mirror of
https://github.com/google/comprehensive-rust.git
synced 2026-06-11 09:35:35 +02:00
main
2720 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Martin Geisler
|
da2c12ea63 |
bazel: Centralize cache configuration (#3206)
This ensures we only need to update the cache configuration in one place and prevents PRs from filling up the cache. Follow-up to #3203 where I managed to update only one of the two cache configurations. |
||
|
Martin Geisler
|
ec6086188f |
bazel: Cache Bazel itself and fetched repositories (#3203)
The build promptly failed after #3197 was merged: > 2026/06/09 19:21:56 Downloading https://releases.bazel.build/9.1.1/release/bazel-9.1.1-linux-x86_64... > 2026/06/09 19:21:58 could not download Bazel: failed to download bazel: failed to download bazel: could not copy from https://releases.bazel.build/9.1.1/release/bazel-9.1.1-linux-x86_64 to /home/runner/.cache/bazelisk/downloads/_tmp/download4253763382: stream error: stream ID 1; INTERNAL_ERROR; received from peer See this job: https://github.com/google/comprehensive-rust/actions/runs/27230090780/job/80407639773 This happened on 3 of the 22 jobs that build our translations. Caching the Bazel installation itself should help with this, and still respect the version in `.bazelverion`. The repository cache will capture things like Rust crates downloaded from crates.io. I'm not 100% sure if this is faster than pulling down the tarballs again, but it might isolate us slightly from outside disturbances. |
||
|
Martin Geisler
|
c092c383ad |
bazel: Build and cache local tools with Bazel (#3197)
This PR is the first step of several aiming at introducing better caching and reproducibility with Bazel. It will eventually fix #1168. I have been introducing Bazel for a large polyglot build at work, and this gave me hands on experience with building Rust with Bazel. In this project, we have so far been using shell scripts. YAML files, and a bit of `cargo xtask` to keep the build here going. However, it's time to admit that we have a non-trivial build process: - we build several `mdbook` plugins, some from our repository, some from external repositories (we install them globally with `cargo install`). - we use `build.sh` to backdate the sources for translations (we leave behnd a dirty working copy). - we have end-to-end tests which rely on NodeJS being installed on the system. All this complexity can be rained in with Bazel: we can build our `mdbook` plugins hermetically and put them on the `PATH` only for the final `mdbook build` invocation. We can put our backdated sources into temporary directories and keep the working copy clean. This will let us skip building translations that haven't changed, thus speeding up local and CI builds. I have not yet looked at the NodeJS parts, but I'm sure that can be integrated with Bazel as well. The approach used lets `rules_rust` read the `Cargo.lock` file: ```python crate = use_extension("@rules_rust//crate_universe:extensions.bzl", "crate") crate.from_cargo( name = "crates", cargo_lockfile = "//:Cargo.lock", manifests = ["//:Cargo.toml"], ) use_repo(crate, "crates") ``` This is the documented on https://bazelbuild.github.io/rules_rust/crate_universe_bzlmod.html. It build on the existing Cargo setup and is thus compatible with it. We can discuss later if we want to keep Cargo compatibility or move completely to Bazel. |
||
 dependabot[bot]
|
f575d2f2df |
build(deps): bump the npm_and_yarn group across 1 directory with 2 updates (#3200)
Bumps the npm_and_yarn group with 2 updates in the /tests directory: [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) and [qs](https://github.com/ljharb/qs). Updates `fast-xml-builder` from 1.1.5 to 1.2.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md">fast-xml-builder's changelog</a>.</em></p> <blockquote> <p><strong>1.2.0</strong> (2026-05-08)</p> <ul> <li>Add support for <code>sanitizeName</code> option</li> <li>Support xml-naming for validating and sanitizing tag and attribute names</li> </ul> <p><strong>1.1.9</strong> (2026-05-06)</p> <ul> <li>fix: format output for preserve order when indent by is set to empty string</li> </ul> <p><strong>1.1.8</strong> (2026-05-05)</p> <ul> <li>fix: skip text property for PI tags</li> <li>improve typings</li> </ul> <p><strong>1.1.7</strong> (2026--05-04)</p> <ul> <li>fix security issues when attribute value contains quotes</li> </ul> <p><strong>1.1.6</strong> (2026--05-04)</p> <ul> <li>fix security issues related to comment</li> <li>skip comment with null value</li> </ul> <p><strong>1.1.5</strong> (2026-04-17)</p> <ul> <li>fix security issues related to comment and cdata</li> </ul> <p><strong>1.1.4</strong> (2026-03-16)</p> <ul> <li>support maxNestedTags option</li> </ul> <p><strong>1.1.3</strong> (2026-03-13)</p> <ul> <li>declare Matcher & Expression as unknown so user is not forced to install path-expression-matcher</li> </ul> <p><strong>1.1.2</strong> (2026-03-11)</p> <ul> <li>fix typings</li> </ul> <p><strong>1.1.1</strong> (2026-03-11)</p> <ul> <li>upgrade path-expression-matcher to 1.1.3</li> </ul> <p><strong>1.1.0</strong> (2026-03-10)</p> <ul> <li>Integrate <a href="https://github.com/NaturalIntelligence/path-expression-matcher">path-expression-matcher</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NaturalIntelligence/fast-xml-builder/commit/a9a905b316176ef9a97bdf5450e60efbf0341f25"><code>a9a905b</code></a> for release</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-builder/commit/42680e8d730c48082268823fd285e10127ddba21"><code>42680e8</code></a> support name sanitization</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-builder/commit/8b00185bf6be67981ffc40e06c18acbbbe908779"><code>8b00185</code></a> release info</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-builder/commit/8a08f173d7b9c9a82599fe7de279ca7e12c3ad6b"><code>8a08f17</code></a> allow indentation to be empty string</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-builder/commit/7fc5decb9613afbd5d03747b1a0f11e0916e34ef"><code>7fc5dec</code></a> update docs</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-builder/commit/c241b6a8ed1863e5f518490ec1fcc38b13f2c370"><code>c241b6a</code></a> improve documentation</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-builder/commit/15d5668b53777400c8d80b6e21029c1a70888c78"><code>15d5668</code></a> update for release</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-builder/commit/98774853a696a1aee4dca830dd3eee2759676bd2"><code>9877485</code></a> fix: skip text property for PI tags</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-builder/commit/311a2213a817cf31558bea7c0e0807b0d4441814"><code>311a221</code></a> fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-builder/issues/5">#5</a> typing import issues</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-builder/commit/e8fc5b15d9d54b559781961f066de82a55aabcdd"><code>e8fc5b1</code></a> update for releast</li> <li>Additional commits viewable in <a href="https://github.com/NaturalIntelligence/fast-xml-builder/compare/v1.1.5...v1.2.0">compare view</a></li> </ul> </details> <br /> Updates `qs` from 6.14.2 to 6.15.