Skip to content

fix(deps): update auto merged updates #1566

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 30, 2025
Merged

fix(deps): update auto merged updates #1566

merged 1 commit into from
Aug 30, 2025

Conversation

bootc-bot[bot]
Copy link
Contributor

@bootc-bot bootc-bot bot commented Aug 30, 2025
edited by cgwalters
Loading

Edited by @cgwalters to drop out oci-spec due to youki-dev/oci-spec-rs#288

This PR contains the following updates:

Package Type Update Change
anyhow workspace.dependencies patch 1.0.98 -> 1.0.99
camino workspace.dependencies patch 1.1.11 -> 1.1.12
clap workspace.dependencies patch 4.5.43 -> 4.5.46
libc workspace.dependencies patch 0.2.174 -> 0.2.175
regex workspace.dependencies patch 1.11.1 -> 1.11.2
serde_json workspace.dependencies patch 1.0.142 -> 1.0.143
thiserror workspace.dependencies patch 2.0.12 -> 2.0.16
tracing-subscriber (source) workspace.dependencies patch 0.3.19 -> 0.3.20

Release Notes

dtolnay/anyhow (anyhow)

v1.0.99

Compare Source

  • Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#​420)
camino-rs/camino (camino)

v1.1.12

Compare Source

Added
  • Utf8PathBuf::from_os_string and Utf8Path::from_os_str conversions.
  • TryFrom<OsString> for Utf8PathBuf and TryFrom<&OsStr> for &Utf8Path conversions.

Thanks to BenjaminBrienen for your first contribution!

clap-rs/clap (clap)

v4.5.46

Compare Source

Features
  • Expose StyledStr::push_str

v4.5.45

Compare Source

Fixes
  • (unstable-v5) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

v4.5.44

Compare Source

Features
  • Add Command::mut_subcommands
rust-lang/libc (libc)

v0.2.175

Compare Source

Added
  • AIX: Add getpeereid (#​4524)
  • AIX: Add struct ld_info and friends (#​4578)
  • AIX: Retore struct winsize (#​4577)
  • Android: Add UDP socket option constants (#​4619)
  • Android: Add CLONE_CLEAR_SIGHAND and CLONE_INTO_CGROUP (#​4502)
  • Android: Add more prctl constants (#​4531)
  • FreeBSD Add further TCP stack-related constants (#​4196)
  • FreeBSD x86-64: Add mcontext_t.mc_tlsbase (#​4503)
  • FreeBSD15: Add kinfo_proc.ki_uerrmsg (#​4552)
  • FreeBSD: Add in_conninfo (#​4482)
  • FreeBSD: Add xinpgen and related types (#​4482)
  • FreeBSD: Add xktls_session (#​4482)
  • Haiku: Add functionality from libbsd (#​4221)
  • Linux: Add SECBIT_* (#​4480)
  • NetBSD, OpenBSD: Export ioctl request generator macros (#​4460)
  • NetBSD: Add ptsname_r (#​4608)
  • RISCV32: Add time-related syscalls (#​4612)
  • Solarish: Add strftime* (#​4453)
  • linux: Add EXEC_RESTRICT_* and EXEC_DENY_* (#​4545)
Changed
  • AIX: Add const to signatures to be consistent with other platforms (#​4563)
Fixed
  • AIX: Fix the type of struct statvfs.f_fsid (#​4576)
  • AIX: Fix the type of constants for the ioctl request argument (#​4582)
  • AIX: Fix the types of stat{,64}.st_*tim (#​4597)
  • AIX: Use unique errno values (#​4507)
  • Build: Fix an incorrect target_os -> target_arch check (#​4550)
  • FreeBSD: Fix the type of xktls_session_onedir.ifnet (#​4552)
  • Mips64 musl: Fix the type of nlink_t (#​4509)
  • Mips64 musl: Use a special MIPS definition of stack_t (#​4528)
  • Mips64: Fix SI_TIMER, SI_MESGQ and SI_ASYNCIO definitions (#​4529)
  • Musl Mips64: Swap the order of si_errno and si_code in siginfo_t (#​4530)
  • Musl Mips64: Use a special MIPS definition of statfs (#​4527)
  • Musl: Fix the definition of fanotify_event_metadata (#​4510)
  • NetBSD: Correct enum fae_action to be #[repr(C)] (#​60a8cfd5)
  • PSP: Correct char -> c_char (eaab4fc3)
  • PowerPC musl: Fix termios definitions (#​4518)
  • PowerPC musl: Fix the definition of EDEADLK (#​4517)
  • PowerPC musl: Fix the definition of NCCS (#​4513)
  • PowerPC musl: Fix the definitions of MAP_LOCKED and MAP_NORESERVE (#​4516)
  • PowerPC64 musl: Fix the definition of shmid_ds (#​4519)
Deprecated
  • Linux: MAP_32BIT is only defined on x86 on non-x86 architectures (#​4511)
Removed
  • AIX: Remove duplicate constant definitions FIND and ENTER (#​4588)
  • s390x musl: Remove O_FSYNC (#​4515)
  • s390x musl: Remove RTLD_DEEPBIND (#​4515)
youki-dev/oci-spec-rs (oci-spec)

