d070b38b28
cargo: bump rand from 0.8.5 to 0.8.6 ( #3171 )
...
Bumps [rand](https://github.com/rust-random/rand ) from 0.8.5 to 0.8.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md ">rand's
changelog</a>.</em></p>
<blockquote>
<h2>[0.8.6] - 2026-04-14</h2>
<p>This release back-ports a fix from v0.10. See also <a
href="https://redirect.github.com/rust-random/rand/issues/1763 ">#1763</a>.</p>
<h3>Changes</h3>
<ul>
<li>Deprecate feature <code>log</code> (<a
href="https://redirect.github.com/rust-random/rand/issues/1772 ">#1772</a>)</li>
</ul>
<p><a
href="https://redirect.github.com/rust-random/rand/issues/1763 ">#1763</a>:
<a
href="https://redirect.github.com/rust-random/rand/pull/1763 ">rust-random/rand#1763</a>
<a
href="https://redirect.github.com/rust-random/rand/issues/1772 ">#1772</a>:
<a
href="https://redirect.github.com/rust-random/rand/pull/1772 ">rust-random/rand#1772</a></p>
<ul>
<li>Drop the experimental <code>simd_support</code> feature.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/rust-random/rand/commit/5309f25bb5e7d21ac01c5b6f476badd06f9cdc3f "><code>5309f25</code></a>
0.8.6 (<a
href="https://redirect.github.com/rust-random/rand/issues/1772 ">#1772</a>):
update for recent nightly rustc and backport <a
href="https://redirect.github.com/rust-random/rand/issues/1764 ">#1764</a></li>
<li><a
href="https://github.com/rust-random/rand/commit/1126d03a5cbd725aad239efb0d537c9130a76b26 "><code>1126d03</code></a>
When testing rustc 1.36, use compatible dependencies.</li>
<li><a
href="https://github.com/rust-random/rand/commit/143b60280f79a5f1992445b3df0e0599841f9821 "><code>143b602</code></a>
Add Cargo.lock.msrv.</li>
<li><a
href="https://github.com/rust-random/rand/commit/9be86f2d8140139800989ac93399b9cd49108fb8 "><code>9be86f2</code></a>
Fix cross build test.</li>
<li><a
href="https://github.com/rust-random/rand/commit/5e0d50d7706281ae67e69ff64105baf3c94d6ef8 "><code>5e0d50d</code></a>
Drop simd_support.</li>
<li><a
href="https://github.com/rust-random/rand/commit/8ff02f0568d2f8fddda74b47613a3daaa5e2a879 "><code>8ff02f0</code></a>
Upgrade cache action.</li>
<li><a
href="https://github.com/rust-random/rand/commit/4ad0cc34fc847d4d59ffdcdfbf189482601aa6b9 "><code>4ad0cc3</code></a>
Don't test for unsupported target architecture.</li>
<li><a
href="https://github.com/rust-random/rand/commit/258e6d04a681321e0c4b16e3785063ed9b9e744d "><code>258e6d0</code></a>
Address warning.</li>
<li><a
href="https://github.com/rust-random/rand/commit/9f0e676362f9599941f00bccc5310135b7c19f89 "><code>9f0e676</code></a>
Mark some internal traits as potentially unused.</li>
<li><a
href="https://github.com/rust-random/rand/commit/6f123c178eee4563876bdd50f4ac0621b21ce2b8 "><code>6f123c1</code></a>
Workaround never constructed and never used warning.</li>
<li>Additional commits viewable in <a
href="https://github.com/rust-random/rand/compare/0.8.5...0.8.6 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/google/comprehensive-rust/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-23 09:35:11 +01:00
e29c1b9774
cargo: bump rustls-webpki from 0.103.10 to 0.103.13 ( #3170 )
...
Bumps [rustls-webpki](https://github.com/rustls/webpki ) from 0.103.10 to
0.103.13.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rustls/webpki/releases ">rustls-webpki's
releases</a>.</em></p>
<blockquote>
<h2>0.103.13</h2>
<ul>
<li><strong>Fix reachable panic in parsing a CRL</strong>. This was
reported to us as <a
href="https://github.com/rustls/webpki/security/advisories/GHSA-82j2-j2ch-gfr8 ">GHSA-82j2-j2ch-gfr8</a>.
Users who don't use CRLs are not affected.</li>
<li>For name constraints on URI names, we incorrectly processed excluded
subtrees in a way which inverted the desired meaning. See <a
href="https://redirect.github.com/rustls/webpki/pull/471 ">rustls/webpki#471</a>.
This was a case missing in the fix for <a
href="https://github.com/advisories/GHSA-965h-392x-2mh5 ">https://github.com/advisories/GHSA-965h-392x-2mh5 </a>.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Actually fail closed for URI matching against excluded subtrees by
<a href="https://github.com/djc "><code>@djc</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/473 ">rustls/webpki#473</a></li>
<li>Prepare 0.103.13 by <a
href="https://github.com/ctz "><code>@ctz</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/474 ">rustls/webpki#474</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13 ">https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13 </a></p>
<h2>0.103.12</h2>
<p>This release fixes two bugs in name constraint enforcement:</p>
<ul>
<li><strong>GHSA-965h-392x-2mh5</strong>: name constraints for URI names
were ignored and therefore accepted. URI name constraints are now
rejected unconditionally. Note this library does not provide an API for
asserting URI names, and URI name constraints are otherwise not
implemented.</li>
<li><strong>GHSA-xgp8-3hg3-c2mh</strong>: permitted subtree name
constraints for DNS names were accepted for certificates asserting a
wildcard name. This was incorrect because, given a name constraint of
<code>accept.example.com</code>, <code>*.example.com</code> could
feasibly allow a name of <code>reject.example.com</code> which is
outside the constraint. This is very similar to <a
href="https://go.dev/issue/76442 ">CVE-2025-61727</a>.</li>
</ul>
<p>Since name constraints are restrictions on otherwise properly-issued
certificates, these bugs are reachable only after signature verification
and require misissuance to exploit.</p>
<h2>What's Changed</h2>
<ul>
<li>Prepare 0.103.12 by <a
href="https://github.com/djc "><code>@djc</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/470 ">rustls/webpki#470</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12 ">https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12 </a></p>
<h2>0.103.11</h2>
<p>In response to <a
href="https://redirect.github.com/rustls/webpki/issues/464 ">#464</a>,
we've slightly relaxed requirements for
<code>anchor_from_trust_cert()</code> to ignore unknown extensions even
if they're marked as critical. This only affects parsing a
<code>TrustAnchor</code> from DER, for which most extensions are ignored
anyway.</p>
<h2>What's Changed</h2>
<ul>
<li>Backport parsing trust anchors with unknown critical extensions to
0.103 by <a href="https://github.com/djc "><code>@djc</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/466 ">rustls/webpki#466</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/rustls/webpki/commit/2879b2ce7a476181ac3050f73fe0835f04728e86 "><code>2879b2c</code></a>
Prepare 0.103.13</li>
<li><a
href="https://github.com/rustls/webpki/commit/2c49773d823f48c87db30db7a66c25993c847007 "><code>2c49773</code></a>
Improve tests for padding of <code>BitStringFlags</code></li>
<li><a
href="https://github.com/rustls/webpki/commit/4e3c0b393a7bfb9cbe6dcdc8309cbadf8ee00c51 "><code>4e3c0b3</code></a>
Correct validation of BIT STRING constraints</li>
<li><a
href="https://github.com/rustls/webpki/commit/39c91d2525a542a7f651a1a62c3462e8115cc39e "><code>39c91d2</code></a>
Actually fail closed for URI matching against excluded subtrees</li>
<li><a
href="https://github.com/rustls/webpki/commit/27131d476e2b68a537e629d6d012bef8dad6efd3 "><code>27131d4</code></a>
Bump version to 0.103.12</li>
<li><a
href="https://github.com/rustls/webpki/commit/6ecb8769cde2246e761e058709421c14a7dee6b1 "><code>6ecb876</code></a>
Clean up stuttery enum variant names</li>
<li><a
href="https://github.com/rustls/webpki/commit/318b3e6e03ca2bc21600ca6bb0d0c6439b9e6aeb "><code>318b3e6</code></a>
Ignore wildcard labels when matching name constraints</li>
<li><a
href="https://github.com/rustls/webpki/commit/12196229a327d3d670798688254bd3ea24aba24b "><code>1219622</code></a>
Rewrite constraint matching to avoid permissive catch-all branch</li>
<li><a
href="https://github.com/rustls/webpki/commit/57bc62ce538c2d0d31d44b3eb8c58e6a0a764b47 "><code>57bc62c</code></a>
Bump version to 0.103.11</li>
<li><a
href="https://github.com/rustls/webpki/commit/d0fa01ee0a76b7585c13ec43de5854955146ffef "><code>d0fa01e</code></a>
Allow parsing trust anchors with unknown criticial extensions</li>
<li>See full diff in <a
href="https://github.com/rustls/webpki/compare/v/0.103.10...v/0.103.13 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/google/comprehensive-rust/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-23 09:35:08 +01:00
a5c515433c
Idiomatic: Remove diagram from typestate-generics.md ( #3169 )
...
The diagram was shown on the previous slide, and isn't terribly relevant
on this slide. I think removing it helps for brevity and clarity.
2026-04-20 23:59:43 +02:00
4a9e8d0501
Simplify and flesh out extension trait speaker notes ( #3167 )
...
- Remove some redundant notes at the top that just repeat information in
the other bullet points.
- Add a note pointing out that you need a trait to use with generics and
`dyn`.
2026-04-20 23:58:54 +02:00
48379f5c2f
Add Cargo instructions to expression evaluator ( #3112 )
...
Our Cargo instructions has not mentioned the `--lib` flag yet, so add it
here where it's needed for the first time.
2026-04-20 23:58:08 +02:00
5e019488af
Idiomatic: Trim slides from naming conventions section ( #3157 )
...
I think the naming conventions section of Idiomatic is a bit longer than
it needs to be. I think it's useful to point out common conventions, but
the section currently is pretty long and is imo not where we want to be
spending a lot of time. I'm suggesting trimming the following slides:
- Get and Push - These are specific to the collection types, and are not
generally naming conventions that students would be using when writing
their own code. Pointing these out can be good for helping students
orient themselves when looking at the collection types in std, but I
think we should focus more on naming conventions that students would use
when writing their own code.
- With in normal use - I don't think we need a slide to point out when
"with" isn't used as part of a convention, I think we can trust students
to figure that out on their own.
- Into inner - This is a special case of "into", I don't think we need a
separate slide for it.
- Unchecked and Raw parts - I don't think it's worth covering
unsafe-specific conventions in Idiomatic, since we don't really focus on
unsafe in this course.
I also moved the "by" slide to the end of the section since it was in
the middle of a bunch of slides that are all related to type conversion.
I think that'll help things flow a bit better.
2026-04-20 23:57:12 +02:00
03130e81a8
Idiomatic: Use reference-style links in signposting slide ( #3161 )
...
Using inline links in doc comments can result in really long lines that
are unwieldy and hard to parse when looking at the unrendered source
comments. I'd like to show students that you can use the reference style
links to keep the source comment readable while still taking advantage
of markdown links to point readers to external resources.
2026-04-14 20:13:48 +00:00
4b60b9d9cf
build(deps-dev): bump the npm_and_yarn group across 1 directory with 2 updates ( #3160 )
...
Bumps the npm_and_yarn group with 2 updates in the /tests directory:
[basic-ftp](https://github.com/patrickjuchli/basic-ftp ) and
[lodash](https://github.com/lodash/lodash ).
