Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump bumpalo from 3.11.0 to 3.12.0 in /cli #42

Open
wants to merge 67 commits into
base: main
Choose a base branch
from
Open

Bump bumpalo from 3.11.0 to 3.12.0 in /cli #42

wants to merge 67 commits into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jan 20, 2023

Bumps bumpalo from 3.11.0 to 3.12.0.

Changelog

Sourced from bumpalo's changelog.

3.12.0

Released 2023-01-17.

Added

  • Added the bumpalo::boxed::Box::bump and bumpalo::collections::String::bump getters to get the underlying Bump that a string or box was allocated into.

Changed

  • Some uses of Box that MIRI did not previously consider as UB are now reported as UB, and bumpalo's internals have been adjusted to avoid the new UB.

3.11.1

Released 2022-10-18.

Security

  • Fixed a bug where when std::vec::IntoIter was ported to bumpalo::collections::vec::IntoIter, it didn't get its underlying Bump's lifetime threaded through. This meant that rustc was not checking the borrows for bumpalo::collections::IntoIter and this could result in use-after-free bugs.
Commits
  • 50ba1bd Bump to 3.12.0
  • 3dd3650 Merge pull request #190 from mattfbacon/main
  • 37be9a9 Merge branch 'fitzgen:main' into main
  • 3664dbb Add String::bump method
  • 701514f Merge pull request #189 from mattfbacon/main
  • c6507f7 Add Vec::bump method
  • b1e67b7 Merge pull request #188 from saethlin/field-retagging
  • d325e2c Use ManuallyDrop with bumpalo's Box instead of mem::forget
  • c699cd1 Merge pull request #183 from stepancheg/allocated-bytes-no-headers
  • 5805a29 Clarify allocated_bytes does not include headers
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

MarcelRaschke and others added 30 commits June 13, 2022 11:28
@MarcelRaschke
Create codeql-analysis.yml
24d71d5
@MarcelRaschke
Update issue templates
d3949b4
@MarcelRaschke
Merge pull request #1 from microsoft/main
89a104c 
[pull] main from microsoft:main
@dependabot
Bump got from 11.8.1 to 11.8.5 in /build
73908d6 
Bumps [got](https://github.com/sindresorhus/got) from 11.8.1 to 11.8.5.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](sindresorhus/got@v11.8.1...v11.8.5)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@MarcelRaschke
Merge pull request #3 from 47-studio-org/dependabot/npm_and_yarn/buil…
d8e2dc0 
…d/got-11.8.5

Bump got from 11.8.1 to 11.8.5 in /build
@dependabot
Bump shell-quote from 1.7.2 to 1.7.3
2765808 
Bumps [shell-quote](https://github.com/substack/node-shell-quote) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/substack/node-shell-quote/releases)
- [Changelog](https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md)
- [Commits](https://github.com/substack/node-shell-quote/compare/v1.7.2...1.7.3)

---
updated-dependencies:
- dependency-name: shell-quote
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@MarcelRaschke
Merge pull request #4 from 47-studio-org/dependabot/npm_and_yarn/shel…
b079c81 
…l-quote-1.7.3

Bump shell-quote from 1.7.2 to 1.7.3
@dependabot
Bump terser from 4.8.0 to 4.8.1
c8604ed 
Bumps [terser](https://github.com/terser/terser) from 4.8.0 to 4.8.1.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/commits)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump file-type from 7.2.0 to 16.5.4 in /extensions/git
f0b0209 
Bumps [file-type](https://github.com/sindresorhus/file-type) from 7.2.0 to 16.5.4.
- [Release notes](https://github.com/sindresorhus/file-type/releases)
- [Commits](sindresorhus/file-type@v7.2.0...v16.5.4)

---
updated-dependencies:
- dependency-name: file-type
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@MarcelRaschke
Merge pull request #6 from 47-studio-org/dependabot/npm_and_yarn/exte…
aa7c2bf 
…nsions/git/file-type-16.5.4

Bump file-type from 7.2.0 to 16.5.4 in /extensions/git
@MarcelRaschke
Merge pull request #5 from 47-studio-org/dependabot/npm_and_yarn/ters…
71e6554 
…er-4.8.1

