gptcommit icon indicating copy to clipboard operation
gptcommit copied to clipboard

Published 20 hours ago verified publisher icon zurawiki

fix(deps): update rust crate tokio to v1.43.1 [security]

Open renovate[bot] opened this issue 6 months ago • 0 comments

This PR contains the following updates:

Package Type Update Change
tokio (source) dependencies minor 1.40.0 -> 1.43.1

GitHub Vulnerability Alerts

GHSA-rr8g-9fpq-6wmg

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync.

Thank you to Austin Bonander for finding and reporting this issue.

Release Notes

tokio-rs/tokio (tokio)

v1.43.1

Compare Source

v1.43.0: Tokio v1.43.0

Compare Source

1.43.0 (Jan 8th, 2025)

Added
  • net: add UdpSocket::peek methods (#​7068)
  • net: add support for Haiku OS (#​7042)
  • process: add Command::into_std() (#​7014)
  • signal: add SignalKind::info on illumos (#​6995)
  • signal: add support for realtime signals on illumos (#​7029)
Fixed
  • io: don't call set_len before initializing vector in Blocking (#​7054)
  • macros: suppress clippy::needless_return in #[tokio::main] (#​6874)
  • runtime: fix thread parking on WebAssembly (#​7041)
Changes
  • chore: use unsync loads for unsync_load (#​7073)
  • io: use Buf::put_bytes in Repeat read impl (#​7055)
  • task: drop the join waker of a task eagerly (#​6986)
Changes to unstable APIs
  • metrics: improve flexibility of H2Histogram Configuration (#​6963)
  • taskdump: add accessor methods for backtrace (#​6975)
Documented
  • io: clarify ReadBuf::uninit allows initialized buffers as well (#​7053)
  • net: fix ambiguity in TcpStream::try_write_vectored docs (#​7067)
  • runtime: fix LocalRuntime doc links (#​7074)
  • sync: extend documentation for watch::Receiver::wait_for (#​7038)
  • sync: fix typos in OnceCell docs (#​7047)

v1.42.1: Tokio v1.42.1

Compare Source

This release fixes a soundness issue in the broadcast channel. The channel accepts values that are Send but !Sync. Previously, the channel called clone() on these values without synchronizing. This release fixes the channel by synchronizing calls to .clone() (Thanks Austin Bonander for finding and reporting the issue).

Fixed
  • sync: synchronize clone() call in broadcast channel (#​7232)

v1.42.0: Tokio v1.42.0

Compare Source

1.42.0 (Dec 3rd, 2024)

Added
  • io: add AsyncFd::{try_io, try_io_mut} (#​6967)
Fixed
  • io: avoid ptr->ref->ptr roundtrip in RegistrationSet (#​6929)
  • runtime: do not defer yield_now inside block_in_place (#​6999)
Changes
  • io: simplify io readiness logic (#​6966)
Documented
  • net: fix docs for tokio::net::unix::{pid_t, gid_t, uid_t} (#​6791)
  • time: fix a typo in Instant docs (#​6982)

v1.41.1: Tokio v1.41.1

Compare Source

1.41.1 (Nov 7th, 2024)

Fixed
  • metrics: fix bug with wrong number of buckets for the histogram (#​6957)
  • net: display net requirement for net::UdpSocket in docs (#​6938)
  • net: fix typo in TcpStream internal comment (#​6944)

v1.41.0: Tokio v1.41.0

Compare Source

1.41.0 (Oct 22th, 2024)

Added
Added (unstable)
  • metrics: add H2 Histogram option to improve histogram granularity (#​6897)
  • metrics: rename some histogram apis (#​6924)
  • runtime: add LocalRuntime (#​6808)
Changed
  • runtime: box futures larger than 16k on release mode (#​6826)
  • sync: add #[must_use] to Notified (#​6828)
  • sync: make watch cooperative (#​6846)
  • sync: make broadcast::Receiver cooperative (#​6870)
  • task: add task size to tracing instrumentation (#​6881)
  • wasm: enable cfg_fs for wasi target (#​6822)
Fixed
  • net: fix regression of abstract socket path in unix socket (#​6838)
Documented
  • io: recommend OwnedFd with AsyncFd (#​6821)
  • io: document cancel safety of AsyncFd methods (#​6890)
  • macros: render more comprehensible documentation for join and try_join (#​6814, #​6841)
  • net: fix swapped examples for TcpSocket::set_nodelay and TcpSocket::nodelay (#​6840)
  • sync: document runtime compatibility (#​6833)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] avatar Apr 07 '25 22:04 renovate[bot]