation

Internal

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.34

Compare Source

Notable changes

  • In chrono 0.4.34 we finished the work to make all methods const where doing so is supported by rust 1.61.
  • We renamed the Duration type to TimeDelta. This removes the confusion between chrono's type and the later Duration type in the standard library. It will remain available under the old name as a type alias for compatibility.
  • The Windows implementation of Local is rewritten. The new version avoids panics when the date is outside of the range supported by windows (the years 1601 to 30828), and gives more accurate results during DST transitions.
  • The Display format of TimeDelta is modified to conform better to ISO 8601. Previously it converted all values greater than 24 hours to a value with days. This is not correct, as doing so changes the duration from an 'accurate' to a 'nominal' representation to use ISO 8601 terms.

Fixes

Additions

Changes

  • Rename Duration to TimeDelta, add type alias (#​1406)
  • Make TimeDelta methods const (#​1337)
  • Make remaining methods of NaiveDate, NaiveWeek, NaiveTime and NaiveDateTime const where possible (#​1337)
  • Make methods on DateTime const where possible (#​1400)
  • Make Display format of TimeDelta conform better to ISO 8601 (#​1328)

Documentation

Internal

  • Switch branch names: 0.4.x releases are the main branch, work on 0.5 happens in the 0.5.x branch (#​1390, #​1402).
  • Don't use deprecated method in impl Arbitrary for DateTime and set up CI test (#​1336)
  • Remove workaround for Rust < 1.61 (#​1393)
  • Bump codecov/codecov-action from 3 to 4 (#​1404)
  • Remove partial support for handling -0000 offset (#​1411)
  • Move TOO_LONG error out of parse_internal (#​1419)

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.33

Compare Source

This release fixes the broken docrs.rs build of chrono 0.4.32.

What's Changed

v0.4.32

Compare Source

In this release we shipped part of the effort to reduce the number of methods that could unexpectedly panic, notably for the DateTime and Duration types.

Chrono internally stores the value of a DateTime in UTC, and transparently converts it to the local value as required. For example adding a second to a DateTime needs to be done in UTC to get the correct result, but adding a day needs to be done in local time to be correct. What happens when the value is near the edge of the representable range, and the implicit conversions pushes it beyond the representable range? Many methods could panic on such inputs, including formatting the value for Debug output.

In chrono 0.4.32 the range of NaiveDate, NaiveDateTime and DateTime is made slightly smaller. This allows us to always do the implicit conversion, and in many cases return the expected result. Specifically the range is now from January 1, -262144 until December 31, 262143, one year less on both sides than before. We expect this may trip up tests if you hardcoded the MIN and MAX dates.

Duration had a similar issue. The range of this type was pretty arbitrary picked to match the range of an i64 in milliseconds. Negating an i64::MIN pushes a value out of range, and in the same way negating Duration::MIN could push it out of our defined range and cause a panic. This turns out to be somewhat common and hidden behind many layers of abstraction. We adjusted the type to have a minimum value of -Duration::MAX instead and prevent the panic case.

Other highlights:

  • Duration gained new fallible initialization methods.
  • Better support for rkyv.
  • Most methods on NaiveDateTime are now const.
  • We had to bump our MSRV to 1.61 to keep building with our dependencies. This will also allow us to make more methods on DateTime const in a future release.

Complete list of changes:

Fixes

  • Fix panic in TimeZone::from_local_datetime (#​1071)
  • Fix out of range panics in DateTime getters and setters (#​1317, #​1329)

Additions

Changes

  • Fix panic in Duration::MIN.abs() (adjust Duration::MIN by 1 millisecond) (#​1334)
  • Bump MSRV to 1.61 (#​1347)
  • Update windows-targets requirement from 0.48 to 0.52 (#​1360)
  • Update windows-bindgen to 0.52 (#​1379)

Deprecations

  • Deprecate standalone format functions (#​1306)

Documentation

Rkyv support

Changes to unstable features

  • Don't let unstable-locales imply the alloc feature (#​1307)
  • Remove format::{format_localized, format_item_localized} (#​1311)
  • Inline write_rfc2822_inner, don't localize (#​1322)

Internal

  • Add benchmark for DateTime::with_* (#​1309)
  • Fix *_DAYS_FROM_YEAR_0 calculation (#​1312)
  • Add NaiveTime::overflowing_(add|sub)_offset (#​1310)
  • Rewrite DateTime::overflowing_(add|sub)_offset (#​1069)
  • Tests calling date command set env LC_ALL (#​1315, thanks @​jtmoon79)
  • Update deny.toml (#​1320)
  • Bump actions/setup-node from 3 to 4 (#​1346)
  • test.yml remove errant with: node-version (#​1352, thanks @​jtmoon79)
  • CI Linting: Fix missing sources checkout in toml job (#​1371, thanks @​gibbz00)
  • Silence clippy lint for test code with Rust 1.74.0 (#​1362)

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.31

Compare Source

Another maintenance release.
It was not a planned effort to improve our support for UNIX timestamps, yet most PRs seem related to this.

