console
console copied to clipboard
tokio-rs
chore(deps): bump trycmd to 0.15.1
Fixes the race condition in remove_dir all as it is no longer a dependency. See https://github.com/advisories/GHSA-mc8h-8q98-g5hr
Before:
❯ cargo tree -i remove_dir_all
remove_dir_all v0.5.3
└── tempfile v3.3.0
├── prost-build v0.12.0
│ └── tonic-build v0.10.0
│ └── xtask v0.1.0 (/Users/joshka/local/tokio-console/xtask)
│ [dev-dependencies]
│ └── console-api v0.6.0 (/Users/joshka/local/tokio-console/console-api)
│ ├── console-subscriber v0.2.0 (/Users/joshka/local/tokio-console/console-subscriber)
│ └── tokio-console v0.1.10 (/Users/joshka/local/tokio-console/tokio-console)
│ [dev-dependencies]
│ └── console-api v0.6.0 (/Users/joshka/local/tokio-console/console-api) (*)
└── snapbox v0.5.9
└── trycmd v0.15.1
[dev-dependencies]
└── tokio-console v0.1.10 (/Users/joshka/local/tokio-console/tokio-console)
After:
❯ cargo tree -i remove_dir_all
error: package ID specification `remove_dir_all` did not match any packages
Additionally this fixes https://github.com/advisories/GHSA-g98v-hv3f-hcfr (atty unaligned read) Before:
❯ cargo tree -i atty
atty v0.2.14
└── concolor v0.0.8
└── snapbox v0.3.3
└── trycmd v0.13.6
[dev-dependencies]
└── tokio-console v0.1.10 (/Users/joshka/local/tokio-console/tokio-console)
After:
❯ cargo tree -i atty
error: package ID specification `atty` did not match any packages
And probably fixes https://github.com/advisories/GHSA-c827-hfw6-qwvm too (based on the version range in the advisory):
Affected versions
>= 0.35.11, < 0.35.15
>= 0.36.0, < 0.36.16
>= 0.37.0, < 0.37.25
>= 0.38.0, < 0.38.19
Patched versions
0.35.15
0.36.16
0.37.25
0.38.19
After: (two versions of rustix in deps)
❯ cargo tree -i [email protected]
rustix v0.37.27
└── terminal_size v0.2.6
└── clap_builder v4.1.14
└── clap v4.1.14
├── clap_complete v4.1.6
│ └── tokio-console v0.1.10 (/Users/joshka/local/tokio-console/tokio-console)
├── tokio-console v0.1.10 (/Users/joshka/local/tokio-console/tokio-console)
└── xtask v0.1.0 (/Users/joshka/local/tokio-console/xtask)
❯ cargo tree -i [email protected]
rustix v0.38.32
└── tempfile v3.10.1
├── prost-build v0.12.4
│ └── tonic-build v0.10.2
│ └── xtask v0.1.0 (/Users/joshka/local/tokio-console/xtask)
│ [dev-dependencies]
│ └── console-api v0.6.0 (/Users/joshka/local/tokio-console/console-api)
│ ├── console-subscriber v0.2.0 (/Users/joshka/local/tokio-console/console-subscriber)
│ └── tokio-console v0.1.10 (/Users/joshka/local/tokio-console/tokio-console)
│ [dev-dependencies]
│ └── console-api v0.6.0 (/Users/joshka/local/tokio-console/console-api) (*)
└── snapbox v0.5.9
└── trycmd v0.15.1
[dev-dependencies]
└── tokio-console v0.1.10 (/Users/joshka/local/tokio-console/tokio-console)
Thanks for your contribution! 🤟 🖤
This PR also involves very many changes that have nothing to do with trycmd. It's best to upgrade it separately rather than updating the entire lockfile directly.
