Skip to content

Update dependencies with reported vulnerabilities #112217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 3, 2023
Merged

Update dependencies with reported vulnerabilities #112217

merged 1 commit into from
Jun 3, 2023

Conversation

arlosi
Copy link
Contributor

@arlosi arlosi commented Jun 2, 2023

Vulnerable dependencies:

The new dependencies come from [email protected] which adds the dependency on rustix

@arlosi
Update dependencies with reported vulnerabilities
4d9b476 
bumpalo 3.12.1 (yanked)
  * updated to 3.13.0
tokio 1.8.4 - https://rustsec.org/advisories/RUSTSEC-2023-0001
  * updated to 1.28.2
remove_dir_all 0.5.3 - https://rustsec.org/advisories/RUSTSEC-2023-0018
  * removed by using the standard library function in `rust-installer` instead and updating to `[email protected]` (which also removes the dependency).
@rustbot
Copy link
Collaborator

rustbot commented Jun 2, 2023

r? @Mark-Simulacrum

(rustbot has picked a reviewer for you, use r? to override)

@rustbot rustbot added A-testsuite Area: The testsuite used to check the correctness of rustc S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-bootstrap Relevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap) T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Jun 2, 2023
@rustbot
Copy link
Collaborator

rustbot commented Jun 2, 2023

These commits modify the Cargo.lock file. Unintentional changes to Cargo.lock can be introduced when switching branches and rebasing PRs.

If this was unintentional then you should revert the changes before this PR is merged.
Otherwise, you can ignore this comment.

@Mark-Simulacrum
Copy link
Member

I am a little worried about the remove_dir_all change, but I'm going to go ahead with this and we'll see if we get reports of breakage. (The semantics of the standard library implementation are a little different, AFAIK, particularly on Windows; std tries less hard to clean things up).

@bors r+ rollup=iffy

@bors
Copy link
Collaborator

bors commented Jun 3, 2023

📌 Commit 4d9b476 has been approved by Mark-Simulacrum

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 3, 2023
@bors
Copy link
Collaborator

bors commented Jun 3, 2023

⌛ Testing commit 4d9b476 with merge dff88b2...

@bors
Copy link
Collaborator

bors commented Jun 3, 2023

☀️ Test successful - checks-actions
Approved by: Mark-Simulacrum
Pushing dff88b2 to master...

@bors bors added the merged-by-bors This PR was explicitly merged by bors. label Jun 3, 2023
@bors bors merged commit dff88b2 into rust-lang:master Jun 3, 2023
@rustbot rustbot added this to the 1.72.0 milestone Jun 3, 2023
@rust-timer
Copy link
Collaborator

Finished benchmarking commit (dff88b2): comparison URL.

Overall result: ✅ improvements - no action needed

@rustbot label: -perf-regression

Instruction count

This is a highly reliable metric that was used to determine the overall result at the top of this comment.

mean range count
Regressions ❌
(primary)		 - - 0
Regressions ❌
(secondary)		 - - 0
Improvements ✅
(primary)		 -0.6% [-0.6%, -0.6%] 1
Improvements ✅
(secondary)		 - - 0
All ❌✅ (primary) -0.6% [-0.6%, -0.6%] 1

Max RSS (memory usage)

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

mean range count
Regressions ❌
(primary)		 - - 0
Regressions ❌
(secondary)		 4.9% [4.9%, 4.9%] 1
Improvements ✅
(primary)		 - - 0
Improvements ✅
(secondary)		 -3.1% [-3.1%, -3.1%] 1
All ❌✅ (primary) - - 0

Cycles

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

mean range count
Regressions ❌
(primary)		 1.3% [1.3%, 1.3%] 1
Regressions ❌
(secondary)		 - - 0
Improvements ✅
(primary)		 - - 0
Improvements ✅
(secondary)		 - - 0
All ❌✅ (primary) 1.3% [1.3%, 1.3%] 1

Binary size

This benchmark run did not return any relevant results for this metric.

Bootstrap: 644.74s -> 648.734s (0.62%)

@matthiaskrgr matthiaskrgr mentioned this pull request Dec 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Mark-Simulacrum Mark-Simulacrum

Labels
A-testsuite Area: The testsuite used to check the correctness of rustc merged-by-bors This PR was explicitly merged by bors. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-bootstrap Relevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap) T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
1.72.0
Development

Successfully merging this pull request may close these issues.
5 participants
@arlosi @rustbot @Mark-Simulacrum @bors @rust-timer