Deprecations
  • Deprecate timestamp_nanos in favor of the non-panicking timestamp_nanos_opt (#​1275)
Additions
Fixes
  • Format day of month in RFC 2822 without padding (#​1272)
  • Don't allow strange leap seconds which are not on a minute boundary initialization methods (#​1283)
    This makes many methods a little more strict:
    • NaiveTime::from_hms_milli
    • NaiveTime::from_hms_milli_opt
    • NaiveTime::from_hms_micro
    • NaiveTime::from_hms_micro_opt
    • NaiveTime::from_hms_nano
    • NaiveTime::from_hms_nano_opt
    • NaiveTime::from_num_seconds_from_midnight
    • NaiveTime::from_num_seconds_from_midnight_opt
    • NaiveDate::and_hms_milli
    • NaiveDate::and_hms_milli_opt
    • NaiveDate::and_hms_micro
    • NaiveDate::and_hms_micro_opt
    • NaiveDate::and_hms_nano
    • NaiveDate::and_hms_nano_opt
    • NaiveDateTime::from_timestamp
    • NaiveDateTime::from_timestamp_opt
    • TimeZone::timestamp
    • TimeZone::timestamp_opt
  • Fix underflow in NaiveDateTime::timestamp_nanos_opt (#​1294, thanks @​crepererum)
Documentation
  • Add more documentation about the RFC 2822 obsolete date format (#​1267)
Internal
  • Remove internal __doctest feature and doc_comment dependency (#​1276)
  • CI: Bump actions/checkout from 3 to 4 (#​1280)
  • Optimize NaiveDate::add_days for small values (#​1214)
  • Upgrade pure-rust-locales to 0.7.0 (#​1288, thanks @​jeremija wo did good improvements on pure-rust-locales)

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.30

Compare Source

In this release, we have decided to swap out the chrono::Duration type (which has been a re-export of time 0.1 Duration type) with our own definition, which exposes a strict superset of the time::Duration API. This helps avoid warnings about the CVE-2020-26235 and [RUSTSEC-2020-0071] advisories for downstream users and allows us to improve the Duration API going forward.

While this is technically a SemVer-breaking change, we expect the risk of downstream users experiencing actual incompatibility to be exceedingly limited (see our analysis of public code using a crater-like experiment), and not enough justification for the large ecosystem churn of a 0.5 release. If you have any feedback on these changes, please let us know in #​1268.

Additions
Documentation

Relation between chrono and time 0.1

Rust first had a time module added to std in its 0.7 release. It later moved to libextra, and then to a libtime library shipped alongside the standard library. In 2014 work on chrono started in order to provide a full-featured date and time library in Rust. Some improvements from chrono made it into the standard library; notably, chrono::Duration was included as std::time::Duration (rust#15934) in 2014.

In preparation of Rust 1.0 at the end of 2014 libtime was moved out of the Rust distro and into the time crate to eventually be redesigned (rust#18832, rust#18858), like the num and rand crates. Of course chrono kept its dependency on this time crate. time started re-exporting std::time::Duration during this period. Later, the standard library was changed to have a more limited unsigned Duration type (rust#24920, RFC 1040), while the time crate kept the full functionality with time::Duration. time::Duration had been a part of chrono's public API.

By 2016 time 0.1 lived under the rust-lang-deprecated organisation and was not actively maintained (time#136). chrono absorbed the platform functionality and Duration type of the time crate in chrono#478 (the work started in chrono#286). In order to preserve compatibility with downstream crates depending on time and chrono sharing a Duration type, chrono kept depending on time 0.1. chrono offered the option to opt out of the time dependency by disabling the oldtime feature (swapping it out for an effectively similar chrono type). In 2019, @​jhpratt took over maintenance on the time crate and released what amounts to a new crate as time 0.2.

Security advisories

In November of 2020 CVE-2020-26235 and [RUSTSEC-2020-0071] were opened against the time crate. @​quininer had found that calls to localtime_r may be unsound ([chrono#499]). Eventually, almost a year later, this was also made into a security advisory against chrono as [RUSTSEC-2020-0159], which had platform code similar to time.

On Unix-like systems a process is given a timezone id or description via the TZ environment variable. We need this timezone data to calculate the current local time from a value that is in UTC, such as the time from the system clock. time 0.1 and chrono used the POSIX function localtime_r to do the conversion to local time, which reads the TZ variable.

Rust assumes the environment to be writable and uses locks to access it from multiple threads. Some other programming languages and libraries use similar locking strategies, but these are typically not shared across languages. More importantly, POSIX declares modifying the environment in a multi-threaded process as unsafe, and getenv in libc can't be changed to take a lock because it returns a pointer to the data (see [rust#27970] for more discussion).

Since version 4.20 chrono no longer uses localtime_r, instead using Rust code to query the timezone (from the TZ variable or via iana-time-zone as a fallback) and work with data from the system timezone database directly. The code for this was forked from the [tz-rs crate] by @​x-hgg-x. As such, chrono now respects the Rust lock when reading the TZ environment variable. In general, code should avoid modifying the environment.