Bump terser from 4.8.0 to 4.8.1
@snyk-bot
fix: package.json to reduce vulnerabilities
08d0cd9 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2870632
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2928901
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2932172
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2934721
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2946881
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2946891
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2961655
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2977510
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2977512
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2978483
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2978519
- https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088
- https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218
- https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032
@snyk-bot
fix: build/package.json to reduce vulnerabilities
bd480ac 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
- https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-2331914
@MarcelRaschke
Merge pull request #8 from 47-studio-org/snyk-fix-48779c2467f15a47afd…
6764d4b 
…c099b7b718fa3

[Snyk] Fix for 2 vulnerabilities
@MarcelRaschke
Merge pull request #7 from 47-studio-org/snyk-fix-0c0953ccd1bc60bce9b…
7659e17 
…d1af53781ba0f

[Snyk] Fix for 15 vulnerabilities
@dependabot
Bump jpeg-js from 0.4.3 to 0.4.4
33371ba 
Bumps [jpeg-js](https://github.com/eugeneware/jpeg-js) from 0.4.3 to 0.4.4.
- [Release notes](https://github.com/eugeneware/jpeg-js/releases)
- [Commits](jpeg-js/jpeg-js@v0.4.3...v0.4.4)

---
updated-dependencies:
- dependency-name: jpeg-js
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@MarcelRaschke
Merge pull request #10 from 47-studio-org/dependabot/npm_and_yarn/jpe…
228a994 
…g-js-0.4.4

Bump jpeg-js from 0.4.3 to 0.4.4
@snyk-bot
fix: package.json to reduce vulnerabilities
089b6ba 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2994414
@snyk-bot
fix: package.json to reduce vulnerabilities
73e083a 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3014407
@snyk-bot
fix: package.json to reduce vulnerabilities
19a2b8f 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2992453
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2992478
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2992482
@MarcelRaschke
Merge pull request #13 from 47-studio-org/snyk-fix-76119468161daf6ca9…
572173f 
…f1999718a98ae5

[Snyk] Security upgrade electron from 18.3.9 to 18.3.11
@MarcelRaschke
Merge branch 'main' into snyk-fix-9b6eac86563d4413c6c81c3f27c1aea2
93afe34
@MarcelRaschke
Merge pull request #11 from 47-studio-org/snyk-fix-9b6eac86563d4413c6…
7daa094 
…c81c3f27c1aea2

[Snyk] Security upgrade electron from 18.3.9 to 19.0.15
@MarcelRaschke
Merge branch 'main' into snyk-fix-62f95308666301a51fcaae42b90c1c61
77ffff7
@MarcelRaschke
Merge pull request #12 from 47-studio-org/snyk-fix-62f95308666301a51f…
9912b90 
…caae42b90c1c61

[Snyk] Security upgrade electron from 18.3.9 to 18.3.12
@snyk-bot
fix: package.json to reduce vulnerabilities
f8d687f 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MOCHA-2863123
@snyk-bot
fix: extensions/json-language-features/package.json to reduce vulnera…
afa627c 
…bilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
@snyk-bot
fix: package.json to reduce vulnerabilities
a1ce7a9 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
@snyk-bot
fix: extensions/css-language-features/package.json to reduce vulnerab…
25d7e4b 
…ilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
@snyk-bot
fix: extensions/html-language-features/package.json to reduce vulnera…
012094a 
…bilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
MarcelRaschke and others added 22 commits December 14, 2022 12:13
@MarcelRaschke
Merge pull request #32 from 47-studio-org/dependabot/npm_and_yarn/loa…
951b1e2 
…der-utils-1.4.2

Bump loader-utils from 1.4.0 to 1.4.2
@MarcelRaschke
Merge branch 'main' into snyk-fix-fe5085fcb552351c20f36b3a173528fa
62073be 
Signed-off-by: Marcel Raschke <[email protected]>
@MarcelRaschke
Merge pull request #29 from 47-studio-org/snyk-fix-fe5085fcb552351c20…
6a64934 
…f36b3a173528fa

[Snyk] Security upgrade electron from 19.1.3 to 19.1.5
@MarcelRaschke
Merge branch 'main' into snyk-fix-e568d2bd08e0f002e9d10359ff632467
0b81ee1 
Signed-off-by: Marcel Raschke <[email protected]>
@MarcelRaschke
Merge pull request #28 from 47-studio-org/snyk-fix-e568d2bd08e0f002e9…
21d8ca9 
…d10359ff632467

[Snyk] Security upgrade electron from 19.1.3 to 19.1.4
@MarcelRaschke
Merge branch 'main' into snyk-fix-9a1087afc76e4abeb3dba4c4204de30c
169c7a5 
Signed-off-by: Marcel Raschke <[email protected]>
@MarcelRaschke
Merge pull request #14 from 47-studio-org/snyk-fix-9a1087afc76e4abeb3…
23fc1ad 
…dba4c4204de30c

[Snyk] Security upgrade mocha from 9.2.2 to 10.1.0
@MarcelRaschke
Merge pull request #39 from microsoft/main
2929b36 
[pull] main from microsoft:main
@MarcelRaschke
Merge branch 'main' into snyk-fix-c472104adb8a82830bffaff1ce77becf
f45993a 
Signed-off-by: Marcel Raschke <[email protected]>
@MarcelRaschke
Merge pull request #26 from 47-studio-org/snyk-fix-c472104adb8a82830b…
5fa0223 
…ffaff1ce77becf

[Snyk] Fix for 4 vulnerabilities
@MarcelRaschke
Merge pull request #19 from 47-studio-org/snyk-fix-3fc3f164fd7707a892…
3f0947d 
…19efa7414930f0

[Snyk] Security upgrade minimatch from 3.0.4 to 3.0.5
@MarcelRaschke
Merge branch 'main' into snyk-fix-9576d57b01ea0aec823f85b7f320d444
d7543fc 
Signed-off-by: Marcel Raschke <[email protected]>
@MarcelRaschke
Merge pull request #18 from 47-studio-org/snyk-fix-9576d57b01ea0aec82…
228a065 
…3f85b7f320d444

[Snyk] Security upgrade vscode-languageclient from 8.0.2-next.4 to 8.0.2
@MarcelRaschke
Merge branch 'main' into snyk-fix-b85ee1dce7586bea247496d1ac465470
638792e 
Signed-off-by: Marcel Raschke <[email protected]>
@MarcelRaschke
Merge pull request #17 from 47-studio-org/snyk-fix-b85ee1dce7586bea24…
bc38f82 
…7496d1ac465470

[Snyk] Security upgrade vscode-languageclient from 8.0.2-next.4 to 8.0.2
@MarcelRaschke
Merge pull request #16 from 47-studio-org/snyk-fix-e990dbb89f200fd43d…
d7ee1bb 
…54b178b1841115

[Snyk] Security upgrade minimatch from 3.0.4 to 3.0.5
@MarcelRaschke
Merge branch 'main' into snyk-fix-a0c349e241f01cb268c2a8b181de1c7b
c60d7c1 
Signed-off-by: Marcel Raschke <[email protected]>
@MarcelRaschke
Merge pull request #15 from 47-studio-org/snyk-fix-a0c349e241f01cb268…
d20a44b 
…c2a8b181de1c7b

[Snyk] Security upgrade vscode-languageclient from 8.0.2-next.4 to 8.0.2
@MarcelRaschke
Merge branch 'microsoft:main' into main
ec3895a
@MarcelRaschke
Create webpack.yml
ef2d139 
Signed-off-by: Marcel Raschke <[email protected]>
@MarcelRaschke
Create static.yml
845db53 
Signed-off-by: Marcel Raschke <[email protected]>
@dependabot
Bump bumpalo from 3.11.0 to 3.12.0 in /cli
2ecb49a 
Bumps [bumpalo](https://github.com/fitzgen/bumpalo) from 3.11.0 to 3.12.0.
- [Release notes](https://github.com/fitzgen/bumpalo/releases)
- [Changelog](https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md)
- [Commits](fitzgen/bumpalo@3.11.0...3.12.0)

---
updated-dependencies:
- dependency-name: bumpalo
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Jan 20, 2023
@MarcelRaschke MarcelRaschke self-requested a review August 5, 2024 14:34
@MarcelRaschke MarcelRaschke self-assigned this Aug 5, 2024
@MarcelRaschke MarcelRaschke linked an issue Aug 5, 2024 that may be closed by this pull request
Fix code scanning alert - Server-side request forgery #24
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MarcelRaschke MarcelRaschke MarcelRaschke approved these changes

Assignees

@MarcelRaschke MarcelRaschke

Labels
dependencies Pull requests that update a dependency file rust Pull requests that update Rust code
Projects
@MarcelRaschke's project
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix code scanning alert - Server-side request forgery
2 participants
@MarcelRaschke @snyk-bot