Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump chrono from 0.4.19 to 0.4.20 #1564

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 8, 2022

Bumps chrono from 0.4.19 to 0.4.20.

Release notes

Sourced from chrono's releases.

0.4.20

chrono is a date and time library for Rust and 0.4.20 is the first chrono release since Sep 2020. There has been a long hiatus since the previous maintainer was no longer able to spend much time on the crate; thanks to @​quodlibetor for their stewardship of the chrono crate for many years! The new maintainers are @​djc and @​esheppa. Our first priority has been fixing the soundness issues with calls to localtime_r() as first reported in #499 and the RUSTSEC-2020-0159 advisory. In order to do this we adapted code from the tz-rs crate maintained by @​x-hgg-x for use within chrono -- thanks for working on that! With the new implementation, chrono uses safe Rust code to parse the timezone data files on Unix platforms directly instead of relying on libc.

Due to compatibility reasons, this release does not yet remove the time 0.1 dependency, though chrono 0.4.20 does not depend on the vulnerable parts of the time 0.1.x versions. In a future 0.5 release, we will remove the time dependency.

The minimum supported Rust version for 0.4.20 is 1.32.0, which is intentionally still quite conservative. If you are using chrono 0.4 with a Rust version older than 1.52, we'd like to hear from you since we'd like to further modernize the code base to ease maintenance.

Fixes

  • Fix unsound call to localtime_r() by parsing timezone files in Rust on Unix (#677 and #728)
  • Allow RFC 2822 parser to deal with comments (#733 then #737, thanks to @​Finomnis)
  • Avoid panicking during parsing (#686, thanks to @​botahamec)
  • Avoid panics when rounding durations (#659, thanks to @​ARBaart)
  • Fix Duration::abs() behavior in case of negative durations with nanoseconds (#734, thanks to @​abreis)

Additions

Non-functional improvements

0.4.20-rc.1

0.4.20 is the first chrono release since Sep 2020. There has been a long hiatus since the previous maintainer was no longer able to spend much time on the crate; thanks to @​quodlibetor for their stewardship of the chrono crate for many years! The new maintainers are @​djc and @​esheppa. Our first priority has been fixing the soundness issues with calls to localtime_r() as first reported in #499 and the RUSTSEC-2020-0159 advisory. In order to do this we adapted code from the tz-rs crate maintained by @​x-hgg-x for use within chrono -- thanks for working on that! With the new implementation, chrono uses safe Rust code to parse the timezone data files on Unix platforms directly instead of relying on libc.

... (truncated)

Changelog

Sourced from chrono's changelog.

0.4.20 (unreleased)

  • Add more formatting documentation and examples.
  • Add support for microseconds timestamps serde serialization/deserialization (#304)
  • Fix DurationRound is not TZ aware (#495)
  • Implement DurationRound for NaiveDateTime
  • Implement std::iter::Sum for Duration
  • Add DateTime::from_local() to construct from given local date and time (#572)
  • Add a function that calculates the number of years elapsed between now and a given Date or DateTime (#557)
  • Correct build for wasm32-unknown-emscripten target (#568)
  • Change Local::now() and Utc::now() documentation from "current date" to "current date and time" (#647)
  • Fix duration_round panic on rounding by Duration::zero() (#658)
  • Add optional rkyv support.
  • Add support for microseconds timestamps serde serialization for NaiveDateTime.
  • Add support for optional timestamps serde serialization for NaiveDateTime.
  • Fix build for wasm32-unknown-emscripten (@​yu-re-ka #593)
  • Make ParseErrorKind public and available through ParseError::kind() (#588)
  • Implement DoubleEndedIterator for NaiveDateDaysIterator and NaiveDateWeeksIterator
  • Fix panicking when parsing a DateTime (@​botahamec)
  • Add support for getting week bounds based on a specific NaiveDate and a Weekday (#666)
  • Remove libc dependency from Cargo.toml.
  • Add the and_local_timezone method to NaiveDateTime
  • Fix the behavior of Duration::abs() for negative durations with non-zero nanos
  • Add compatibility with rfc2822 comments (#733)
  • Make js-sys and wasm-bindgen enabled by default when target is wasm32-unknown-unknown for ease of API discovery
  • Add the Months struct and associated Add and Sub impls
Commits
  • 0b7feac Clean up some unreachable_pub warnings
  • 65f1f2e Bump version to 0.4.20
  • bd3b48d Revise Months API
  • ab688c3 Implement Add\<Months> and Sub\<Months> for NaiveDate (#731)
  • 782f904 Clarify docs for DateTime::with_timezone
  • 27c0558 dont use stub.rs when wasmbind feature is enabled
  • 56f80e4 run on all branches and also for changes in the ci folder
  • 353f179 Implement std::error::Error for ParseWeekdayError
  • 309cbeb Fixed typo in deprecation notice
  • 26e231a Bump version to 0.4.20-rc.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 8, 2022
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.19 to 0.4.20.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](chronotope/chrono@v0.4.19...v0.4.20)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/cargo/chrono-0.4.20 branch from cf50354 to a0bdecb Compare August 8, 2022 15:51
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 15, 2022

Superseded by #1585.

@dependabot dependabot bot closed this Aug 15, 2022
@dependabot dependabot bot deleted the dependabot/cargo/chrono-0.4.20 branch August 15, 2022 00:27
leftwo pushed a commit that referenced this pull request Nov 27, 2024
Crucible Changes:
Send deactivate flush if `need_flush` is set (#1573)
Improve DTrace scripts. (#1574)
Move reconcile-specific data into `ReconcileData` struct (#1567)
Remove unprinted header item from sled_upstairs_info (#1566)
Downgrade warning about skipping IO on all 3x Downstairs (#1564)

Propolis changes:
Wire up viona params from illumos#16738
leftwo added a commit that referenced this pull request Nov 27, 2024
Crucible Changes:
Send deactivate flush if `need_flush` is set (#1573) Improve DTrace
scripts. (#1574)
Move reconcile-specific data into `ReconcileData` struct (#1567) Remove
unprinted header item from sled_upstairs_info (#1566) Downgrade warning
about skipping IO on all 3x Downstairs (#1564)

Propolis changes:
Wire up viona params from illumos#16738

Co-authored-by: Alan Hanson <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants