search

jito-foundation / jito-solana

Jito Foundation MEV Solana Client
Apache License 2.0
352 stars 147 forks source link

build(deps): bump bytemuck_derive from 1.7.0 to 1.8.0 #710

Closed dependabot[bot] closed 1 week ago

dependabot[bot] commented 1 week ago

Bumps bytemuck_derive from 1.7.0 to 1.8.0.

Changelog

Sourced from bytemuck_derive's changelog.

1.8.0

  • try_pod_read_unaligned and pod_read_unaligned let you go from &[u8] to T:Pod without worrying about alignment.

1.7.3

  • Experimental support for the portable_simd language extension under the nightly_portable_simd cargo feature. As the name implies, this is an experimental crate feature and it's not part of the semver contract. All it does is add the appropriate Zeroable and Pod impls.

1.7.2

  • Why does this repo keep being hit with publishing problems? What did I do to deserve this curse, Ferris? This doesn't ever happen with tinyvec or fermium, only bytemuck.

1.7.1

  • Soundness Fix: The wrap/peel methods for owned value conversion, added to TransparentWrapper in 1.6, can cause a double-drop if used with types that impl Drop. The fix was simply to add a ManuallyDrop layer around the value before doing the transmute_copy that is used to wrap/peel. While this fix could technically be backported to the 1.6 series, since 1.7 is semver compatible anyway the 1.6 series has simply been yanked.

1.7

  • In response to [Unsafe Code Guidelines Issue #286](rust-lang/unsafe-code-guidelines#286), this version of Bytemuck has a Soundness-Required Breaking Change. This is "allowed" under Rust's backwards-compatibility guidelines, but it's still annoying of course so we're trying to keep the damage minimal.
    • The Reason: It turns out that pointer values should not have been Pod. More specifically, ptr as usize is not the same operation as calling transmute::<_, usize>(ptr).
    • LLVM has yet to fully sort out their story, but until they do, transmuting pointers can cause miscompilations. They may fix things up in the future, but we're not gonna just wait and have broken code in the mean time.
    • The Fix: The breaking change is that the Pod impls for *const T, *mut T, and Option<NonNull<T> are now gated behind the unsound_ptr_pod_impl feature, which is off by default.
    • You are strongly discouraged from using this feature, but if a dependency of yours doesn't work when you upgrade to 1.7 because it relied on pointer casting, then you might wish to temporarily enable the feature just to get that dependency to build. Enabled features are global across all users of a given semver compatible version, so if you enable the feature in your own crate, your dependency will also end up getting the feature too, and then it'll be able to compile.

... (truncated)

Commits
  • 48952a0 chore: Release bytemuck_derive version 1.8.0
  • 2cd9719 changelog
  • a637e1d derive(Zeroable) on fieldful enums and repr(C) enums (#257)
  • bb36879 Improve documentation of features. (#272)
  • 860c391 chore: Release bytemuck version 1.18.0
  • 4c535f9 Clean up Cargo.toml (#271)
  • 374d184 Update changelog.md
  • 1906570 Add a convenience feature indicating you're on the latest stable version of R...
  • 2d2b397 update the changelog to be less dismissive because we don't need that negativ...
  • dc059fd chore: Release bytemuck version 1.17.1
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 week ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.