Skip to content
This repository was archived by the owner on Apr 13, 2026. It is now read-only.

chore(deps): (deps): bump tempfile from 3.20.0 to 3.23.0#93

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/tempfile-3.23.0
Open

chore(deps): (deps): bump tempfile from 3.20.0 to 3.23.0#93
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/tempfile-3.23.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Sep 29, 2025
edited
Loading

Bumps tempfile from 3.20.0 to 3.23.0.

Changelog

Sourced from tempfile's changelog.

3.23.0

  • Remove need for the "nightly" feature to compile with "wasip2".

3.22.0

  • Updated windows-sys requirement to allow version 0.61.x
  • Remove unstable-windows-keep-open-tempfile feature.

3.21.0

  • Updated windows-sys requirement to allow version 0.60.x
Commits
  • fe9f4a3 chore: release v3.23.0 (#381)
  • 006c3fd fix: use std::os::fd instead of std::os::wasi (#380)
  • b0e6309 doc: Update COPYRIGHT link (#377)
  • 2d6fc3f Fix formatting in Builder::disable_cleanup documentation (#375)
  • f720dbe chore: release 3.22.0
  • 55d742c chore: remove deprecated unstable feature flag
  • bc41a0b build(deps): update windows-sys requirement from >=0.52, <0.61 to >=0.52, <0....
  • 3c55387 test: make sure we don't drop tempdirs early (#373)
  • 17bf644 doc(builder): clarify permissions (#372)
  • c7423f1 doc(env): document the alternative to setting the tempdir (#371)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
chore(deps): (deps): bump tempfile from 3.20.0 to 3.23.0
4b84adb 
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.20.0 to 3.23.0.
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](Stebalien/tempfile@v3.20.0...v3.23.0)

---
updated-dependencies:
- dependency-name: tempfile
  dependency-version: 3.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies rust Auto-created for Rust migration labels Sep 29, 2025
@dependabot dependabot Bot requested a review from unclesp1d3r as a code owner September 29, 2025 07:48
@dependabot dependabot Bot added rust Auto-created for Rust migration dependencies labels Sep 29, 2025
@dependabot dependabot Bot mentioned this pull request Sep 29, 2025
Closed
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Sep 29, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@unclesp1d3r unclesp1d3r force-pushed the dependabot/cargo/tempfile-3.23.0 branch from 7d05419 to 4b84adb Compare February 25, 2026 06:06
github-advanced-security[bot]
github-advanced-security AI found potential problems Feb 25, 2026
View reviewed changes
Comment thread .github/workflows/ci.yml
Comment on lines +16 to +43
if: github.event_name == 'pull_request'
name: Semantic PR Title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
types: |
feat
fix
docs
style
refactor
perf
test
build
ci
chore
requireScope: false
subjectPattern: ^(?![A-Z]).+$
subjectPatternError: |
The subject "{subject}" found in the pull request title "{title}"
doesn't match the configured pattern. Please ensure that the subject
doesn't start with an uppercase character.

# Linting and security job
lint:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}
Comment thread .github/workflows/ci.yml
name: Semantic PR Title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v6

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'CI' step
Uses Step
Loading
uses 'amannn/action-semantic-pull-request' with ref 'v6', not a pinned commit hash
Comment thread .github/workflows/ci.yml
Comment on lines +44 to +78
name: Lint and Security
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5

- name: Setup Rust
uses: dtolnay/rust-toolchain@stable
with:
components: clippy, rustfmt

- name: Cache Rust dependencies
uses: Swatinem/rust-cache@v2
with:
key: lint-${{ hashFiles('**/Cargo.toml') }}

- name: Check formatting
run: cargo fmt --all -- --check

- name: Run clippy
run: cargo clippy --all-targets --all-features -- -D warnings

- name: Install cargo-audit
run: cargo install cargo-audit

- name: Run security audit
run: cargo audit

- name: Install cargo-deny
run: cargo install cargo-deny

- name: Run cargo-deny checks
run: cargo deny check

test-and-coverage:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
Comment thread .github/workflows/ci.yml
uses: actions/checkout@v5

- name: Setup Rust
uses: dtolnay/rust-toolchain@stable

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'CI' step
Uses Step
Loading
uses 'dtolnay/rust-toolchain' with ref 'stable', not a pinned commit hash
Comment thread .github/workflows/ci.yml
components: clippy, rustfmt

- name: Cache Rust dependencies
uses: Swatinem/rust-cache@v2

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'CI' step
Uses Step
Loading
uses 'Swatinem/rust-cache' with ref 'v2', not a pinned commit hash
Comment thread .github/workflows/ci.yml
retention-days: 30

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'CI' step
Uses Step
Loading
uses 'codecov/codecov-action' with ref 'v5', not a pinned commit hash
Comment thread .github/workflows/ci.yml
Comment on lines +153 to +220
name: Benchmarks
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
with:
fetch-depth: 0

- name: Setup Rust
uses: dtolnay/rust-toolchain@stable

- name: Cache Rust dependencies
uses: Swatinem/rust-cache@v2
with:
key: bench-${{ hashFiles('**/Cargo.toml') }}

- name: Run benchmarks
run: cargo bench --benches --quiet
env:
CARGO_TERM_COLOR: never
TERM: dumb

# Note: Benchmark comparison removed due to cargo bench compatibility issues
# For PR benchmark comparison, use the HTML reports in artifacts

- name: Track benchmark performance (main/develop)
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
uses: rhysd/github-action-benchmark@v1
with:
tool: "criterion"
output-file-path: "target/criterion/*/base/estimates.json"
github-token: ${{ secrets.GITHUB_TOKEN }}
auto-push: true
comment-on-alert: true
alert-threshold: "150%"
fail-on-alert: false
max-items-in-chart: 100

- name: Upload Criterion HTML reports as artifacts
uses: actions/upload-artifact@v4
if: always()
with:
name: criterion-html-reports-${{ github.sha }}
path: target/criterion/
retention-days: 30
if-no-files-found: warn

- name: Comment on PR with benchmark results
if: github.event_name == 'pull_request'
uses: actions/github-script@v7
with:
script: |
const comment = `## Benchmark Results

Benchmarks completed for commit \`${{ github.sha }}\`.

**Detailed HTML Reports**: Download the [criterion-html-reports-${{ github.sha }}](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) artifact and open \`target/criterion/report/index.html\` in your browser.

**Performance Analysis**: Review the HTML reports to compare performance with previous runs. The reports include statistical analysis and performance trends.

> **Note**: Artifacts are available for 30 days. For detailed performance comparison, download the HTML reports and review the statistical analysis.`;

github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
});

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
Comment thread .github/workflows/ci.yml
fetch-depth: 0

- name: Setup Rust
uses: dtolnay/rust-toolchain@stable

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'CI' step
Uses Step
Loading
uses 'dtolnay/rust-toolchain' with ref 'stable', not a pinned commit hash
Comment thread .github/workflows/ci.yml
uses: dtolnay/rust-toolchain@stable

- name: Cache Rust dependencies
uses: Swatinem/rust-cache@v2

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'CI' step
Uses Step
Loading
uses 'Swatinem/rust-cache' with ref 'v2', not a pinned commit hash
Comment thread .github/workflows/ci.yml

- name: Track benchmark performance (main/develop)
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
uses: rhysd/github-action-benchmark@v1

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'CI' step
Uses Step
Loading
uses 'rhysd/github-action-benchmark' with ref 'v1', not a pinned commit hash
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@unclesp1d3r unclesp1d3r Awaiting requested review from unclesp1d3r

Assignees

No one assigned

Labels

dependencies rust Auto-created for Rust migration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@github-advanced-security