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.15.2</strong></h2> <ul> <li>[Fix] <code>stringify</code>: skip null/undefined entries in <code>arrayFormat: 'comma'</code> + <code>encodeValuesOnly</code> instead of crashing in <code>encoder</code></li> <li>[Fix] <code>stringify</code>: use configured <code>delimiter</code> after <code>charsetSentinel</code> (<a href="https://redirect.github.com/ljharb/qs/issues/555">#555</a>)</li> <li>[Fix] <code>stringify</code>: apply <code>formatter</code> to encoded key under <code>strictNullHandling</code> (<a href="https://redirect.github.com/ljharb/qs/issues/554">#554</a>)</li> <li>[Fix] <code>stringify</code>: skip null/undefined filter-array entries instead of crashing in <code>encoder</code> (<a href="https://redirect.github.com/ljharb/qs/issues/551">#551</a>)</li> <li>[Fix] <code>parse</code>: handle nested bracket groups and add regression tests (<a href="https://redirect.github.com/ljharb/qs/issues/530">#530</a>)</li> <li>[readme] fix grammar (<a href="https://redirect.github.com/ljharb/qs/issues/550">#550</a>)</li> <li>[Dev Deps] update <code>@ljharb/eslint-config</code></li> <li>[Tests] add regression tests for keys containing percent-encoded bracket text</li> </ul> <h2><strong>6.15.1</strong></h2> <ul> <li>[Fix] <code>parse</code>: <code>parameterLimit: Infinity</code> with <code>throwOnLimitExceeded: true</code> silently drops all parameters</li> <li>[Deps] update <code>@ljharb/eslint-config</code></li> <li>[Dev Deps] update <code>@ljharb/eslint-config</code>, <code>iconv-lite</code></li> <li>[Tests] increase coverage</li> </ul> <h2><strong>6.15.0</strong></h2> <ul> <li>[New] <code>parse</code>: add <code>strictMerge</code> option to wrap object/primitive conflicts in an array (<a href="https://redirect.github.com/ljharb/qs/issues/425">#425</a>, <a href="https://redirect.github.com/ljharb/qs/issues/122">#122</a>)</li> <li>[Fix] <code>duplicates</code> option should not apply to bracket notation keys (<a href="https://redirect.github.com/ljharb/qs/issues/514">#514</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8"><code>9aca407</code></a> v6.15.2</li> <li><a href="https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992"><code>5e33d33</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41"><code>21f80b3</code></a> [Fix] <code>stringify</code>: skip null/undefined entries in <code>arrayFormat: 'comma'</code> + `e...</li> <li><a href="https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c"><code>a0a81ea</code></a> [Fix] <code>stringify</code>: use configured <code>delimiter</code> after <code>charsetSentinel</code></li> <li><a href="https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8"><code>e3062f7</code></a> [Fix] <code>stringify</code>: apply <code>formatter</code> to encoded key under <code>strictNullHandling</code></li> <li><a href="https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0"><code>0c180a4</code></a> [Fix] <code>stringify</code>: skip null/undefined filter-array entries instead of crashi...</li> <li><a href="https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656"><code>3a8b94a</code></a> [Tests] add regression tests for keys containing percent-encoded bracket text</li> <li><a href="https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d"><code>96755ab</code></a> [readme] fix grammar</li> <li><a href="https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6"><code>a419ce5</code></a> [Fix] <code>parse</code>: handle nested bracket groups and add regression tests</li> <li><a href="https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170"><code>3f5e1c5</code></a> v6.15.1</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/comprehensive-rust/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
 Arsen
|
2fb2578a51 |
ru: fix 25 factually wrong fuzzy entries (#3184)
This PR fixes a narrow set of `po/ru.po` entries where the existing fuzzy translation is **factually wrong** — different concept, swapped link, wrong day number, broken markdown, etc. — not where it's merely stylistically outdated. The other ~50 fuzzy entries are left with their `#, fuzzy` flag untouched for @baltuky (the original translator) to revisit on their own pace. ## Scope **Wrong chapter titles in SUMMARY** | msgid | was | now | |---|---|---| | Associated Types | Скалярные типы | Ассоциированные типы | | Shared Types (C++ interop) | Скалярные типы | Общие типы | | Try Conversions | Неявные преобразования | Преобразования через Try | | Marker Traits | Небезопасные типажи | Маркерные типажи | | Shared References | Заимствование (= different section) | Общие ссылки | **msgmerge nearest-match garbage.** Six chapter-link entries had been overwritten with the recurring `"Больше информации об использовании шаблонов..."` boilerplate or with an unrelated link — replaced with correct ones: `[Static]`, `[Pattern Matching]`, `[Matching Values]`, `[Deriving]`, `[Strings]`, `[Marker Traits]` (which pointed at the Arrays link). **Wrong body translations** - `Native support for Rust slices in C++` → was `"Встроенная поддержка тестирования"` (slices ≠ testing) - `` `while let` expressions `` and `` `let else` expressions `` → both were `"Выражение `if let`"` - `while-let` (anchor) → was `"Выражение `while let`"` (anchor name vs section title) - `Lives for the entire duration of the program` → was `"Функция `main` является точкой входа в программу"` - `Storing Books` → was `"Строки"` (Books ≠ Strings) - `An exercise on pattern matching.` → was about enums + pattern matching - `Welcome to Day 4` → was `"Добро пожаловать в День 1"` - `Can be scaled down to very constrained devices such as microcontrollers.` → was `"...мобильные телефоны"` (microcontrollers ≠ phones) - `Some things to try:` → was `"Примечания:"` (notes ≠ things to try) **Wrong code literals** - `"Welcome to RustOS 3.14"` → was `"Добро пожаловать в День 1"` - `"Hello "` → was `"Привет, мир!"` (different literal) **Broken markdown links** (literally not rendering as links) - Two `After looking at the exercises... [solutions](solutions-*.md)` entries had `\\[solutions\\]` with escaped brackets and no working link target. ## Terminology Followed the existing glossary in `ru.po` (Trait → Типаж, Borrow → Заимствование, Closure → Замыкание, Slice → Срез, Lifetime → Время жизни) and the established RU Rust canon for the new replacements (Marker Traits → Маркерные типажи; `#[derive]` → Вывод типажей). Shared/Exclusive References intentionally kept as Общие/Эксклюзивные ссылки, matching the modern shared/exclusive terminology that this course uses (not the older immutable/mutable framing) — happy to switch if reviewers prefer the canonical RU Book "неизменяемые/изменяемые". ## Verification ``` $ msgfmt --statistics -o /dev/null po/ru.po 574 translated messages, 50 fuzzy translations, 3136 untranslated messages. ``` (Before: 552 translated, 72 fuzzy, 3136 untranslated. Δ = +22 translated, −22 fuzzy.) Co-authored-by: Arsen Ozhetov <yabanciinbt@gmail.com> |
||
|
dependabot[bot]
|
505962ea2d |
build(deps): bump ip-address from 9.0.5 to 10.2.0 in /tests in the npm_and_yarn group across 1 directory (#3183)
Bumps the npm_and_yarn group with 1 update in the /tests directory: [ip-address](https://github.com/beaugunderson/ip-address). Updates `ip-address` from 9.0.5 to 10.2.0 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/beaugunderson/ip-address/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/comprehensive-rust/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
 Mateusz Maćkowski
|
deb6224ddf |
memory-management: rename as_dependency to to_dependency (#3173)
Because this function takes a reference to `self` and returns an owned object, it's more idiomatic to call it `to_` rather than `as_`: https://rust-lang.github.io/api-guidelines/naming.html#ad-hoc-conversions-follow-as_-to_-into_-conventions-c-conv This was brought up when discussing the code with the students when running the course. |
||
 michael-kerscher
|
cdfce6c3b6 |
analytics: track language in Google Analytics (#3199)
Use the `content_group` parameter in the `gtag` configuration to track which language version of the book is being viewed. Fixes #3198 |
||
 Arnav Nagzirkar
|
9046e96ec5 |
fix: Explicitly call out dev-dependencies used in solutions (#3196)
## Summary ## Root Cause The `src/unsafe-rust/exercise.rs` solution has unit tests that use the `tempfile` crate (`tempfile::TempDir::new()`). However: 1. `tempfile` was listed under `[dependencies]` instead of `[dev-dependencies]` in `src/unsafe-rust/Cargo.toml`, even though it is only needed at test time. 2. The `solution.md` page did not mention `tempfile` at all, so anyone who copy-pastes the solution into a new Cargo project would get compile errors without knowing they need to add the crate. ## Change Made **`src/unsafe-rust/Cargo.toml`** — moved `tempfile` from `[dependencies]` to `[dev-dependencies]`: ```toml [dev-dependencies] tempfile = "3.27.0" ``` **`src/unsafe-rust/solution.md`** — added a note at the top of the solution page instructing readers to add `tempfile` as a dev-dependency: ```markdown The unit tests use the [`tempfile`](https://docs.rs/tempfile/) crate. Add it as a dev-dependency with: ```shell cargo add --dev tempfile ``` ``` ## Issue Fixes #1290 **Issue URL:** https://github.com/google/comprehensive-rust/issues/1290 ## Changes ``` src/unsafe-rust/Cargo.toml | 2 +- src/unsafe-rust/solution.md | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) ``` ## Testing - Agent ran relevant tests during development - Linting checks passed - Changes are minimal and focused on the issue ## AI Assistance Disclosure This pull request was prepared with the assistance of AI coding tools (GitHub Copilot). The change has been read, understood, and is owned by the human contributor submitting it, who will respond to review feedback. |
||
 Brian Daniels
|
eebd9ce331 |
Fix redirects (#3187)
Fixes #3186 NOTE: the fixes to the actual redirects were done with the assistance of an LLM. I've looked through most of them and they seem to be generally accurate, but it's hard to say for sure given the original sources have been deleted. Please feel free to suggest an alternative! --------- Co-authored-by: Brian Daniels <briandaniels@google.com> |
||
|
dependabot[bot]
|
481151a6b4 |
cargo: bump spin from 0.10.0 to 0.12.0 in /src/exercises/bare-metal/rtc (#3192)
Bumps spin from 0.10.0 to 0.12.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
49e5ab2816 |
cargo: bump spin from 0.10.0 to 0.12.0 in /src/bare-metal/aps/examples (#3190)
Bumps spin from 0.10.0 to 0.12.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
1a3101a2f0 |
cargo: bump the patch group with 7 updates (#3194)
Bumps the patch group with 7 updates: | Package | From | To | | --- | --- | --- | | [log](https://github.com/rust-lang/log) | `0.4.29` | `0.4.30` | | [serde_json](https://github.com/serde-rs/json) | `1.0.149` | `1.0.150` | | [pulldown-cmark](https://github.com/raphlinus/pulldown-cmark) | `0.13.3` | `0.13.4` | | [zerocopy](https://github.com/google/zerocopy) | `0.8.48` | `0.8.50` | | [http](https://github.com/hyperium/http) | `1.4.0` | `1.4.1` | | [tokio](https://github.com/tokio-rs/tokio) | `1.52.1` | `1.52.3` | | [reqwest](https://github.com/seanmonstar/reqwest) | `0.13.3` | `0.13.4` | Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
46ce9bc6f7 |
build(deps): bump crate-ci/typos from 1.46.0 to 1.47.0 (#3193)
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.46.0 to 1.47.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
8f8d4276ee |
cargo: bump the patch group in /src/exercises/bare-metal/rtc with 3 updates (#3191)
Bumps the patch group in /src/exercises/bare-metal/rtc with 3 updates: [log](https://github.com/rust-lang/log), [smccc](https://github.com/google/smccc) and [zerocopy](https://github.com/google/zerocopy). Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
84a50fa6f2 |
cargo: bump the patch group in /src/bare-metal/aps/examples with 3 updates (#3189)
Bumps the patch group in /src/bare-metal/aps/examples with 3 updates: [log](https://github.com/rust-lang/log), [smccc](https://github.com/google/smccc) and [zerocopy](https://github.com/google/zerocopy). Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
8295fc683c |
cargo: bump scraper from 0.26.0 to 0.27.0 (#3195)
Bumps [scraper](https://github.com/rust-scraper/scraper) from 0.26.0 to 0.27.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Brian Daniels
|
c56f6fdcf8 |
Add script to check that deleted slides have redirects (#3174)
Fixes #1417. This adds a script and a CI job to ensure that slides that are deleted have a matching redirect entry in `bool.toml`. If a redirect entry is not found (for example, for `src/hello-world.md`), the following is printed before exiting with a status of 1: ``` The following deleted files have missing redirect entries in book.toml: src/hello-world.md ``` Co-authored-by: Brian Daniels <briandaniels@google.com> |
||
|
dependabot[bot]
|
7501a425ed |
cargo: bump tokio from 1.50.0 to 1.52.1 in the minor group (#3181)
Bumps the minor group with 1 update: [tokio](https://github.com/tokio-rs/tokio). Updates `tokio` from 1.50.0 to 1.52.1 Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
8d15c94b26 |
cargo: bump the patch group in /src/exercises/bare-metal/rtc with 2 updates (#3177)
Bumps the patch group in /src/exercises/bare-metal/rtc with 2 updates: [aarch64-paging](https://github.com/google/aarch64-paging) and [bitflags](https://github.com/bitflags/bitflags). Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
7f873b0900 |
cargo: bump the patch group in /src/bare-metal/aps/examples with 2 updates (#3178)
Bumps the patch group in /src/bare-metal/aps/examples with 2 updates: [aarch64-paging](https://github.com/google/aarch64-paging) and [bitflags](https://github.com/bitflags/bitflags). Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
77f0e20d40 |
build(deps): bump actions/upload-pages-artifact from 4 to 5 (#3179)
Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 4 to 5. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
59d8bfd3bc |
build(deps): bump crate-ci/typos from 1.44.0 to 1.46.0 (#3180)
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.44.0 to 1.46.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
54d19dcb31 |
cargo: bump the patch group with 2 updates (#3182)
Bumps the patch group with 2 updates: [clap](https://github.com/clap-rs/clap) and [reqwest](https://github.com/seanmonstar/reqwest). Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
 Nicole L
|
0290c13aef |
Idiomatic: Various tweaks and cleanup to common traits section (#3163)
Various tweaks and cleanup to the "Implementing Common Traits" section of Idiomatic based on my first time teaching the class. - Remove the "When to implement" notes from the slides. I found these to be unhelpful, as the answer for "when do I implement this trait" is always "when you need to". I would generally not encourage people to implement traits, even derivable ones, just because they _can_ do so. Where necessary we have speaker notes that call out more specifically when there are extra caveats to implementing a trait, which I think better covers the nuances here. - Remove the commented-out code showing the definition of the traits. This is cruft that adds visual noise, and I'd prefer to just pull up the standard library docs to show students what the trait API looks like. - Add `main` function with example code to a few slides that were not demonstrating the behavior of the traits. - Fix various issues with markdown formatting in slides and speaker notes. - `copy.md` - Note that `Copy` is an implicit operation, whereas `Clone` is an explicit, user-defined operation. - Note that `Copy` and `Clone` should be derived together. - Note that `Copy` types cannot impl `Drop`, and reorganize notes so that they render more clearly in the speaker notes. - `display.md` - Remove reference to the `Error` trait and shift focus to highlight the differences between `Debug` and `Display`. I don't think mentioning `Error` is bad per se, but I think it's the wrong thing to focus on here.\ - `from-into.md` - Rename `ObviousImplementation` to `Wrapper` to make things more concise and easier to read. - Change `From` impls to be for `&str` and `i32`, to better demonstrate how `From` can support conversions from multiple unrelated types. - Add example code showing how `Into` is a more natural trait bound than `From`. --------- Co-authored-by: Martin Geisler <martin@geisler.net> |
||
|
Nicole L
|
e5da735e55 |
Idiomatic: Various tweaks and cleanup to naming conventions section (#3164)
Tweaks and feedback to the "Naming Conventions" section of Idiomatic based on my experience teaching the class, mostly focusing on making the slides more concise. Related to https://github.com/google/comprehensive-rust/pull/3157, which also attempts to trim the section by removing some slides that I don't think are necessary. As noted in that PR, I think the section is overly long and would benefit from being a quicker tour of naming conventions, without needing to spend a lot of time on any of the slides. |
||
|
Nicole L
|
6b4b1ea50b |
Idiomatic: Misc. minor tweaks to the type system section (#3165)
A handful of minor fixes to the type systems section of Idiomatic. Mostly just fixing wording or markdown formatting. Also rename the "Parse, Don't Validate" slide to "Enforce Invariants at Construction". The naming of this slide seems odd to me when the example code is validating inputs, not doing any parsing. I think what the slide demonstrates is fine, but makes more sense framed as "enforce invariants at construction time, then you can rely on those invariants later". |
||
|
Nicole L
|
58f6817554 |
Idiomatic: Various minor tweaks to doc comments section (#3162)
Various minor tweaks to the "Meaningful Doc Comments" section of Idiomatic based on my experience teaching the class for the first time. - Fix a few formatting issues in speaker notes that caused the markdown to not render cleanly. - Trim a few speaker notes that I think are redundant. - `anatomy-of-a-doc-comment.md` - Reorder speaker note so the Q&A about panics is organized under the section about panics. - `what-why-not-how-where.md` - Remove the `sort_quickly` example. This is later used as the example in the exercise, and I think discussing it before the exercise undercuts the value of the exercise. --------- Co-authored-by: Martin Geisler <martin@geisler.net> |
||
|
Nicole L
|
d4ea311a87 |
Idiomatic: Rework Option-in-Drop example to emphasize move semantics (#3168)
Rework the example in the "Drop: Option" slide to emphasize how `Option` is used to achieve move operations in `Drop` code. The current version of the slide emphasizes the wrong thing in my opinion, and fails to actually demonstrate the pattern of needing to perform a move operation in `drop`. I've modified `Handle` to have a `fn close(self)` instead of a `Drop` impl, that way `File::drop` needs to move out of its inner field in order to call `close`. |
||
|
dependabot[bot]
|
2d930f2d2c |
build(deps-dev): bump fast-xml-parser from 5.5.11 to 5.7.1 in /tests in the npm_and_yarn group across 1 directory (#3172)
Bumps the npm_and_yarn group with 1 update in the /tests directory: [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser). Updates `fast-xml-parser` from 5.5.11 to 5.7.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/releases">fast-xml-parser's releases</a>.</em></p> <blockquote> <h2>upgrade <code>@nodable/entities</code> and FXB</h2> <ul> <li>Use <code>@nodable/entities</code> v2.1.0 <ul> <li>breaking changes <ul> <li>single entity scan. You're not allowed to use entity value to form another entity name.</li> <li>you cant add numeric external entity</li> <li>entity error message when expantion limit is crossed might change</li> </ul> </li> <li>typings are updated for new options related to process entity</li> <li>please follow documentation of <code>@nodable/entities</code> for more detail.</li> <li>performance <ul> <li>if processEntities is false, then there should not be impact on performance.</li> <li>if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%</li> <li>if processEntities is true, and you pass entity decoder separately <ul> <li>if no entity then performance should be same as before</li> <li>if there are entities then performance should be increased from past versions</li> </ul> </li> </ul> </li> <li>ignoreAttributes is not required to be set to set xml version for NCR entity value</li> </ul> </li> <li>update 'fast-xml-builder' to sanitize malicious CDATA and comment's content</li> </ul> <h2>use <code>@nodable/entities</code> to replace entities</h2> <ul> <li>No API change</li> <li>No change in performance for basic usage</li> <li>No typing change</li> <li>No config change</li> <li>new dependency</li> <li>breaking: error messages for entities might have been changed.</li> <li></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's changelog</a>.</em></p> <blockquote> <p><!-- raw HTML omitted -->Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.<!-- raw HTML omitted --></p> <p>Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion</p> <p><strong>5.7.1 / 2026-04-20</strong></p> <ul> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705">#705</a>: attributesGroupName working with preserveOrder</li> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817">#817</a>: stackoverflow when tag expression is very long</li> </ul> <p><strong>5.7.0 / 2026-04-17</strong></p> <ul> <li>Use <code>@nodable/entities</code> v2.1.0 <ul> <li>breaking changes <ul> <li>single entity scan. You're not allowed to user entity value to form another entity name.</li> <li>you cant add numeric external entity</li> <li>entity error message when expantion limit is crossed might change</li> </ul> </li> <li>typings are updated for new options related to process entity</li> <li>please follow documentation of <code>@nodable/entities</code> for more detail.</li> <li>performance <ul> <li>if processEntities is false, then there should not be impact on performance.</li> <li>if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%</li> <li>if processEntities is true, and you pass entity decoder separately <ul> <li>if no entity then performance should be same as before</li> <li>if there are entities then performance should be increased from past versions</li> </ul> </li> </ul> </li> <li>ignoreAttributes is not required to be set to set xml version for NCR entity value</li> </ul> </li> <li>update 'fast-xml-builder' to sanitize malicious CDATA and comment's content</li> </ul> <p><strong>5.6.0 / 2026-04-15</strong></p> <ul> <li>fix: entity replacement for numeric entities</li> <li>use <code>@nodable/entities</code> to replace entities <ul> <li>this may change some error messages related to entities expansion limit or inavlid use</li> <li>post check would be exposed in future version</li> </ul> </li> </ul> <p><strong>5.5.12 / 2026-04-13</strong></p> <ul> <li>Performance Improvement: update path-expression-matcher <ul> <li>use proxy pattern than Proxy class</li> </ul> </li> </ul> <p><strong>5.5.11 / 2026-04-08</strong></p> <ul> <li>Performance Improvement <ul> <li>integrate ExpressionSet for stopNodes</li> </ul> </li> </ul> <p><strong>5.5.10 / 2026-04-03</strong></p> <ul> <li>increase default entity explansion limit as many projects demand for that</li> <li>performance improvement <ul> <li>reduce calls to toString</li> <li>early return when entities are not present</li> <li>prepare rawAttrsForMatcher only if user sets <code>jPath: false</code></li> </ul> </li> </ul> <p><strong>5.5.9 / 2026-03-23</strong></p> <ul> <li>combine typing files</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/0f08303189d541b08401d15a7137dc238a815fa7"><code>0f08303</code></a> fix