Closed dependabot[bot] closed 3 months ago
Will need to think about the best way handle these things. Also not quite so urgent as we don't run on Windows.
The irony is also not lost on me that this is fixing a security issue in rust code... heh, not quite so smug now are we!?
Tweak the commit to something a little more palatable, also a little experimental to see how these can look more in keeping with the rest of the commit history...
$ git range-diff e87b9dbd...3042e1a7
1: e87b9dbd ! 1: 3042e1a7 Bump mio from 0.8.10 to 0.8.11 in /src/wasm-wasi-component
@@ Metadata
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Commit message ##
- Bump mio from 0.8.10 to 0.8.11 in /src/wasm-wasi-component
+ Wasm-wc: Bump the mio crate from 0.8.10 to 0.8.11
- Bumps [mio](https://github.com/tokio-rs/mio) from 0.8.10 to 0.8.11.
- - [Release notes](https://github.com/tokio-rs/mio/releases)
- - [Changelog](https://github.com/tokio-rs/mio/blob/master/CHANGELOG.md)
- - [Commits](https://github.com/tokio-rs/mio/compare/v0.8.10...v0.8.11)
+ Bumps mio <https://github.com/tokio-rs/mio> from 0.8.10 to 0.8.11.
- ---
updated-dependencies:
- dependency-name: mio
dependency-type: indirect
- ...
+ Link: Release notes <https://github.com/tokio-rs/mio/releases>
+ Link: Changelog <https://github.com/tokio-rs/mio/blob/master/CHANGELOG.md>
+ Link: Commits <https://github.com/tokio-rs/mio/compare/v0.8.10...v0.8.11>
Signed-off-by: dependabot[bot] <support@github.com>
+ [ Tweaked commit message/subject - Andrew ]
+ Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
## src/wasm-wasi-component/Cargo.lock ##
@@ src/wasm-wasi-component/Cargo.lock: dependencies = [
Do we need to keep this bit?
updated-dependencies:
- dependency-name: mio
dependency-type: indirect
Replace the 'Relese notes' link which points to a page where the latest version is 0.8.0 with a much more useful link that describes the security vulnerability this release fixes.
$ git range-diff 3042e1a7...3cfb8214
1: 3042e1a7 ! 1: 3cfb8214 Wasm-wc: Bump the mio crate from 0.8.10 to 0.8.11
@@ Commit message
- dependency-name: mio
dependency-type: indirect
- Link: Release notes <https://github.com/tokio-rs/mio/releases>
+ Link: <https://github.com/nginx/unit/security/dependabot/1>
Link: Changelog <https://github.com/tokio-rs/mio/blob/master/CHANGELOG.md>
Link: Commits <https://github.com/tokio-rs/mio/compare/v0.8.10...v0.8.11>
Signed-off-by: dependabot[bot] <support@github.com>
Tweak commit message
$ git range-diff 3cfb8214...f57bbff2
1: 3cfb8214 ! 1: f57bbff2 Wasm-wc: Bump the mio crate from 0.8.10 to 0.8.11
@@ Commit message
Bumps mio <https://github.com/tokio-rs/mio> from 0.8.10 to 0.8.11.
- updated-dependencies:
- - dependency-name: mio
- dependency-type: indirect
+ Fixes receiving IOCP events after deregistering a Windows named pipe.
+
+ Not that that effects Unit...
Link: <https://github.com/nginx/unit/security/dependabot/1>
Link: Changelog <https://github.com/tokio-rs/mio/blob/master/CHANGELOG.md>
Rebased with master.
$ git range-diff f57bbff2...1865651e
-: -------- > 1: 4eb008bb Remove unused nxt_vector_t API
-: -------- > 2: 353d2d05 Var: Remove a dead assignment in nxt_var_interpreter()
-: -------- > 3: c2f7f296 Avoid potential NULL pointer dereference in nxt_router_temp_conf()
-: -------- > 4: 8032ce31 Test with root access in GitHub workflows
-: -------- > 5: 0cee7d1a Add GitHub workflow for wasm-wasi-component
-: -------- > 6: 63bc3882 .mailmap: Map Dylan's 2nd GitHub address
-: -------- > 7: f6899af6 Var: Fix cacheable issue for njs variable access
-: -------- > 8: 5511593d Remove support for Microsoft's Visual C++ compiler
-: -------- > 9: 0c2d7786 Remove support for Intel's icc compiler
-: -------- > 10: e79e4635 Remove support for IBM's XL C compiler
-: -------- > 11: 9cd11133 Remove support for Sun's Sun Studio/SunPro C compiler
-: -------- > 12: 806e209d Remove -W from compiler flags
-: -------- > 13: 1dcb5383 Expand the comment about -Wstrict-overflow on GCC
-: -------- > 14: 0b5223e1 Disable strict-aliasing in clang by default
-: -------- > 15: c1e3f02f Compile with -fno-strict-overflow
-: -------- > 16: 280a978d Add initial infrastructure for pretty printing make output
-: -------- > 17: 5d831af0 Hook up make pretty printing to the Unit core and tests
-: -------- > 18: da335bec Pretty print the Java language module compiler output
-: -------- > 19: 574528f7 Pretty print the Perl language module compiler output
-: -------- > 20: 0a0dcf91 Pretty print the PHP language module compiler output
-: -------- > 21: caaa1d28 Pretty print the Python language module compiler output
-: -------- > 22: 133f75fd Pretty print the Ruby language module compiler output
-: -------- > 23: b763ba7e Pretty print the wasm language module compiler output
-: -------- > 24: 15072fbd Enable optional 'debuggable' builds
-: -------- > 25: d23812b8 Allow to disable -Werror at 'make' time
-: -------- > 26: f55fa70c Add a help target to the root Makefile
-: -------- > 27: a171b399 Add an EXTRA_CFLAGS make variable
1: f57bbff2 = 28: 1865651e Wasm-wc: Bump the mio crate from 0.8.10 to 0.8.11
Add my Reviewed-by
.
$ git range-diff 1865651e...6b138571
1: 1865651e ! 1: 6b138571 Wasm-wc: Bump the mio crate from 0.8.10 to 0.8.11
@@ Commit message
Link: Changelog <https://github.com/tokio-rs/mio/blob/master/CHANGELOG.md>
Link: Commits <https://github.com/tokio-rs/mio/compare/v0.8.10...v0.8.11>
Signed-off-by: dependabot[bot] <support@github.com>
+ Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
[ Tweaked commit message/subject - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
Bumps mio from 0.8.10 to 0.8.11.
Changelog
Sourced from mio's changelog.
Commits
0328bde
Release v0.8.117084498
Fix warnings90d4fe0
named-pipes: fix receiving IOCP events after deregisterc710a30
Add v0.8.x to the CIc29e21c
Release v0.8.10Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show