[RUSTSEC-


Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate-bot renovate-bot force-pushed the renovate/rust-dependencies branch 6 times, most recently from 26bb27c to 8d52c0d Compare December 18, 2022 18:11
@renovate-bot renovate-bot force-pushed the renovate/rust-dependencies branch 3 times, most recently from c024506 to b1b2c2e Compare January 1, 2023 18:13
@renovate-bot renovate-bot changed the title Update Rust dependencies fix(deps): update rust dependencies Jan 2, 2023
@renovate-bot renovate-bot changed the title fix(deps): update rust dependencies Update Rust dependencies Jan 2, 2023
@renovate-bot renovate-bot changed the title Update Rust dependencies fix(deps): update rust dependencies Jan 2, 2023
@renovate-bot renovate-bot force-pushed the renovate/rust-dependencies branch 8 times, most recently from 2d4fb7b to a5ef8e4 Compare January 11, 2023 13:38
@renovate-bot renovate-bot force-pushed the renovate/rust-dependencies branch 4 times, most recently from c5e6e99 to 93788a1 Compare January 18, 2023 22:30
@renovate-bot renovate-bot force-pushed the renovate/rust-dependencies branch 3 times, most recently from 701d0e2 to c724478 Compare January 22, 2023 22:20
@renovate-bot renovate-bot force-pushed the renovate/rust-dependencies branch 3 times, most recently from e0c534d to f022ed4 Compare January 30, 2023 21:15
@renovate-bot renovate-bot force-pushed the renovate/rust-dependencies branch 8 times, most recently from 20cb8a0 to 27d71c8 Compare April 11, 2024 20:27
@renovate-bot renovate-bot force-pushed the renovate/rust-dependencies branch 5 times, most recently from 39bfc53 to a0c749c Compare April 20, 2024 21:07
@renovate-bot renovate-bot force-pushed the renovate/rust-dependencies branch 2 times, most recently from 9848852 to 0e349a1 Compare April 27, 2024 06:14
@renovate-bot renovate-bot force-pushed the renovate/rust-dependencies branch 6 times, most recently from f26a60f to f39b973 Compare May 7, 2024 04:40
Copy link

forking-renovate bot commented May 15, 2024

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock
Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path tools/Cargo.toml --package base64@0.13.1 --precise 0.22.1
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /tmp/renovate/repos/github/google/sxg-rs/cloudflare_worker/Cargo.toml
workspace: /tmp/renovate/repos/github/google/sxg-rs/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /tmp/renovate/repos/github/google/sxg-rs/fastly_compute/Cargo.toml
workspace: /tmp/renovate/repos/github/google/sxg-rs/Cargo.toml
    Updating crates.io index
error: failed to select a version for the requirement `base64 = "^0.13.1"`
candidate versions found which didn't match: 0.22.1
location searched: crates.io index
required by package `sxg_rs v0.1.0 (/tmp/renovate/repos/github/google/sxg-rs/sxg_rs)`
perhaps a crate was updated and forgotten to be re-vendored?

File name: Cargo.lock
Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path sxg_rs/Cargo.toml --package serde_yaml@0.9.14 --precise 0.9.34
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /tmp/renovate/repos/github/google/sxg-rs/cloudflare_worker/Cargo.toml
workspace: /tmp/renovate/repos/github/google/sxg-rs/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /tmp/renovate/repos/github/google/sxg-rs/fastly_compute/Cargo.toml
workspace: /tmp/renovate/repos/github/google/sxg-rs/Cargo.toml
error: package ID specification `serde_yaml@0.9.14` did not match any packages
Did you mean one of these?

  serde_yaml@0.9.34+deprecated

File name: Cargo.lock
Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path http_server/Cargo.toml --package serde_yaml@0.9.14 --precise 0.9.34
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /tmp/renovate/repos/github/google/sxg-rs/cloudflare_worker/Cargo.toml
workspace: /tmp/renovate/repos/github/google/sxg-rs/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /tmp/renovate/repos/github/google/sxg-rs/fastly_compute/Cargo.toml
workspace: /tmp/renovate/repos/github/google/sxg-rs/Cargo.toml
error: package ID specification `serde_yaml@0.9.14` did not match any packages
Did you mean one of these?

  serde_yaml@0.9.34+deprecated

File name: Cargo.lock
Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path fastly_compute/Cargo.toml --package serde_yaml@0.9.14 --precise 0.9.34
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /tmp/renovate/repos/github/google/sxg-rs/cloudflare_worker/Cargo.toml
workspace: /tmp/renovate/repos/github/google/sxg-rs/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /tmp/renovate/repos/github/google/sxg-rs/fastly_compute/Cargo.toml
workspace: /tmp/renovate/repos/github/google/sxg-rs/Cargo.toml
error: package ID specification `serde_yaml@0.9.14` did not match any packages
Did you mean one of these?

  serde_yaml@0.9.34+deprecated

@renovate-bot renovate-bot force-pushed the renovate/rust-dependencies branch 3 times, most recently from f5f534e to 32fd1ad Compare May 18, 2024 00:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant