Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Rust crate smallvec to v1.6.1 [SECURITY] #26

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update Rust crate smallvec to v1.6.1 [SECURITY] #26

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Aug 28, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
smallvec dependencies minor 1.0.0 -> 1.6.1

GitHub Vulnerability Alerts

CVE-2021-25900

A bug in the SmallVec::insert_many method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap. This bug was only triggered if the iterator passed to insert_many yielded more items than the lower bound returned from its size_hint method.

The flaw was corrected in smallvec 0.6.14 and 1.6.1, by ensuring that additional space is always reserved for each item inserted. The fix also simplified the implementation of insert_many to use less unsafe code, so it is easier to verify its correctness.

Release Notes

servo/rust-smallvec (smallvec)

v1.6.1

Compare Source

v1.6.0

Compare Source

  • The "union" feature is now compatible with stable Rust 1.49 (#​248, #​247).
  • Fixed warnings when compiling with Rust 1.51 nightly (#​242, #​246).

v1.5.1

Compare Source

  • Improve performance of push (#​241).

v1.5.0

Compare Source

  • Add the append method (#​237).
  • Add support for more array sizes between 17 and 31 (#​234).
  • Don't panic on deserialization errors (#​238).

v1.4.2

Compare Source

  • insert_many no longer leaks elements if the provided iterator panics (#​213).
  • The unstable const_generics and specialization features are updated to work with the most recent nightly Rust toolchain (#​232).
  • Internal code cleanup (#​229, #​231).

v1.4.1

Compare Source

  • Don't allocate when the size of the element type is zero. Allocating zero bytes is undefined behavior. (#​228)

v1.4.0

Compare Source

  • Add try_reserve, try_reserve_exact, and try_grow methods (#​214).

v1.3.0

Compare Source

  • Add a new unstable const_generics feature (#​204).
  • Improve inlining of constructor functions (#​206).
  • Add a slice.to_smallvec() convenience method (#​203).
  • Documentation and testing improvements.

v1.2.0

Compare Source

  • IntoIter now implements Debug (#​196).
  • smallvec! macro is now easier to use in no_std contexts where the vec! macro isn't automatically imported (#​198).

v1.1.0

Compare Source

  • Added new method SmallVec::into_boxed_slice (#​190).
  • Added new methods IntoIter::as_slice and as_mut_slice (#​182).
  • IntoIter now implements Clone (#​192).
  • Improved documentation and testing (#​186, #​189, #​193).
  • Minor code cleanups (#​176).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate Renovate
Copy link
Author

renovate bot commented Sep 16, 2024

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock
Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path crates/store/Cargo.toml --package [email protected] --precise 1.6.1
warning: `/tmp/renovate/repos/github/YoloDev/skorm/.cargo/config` is deprecated in favor of `config.toml`
note: if you need to support cargo 1.38 or earlier, you can symlink `config` to `config.toml`
error: package ID specification `[email protected]` did not match any packages
Did you mean one of these?

  [email protected]
  [email protected]
File name: Cargo.lock
Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path crates/turtle-parse/Cargo.toml --package [email protected] --precise 1.6.1
warning: `/tmp/renovate/repos/github/YoloDev/skorm/.cargo/config` is deprecated in favor of `config.toml`
note: if you need to support cargo 1.38 or earlier, you can symlink `config` to `config.toml`
error: package ID specification `[email protected]` did not match any packages
Did you mean one of these?

  [email protected]
  [email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants