rust-lib #4190

New issue

Closed

opened 2026-03-23 21:36:42 +00:00 by mirror · 0 comments

mirror commented

2026-03-23 21:36:42 +00:00

Owner

📋 Pull Request Information

Original PR: https://github.com/AppFlowy-IO/AppFlowy/pull/549
Author: @dependabot[bot]
Created: 6/14/2022
Status: ❌ Closed

Base: main ← Head: dependabot/cargo/frontend/rust-lib/regex-1.5.5

📝 Commits (1)

4bfc6c7 chore(deps): bump regex from 1.5.4 to 1.5.5 in /frontend/rust-lib

📊 Changes

1 file changed (+2 additions, -2 deletions)

View changed files

📝 frontend/rust-lib/Cargo.lock (+2 -2)

📄 Description

Bumps regex from 1.5.4 to 1.5.5.

Changelog

Sourced from regex's changelog.

1.5.5 (2022-03-08)

This releases fixes a security bug in the regex compiler. This bug permits a vector for a denial-of-service attack in cases where the regex being compiled is untrusted. There are no known problems where the regex is itself trusted, including in cases of untrusted haystacks.

SECURITY #GHSA-m5pq-gvj9-9vr8: Fixes a bug in the regex compiler where empty sub-expressions subverted the existing mitigations in place to enforce a size limit on compiled regexes. The Rust Security Response WG published an advisory about this: https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw

Commits

d130381 1.5.5
ae70b41 security: fix denial-of-service bug in compiler
b92ffd5 cargo: use SPDX license format
f6e52da syntax: fix 'unused' warnings
5197f21 fuzz: do not use inherits in Cargo.toml
3662851 doc: fix typo
63ee669 syntax/doc: fix 'their' typo
d6bc7a4 readme: remove broken badge
bd74660 fuzz: try to fix build issue
bd0a142 readme: fix badges
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/AppFlowy-IO/AppFlowy/pull/549 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 6/14/2022 **Status:** ❌ Closed **Base:** `main` ← **Head:** `dependabot/cargo/frontend/rust-lib/regex-1.5.5` --- ### 📝 Commits (1) - [`4bfc6c7`](https://github.com/AppFlowy-IO/AppFlowy/commit/4bfc6c722b4c76723d32b000da50cc43f502df74) chore(deps): bump regex from 1.5.4 to 1.5.5 in /frontend/rust-lib ### 📊 Changes **1 file changed** (+2 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `frontend/rust-lib/Cargo.lock` (+2 -2) </details> ### 📄 Description Bumps [regex](https://github.com/rust-lang/regex) from 1.5.4 to 1.5.5. <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/rust-lang/regex/blob/master/CHANGELOG.md">regex's changelog</a>. <blockquote> <h1>1.5.5 (2022-03-08)</h1> This releases fixes a security bug in the regex compiler. This bug permits a vector for a denial-of-service attack in cases where the regex being compiled is untrusted. There are no known problems where the regex is itself trusted, including in cases of untrusted haystacks. <ul> <li><a href="https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8">SECURITY #GHSA-m5pq-gvj9-9vr8</a>: Fixes a bug in the regex compiler where empty sub-expressions subverted the existing mitigations in place to enforce a size limit on compiled regexes. The Rust Security Response WG published an advisory about this: <a href="https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw">https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rust-lang/regex/commit/d130381b150756ba7e5940efdc6ebdf47f4febc0"><code>d130381</code></a> 1.5.5</li> <li><a href="https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e"><code>ae70b41</code></a> security: fix denial-of-service bug in compiler</li> <li><a href="https://github.com/rust-lang/regex/commit/b92ffd5471018419ec48dbdef32757424439f065"><code>b92ffd5</code></a> cargo: use SPDX license format</li> <li><a href="https://github.com/rust-lang/regex/commit/f6e52dafdee305d16d6778e7bfe935bd9a6ae38b"><code>f6e52da</code></a> syntax: fix 'unused' warnings</li> <li><a href="https://github.com/rust-lang/regex/commit/5197f21287344d2994f9cf06758a3ea30f5a26c3"><code>5197f21</code></a> fuzz: do not use inherits in Cargo.toml</li> <li><a href="https://github.com/rust-lang/regex/commit/3662851482327e3642940981298150c93718de3c"><code>3662851</code></a> doc: fix typo</li> <li><a href="https://github.com/rust-lang/regex/commit/63ee6699a27b294774af0154862e5cc35b495ee6"><code>63ee669</code></a> syntax/doc: fix 'their' typo</li> <li><a href="https://github.com/rust-lang/regex/commit/d6bc7a4c3b58e1d618024aaededa722df32fa6e8"><code>d6bc7a4</code></a> readme: remove broken badge</li> <li><a href="https://github.com/rust-lang/regex/commit/bd7466034f8cccc3b0918201d1eb099cc8be3c56"><code>bd74660</code></a> fuzz: try to fix build issue</li> <li><a href="https://github.com/rust-lang/regex/commit/bd0a14231b8848669e0d257ba55526f62756c749"><code>bd0a142</code></a> readme: fix badges</li> <li>Additional commits viewable in <a href="https://github.com/rust-lang/regex/compare/1.5.4...1.5.5">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=regex&package-manager=cargo&previous-version=1.5.4&new-version=1.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AppFlowy-IO/AppFlowy/network/alerts). </details> --- 🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.