typo</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/f529642d760ef53bb9115ad4798af5dc77ac22c4"><code>f529642</code></a> update to release v5.7.0</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/52a8583465d6a67ad19e86fe34714879a981c18e"><code>52a8583</code></a> Revert "improve performance of attributes reading"</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/8d187f9abaf42ebdd85623a9ae942b08e8ae5d0c"><code>8d187f9</code></a> update builder</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/e174168a72a65a8fccad2c42bde329d2167edf27"><code>e174168</code></a> improve performance of attributes reading</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/79a8dde50cebaeeda75cc1ad5b97c328da106316"><code>79a8dde</code></a> update docs</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/f5cd5a595f313ed7b0820cabfa82ebdaa08651f7"><code>f5cd5a5</code></a> set xml version to decoder even if attributes are ignored</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/f44b9236f4bee07bba75f0549fe86c981b1aeeef"><code>f44b923</code></a> remove unwanted tests</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/869ec8b3588304a3a6aa9f22e38445e06d4547c8"><code>869ec8b</code></a> Use <code>@nodable/entities</code> v2.1.0</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/7cb49e51cd060caecf296fbf718a98d8c044c8c5"><code>7cb49e5</code></a> update release detail</li> <li>Additional commits viewable in <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.11...v5.7.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/comprehensive-rust/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
d070b38b28 |
cargo: bump rand from 0.8.5 to 0.8.6 (#3171)
Bumps [rand](https://github.com/rust-random/rand) from 0.8.5 to 0.8.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md">rand's changelog</a>.</em></p> <blockquote> <h2>[0.8.6] - 2026-04-14</h2> <p>This release back-ports a fix from v0.10. See also <a href="https://redirect.github.com/rust-random/rand/issues/1763">#1763</a>.</p> <h3>Changes</h3> <ul> <li>Deprecate feature <code>log</code> (<a href="https://redirect.github.com/rust-random/rand/issues/1772">#1772</a>)</li> </ul> <p><a href="https://redirect.github.com/rust-random/rand/issues/1763">#1763</a>: <a href="https://redirect.github.com/rust-random/rand/pull/1763">rust-random/rand#1763</a> <a href="https://redirect.github.com/rust-random/rand/issues/1772">#1772</a>: <a href="https://redirect.github.com/rust-random/rand/pull/1772">rust-random/rand#1772</a></p> <ul> <li>Drop the experimental <code>simd_support</code> feature.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rust-random/rand/commit/5309f25bb5e7d21ac01c5b6f476badd06f9cdc3f"><code>5309f25</code></a> 0.8.6 (<a href="https://redirect.github.com/rust-random/rand/issues/1772">#1772</a>): update for recent nightly rustc and backport <a href="https://redirect.github.com/rust-random/rand/issues/1764">#1764</a></li> <li><a href="https://github.com/rust-random/rand/commit/1126d03a5cbd725aad239efb0d537c9130a76b26"><code>1126d03</code></a> When testing rustc 1.36, use compatible dependencies.</li> <li><a href="https://github.com/rust-random/rand/commit/143b60280f79a5f1992445b3df0e0599841f9821"><code>143b602</code></a> Add Cargo.lock.msrv.</li> <li><a href="https://github.com/rust-random/rand/commit/9be86f2d8140139800989ac93399b9cd49108fb8"><code>9be86f2</code></a> Fix cross build test.</li> <li><a href="https://github.com/rust-random/rand/commit/5e0d50d7706281ae67e69ff64105baf3c94d6ef8"><code>5e0d50d</code></a> Drop simd_support.</li> <li><a href="https://github.com/rust-random/rand/commit/8ff02f0568d2f8fddda74b47613a3daaa5e2a879"><code>8ff02f0</code></a> Upgrade cache action.</li> <li><a href="https://github.com/rust-random/rand/commit/4ad0cc34fc847d4d59ffdcdfbf189482601aa6b9"><code>4ad0cc3</code></a> Don't test for unsupported target architecture.</li> <li><a href="https://github.com/rust-random/rand/commit/258e6d04a681321e0c4b16e3785063ed9b9e744d"><code>258e6d0</code></a> Address warning.</li> <li><a href="https://github.com/rust-random/rand/commit/9f0e676362f9599941f00bccc5310135b7c19f89"><code>9f0e676</code></a> Mark some internal traits as potentially unused.</li> <li><a href="https://github.com/rust-random/rand/commit/6f123c178eee4563876bdd50f4ac0621b21ce2b8"><code>6f123c1</code></a> Workaround never constructed and never used warning.</li> <li>Additional commits viewable in <a href="https://github.com/rust-random/rand/compare/0.8.5...0.8.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/comprehensive-rust/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
e29c1b9774 |
cargo: bump rustls-webpki from 0.103.10 to 0.103.13 (#3170)
Bumps [rustls-webpki](https://github.com/rustls/webpki) from 0.103.10 to 0.103.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rustls/webpki/releases">rustls-webpki's releases</a>.</em></p> <blockquote> <h2>0.103.13</h2> <ul> <li><strong>Fix reachable panic in parsing a CRL</strong>. This was reported to us as <a href="https://github.com/rustls/webpki/security/advisories/GHSA-82j2-j2ch-gfr8">GHSA-82j2-j2ch-gfr8</a>. Users who don't use CRLs are not affected.</li> <li>For name constraints on URI names, we incorrectly processed excluded subtrees in a way which inverted the desired meaning. See <a href="https://redirect.github.com/rustls/webpki/pull/471">rustls/webpki#471</a>. This was a case missing in the fix for <a href="https://github.com/advisories/GHSA-965h-392x-2mh5">https://github.com/advisories/GHSA-965h-392x-2mh5</a>.</li> </ul> <h2>What's Changed</h2> <ul> <li>Actually fail closed for URI matching against excluded subtrees by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki/pull/473">rustls/webpki#473</a></li> <li>Prepare 0.103.13 by <a href="https://github.com/ctz"><code>@ctz</code></a> in <a href="https://redirect.github.com/rustls/webpki/pull/474">rustls/webpki#474</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13">https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13</a></p> <h2>0.103.12</h2> <p>This release fixes two bugs in name constraint enforcement:</p> <ul> <li><strong>GHSA-965h-392x-2mh5</strong>: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.</li> <li><strong>GHSA-xgp8-3hg3-c2mh</strong>: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of <code>accept.example.com</code>, <code>*.example.com</code> could feasibly allow a name of <code>reject.example.com</code> which is outside the constraint. This is very similar to <a href="https://go.dev/issue/76442">CVE-2025-61727</a>.</li> </ul> <p>Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.</p> <h2>What's Changed</h2> <ul> <li>Prepare 0.103.12 by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki/pull/470">rustls/webpki#470</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12">https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12</a></p> <h2>0.103.11</h2> <p>In response to <a href="https://redirect.github.com/rustls/webpki/issues/464">#464</a>, we've slightly relaxed requirements for <code>anchor_from_trust_cert()</code> to ignore unknown extensions even if they're marked as critical. This only affects parsing a <code>TrustAnchor</code> from DER, for which most extensions are ignored anyway.</p> <h2>What's Changed</h2> <ul> <li>Backport parsing trust anchors with unknown critical extensions to 0.103 by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki/pull/466">rustls/webpki#466</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rustls/webpki/commit/2879b2ce7a476181ac3050f73fe0835f04728e86"><code>2879b2c</code></a> Prepare 0.103.13</li> <li><a href="https://github.com/rustls/webpki/commit/2c49773d823f48c87db30db7a66c25993c847007"><code>2c49773</code></a> Improve tests for padding of <code>BitStringFlags</code></li> <li><a href="https://github.com/rustls/webpki/commit/4e3c0b393a7bfb9cbe6dcdc8309cbadf8ee00c51"><code>4e3c0b3</code></a> Correct validation of BIT STRING constraints</li> <li><a href="https://github.com/rustls/webpki/commit/39c91d2525a542a7f651a1a62c3462e8115cc39e"><code>39c91d2</code></a> Actually fail closed for URI matching against excluded subtrees</li> <li><a href="https://github.com/rustls/webpki/commit/27131d476e2b68a537e629d6d012bef8dad6efd3"><code>27131d4</code></a> Bump version to 0.103.12</li> <li><a href="https://github.com/rustls/webpki/commit/6ecb8769cde2246e761e058709421c14a7dee6b1"><code>6ecb876</code></a> Clean up stuttery enum variant names</li> <li><a href="https://github.com/rustls/webpki/commit/318b3e6e03ca2bc21600ca6bb0d0c6439b9e6aeb"><code>318b3e6</code></a> Ignore wildcard labels when matching name constraints</li> <li><a href="https://github.com/rustls/webpki/commit/12196229a327d3d670798688254bd3ea24aba24b"><code>1219622</code></a> Rewrite constraint matching to avoid permissive catch-all branch</li> <li><a href="https://github.com/rustls/webpki/commit/57bc62ce538c2d0d31d44b3eb8c58e6a0a764b47"><code>57bc62c</code></a> Bump version to 0.103.11</li> <li><a href="https://github.com/rustls/webpki/commit/d0fa01ee0a76b7585c13ec43de5854955146ffef"><code>d0fa01e</code></a> Allow parsing trust anchors with unknown criticial extensions</li> <li>See full diff in <a href="https://github.com/rustls/webpki/compare/v/0.103.10...v/0.103.13">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/comprehensive-rust/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Nicole L
|
a5c515433c |
Idiomatic: Remove diagram from typestate-generics.md (#3169)
The diagram was shown on the previous slide, and isn't terribly relevant on this slide. I think removing it helps for brevity and clarity. |
||
|
Nicole L
|
4a9e8d0501 |
Simplify and flesh out extension trait speaker notes (#3167)
- Remove some redundant notes at the top that just repeat information in the other bullet points. - Add a note pointing out that you need a trait to use with generics and `dyn`. |
||
 Martin Geisler
|
48379f5c2f |
Add Cargo instructions to expression evaluator (#3112)
Our Cargo instructions has not mentioned the `--lib` flag yet, so add it here where it's needed for the first time. |
||
|
Nicole L
|
5e019488af |
Idiomatic: Trim slides from naming conventions section (#3157)
I think the naming conventions section of Idiomatic is a bit longer than it needs to be. I think it's useful to point out common conventions, but the section currently is pretty long and is imo not where we want to be spending a lot of time. I'm suggesting trimming the following slides: - Get and Push - These are specific to the collection types, and are not generally naming conventions that students would be using when writing their own code. Pointing these out can be good for helping students orient themselves when looking at the collection types in std, but I think we should focus more on naming conventions that students would use when writing their own code. - With in normal use - I don't think we need a slide to point out when "with" isn't used as part of a convention, I think we can trust students to figure that out on their own. - Into inner - This is a special case of "into", I don't think we need a separate slide for it. - Unchecked and Raw parts - I don't think it's worth covering unsafe-specific conventions in Idiomatic, since we don't really focus on unsafe in this course. I also moved the "by" slide to the end of the section since it was in the middle of a bunch of slides that are all related to type conversion. I think that'll help things flow a bit better. |
||
|
Nicole L
|
03130e81a8 |
Idiomatic: Use reference-style links in signposting slide (#3161)
Using inline links in doc comments can result in really long lines that are unwieldy and hard to parse when looking at the unrendered source comments. I'd like to show students that you can use the reference style links to keep the source comment readable while still taking advantage of markdown links to point readers to external resources. |
||
|
dependabot[bot]
|
4b60b9d9cf |
build(deps-dev): bump the npm_and_yarn group across 1 directory with 2 updates (#3160)
Bumps the npm_and_yarn group with 2 updates in the /tests directory: [basic-ftp](https://github.com/patrickjuchli/basic-ftp) and [lodash](https://github.com/lodash/lodash). Updates `basic-ftp` from 5.2.1 to 5.2.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/patrickjuchli/basic-ftp/releases">basic-ftp's releases</a>.</em></p> <blockquote> <h2>5.2.2</h2> <ul> <li>Fixed: Improve control character rejection, fixes <a href="https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg">https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg</a>.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md">basic-ftp's changelog</a>.</em></p> <blockquote> <h2>5.2.2</h2> <ul> <li>Fixed: Improve control character rejection, fixes <a href="https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg">https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212"><code>e9d09d6</code></a> Bump version</li> <li><a href="https://github.com/patrickjuchli/basic-ftp/commit/20327d35126e57e5fdbaae79a4b65222fbadc53c"><code>20327d3</code></a> Move prevention of control character injection to more central place</li> <li>See full diff in <a href="https://github.com/patrickjuchli/basic-ftp/compare/v5.2.1...v5.2.2">compare view</a></li> </ul> </details> <br /> Updates `lodash` from 4.17.23 to 4.18.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.18.1</h2> <h2>Bugs</h2> <p>Fixes a <code>ReferenceError</code> issue in <code>lodash</code> <code>lodash-es</code> <code>lodash-amd</code> and <code>lodash.template</code> when using the <code>template</code> and <code>fromPairs</code> functions from the modular builds. See <a href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769">lodash/lodash#6167</a></p> <p>These defects were related to how lodash distributions are built from the main branch using <a href="https://github.com/lodash-archive/lodash-cli">https://github.com/lodash-archive/lodash-cli</a>. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.</p> <p>There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:</p> <ul> <li><code>lodash</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm">https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm</a></li> <li><code>lodash-es</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es">https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es</a></li> <li><code>lodash-amd</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd">https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd</a></li> <li><code>lodash.template</code><a href="https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages">https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages</a></li> </ul> <h2>4.18.0</h2> <h2>v4.18.0</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.0">https://github.com/lodash/lodash/compare/4.17.23...4.18.0</a></p> <h3>Security</h3> <p><strong><code>_.unset</code> / <code>_.omit</code></strong>: Fixed prototype pollution via <code>constructor</code>/<code>prototype</code> path traversal (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh">GHSA-f23m-r3pf-42rh</a>, <a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b">fe8d32e</a>). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now <code>constructor</code> and <code>prototype</code> are blocked unconditionally as non-terminal path keys, matching <code>baseSet</code>. Calls that previously returned <code>true</code> and deleted the property now return <code>false</code> and leave the target untouched.