Updates `basic-ftp` from 5.2.1 to 5.2.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/patrickjuchli/basic-ftp/releases ">basic-ftp's
releases</a>.</em></p>
<blockquote>
<h2>5.2.2</h2>
<ul>
<li>Fixed: Improve control character rejection, fixes <a
href="https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg ">https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg </a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md ">basic-ftp's
changelog</a>.</em></p>
<blockquote>
<h2>5.2.2</h2>
<ul>
<li>Fixed: Improve control character rejection, fixes <a
href="https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg ">https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg </a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212 "><code>e9d09d6</code></a>
Bump version</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/20327d35126e57e5fdbaae79a4b65222fbadc53c "><code>20327d3</code></a>
Move prevention of control character injection to more central
place</li>
<li>See full diff in <a
href="https://github.com/patrickjuchli/basic-ftp/compare/v5.2.1...v5.2.2 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `lodash` from 4.17.23 to 4.18.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lodash/lodash/releases ">lodash's
releases</a>.</em></p>
<blockquote>
<h2>4.18.1</h2>
<h2>Bugs</h2>
<p>Fixes a <code>ReferenceError</code> issue in <code>lodash</code>
<code>lodash-es</code> <code>lodash-amd</code> and
<code>lodash.template</code> when using the <code>template</code> and
<code>fromPairs</code> functions from the modular builds. See <a
href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769 ">lodash/lodash#6167</a></p>
<p>These defects were related to how lodash distributions are built from
the main branch using <a
href="https://github.com/lodash-archive/lodash-cli ">https://github.com/lodash-archive/lodash-cli </a>.
When internal dependencies change inside lodash functions, equivalent
updates need to be made to a mapping in the lodash-cli. (hey, it was
ahead of its time once upon a time!). We know this, but we missed it in
the last release. It's the kind of thing that passes in CI, but fails bc
the build is not the same thing you tested.</p>
<p>There is no diff on main for this, but you can see the diffs for each
of the npm packages on their respective branches:</p>
<ul>
<li><code>lodash</code>: <a
href="https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm ">https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm </a></li>
<li><code>lodash-es</code>: <a
href="https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es ">https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es </a></li>
<li><code>lodash-amd</code>: <a
href="https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd ">https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd </a></li>
<li><code>lodash.template</code><a
href="https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages ">https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages </a></li>
</ul>
<h2>4.18.0</h2>
<h2>v4.18.0</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/lodash/lodash/compare/4.17.23...4.18.0 ">https://github.com/lodash/lodash/compare/4.17.23...4.18.0 </a></p>
<h3>Security</h3>
<p><strong><code>_.unset</code> / <code>_.omit</code></strong>: Fixed
prototype pollution via <code>constructor</code>/<code>prototype</code>
path traversal (<a
href="https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh ">GHSA-f23m-r3pf-42rh</a>,
<a
href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b ">fe8d32e</a>).
Previously, array-wrapped path segments and primitive roots could bypass
the existing guards, allowing deletion of properties from built-in
prototypes. Now <code>constructor</code> and <code>prototype</code> are
blocked unconditionally as non-terminal path keys, matching
<code>baseSet</code>. Calls that previously returned <code>true</code>
and deleted the property now return <code>false</code> and leave the
target untouched.</p>
<p><strong><code>_.template</code></strong>: Fixed code injection via
<code>imports</code> keys (<a
href="https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc ">GHSA-r5fr-rjxr-66jc</a>,
CVE-2026-4800, <a
href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6 ">879aaa9</a>).
Fixes an incomplete patch for CVE-2021-23337. The <code>variable</code>
option was validated against <code>reForbiddenIdentifierChars</code> but
<code>importsKeys</code> was left unguarded, allowing code injection via
the same <code>Function()</code> constructor sink. <code>imports</code>
keys containing forbidden identifier characters now throw
<code>"Invalid imports option passed into
_.template"</code>.</p>
<h3>Docs</h3>
<ul>
<li>Add security notice for <code>_.template</code> in threat model and
API docs (<a
href="https://redirect.github.com/lodash/lodash/pull/6099 ">#6099</a>)</li>
<li>Document <code>lower > upper</code> behavior in
<code>_.random</code> (<a
href="https://redirect.github.com/lodash/lodash/pull/6115 ">#6115</a>)</li>
<li>Fix quotes in <code>_.compact</code> jsdoc (<a
href="https://redirect.github.com/lodash/lodash/pull/6090 ">#6090</a>)</li>
</ul>
<h3><code>lodash.*</code> modular packages</h3>
<p><a
href="https://redirect.github.com/lodash/lodash/pull/6157 ">Diff</a></p>
<p>We have also regenerated and published a select number of the
<code>lodash.*</code> modular packages.</p>
<p>These modular packages had fallen out of sync significantly from the
minor/patch updates to lodash. Specifically, we have brought the
following packages up to parity w/ the latest lodash release because
they have had CVEs on them in the past:</p>
<ul>
<li><a
href="https://www.npmjs.com/package/lodash.orderby ">lodash.orderby</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.tonumber ">lodash.tonumber</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.trim ">lodash.trim</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.trimend ">lodash.trimend</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.sortedindexby ">lodash.sortedindexby</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.zipobjectdeep ">lodash.zipobjectdeep</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.unset ">lodash.unset</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.omit ">lodash.omit</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.template ">lodash.template</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e "><code>cb0b9b9</code></a>
release(patch): bump main to 4.18.1 (<a
href="https://redirect.github.com/lodash/lodash/issues/6177 ">#6177</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51 "><code>75535f5</code></a>
chore: prune stale advisory refs (<a
href="https://redirect.github.com/lodash/lodash/issues/6170 ">#6170</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4 "><code>62e91bc</code></a>
docs: remove n_ Node.js < 6 REPL note from README (<a
href="https://redirect.github.com/lodash/lodash/issues/6165 ">#6165</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4 "><code>59be2de</code></a>
release(minor): bump to 4.18.0 (<a
href="https://redirect.github.com/lodash/lodash/issues/6161 ">#6161</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d "><code>af63457</code></a>
fix: broken tests for _.template 879aaa9</li>
<li><a
href="https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0 "><code>1073a76</code></a>
fix: linting issues</li>
<li><a
href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6 "><code>879aaa9</code></a>
fix: validate imports keys in _.template</li>
<li><a
href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b "><code>fe8d32e</code></a>
fix: block prototype pollution in baseUnset via constructor/prototype
traversal</li>
<li><a
href="https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d "><code>18ba0a3</code></a>
refactor(fromPairs): use baseAssignValue for consistent assignment (<a
href="https://redirect.github.com/lodash/lodash/issues/6153 ">#6153</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2 "><code>b819080</code></a>
ci: add dist sync validation workflow (<a
href="https://redirect.github.com/lodash/lodash/issues/6137 ">#6137</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/lodash/lodash/compare/4.17.23...4.18.1 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/google/comprehensive-rust/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-12 20:28:18 +02:00
0c777807a8
build(deps-dev): bump the npm_and_yarn group across 1 directory with 3 updates ( #3156 )
...
Bumps the npm_and_yarn group with 3 updates in the /tests directory:
[basic-ftp](https://github.com/patrickjuchli/basic-ftp ),
[fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser )
and [picomatch](https://github.com/micromatch/picomatch ).
Updates `basic-ftp` from 5.2.0 to 5.2.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/patrickjuchli/basic-ftp/releases ">basic-ftp's
releases</a>.</em></p>
<blockquote>
<h2>5.2.1</h2>
<ul>
<li>Fixed: Reject control character injection attempts using paths. See
<a
href="https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q ">https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q </a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md ">basic-ftp's
changelog</a>.</em></p>
<blockquote>
<h2>5.2.1</h2>
<ul>
<li>Fixed: Reject control character injection attempts using paths. See
<a
href="https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q ">https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q </a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/ba40f9d60e1ff7b63de5d5bb272ae317e5382689 "><code>ba40f9d</code></a>
Update dev dependencies</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/6b0008b7cf5ca0b81d31604d15a9ff0bcbf1a5db "><code>6b0008b</code></a>
Bump version</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/2ecc8e2c500c5234115f06fd1dbde1aa03d70f4b "><code>2ecc8e2</code></a>
Reject control character injection attempts using paths</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/515d21fee0b05be5ab934af5acb79d1d977e8026 "><code>515d21f</code></a>
Update security policy and reporting instructions</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/9744254b56061159751aee1b86ddd0f2ecef32ce "><code>9744254</code></a>
Link to security advisory</li>
<li>See full diff in <a
href="https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.2.1 ">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~patrickjuchli ">patrickjuchli</a>, a new
releaser for basic-ftp since your current version.</p>
</details>
<details>
<summary>Install script changes</summary>
<p>This version adds <code>prepare</code> script that runs during
installation. Review the package contents before updating.</p>
</details>
<br />
Updates `fast-xml-parser` from 5.5.6 to 5.5.11
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/releases ">fast-xml-parser's
releases</a>.</em></p>
<blockquote>
<h2>performance improvment, increase entity expansion default limit</h2>
<ul>
<li>increase default entity explansion limit as many projects demand for
that</li>
</ul>
<pre><code>maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,
</code></pre>
<ul>
<li>performance improvement
<ul>
<li>reduce calls to toString</li>
<li>early return when entities are not present</li>
<li>prepare rawAttrsForMatcher only if user sets <code>jPath:
false</code></li>
</ul>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.9...v5.5.10 ">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.9...v5.5.10 </a></p>
<h2>fix typins and matcher instance in callbacks</h2>
<p>combine typings file to avoid configuration changes
pass readonly instance of matcher to the call backs to avoid accidental
push/pop call</p>
<h2>fix bugs of entity parsing and value parsing</h2>
<p>fix: entity expansion limits
update strnum package to 2.2.0</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/commits ">compare
view</a></li>
</ul>
</details>
<br />
Updates `picomatch` from 2.3.1 to 2.3.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/releases ">picomatch's
releases</a>.</em></p>
<blockquote>
<h2>2.3.2</h2>
<p>This is a security release fixing several security relevant
issues.</p>
<h2>What's Changed</h2>
<ul>
<li>fix: exception when glob pattern contains constructor by <a
href="https://github.com/Jason3S "><code>@Jason3S</code></a> in <a
href="https://redirect.github.com/micromatch/picomatch/pull/144 ">micromatch/picomatch#144</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj ">CVE-2026-33671</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p ">CVE-2026-33672</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2 ">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md ">picomatch's
changelog</a>.</em></p>
<blockquote>
<h1>Release history</h1>
<p><strong>All notable changes to this project will be documented in
this file.</strong></p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/ ">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html ">Semantic Versioning</a>.</p>
<!-- raw HTML omitted -->
<ul>
<li>Changelogs are for humans, not machines.</li>
<li>There should be an entry for every single version.</li>
<li>The same types of changes should be grouped.</li>
<li>Versions and sections should be linkable.</li>
<li>The latest version comes first.</li>
<li>The release date of each versions is displayed.</li>
<li>Mention whether you follow Semantic Versioning.</li>
</ul>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<p>Changelog entries are classified using the following labels <em>(from
<a href="http://keepachangelog.com/ ">keep-a-changelog</a></em>):</p>
<ul>
<li><code>Added</code> for new features.</li>
<li><code>Changed</code> for changes in existing functionality.</li>
<li><code>Deprecated</code> for soon-to-be removed features.</li>
<li><code>Removed</code> for now removed features.</li>
<li><code>Fixed</code> for any bug fixes.</li>
<li><code>Security</code> in case of vulnerabilities.</li>
</ul>
<!-- raw HTML omitted -->
<h2>4.0.0 (2024-02-07)</h2>
<h3>Fixes</h3>
<ul>
<li>Fix bad text values in parse <a
href="https://redirect.github.com/micromatch/picomatch/issues/126 ">#126</a>,
thanks to <a
href="https://github.com/connor4312 "><code>@connor4312</code></a></li>
</ul>
<h3>Changed</h3>
<ul>
<li>Remove process global to work outside of node <a
href="https://redirect.github.com/micromatch/picomatch/issues/129 ">#129</a>,
thanks to <a
href="https://github.com/styfle "><code>@styfle</code></a></li>
<li>Add sideEffects to package.json <a
href="https://redirect.github.com/micromatch/picomatch/issues/128 ">#128</a>,
thanks to <a
href="https://github.com/frandiox "><code>@frandiox</code></a></li>
<li>Removed <code>os</code>, make compatible browser environment. See <a
href="https://redirect.github.com/micromatch/picomatch/issues/124 ">#124</a>,
thanks to <a
href="https://github.com/gwsbhqt "><code>@gwsbhqt</code></a></li>
</ul>
<h2>3.0.1</h2>
<h3>Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2 "><code>81cba8d</code></a>
Publish 2.3.2</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce "><code>fc1f6b6</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b "><code>eec17ae</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed "><code>78f8ca4</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/156 ">#156</a>
from micromatch/backport-144</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b "><code>3f4f10e</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/144 ">#144</a>
from Jason3S/jdent-object-properties</li>
<li>See full diff in <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/google/comprehensive-rust/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-12 13:48:22 +02:00
5bbe9c6b86
Idiomatic: Reorder common traits slides ( #3158 )
...
Minor tweak in ordering of slides in the "Implementing common traits"
section:
- Move `Display` slide to follow the `Debug` slide. I think it makes
sense to talk about these two together, rather than talking about
`Debug` at the beginning and then `Display` towards the end.
- Move `Serialize` and `Deserialize` to the end. The rest of the slides
cover std traits, and these are the only third-party traits discussed in
this section, so I think putting this slide at the end makes sense.
2026-04-12 13:47:37 +02:00
4bb3a4600a
docs: start Bengali (bn) translation ( #3127 )
...
**This PR starts the Bengali (bn) translation for Comprehensive Rust.**
- Initialized po/bn.po with translations for the summary and
introduction.
---------
Co-authored-by: Martin Geisler <martin@geisler.net >
2026-04-12 09:30:00 +00:00
350141203a
Idiomatic: Fix various broken code examples ( #3159 )
...
Many of the code snippets in Idiomatic are broken in various ways that
make them either not run in the slides or not show the error the slide
is intended to illustrate. This PR fixes a number of common issues:
- **Invalid syntax**, e.g. `let` inside a struct definition.
- **Missing `main` fn**. Not all examples need a `main`, but several
code examples had code that only compiles if it's in a function, and so
was failing to compile in the slides. Note that these were not caught in
tests because [there seems to be a difference in behavior between how we
test the code vs how the code works in the
slides](https://github.com/google/comprehensive-rust/issues/3155 ).
- **Missing `fn` keyword** on method definitions.
In a few places I made more opinionated changes that I'm including here
because splitting them out into a separate PR would just result in merge
conflicts later:
- `hash.md` - Removed the `friends` field. It wasn't necessary for
demonstrating the `Hash` trait, and removing it allows the slide to be
more concise.
- `newtype_pattern.md` - Tweak the exercise to show that you can't pass
an inner type where a newtype wrapper is expected (inverse of what it
was previously demonstrating). I think this is a slightly clearer way to
show what the slide is demonstrating.
- A few minor tweaks to formatting.
- Remove a few extraneous comments.
- Add empty lines to help space things out and make them easier to read.
- Remove `pub` keyword in a few places.
- Remove the `#` prefix on lines that I think should be kept visible in
the code snippet (though note that none of the hidden lines are ever
hidden because the code snippets are editable, see
https://github.com/google/comprehensive-rust/issues/2811 ).
2026-04-12 11:12:32 +02:00
b9e63dd122
cargo: bump arm-gic from 0.7.2 to 0.8.1 in /src/exercises/bare-metal/rtc ( #3145 )
...
Bumps arm-gic from 0.7.2 to 0.8.1.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Andrew Walbran <qwandor@google.com >
2026-04-01 12:52:11 +00:00
5a849c626b
cargo: bump aarch64-paging from 0.11.0 to 0.12.0 in /src/exercises/bare-metal/rtc ( #3142 )
...
Bumps [aarch64-paging](https://github.com/google/aarch64-paging ) from
0.11.0 to 0.12.0.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Andrew Walbran <qwandor@google.com >
2026-04-01 12:43:19 +00:00
1ba9d0f5d3
cargo: bump aarch64-paging from 0.11.0 to 0.12.0 in /src/bare-metal/aps/examples ( #3141 )
...
Bumps [aarch64-paging](https://github.com/google/aarch64-paging ) from
0.11.0 to 0.12.0.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Andrew Walbran <qwandor@google.com >
2026-04-01 12:42:39 +00:00
b0ad34c235
Idiomatic: Mark all code blocks as editable ( #3137 )
...
I generally find it useful to be able to edit code blocks in the slides
while teaching, and I think we should always mark code blocks as
editable. In my experience, there's not really any benefit to having the
code blocks be non-editable.
2026-04-01 13:41:17 +01:00
dadb60d147
Update translation for 'Exclusive References' ( #3136 )
...
Clarify Korean translation of "Exclusive References"
Updated the Korean translation for "Exclusive References" from
"허상(dangling) 참조" to "배타적(Exclusive) 참조"
The previous translation referred to dangling references, which is a
different concept. This change makes the meaning of Rust's exclusive
reference (`&mut`) terminology clearer and more accurate.
2026-04-01 12:38:01 +00:00
6a21ca4244
Fix initial wizard mana ( #3123 )
...
The exercise expects the wizard to have enough mana to cast all spells.
2026-04-01 13:25:19 +01:00
1cb99d1b3d
build(deps-dev): bump the npm_and_yarn group across 1 directory with 4 updates ( #3128 )
...
Bumps the npm_and_yarn group with 4 updates in the /tests directory:
[basic-ftp](https://github.com/patrickjuchli/basic-ftp ),
[fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser ),
[minimatch](https://github.com/isaacs/minimatch ) and
[undici](https://github.com/nodejs/undici ).
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 13:24:52 +01:00
65dec403f2
cargo: bump buddy_system_allocator from 0.12.0 to 0.13.0 ( #3152 )
...
Bumps
[buddy_system_allocator](https://github.com/rcore-os/buddy_system_allocator )
from 0.12.0 to 0.13.0.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 11:22:50 +00:00
01ee18df94
cargo: bump scraper from 0.25.0 to 0.26.0 ( #3153 )
...
Bumps [scraper](https://github.com/rust-scraper/scraper ) from 0.25.0 to
0.26.0.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 11:22:43 +00:00
d8460bd386
cargo: bump safe-mmio from 0.2.7 to 0.3.0 in /src/bare-metal/aps/examples ( #3143 )
...
Bumps [safe-mmio](https://github.com/google/safe-mmio ) from 0.2.7 to
0.3.0.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 11:21:40 +00:00
3796898870
cargo: bump the patch group across 1 directory with 3 updates ( #3151 )
...
Bumps the patch group with 3 updates in the / directory:
[pulldown-cmark](https://github.com/raphlinus/pulldown-cmark ),
[zerocopy](https://github.com/google/zerocopy ) and
[tokio-websockets](https://github.com/Gelbpunkt/tokio-websockets ).
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 11:20:31 +00:00
96cb6495d1
cargo: bump the minor group with 3 updates ( #3150 )
...
Bumps the minor group with 3 updates:
[clap](https://github.com/clap-rs/clap ),
[tokio](https://github.com/tokio-rs/tokio ) and
[tempfile](https://github.com/Stebalien/tempfile ).
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 11:34:37 +01:00
5fb865d1cf
build(deps): bump actions/deploy-pages from 4 to 5 ( #3149 )
...
Bumps [actions/deploy-pages](https://github.com/actions/deploy-pages )
from 4 to 5.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 11:34:24 +01:00
8fc3cb371e
cargo: bump arm-pl011-uart from 0.4.0 to 0.5.0 in /src/bare-metal/aps/examples ( #3144 )
...
Bumps arm-pl011-uart from 0.4.0 to 0.5.0.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 11:33:18 +01:00
db96c704b5
build(deps): bump actions/configure-pages from 5 to 6 ( #3148 )
...
Bumps
[actions/configure-pages](https://github.com/actions/configure-pages )
from 5 to 6.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 11:33:00 +01:00
946b935583
cargo: bump zerocopy from 0.8.40 to 0.8.48 in /src/exercises/bare-metal/rtc in the patch group ( #3140 )
...
Bumps the patch group in /src/exercises/bare-metal/rtc with 1 update:
[zerocopy](https://github.com/google/zerocopy ).
Updates `zerocopy` from 0.8.40 to 0.8.48
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 11:24:05 +01:00
78fe790033
cargo: bump zerocopy from 0.8.40 to 0.8.48 in /src/bare-metal/aps/examples in the patch group ( #3139 )
...
Bumps the patch group in /src/bare-metal/aps/examples with 1 update:
[zerocopy](https://github.com/google/zerocopy ).
Updates `zerocopy` from 0.8.40 to 0.8.48
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 11:22:43 +01:00
65ac5abf16
cargo: bump buddy_system_allocator from 0.12.0 to 0.13.0 in /src/bare-metal/alloc-example ( #3138 )
...
Bumps
[buddy_system_allocator](https://github.com/rcore-os/buddy_system_allocator )
from 0.12.0 to 0.13.0.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 11:21:08 +01:00
580e013eca
cargo: bump rustls-webpki from 0.103.4 to 0.103.10 ( #3135 )
...
Bumps [rustls-webpki](https://github.com/rustls/webpki ) from 0.103.4 to
0.103.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rustls/webpki/releases ">rustls-webpki's
releases</a>.</em></p>
<blockquote>
<h2>0.103.10</h2>
<p><strong>Correct selection of candidate CRLs by Distribution Point and
Issuing Distribution Point</strong>. If a certificate had more than one
<code>distributionPoint</code>, then only the first
<code>distributionPoint</code> would be considered against each CRL's
<code>IssuingDistributionPoint</code> <code>distributionPoint</code>,
and then the certificate's subsequent <code>distributionPoint</code>s
would be ignored.</p>
<p>The impact was that correct provided CRLs would not be consulted to
check revocation. With <code>UnknownStatusPolicy::Deny</code> (the
default) this would lead to incorrect but safe
<code>Error::UnknownRevocationStatus</code>. With
<code>UnknownStatusPolicy::Allow</code> this would lead to inappropriate
acceptance of revoked certificates.</p>
<p>This vulnerability is thought to be of limited impact. This is
because both the certificate and CRL are signed -- an attacker would
need to compromise a trusted issuing authority to trigger this bug. An
attacker with such capabilities could likely bypass revocation checking
through other more impactful means (such as publishing a valid, empty
CRL.)</p>
<p>More likely, this bug would be latent in normal use, and an attacker
could leverage faulty revocation checking to continue using a revoked
credential.</p>
<p>This vulnerability is identified by <a
href="https://github.com/rustls/webpki/security/advisories/GHSA-pwjx-qhcg-rvj4 ">GHSA-pwjx-qhcg-rvj4</a>.
Thank you to <a href="https://github.com/1seal "><code>@1seal</code></a>
for the report.</p>
<h2>What's Changed</h2>
<ul>
<li>Freshen up rel-0.103 by <a
href="https://github.com/ctz "><code>@ctz</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/455 ">rustls/webpki#455</a></li>
<li>Prepare 0.103.10 by <a
href="https://github.com/ctz "><code>@ctz</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/458 ">rustls/webpki#458</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rustls/webpki/compare/v/0.103.9...v/0.103.10 ">https://github.com/rustls/webpki/compare/v/0.103.9...v/0.103.10 </a></p>
<h2>0.103.9</h2>
<h2>What's Changed</h2>
<ul>
<li>[backport] ci: avoid denying warnings on nightly toolchains by <a
href="https://github.com/alex "><code>@alex</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/437 ">rustls/webpki#437</a></li>
<li>Backport lifetime change and bump version for release by <a
href="https://github.com/alex "><code>@alex</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/436 ">rustls/webpki#436</a></li>
</ul>
<h2>0.103.8</h2>
<h2>What's Changed</h2>
<ul>
<li>backport valid_uri_names (<a
href="https://redirect.github.com/rustls/webpki/issues/404 ">#404</a>) to
rel-0.103 by <a href="https://github.com/alex "><code>@alex</code></a>
in <a
href="https://redirect.github.com/rustls/webpki/pull/408 ">rustls/webpki#408</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rustls/webpki/compare/v/0.103.7...v/0.103.8 ">https://github.com/rustls/webpki/compare/v/0.103.7...v/0.103.8 </a></p>
<h2>0.103.7</h2>
<ul>
<li><strong>New feature</strong>: Add
<code>KeyPurposeId::to_decoded_oid()</code> to help external
<code>ExtendedKeyUsageValidator</code>s fill
<code>RequiredEkuNotFoundContext::present</code>.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Warn on unnameable types by <a
href="https://github.com/djc "><code>@djc</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/387 ">rustls/webpki#387</a></li>
<li>Expose KeyPurposeId::to_decoded_oid() by <a
href="https://github.com/djc "><code>@djc</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/385 ">rustls/webpki#385</a></li>
<li>Fix --cfg docsrs uses by <a
href="https://github.com/ctz "><code>@ctz</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/390 ">rustls/webpki#390</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rustls/webpki/compare/v/0.103.6...v/0.103.7 ">https://github.com/rustls/webpki/compare/v/0.103.6...v/0.103.7 </a></p>
<h2>0.103.6</h2>
<p>The extensible EKU validation released as part of 0.103.5 was
actually not usable due to missing type exports, and contained a
regression where empty ExtendedKeyUsage extensions would not trigger an
error. Both issues are fixed in this release.</p>
<h2>What's Changed</h2>
<ul>
<li>Export more types to enable ExtendedKeyUsageValidator
implementations by <a
href="https://github.com/djc "><code>@djc</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/381 ">rustls/webpki#381</a></li>
<li>Error on empty EKU extensions by <a
href="https://github.com/djc "><code>@djc</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/382 ">rustls/webpki#382</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/rustls/webpki/commit/348ce01c01cf8ce21199090c98853992c9c047a8 "><code>348ce01</code></a>
Prepare 0.103.10</li>
<li><a
href="https://github.com/rustls/webpki/commit/dbde5921164c6e3ea0928654de8cb7d5de8c2b33 "><code>dbde592</code></a>
crl: fix authoritative_for() support for multiple URIs</li>
<li><a
href="https://github.com/rustls/webpki/commit/9c4838e6129a544a0f7f5d26ac7517860a22992c "><code>9c4838e</code></a>
avoid std::prelude imports</li>
<li><a
href="https://github.com/rustls/webpki/commit/009ef667e3bb0544808c39b64e9b6db0d626b117 "><code>009ef66</code></a>
fix rust 1.94 ambiguous panic macro warnings</li>
<li><a
href="https://github.com/rustls/webpki/commit/c41360d095f9f48e14679a078afd10c2d61716fe "><code>c41360d</code></a>
build(deps): bump taiki-e/cache-cargo-install-action from 2 to 3</li>
<li><a
href="https://github.com/rustls/webpki/commit/e401d0083d9cf91d0209bae1db465267d7290233 "><code>e401d00</code></a>
generate.py: reformat for black 2026.1.0</li>
<li><a
href="https://github.com/rustls/webpki/commit/06cedecbf6af88cad40b2ae2cc4a474f1429ddb6 "><code>06cedec</code></a>
Take semver-compatible deps</li>
<li><a
href="https://github.com/rustls/webpki/commit/6bc9931d3b63d26cff9451ec59ac7efff73ebbc5 "><code>6bc9931</code></a>
Bump version to 0.103.9</li>
<li><a
href="https://github.com/rustls/webpki/commit/92dbfc6ee8ba6989d9960ec4e10dccf53820f771 "><code>92dbfc6</code></a>
Tie lifetime of valid_dns_names/valid_uri_names to struct lifetime</li>
<li><a
href="https://github.com/rustls/webpki/commit/2c46166a594c05afe111f75664c1bb4084f64e3e "><code>2c46166</code></a>
ci: sync cargo-check-external-types nightly</li>
<li>Additional commits viewable in <a
href="https://github.com/rustls/webpki/compare/v/0.103.4...v/0.103.10 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/google/comprehensive-rust/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-21 20:56:41 -04:00
646605edf3
cargo: bump quinn-proto from 0.11.13 to 0.11.14 ( #3126 )
...
Bumps [quinn-proto](https://github.com/quinn-rs/quinn ) from 0.11.13 to
0.11.14.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-11 10:23:31 +00:00
9b5c1a1969
Avoid debug printing error in thiserror.md ( #3124 )
...
One point about Rust error handling is that errors should know how to
`Display` print themselves, not just `Debug` print. So the example here
and elsewhere should avoid debug printing the error and thus show that
we use the format string from `#[error(...)]`.
2026-03-09 13:17:25 -04:00
80f66e03e5
cargo: bump the patch group in /src/bare-metal/aps/examples with 2 updates ( #3116 )
...
Bumps the patch group in /src/bare-metal/aps/examples with 2 updates:
[aarch64-rt](https://github.com/google/aarch64-rt ) and
[zerocopy](https://github.com/google/zerocopy ).
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-02 12:34:54 +00:00
d914765587
cargo: bump the patch group in /src/exercises/bare-metal/rtc with 4 updates ( #3115 )
...
Bumps the patch group in /src/exercises/bare-metal/rtc with 4 updates:
[aarch64-rt](https://github.com/google/aarch64-rt ), arm-gic,
[chrono](https://github.com/chronotope/chrono ) and
[zerocopy](https://github.com/google/zerocopy ).
Updates `aarch64-rt` from 0.4.2 to 0.4.3
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-02 12:34:43 +00:00
a700531449
cargo: bump the patch group with 7 updates ( #3121 )
...
Bumps the patch group with 7 updates:
| Package | From | To |
| --- | --- | --- |
| [anyhow](https://github.com/dtolnay/anyhow ) | `1.0.100` | `1.0.102` |
| [clap](https://github.com/clap-rs/clap ) | `4.5.56` | `4.5.60` |
| [regex](https://github.com/rust-lang/regex ) | `1.12.2` | `1.12.3` |
| [pulldown-cmark](https://github.com/raphlinus/pulldown-cmark ) |
`0.13.0` | `0.13.1` |
| [zerocopy](https://github.com/google/zerocopy ) | `0.8.37` | `0.8.40` |
| [futures-util](https://github.com/rust-lang/futures-rs ) | `0.3.31` |
`0.3.32` |
| [reqwest](https://github.com/seanmonstar/reqwest ) | `0.13.1` |
`0.13.2` |
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-02 12:23:47 +00:00
7583f9b0df
cargo: bump tempfile from 3.24.0 to 3.26.0 in the minor group ( #3120 )
...
Bumps the minor group with 1 update:
[tempfile](https://github.com/Stebalien/tempfile ).
Updates `tempfile` from 3.24.0 to 3.26.0
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-02 12:22:23 +00:00
4781cd564b
build(deps): bump actions/download-artifact from 7 to 8 ( #3119 )
...
Bumps
[actions/download-artifact](https://github.com/actions/download-artifact )
from 7 to 8.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-02 12:22:07 +00:00
e422449e54
build(deps): bump crate-ci/typos from 1.42.3 to 1.44.0 ( #3118 )
...
Bumps [crate-ci/typos](https://github.com/crate-ci/typos ) from 1.42.3 to
1.44.0.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-02 12:21:57 +00:00
188602d1c2
build(deps): bump actions/upload-artifact from 6 to 7 ( #3117 )
...
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact )
from 6 to 7.
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-02 12:21:15 +00:00
63d7692dae
cargo: bump bitflags from 2.10.0 to 2.11.0 in /src/bare-metal/aps/examples in the minor group ( #3114 )
...
Bumps the minor group in /src/bare-metal/aps/examples with 1 update:
[bitflags](https://github.com/bitflags/bitflags ).
Updates `bitflags` from 2.10.0 to 2.11.0
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-02 12:20:17 +00:00
a4280194c7
cargo: bump bitflags from 2.10.0 to 2.11.0 in /src/exercises/bare-metal/rtc in the minor group ( #3113 )
...
Bumps the minor group in /src/exercises/bare-metal/rtc with 1 update:
[bitflags](https://github.com/bitflags/bitflags ).
Updates `bitflags` from 2.10.0 to 2.11.0
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-02 12:20:09 +00:00
ac4a3c79ba
Reduce complexity on heterogeneous data slide ( #3109 )
...
There's no need to wrap the vector in a new type to convey the message
of this slide. Thus, we can reduce the complexity be removing the
`Heterogeneous` type.
2026-02-24 17:44:52 +00:00
3177aa5716
Make string construction explicit in dyn slide ( #3108 )
...
Let's make it crystal clear that we're taking a reference to a `String`
instead of hiding it behind a call to the overloaded `to_owned` method.
2026-02-24 17:44:33 +00:00
5d3553d896
Make refresher on supertraits less arbitrary ( #3106 )
...
I don't see value in explaining a domain students might not be familiar
with just to refresh supertraits. Let's use something everyone is
familiar with: animals and mammals.
2026-02-24 17:43:06 +00:00
56b7b332d7
Remove needless imports from inheritance slide ( #3107 )
...
There's no need to bring the `std` namespace into scope since it's not
used anywhere. While we're at it, let's also fix the indentation of one
comment.
2026-02-24 18:36:21 +01:00
72543af7a6
Make code in Idiomatic Rust course editable ( #3105 )
...
The students tend to have questions in all parts of the course. So, it's
always convenient to be able to edit the code examples. Here, for all
code blocks in the Idiomatic Rust course, which is what I'm teaching
right now.
2026-02-23 17:23:31 +00:00
3f143878d3
Fix trait bound for Ord on supertraits slide ( #3104 )
2026-02-23 16:51:13 +00:00
1a07e977f9
s/double/triple/ to avoid unintentional pun ( #3103 )
...
Replaced 'double' function with 'triple' function in example.
"double" is the name of a type in C and others, and `double(uid)` is
valid syntax for an explicit cast!
2026-02-23 09:33:31 +01:00
228216214e
Use surface syntax in type state diagrams ( #3102 )
...
For some reason the diagrams in the section for the type state pattern
do not use Rust's surface syntax but rather spell
`Serializer<Struct<S>>` as `Serializer [ Struct [ S ] ]`. I guess this
is because the `<` and `>` are somewhat tricky in bob diagrams.
However, this can be fixed by quoting phrases containing these tricky
symbols. This is what we do here. This also requires a little realigning
of arrows in order to keep the overall visual appearance of the
diagrams.
2026-02-20 18:22:53 +01:00
dependabot[bot]
Nicole L
Martin Geisler
Al Rifat Sabbir
junminjjang
Martin Huschenbett
Sam McCall