You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@teaclave.apache.org by "dependabot[bot]" <no...@github.com.INVALID> on 2022/06/06 21:35:46 UTC
[apache/incubator-teaclave] Bump regex from 1.5.4 to 1.5.6 in /examples/rust/builtin_echo (PR #650)
Bumps [regex](https://github.com/rust-lang/regex) from 1.5.4 to 1.5.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/rust-lang/regex/blob/master/CHANGELOG.md">regex's changelog</a>.</em></p>
<blockquote>
<h1>1.5.6 (2022-05-20)</h1>
<p>This release includes a few bug fixes, including a bug that produced incorrect
matches when a non-greedy <code>?</code> operator was used.</p>
<ul>
<li>[BUG <a href="https://github-redirect.dependabot.com/rust-lang/regex/issues/680">#680</a>](<a href="https://github-redirect.dependabot.com/rust-lang/regex/issues/680">rust-lang/regex#680</a>):
Fixes a bug where <code>[[:alnum:][:^ascii:]]</code> dropped <code>[:alnum:]</code> from the class.</li>
<li>[BUG <a href="https://github-redirect.dependabot.com/rust-lang/regex/issues/859">#859</a>](<a href="https://github-redirect.dependabot.com/rust-lang/regex/issues/859">rust-lang/regex#859</a>):
Fixes a bug where <code>Hir::is_match_empty</code> returned <code>false</code> for <code>\b</code>.</li>
<li>[BUG <a href="https://github-redirect.dependabot.com/rust-lang/regex/issues/862">#862</a>](<a href="https://github-redirect.dependabot.com/rust-lang/regex/issues/862">rust-lang/regex#862</a>):
Fixes a bug where 'ab??' matches 'ab' instead of 'a' in 'ab'.</li>
</ul>
<h1>1.5.5 (2022-03-08)</h1>
<p>This releases fixes a security bug in the regex compiler. This bug permits a
vector for a denial-of-service attack in cases where the regex being compiled
is untrusted. There are no known problems where the regex is itself trusted,
including in cases of untrusted haystacks.</p>
<ul>
<li><a href="https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8">SECURITY #GHSA-m5pq-gvj9-9vr8</a>:
Fixes a bug in the regex compiler where empty sub-expressions subverted the
existing mitigations in place to enforce a size limit on compiled regexes.
The Rust Security Response WG published an advisory about this:
<a href="https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw">https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/rust-lang/regex/commit/9aef5b1edc2a436244b936db53a03ed6d720e87e"><code>9aef5b1</code></a> 1.5.6</li>
<li><a href="https://github.com/rust-lang/regex/commit/2931b070fd9b525dec95c2b4c91f8b9ee500239e"><code>2931b07</code></a> syntax: bump minimum regex-syntax version to 0.6.26</li>
<li><a href="https://github.com/rust-lang/regex/commit/b41bde0b854e3cd1018f55e5dcd80c09b418d6c4"><code>b41bde0</code></a> regex-syntax-0.6.26</li>
<li><a href="https://github.com/rust-lang/regex/commit/d98da65bb3df16836f1181c6f7e4f03c3af1d5a5"><code>d98da65</code></a> changelog: 1.5.6</li>
<li><a href="https://github.com/rust-lang/regex/commit/1c19619672c2ef16dc9f64fec38af5719c4ec06c"><code>1c19619</code></a> syntax: fix literal extraction for 'ab??'</li>
<li><a href="https://github.com/rust-lang/regex/commit/88a2a62d861d189faae539990f63cb9cf195bd8c"><code>88a2a62</code></a> syntax: fix 'is_match_empty' predicate</li>
<li><a href="https://github.com/rust-lang/regex/commit/72f09f1aeb0ff3f703b1afdbdd21f5ff63162fb4"><code>72f09f1</code></a> syntax: fix ascii class union bug</li>
<li><a href="https://github.com/rust-lang/regex/commit/b5372864e2df6a2f5e543a556a62197f50ca3650"><code>b537286</code></a> doc: fix some typos</li>
<li><a href="https://github.com/rust-lang/regex/commit/258bdf798a14f50529c1665e84cc8a3a9e2c90fc"><code>258bdf7</code></a> changelog: 1.5.5</li>
<li><a href="https://github.com/rust-lang/regex/commit/d130381b150756ba7e5940efdc6ebdf47f4febc0"><code>d130381</code></a> 1.5.5</li>
<li>Additional commits viewable in <a href="https://github.com/rust-lang/regex/compare/1.5.4...1.5.6">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=regex&package-manager=cargo&previous-version=1.5.4&new-version=1.5.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/incubator-teaclave/network/alerts).
</details>
You can view, comment on, or merge this pull request online at:
https://github.com/apache/incubator-teaclave/pull/650
-- Commit Summary --
* Bump regex from 1.5.4 to 1.5.6 in /examples/rust/builtin_echo
-- File Changes --
M examples/rust/builtin_echo/Cargo.lock (10)
-- Patch Links --
https://github.com/apache/incubator-teaclave/pull/650.patch
https://github.com/apache/incubator-teaclave/pull/650.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/pull/650
You are receiving this because you are subscribed to this thread.
Message ID: <apache/incubator-teaclave/pull/650@github.com>
Re: [apache/incubator-teaclave] Bump regex from 1.5.4 to 1.5.6 in /examples/rust/builtin_echo (PR #650)
Posted by Mingshen Sun <no...@github.com.INVALID>.
@dependabot rebase?
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/pull/650#issuecomment-1281760961
You are receiving this because you are subscribed to this thread.
Message ID: <ap...@github.com>
Re: [apache/incubator-teaclave] Bump regex from 1.5.4 to 1.5.6 in /examples/rust/builtin_echo (PR #650)
Posted by Mingshen Sun <no...@github.com.INVALID>.
Re-running CI to make sure all tests passed.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/pull/650#issuecomment-1168174005
You are receiving this because you are subscribed to this thread.
Message ID: <ap...@github.com>
Re: [apache/incubator-teaclave] Bump regex from 1.5.4 to 1.5.6 in /examples/rust/builtin_echo (PR #650)
Posted by He Sun <no...@github.com.INVALID>.
How is the mesapy binary relocation? The project is not compilable now.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/pull/650#issuecomment-1247563040
You are receiving this because you are subscribed to this thread.
Message ID: <ap...@github.com>
Re: [apache/incubator-teaclave] Bump regex from 1.5.4 to 1.5.6 in /examples/rust/builtin_echo (PR #650)
Posted by "dependabot[bot]" <no...@github.com.INVALID>.
Closed #650.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/pull/650#event-7607413361
You are receiving this because you are subscribed to this thread.
Message ID: <ap...@github.com>
Re: [apache/incubator-teaclave] Bump regex from 1.5.4 to 1.5.6 in /examples/rust/builtin_echo (PR #650)
Posted by Qinkun Bao <no...@github.com.INVALID>.
> How is the mesapy binary relocation? The project is not compilable now.
Here is the link https://github.com/mesalock-linux/mesapy
You may build it by setting the applying mesapy prebuilt option 'OFF' here.https://github.com/apache/incubator-teaclave/blob/661d360fc2199e75017ff942842f791119896de4/CMakeLists.txt#L49
You are welcome to submit a PR to fix the compilation error.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/pull/650#issuecomment-1247600396
You are receiving this because you are subscribed to this thread.
Message ID: <ap...@github.com>
Re: [apache/incubator-teaclave] Bump regex from 1.5.4 to 1.5.6 in /examples/rust/builtin_echo (PR #650)
Posted by Mingshen Sun <no...@github.com.INVALID>.
The (fast) build depends on the mesapy binary which is hosted by the third party (which is currently not available): https://github.com/apache/incubator-teaclave/runs/7085415421?check_suite_focus=true#step:6:223
We should solve this first, move the mesapy binary to the apache INFRA. E.g., [nightlies.apache.org](http://nightlies.apache.org/)
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/pull/650#issuecomment-1168190037
You are receiving this because you are subscribed to this thread.
Message ID: <ap...@github.com>
Re: [apache/incubator-teaclave] Bump regex from 1.5.4 to 1.5.6 in /examples/rust/builtin_echo (PR #650)
Posted by He Sun <no...@github.com.INVALID>.
What about the prebuilt binaries? Remove `USE_PREBUILT_MESAPY ` or replace the download link?
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/pull/650#issuecomment-1247624188
You are receiving this because you are subscribed to this thread.
Message ID: <ap...@github.com>
Re: [apache/incubator-teaclave] Bump regex from 1.5.4 to 1.5.6 in /examples/rust/builtin_echo (PR #650)
Posted by "dependabot[bot]" <no...@github.com.INVALID>.
Superseded by #659.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/pull/650#issuecomment-1281761471
You are receiving this because you are subscribed to this thread.
Message ID: <ap...@github.com>