</p> <p><strong><code>_.template</code></strong>: Fixed code injection via <code>imports</code> keys (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc">GHSA-r5fr-rjxr-66jc</a>, CVE-2026-4800, <a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6">879aaa9</a>). Fixes an incomplete patch for CVE-2021-23337. The <code>variable</code> option was validated against <code>reForbiddenIdentifierChars</code> but <code>importsKeys</code> was left unguarded, allowing code injection via the same <code>Function()</code> constructor sink. <code>imports</code> keys containing forbidden identifier characters now throw <code>"Invalid imports option passed into _.template"</code>.</p> <h3>Docs</h3> <ul> <li>Add security notice for <code>_.template</code> in threat model and API docs (<a href="https://redirect.github.com/lodash/lodash/pull/6099">#6099</a>)</li> <li>Document <code>lower > upper</code> behavior in <code>_.random</code> (<a href="https://redirect.github.com/lodash/lodash/pull/6115">#6115</a>)</li> <li>Fix quotes in <code>_.compact</code> jsdoc (<a href="https://redirect.github.com/lodash/lodash/pull/6090">#6090</a>)</li> </ul> <h3><code>lodash.*</code> modular packages</h3> <p><a href="https://redirect.github.com/lodash/lodash/pull/6157">Diff</a></p> <p>We have also regenerated and published a select number of the <code>lodash.*</code> modular packages.</p> <p>These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:</p> <ul> <li><a href="https://www.npmjs.com/package/lodash.orderby">lodash.orderby</a></li> <li><a href="https://www.npmjs.com/package/lodash.tonumber">lodash.tonumber</a></li> <li><a href="https://www.npmjs.com/package/lodash.trim">lodash.trim</a></li> <li><a href="https://www.npmjs.com/package/lodash.trimend">lodash.trimend</a></li> <li><a href="https://www.npmjs.com/package/lodash.sortedindexby">lodash.sortedindexby</a></li> <li><a href="https://www.npmjs.com/package/lodash.zipobjectdeep">lodash.zipobjectdeep</a></li> <li><a href="https://www.npmjs.com/package/lodash.unset">lodash.unset</a></li> <li><a href="https://www.npmjs.com/package/lodash.omit">lodash.omit</a></li> <li><a href="https://www.npmjs.com/package/lodash.template">lodash.template</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e"><code>cb0b9b9</code></a> release(patch): bump main to 4.18.1 (<a href="https://redirect.github.com/lodash/lodash/issues/6177">#6177</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51"><code>75535f5</code></a> chore: prune stale advisory refs (<a href="https://redirect.github.com/lodash/lodash/issues/6170">#6170</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4"><code>62e91bc</code></a> docs: remove n_ Node.js < 6 REPL note from README (<a href="https://redirect.github.com/lodash/lodash/issues/6165">#6165</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4"><code>59be2de</code></a> release(minor): bump to 4.18.0 (<a href="https://redirect.github.com/lodash/lodash/issues/6161">#6161</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d"><code>af63457</code></a> fix: broken tests for _.template 879aaa9</li> <li><a href="https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0"><code>1073a76</code></a> fix: linting issues</li> <li><a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6"><code>879aaa9</code></a> fix: validate imports keys in _.template</li> <li><a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b"><code>fe8d32e</code></a> fix: block prototype pollution in baseUnset via constructor/prototype traversal</li> <li><a href="https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d"><code>18ba0a3</code></a> refactor(fromPairs): use baseAssignValue for consistent assignment (<a href="https://redirect.github.com/lodash/lodash/issues/6153">#6153</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2"><code>b819080</code></a> ci: add dist sync validation workflow (<a href="https://redirect.github.com/lodash/lodash/issues/6137">#6137</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/comprehensive-rust/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
0c777807a8 |
build(deps-dev): bump the npm_and_yarn group across 1 directory with 3 updates (#3156)
Bumps the npm_and_yarn group with 3 updates in the /tests directory: [basic-ftp](https://github.com/patrickjuchli/basic-ftp), [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) and [picomatch](https://github.com/micromatch/picomatch). Updates `basic-ftp` from 5.2.0 to 5.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/patrickjuchli/basic-ftp/releases">basic-ftp's releases</a>.</em></p> <blockquote> <h2>5.2.1</h2> <ul> <li>Fixed: Reject control character injection attempts using paths. See <a href="https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q">https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q</a>.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md">basic-ftp's changelog</a>.</em></p> <blockquote> <h2>5.2.1</h2> <ul> <li>Fixed: Reject control character injection attempts using paths. See <a href="https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q">https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/patrickjuchli/basic-ftp/commit/ba40f9d60e1ff7b63de5d5bb272ae317e5382689"><code>ba40f9d</code></a> Update dev dependencies</li> <li><a href="https://github.com/patrickjuchli/basic-ftp/commit/6b0008b7cf5ca0b81d31604d15a9ff0bcbf1a5db"><code>6b0008b</code></a> Bump version</li> <li><a href="https://github.com/patrickjuchli/basic-ftp/commit/2ecc8e2c500c5234115f06fd1dbde1aa03d70f4b"><code>2ecc8e2</code></a> Reject control character injection attempts using paths</li> <li><a href="https://github.com/patrickjuchli/basic-ftp/commit/515d21fee0b05be5ab934af5acb79d1d977e8026"><code>515d21f</code></a> Update security policy and reporting instructions</li> <li><a href="https://github.com/patrickjuchli/basic-ftp/commit/9744254b56061159751aee1b86ddd0f2ecef32ce"><code>9744254</code></a> Link to security advisory</li> <li>See full diff in <a href="https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.2.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~patrickjuchli">patrickjuchli</a>, a new releaser for basic-ftp since your current version.</p> </details> <details> <summary>Install script changes</summary> <p>This version adds <code>prepare</code> script that runs during installation. Review the package contents before updating.</p> </details> <br /> Updates `fast-xml-parser` from 5.5.6 to 5.5.11 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/releases">fast-xml-parser's releases</a>.</em></p> <blockquote> <h2>performance improvment, increase entity expansion default limit</h2> <ul> <li>increase default entity explansion limit as many projects demand for that</li> </ul> <pre><code>maxEntitySize: 10000, maxExpansionDepth: 10000, maxTotalExpansions: Infinity, maxExpandedLength: 100000, maxEntityCount: 1000, </code></pre> <ul> <li>performance improvement <ul> <li>reduce calls to toString</li> <li>early return when entities are not present</li> <li>prepare rawAttrsForMatcher only if user sets <code>jPath: false</code></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.9...v5.5.10">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.9...v5.5.10</a></p> <h2>fix typins and matcher instance in callbacks</h2> <p>combine typings file to avoid configuration changes pass readonly instance of matcher to the call backs to avoid accidental push/pop call</p> <h2>fix bugs of entity parsing and value parsing</h2> <p>fix: entity expansion limits update strnum package to 2.2.0</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/NaturalIntelligence/fast-xml-parser/commits">compare view</a></li> </ul> </details> <br /> Updates `picomatch` from 2.3.1 to 2.3.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>2.3.2</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>fix: exception when glob pattern contains constructor by <a href="https://github.com/Jason3S"><code>@Jason3S</code></a> in <a href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's changelog</a>.</em></p> <blockquote> <h1>Release history</h1> <p><strong>All notable changes to this project will be documented in this file.</strong></p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <ul> <li>Changelogs are for humans, not machines.</li> <li>There should be an entry for every single version.</li> <li>The same types of changes should be grouped.</li> <li>Versions and sections should be linkable.</li> <li>The latest version comes first.</li> <li>The release date of each versions is displayed.</li> <li>Mention whether you follow Semantic Versioning.</li> </ul> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p>Changelog entries are classified using the following labels <em>(from <a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p> <ul> <li><code>Added</code> for new features.</li> <li><code>Changed</code> for changes in existing functionality.</li> <li><code>Deprecated</code> for soon-to-be removed features.</li> <li><code>Removed</code> for now removed features.</li> <li><code>Fixed</code> for any bug fixes.</li> <li><code>Security</code> in case of vulnerabilities.</li> </ul> <!-- raw HTML omitted --> <h2>4.0.0 (2024-02-07)</h2> <h3>Fixes</h3> <ul> <li>Fix bad text values in parse <a href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>, thanks to <a href="https://github.com/connor4312"><code>@connor4312</code></a></li> </ul> <h3>Changed</h3> <ul> <li>Remove process global to work outside of node <a href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>, thanks to <a href="https://github.com/styfle"><code>@styfle</code></a></li> <li>Add sideEffects to package.json <a href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>, thanks to <a href="https://github.com/frandiox"><code>@frandiox</code></a></li> <li>Removed <code>os</code>, make compatible browser environment. See <a href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>, thanks to <a href="https://github.com/gwsbhqt"><code>@gwsbhqt</code></a></li> </ul> <h2>3.0.1</h2> <h3>Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a> Publish 2.3.2</li> <li><a href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a> from micromatch/backport-144</li> <li><a href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a> from Jason3S/jdent-object-properties</li> <li>See full diff in <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/comprehensive-rust/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Nicole L
|
5bbe9c6b86 |
Idiomatic: Reorder common traits slides (#3158)
Minor tweak in ordering of slides in the "Implementing common traits" section: - Move `Display` slide to follow the `Debug` slide. I think it makes sense to talk about these two together, rather than talking about `Debug` at the beginning and then `Display` towards the end. - Move `Serialize` and `Deserialize` to the end. The rest of the slides cover std traits, and these are the only third-party traits discussed in this section, so I think putting this slide at the end makes sense. |
||
 Al Rifat Sabbir
|
4bb3a4600a |
docs: start Bengali (bn) translation (#3127)
**This PR starts the Bengali (bn) translation for Comprehensive Rust.** - Initialized po/bn.po with translations for the summary and introduction. --------- Co-authored-by: Martin Geisler <martin@geisler.net> |
||
|
Nicole L
|
350141203a |
Idiomatic: Fix various broken code examples (#3159)
Many of the code snippets in Idiomatic are broken in various ways that make them either not run in the slides or not show the error the slide is intended to illustrate. This PR fixes a number of common issues: - **Invalid syntax**, e.g. `let` inside a struct definition. - **Missing `main` fn**. Not all examples need a `main`, but several code examples had code that only compiles if it's in a function, and so was failing to compile in the slides. Note that these were not caught in tests because [there seems to be a difference in behavior between how we test the code vs how the code works in the slides](https://github.com/google/comprehensive-rust/issues/3155). - **Missing `fn` keyword** on method definitions. In a few places I made more opinionated changes that I'm including here because splitting them out into a separate PR would just result in merge conflicts later: - `hash.md` - Removed the `friends` field. It wasn't necessary for demonstrating the `Hash` trait, and removing it allows the slide to be more concise. - `newtype_pattern.md` - Tweak the exercise to show that you can't pass an inner type where a newtype wrapper is expected (inverse of what it was previously demonstrating). I think this is a slightly clearer way to show what the slide is demonstrating. - A few minor tweaks to formatting. - Remove a few extraneous comments. - Add empty lines to help space things out and make them easier to read. - Remove `pub` keyword in a few places. - Remove the `#` prefix on lines that I think should be kept visible in the code snippet (though note that none of the hidden lines are ever hidden because the code snippets are editable, see https://github.com/google/comprehensive-rust/issues/2811). |
||
|
dependabot[bot]
|
b9e63dd122 |
cargo: bump arm-gic from 0.7.2 to 0.8.1 in /src/exercises/bare-metal/rtc (#3145)
Bumps arm-gic from 0.7.2 to 0.8.1. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Walbran <qwandor@google.com> |
||
|
dependabot[bot]
|
5a849c626b |
cargo: bump aarch64-paging from 0.11.0 to 0.12.0 in /src/exercises/bare-metal/rtc (#3142)
Bumps [aarch64-paging](https://github.com/google/aarch64-paging) from 0.11.0 to 0.12.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Walbran <qwandor@google.com> |
||
|
dependabot[bot]
|
1ba9d0f5d3 |
cargo: bump aarch64-paging from 0.11.0 to 0.12.0 in /src/bare-metal/aps/examples (#3141)
Bumps [aarch64-paging](https://github.com/google/aarch64-paging) from 0.11.0 to 0.12.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Walbran <qwandor@google.com> |
||
|
Nicole L
|
b0ad34c235 |
Idiomatic: Mark all code blocks as editable (#3137)
I generally find it useful to be able to edit code blocks in the slides while teaching, and I think we should always mark code blocks as editable. In my experience, there's not really any benefit to having the code blocks be non-editable. |
||
 junminjjang
|
dadb60d147 |
Update translation for 'Exclusive References' (#3136)
Clarify Korean translation of "Exclusive References" Updated the Korean translation for "Exclusive References" from "허상(dangling) 참조" to "배타적(Exclusive) 참조" The previous translation referred to dangling references, which is a different concept. This change makes the meaning of Rust's exclusive reference (`&mut`) terminology clearer and more accurate. |
||
|
Martin Geisler
|
6a21ca4244 |
Fix initial wizard mana (#3123)
The exercise expects the wizard to have enough mana to cast all spells. |
||
|
dependabot[bot]
|
1cb99d1b3d |
build(deps-dev): bump the npm_and_yarn group across 1 directory with 4 updates (#3128)
Bumps the npm_and_yarn group with 4 updates in the /tests directory: [basic-ftp](https://github.com/patrickjuchli/basic-ftp), [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser), [minimatch](https://github.com/isaacs/minimatch) and [undici](https://github.com/nodejs/undici). Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
65dec403f2 |
cargo: bump buddy_system_allocator from 0.12.0 to 0.13.0 (#3152)
Bumps [buddy_system_allocator](https://github.com/rcore-os/buddy_system_allocator) from 0.12.0 to 0.13.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |