system/systeroid
system/systeroid
1
0
Fork 0
mirror of https://github.com/orhun/systeroid synced 2024-07-22 10:54:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

chore(deps): bump regex from 1.5.4 to 1.5.5 (#5)

Browse source 
Bumps [regex](https://github.com/rust-lang/regex) from 1.5.4 to 1.5.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/rust-lang/regex/blob/master/CHANGELOG.md">regex's changelog</a>.</em></p>
<blockquote>
<h1>1.5.5 (2022-03-08)</h1>
<p>This releases fixes a security bug in the regex compiler. This bug permits a
vector for a denial-of-service attack in cases where the regex being compiled
is untrusted. There are no known problems where the regex is itself trusted,
including in cases of untrusted haystacks.</p>
<ul>
<li><a href="https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8">SECURITY #GHSA-m5pq-gvj9-9vr8</a>:
Fixes a bug in the regex compiler where empty sub-expressions subverted the
existing mitigations in place to enforce a size limit on compiled regexes.
The Rust Security Response WG published an advisory about this:
<a href="https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw">https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="d130381b15"><code>d130381</code></a> 1.5.5</li>
<li><a href="ae70b41d4f"><code>ae70b41</code></a> security: fix denial-of-service bug in compiler</li>
<li><a href="b92ffd5471"><code>b92ffd5</code></a> cargo: use SPDX license format</li>
<li><a href="f6e52dafde"><code>f6e52da</code></a> syntax: fix 'unused' warnings</li>
<li><a href="5197f21287"><code>5197f21</code></a> fuzz: do not use inherits in Cargo.toml</li>
<li><a href="3662851482"><code>3662851</code></a> doc: fix typo</li>
<li><a href="63ee6699a2"><code>63ee669</code></a> syntax/doc: fix 'their' typo</li>
<li><a href="d6bc7a4c3b"><code>d6bc7a4</code></a> readme: remove broken badge</li>
<li><a href="bd7466034f"><code>bd74660</code></a> fuzz: try to fix build issue</li>
<li><a href="bd0a14231b"><code>bd0a142</code></a> readme: fix badges</li>
<li>Additional commits viewable in <a href="https://github.com/rust-lang/regex/compare/1.5.4...1.5.5">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=regex&package-manager=cargo&previous-version=1.5.4&new-version=1.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
This commit is contained in:
dependabot[bot] 2022-03-11 09:57:54 +00:00
parent 55f1dca9f5
commit f59f8d2542
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Cargo.lock generated
View file

@ -581,9 +581,9 @@ dependencies = [
[[package]]
name = "regex"
version = "1.5.4"
version = "1.5.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461"
checksum = "1a11647b6b25ff05a515cb92c365cec08801e83423a235b51e231e1808747286"
dependencies = [
"aho-corasick",
"memchr",

2
parseit/Cargo.toml
View file

@ -16,7 +16,7 @@ rust-version = "1.56.1"
gzip = ["flate2"]
[dependencies]
regex = "1.5.4"
regex = "1.5.5"
globwalk = "0.8.1"
thiserror = "1.0.29"
flate2 = { version = "1.0.22", optional = true }