sayanarijit / mind

A productive mind has an empty stack
https://mind.cli.rs
MIT License
48 stars 1 forks source link

Bump chrono from 0.4.19 to 0.4.23 #63

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 2 years ago

Bumps chrono from 0.4.19 to 0.4.23.

Release notes

Sourced from chrono's releases.

0.4.23 is the next 0.4 release of the popular chrono date and time library for Rust. After the 0.4.20-0.4.22 series that brought chrono back to life after a long hiatus, development has been fairly quiet, allowing us to start planning changes for the 0.5.0 release. As such, we've started deprecating some APIs that are likely to be removed in 0.5. If you have any feedback on these changes, please let us know in the issue tracker!

Deprecations

  • Deprecate methods that have an _opt() alternative (#827)
  • Deprecate usage of the Date<Tz> type (#851)

Features

  • Optimize RFC 3339 (and RFC 2822) encoding (#844, thanks to @​conradludgate)
  • Addition and subtraction with the Days type (#784)
  • Add NaiveDateTime::from_timestamp_millis(_opt) (#818, thanks to @​Pscheidl -- backported in #823)
  • Allow for changing TZ variable and cache it for Local timezone (#853)
  • Add optional support for the arbitrary::Arbitrary trait (#849, thanks to @​greyblake and @​asayers)

Fixes

  • Support tzdb location on AIX (#826)
  • Fix warnings in documentation (#847)

On behalf of @​esheppa and @​djc, thanks to all contributors!

0.4.22

Unfortunately the introduction of the iana-time-zone dependency in 0.4.21 caused some new regressions with lesser known platforms. This release fixes all of the issues we've encountered, improving the situation on some WebAssembly targets, SGX and on macOS/iOS. We've improved our CI setup to hopefully catch more of these issues before release in the future.

  • Make wasm-bindgen optional on wasm32-unknown-unknown target (#771)
  • Avoid iana-time-zone dependency on x86_64-fortanix-unknown-sgx (#767, thanks to @​trevor-crypto)
  • Update iana-time-zone version to 0.1.44 to avoid cyclic dependencies (#773, thanks to @​Kijewski for the upstream PRs)
  • Clarify documentation about year range in formatting/parsing (#765)

0.4.21 is a bugfix release that mainly fixes one regression from 0.4.20:

  • Fall back to UTC in case no timezone is found. Unfortunately this is a regression from the changes we made in 0.4.20 where we now parse the timezone database ourselves. Before 0.4.20, TimeZone::now() fell back to UTC in the case it could not find the current timezone, but the new implementation panicked in that case.
  • Correctly detect timezone on Android (also #756). Android does have the timezone database installed, but it's in a different path, and it does not use /etc/localtime to keep track of the current timezone. Instead we now use the iana-time-zone crate as a dependency, since it already has quite a bit of logic for finding the current timezone on a host of platforms.

Additionally, there is a documentation fix that reverts an incorrect guarantee:

  • Document that %Y can have a negative value, both in formatting and in parsing (#760, thanks to @​alex)

0.4.20

chrono is a date and time library for Rust and 0.4.20 is the first chrono release since Sep 2020. There has been a long hiatus since the previous maintainer was no longer able to spend much time on the crate; thanks to @​quodlibetor for their stewardship of the chrono crate for many years! The new maintainers are @​djc and @​esheppa. Our first priority has been fixing the soundness issues with calls to localtime_r() as first reported in #499 and the RUSTSEC-2020-0159 advisory. In order to do this we adapted code from the tz-rs crate maintained by @​x-hgg-x for use within chrono -- thanks for working on that! With the new implementation, chrono uses safe Rust code to parse the timezone data files on Unix platforms directly instead of relying on libc.

Due to compatibility reasons, this release does not yet remove the time 0.1 dependency, though chrono 0.4.20 does not depend on the vulnerable parts of the time 0.1.x versions. In a future 0.5 release, we will remove the time dependency.

The minimum supported Rust version for 0.4.20 is 1.32.0, which is intentionally still quite conservative. If you are using chrono 0.4 with a Rust version older than 1.52, we'd like to hear from you since we'd like to further modernize the code base to ease maintenance.

Fixes

  • Fix unsound call to localtime_r() by parsing timezone files in Rust on Unix (#677 and #728)
  • Allow RFC 2822 parser to deal with comments (#733 then #737, thanks to @​Finomnis)

... (truncated)

Changelog

Sourced from chrono's changelog.

ChangeLog for Chrono

This documents notable changes to Chrono up to and including version 0.4.19. For later releases, please review the release notes on GitHub.

Commits
  • 9e5eb49 Bump version to 0.4.23
  • dc4287a store hash of environment variable
  • 57908e9 allow sharing of the allocated environment variable
  • 84f3c30 move last_changed to the Cache
  • 8bc4139 add bench for Local::now()
  • 22b4d32 Avoid use of deprecated API
  • 77317d5 Deprecate usage of the Date<Tz> type
  • 7ba090d Add TimeZone::with_ymd_and_hms() helper method
  • 03165c8 Move Date::years_since() implementation into NaiveDate
  • 645fca0 chore: apply clippy suggestions for 1.65
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Looks like chrono is up-to-date now, so this is no longer needed.