v0.8.2

Compare Source

What's Changed

Other Changes

New Contributors

Full Changelog: youki-dev/oci-spec-rs@v0.8.1...v0.8.2

rust-lang/regex (regex)

v1.11.2

Compare Source

===================
This is a new patch release of regex with some minor fixes. A larger number
of typo or lint fix patches were merged. Also, we now finally recommend using
std::sync::LazyLock.

Improvements:

  • BUG #​1217:
    Switch recommendation from once_cell to std::sync::LazyLock.
  • BUG #​1225:
    Add DFA::set_prefilter to regex-automata.

Bug fixes:

  • BUG #​1165:
    Remove std dependency from perf-literal-multisubstring crate feature.
  • BUG #​1165:
    Clarify the meaning of (?R)$ in the documentation.
  • BUG #​1281:
    Remove fuzz/ and record/ directories from published crate on crates.io.
serde-rs/json (serde_json)

v1.0.143

Compare Source

dtolnay/thiserror (thiserror)

v2.0.16

Compare Source

  • Add to "no-std" crates.io category (#​429)

v2.0.15

Compare Source

  • Prevent Error::provide API becoming unavailable from a future new compiler lint (#​427)

v2.0.14

Compare Source

  • Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#​426)

v2.0.13

Compare Source

  • Documentation improvements
tokio-rs/tracing (tracing-subscriber)

v0.3.20: tracing-subscriber 0.3.20

Compare Source

Security Fix: ANSI Escape Sequence Injection (CVE-TBD)

Impact

Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to:

  • Manipulate terminal title bars
  • Clear screens or modify terminal display
  • Potentially mislead users through terminal manipulation

In isolation, impact is minimal, however security issues have been found in terminal emulators that enabled an attacker to use ANSI escape sequences via logs to exploit vulnerabilities in the terminal emulator.

Solution

Version 0.3.20 fixes this vulnerability by escaping ANSI control characters in when writing events to destinations that may be printed to the terminal.

Affected Versions

All versions of tracing-subscriber prior to 0.3.20 are affected by this vulnerability.

Recommendations

Immediate Action Required: We recommend upgrading to tracing-subscriber 0.3.20 immediately, especially if your application:

  • Logs user-provided input (form data, HTTP headers, query parameters, etc.)
  • Runs in environments where terminal output is displayed to users

Migration

This is a patch release with no breaking API changes. Simply update your Cargo.toml:

[dependencies]
tracing-subscriber = "0.3.20"

Acknowledgments

We would like to thank zefr0x who responsibly reported the issue at security@tokio.rs.

If you believe you have found a security vulnerability in any tokio-rs project, please email us at security@tokio.rs.

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@bootc-bot bootc-bot bot enabled auto-merge (squash) August 30, 2025 16:10
@bootc-bot bootc-bot bot requested a review from cgwalters August 30, 2025 16:10
@bootc-bot
Copy link
Contributor Author

bootc-bot bot commented Aug 30, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@bootc-bot @cgwalters
fix(deps): update auto merged updates
dd3f64b 
Signed-off-by: Platform Engineering Bot <platform-engineering@redhat.com>
@cgwalters cgwalters force-pushed the test-renovate/auto-merged-updates branch from 6a290cb to dd3f64b Compare August 30, 2025 17:18
@bootc-bot bootc-bot bot merged commit df2da1a into main Aug 30, 2025
27 of 30 checks passed
@bootc-bot bootc-bot bot deleted the test-renovate/auto-merged-updates branch August 30, 2025 18:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cgwalters cgwalters cgwalters approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@cgwalters