search

awslabs / tough

Rust libraries and tools for using and generating TUF repositories
191 stars 43 forks source link

build(deps): bump typed-path from 0.7.1 to 0.9.0 #774

Open dependabot[bot] opened 2 weeks ago

dependabot[bot] commented 2 weeks ago

Bumps typed-path from 0.7.1 to 0.9.0.

Release notes

Sourced from typed-path's releases.

v0.9.0

What's Changed

New Contributors

Full Changelog: https://github.com/chipsenkbeil/typed-path/compare/v0.8.0...v0.9.0

typed-path 0.8.0

Notable Changes

  • Add push_checked function, which ensures that any path added to an existing PathBuf or TypedPathBuf must abide by the following rules:
    1. It cannot be an absolute path. Only relative paths allowed.
    2. In the case of Windows, it cannot start with a prefix like C:.
    3. All normal components of the path must contain only valid characters.
    4. If parent directory (..) components are present, they must not result in a path traversal attack (impacting the current path).
  • Add join_checked function, which ensures that any path joied with an existing path follows the rules of push_checked
  • Add with_encoding_checked function to ensure that the resulting path from an encoding conversion is still valid
  • Add with_unix_encoding_checked and with_windows_encoding_checked functions as shortcuts to with_encoding_checked
  • Add is_valid to Component and Utf8Component traits alongside Path and Utf8Path to indicate if a component/path is valid for the given encoding
Changelog

Sourced from typed-path's changelog.

[0.9.0] - 2024-06-15

  • Add current_exe and utf8_current_exe functions to the utils module to return native pathbufs wrapping the standard library paths.
  • Add temp_dir and utf8_temp_dir functions to the utils module to return native pathbufs wrapping the standard library paths.

[0.8.0] - 2024-02-24

  • Add push_checked function, which ensures that any path added to an existing PathBuf or TypedPathBuf must abide by the following rules:
    1. It cannot be an absolute path. Only relative paths allowed.
    2. In the case of Windows, it cannot start with a prefix like C:.
    3. All normal components of the path must contain only valid characters.
    4. If parent directory (..) components are present, they must not result in a path traversal attack (impacting the current path).
  • Add join_checked function, which ensures that any path joied with an existing path follows the rules of push_checked
  • Add with_encoding_checked function to ensure that the resulting path from an encoding conversion is still valid
  • Add with_unix_encoding_checked and with_windows_encoding_checked functions as shortcuts to with_encoding_checked
  • Add is_valid to Component and Utf8Component traits alongside Path and Utf8Path to indicate if a component/path is valid for the given encoding
Commits
  • 7f7879f Bump to 0.9.0 and update changelog
  • f8846d3 Update readme with new utility functions for current_exe and temp_dir (#26)
  • 2ad5d43 Remove fn main() from README per linter suggestion (#25)
  • cc75416 Add typed-path versions for current_exe and temp_dir, including UTF8 vari...
  • 2eadf1b Introduce checked functions for pushing, joining, and switching encodings (#23)
  • a886829 Fix changelog link
  • See full diff in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)