A Cargo subcommand for the client-side Web

Last update: Dec 29, 2022

Overview

A cargo subcommand for the client-side Web

This cargo subcommand aims to make it easy and convenient to build, develop and deploy client-side Web applications written in Rust.

Donate

Patrons

This software was brought to you thanks to these wonderful people:

Embark Studios
Joe Narvaez
Eduard Knyshov
Anselm Eickhoff
Johan Andersson
Stephen Sugden
is8ac

Thank you!

Features

Currently it supports the following features:

cargo web build - will build your project using one of Rust's three Web backends:
- WebAssembly using Rust's native WebAssembly backend (when you pass --target=wasm32-unknown-unknown; default)
- WebAssembly using Emscripten (when you pass --target=wasm32-unknown-emscripten)
- asm.js using Emscripten (when you pass --target=asmjs-unknown-emscripten)
cargo web check - will typecheck your project
cargo web test - will run your tests either under:
- Under a headless instance of Google Chrome (default)
- Under Node.js (when you pass --nodejs)
cargo web start - will build your project, start an embedded webserver and will continuously rebuild it if necessary; supports automatic reloading with --auto-reload.
cargo web deploy - will build your project and emit all of the necessary files so that you can easily serve them statically.
Will automatically download and install Emscripten for you (if necessary) on the following platforms:
- Linux x86-64
- Linux x86
Will automatically install the relevant Rust target through rustup

It's also highly recommended that you check out the stdweb crate if you want to interact with the JavaScript world in your project. (In fact, cargo-web is what makes it possible to use stdweb's js! macro on Rust's native WebAssembly backend.)

Installation

$ cargo install cargo-web

To upgrade:

$ cargo install --force cargo-web

Or clone and build with $ cargo build --release then place in your $PATH.

On Linux the installation can fail with a message that it can't find OpenSSL, in which case you most likely need to install the -dev package for OpenSSL from your distribution's repositories. (On Ubuntu it's called libssl-dev.)

`Web.toml`

cargo-web has its own configuration file which you can put next to cargo's Cargo.toml.

Here's an example configuration showing every supported key:

# The default value of `--target` used when building this crate
# in cases where it's not specified on the command line.
default-target = "wasm32-unknown-unknown"

# This will prepend a given JavaScript file to the resulting `.js` artifact.
# You can put any initialization code here which you'd like to have executed
# when your `.js` file first loads.
#
# This accepts either a string (as shown here), or an array of strings,
# in which case it will prepend all of the specified files in their
# order of appearance.
prepend-js = "src/runtime.js"

[cargo-web]
# Asserts the minimum required version of `cargo-web` necessary
# to compile this crate; supported since 0.6.0.
minimum-version = "0.6.0"

# These will only take effect on *-emscripten targets.
[target.emscripten]
# You can have a target-specific `prepend-js` key.
prepend-js = "src/emscripten_runtime.js"
# This will enable Emscripten's SDL2 port. Consult Emscripten's documentation
# for more details.
link-args = ["-s", "USE_SDL=2"]

# You can also specify the target by its full name.
[target.wasm32-unknown-unknown]
prepend-js = "src/native_runtime.js"

If you use any external crates which have a Web.toml then cargo-web will load it and use it.

A few restrictions concerning the Web.toml:

You can't have overlapping prepend-js keys. You can either define a single global prepend-js, or multiple per-target ones.
The link-args currently can't have any spaces in them.
The order in which cargo-web will process the Web.toml files from multiple crates is deterministic yet unspecified. This means that you shouldn't depend on this order in any way.

Static files

Any static files you'd like to have served when running cargo web start or deployed when running cargo web deploy can be put in a directory called static in the root of your crate. No static artifacts are required by default; an index.html file will be automatically generated for you if it's missing. You can, of course, put your own static/index.html file, in which case it will be used instead of the autogenerated one.

Detecting `cargo-web` during compilation

If during compilation you'd like to detect that your project is being built with cargo-web you can check the COMPILING_UNDER_CARGO_WEB environment variable, which will be set to 1.

Using `cargo-web` on Travis

Precompiled binaries

You can use the following script to download and install the latest cargo-web:

CARGO_WEB_RELEASE=$(curl -L -s -H 'Accept: application/json' https://github.com/koute/cargo-web/releases/latest)
CARGO_WEB_VERSION=$(echo $CARGO_WEB_RELEASE | sed -e 's/.*"tag_name":"\([^"]*\)".*/\1/')
if [ "$(uname -s)" == "Darwin" ]; then
  CARGO_WEB_HOST_TRIPLE="x86_64-apple-darwin"
else
  CARGO_WEB_HOST_TRIPLE="x86_64-unknown-linux-gnu"
fi
CARGO_WEB_URL="https://github.com/koute/cargo-web/releases/download/$CARGO_WEB_VERSION/cargo-web-$CARGO_WEB_HOST_TRIPLE.gz"


echo "Downloading cargo-web from: $CARGO_WEB_URL"
curl -L $CARGO_WEB_URL | gzip -d > cargo-web
chmod +x cargo-web

mkdir -p ~/.cargo/bin
mv cargo-web ~/.cargo/bin

Running tests under headless Chrome

By default cargo web test will run your tests under headless Chrome. To be able to use this on Travis you need to add something like this to your .travis.yml:

addons:
  chrome: stable

Custom runtime (`wasm32-unknown-unknown`-only)

When building a project by default cargo-web generates a standalone runtime runtime for you. What this means is that the .js file which is generated can be immediately put inside of a <script> tag or launched with Node.js without having to load it manually or do anything extra, however this does limit you when it comes to customizability.

If you'd like to have a little more control on how your module is loaded then you can tell cargo-web to generate a non-standalone, library-like module for you with the --runtime library-es6 option. This will result in a .js file which exports a factory function with the following interface:

export default function() {
    return {
        imports: { ... },
        initialize: function( instance ) { ... }
    };
}

Here you have to instantiate the WebAssembly module yourself; in this case you have to pass imports as its imports, and then immediately after instantiating it call initialize.

For example, assuming you'll name your module generated by the cargo-web as my-module.mjs and my-module.wasm you can instantiate it like this from Node.js:

import fs from "fs";
import factory from "my-module.mjs";

// We read in the `.wasm` module.
const bytecode = fs.readFileSync( "my-module.wasm" );
const wasm = new WebAssembly.Module( bytecode );

// We instantiate it.
const instance = factory();
const compiled = new WebAssembly.Instance( wasm, instance.imports );

// This will initialize the module and call your `main`, if you have one.
const exports = instance.initialize( compiled );

// In the object it returns you can find any functions which
// you've exported with `stdweb`'s `#[js_export]` macro.
console.log( exports.add( 1, 2 ) );

Then you can run it with node --experimental-modules run.mjs.

This is useful if you want to load your .wasm file from a custom URL or you want to integrate the output with a JavaScript bundler, or anything else which requires you to load the module yourself.

Changelog

0.6.26
- The --no-default-features flag was fixed
- The mime-guess crate is now being used to guess the mime types by the embedded webserver
0.6.25
- cargo web start will now try to not trigger superfluous rebuilds when the project's files are modified in quick succession
- The vendored OpenSSL copy was updated to the newest version
0.6.24
- Conditional dependencies of form [target.'cfg(...)'.dependencies] are now properly supported
- You can now use cfg(cargo_web) to detect whenever your crate is being compiled under cargo-web
- Artifacts matching target/wasm32-unknown-unknown/*/deps/*.wasm are now ignored; this should prevent cargo-web from processing superfluous .wasm artifacts generated due to dependencies also being cdylibs
- cargo-web is now available as a library through a structopt-based interface
0.6.23
- New subcommand: cargo web check
- The wasm32-unknown-unknown target is now the default
0.6.22
- Running tests through Chrome should now work out-of-box on macOS
- The deploy subcommand can now be told where to deploy using the -o/--output parameter
- Static files with spaces in their names are now properly served
- Access-Control-Allow-Origin: * is now always sent by the embedded webserver
- Debug builds on wasm32-unknown-unknown are now supported provided a recent enough stdweb is used
0.6.21
- Emscripten was updated to 1.38.19; the Emscripten-based targets should now work again on nightly
- Broken output redirection in the test runner is now fixed
- The generated JS snippets and imports under wasm32-unknown-unknown are now sorted
- Compatibility with really old nightlies was removed for wasm32-unknown-unknown
0.6.20
- Installation through cargo install should now work again
- Most of the dependencies were updated to newer versions
- deploy should not panic when it doesn't find a valid target
0.6.19
- cargo install should now compile instead of failing in some environments
- Minimum required Rust version is now 1.26.2
0.6.18
- Default index.html doesn't have a newline before its doctype anymore
0.6.17
- OpenSSL is now vendored; this should fix the compilation in some environments
- Minimum required Rust version is now 1.25.0
0.6.16
- The runtime for wasm32-unknown-unknown now uses WebAssembly.instantiateStreaming when available
- Running tests under headless Chromium is now supported for the wasm32-unknown-unknown target
- Color codes are no longer emitted when the output of cargo-web is redirected
- Improved coloring; a lot more messages should now be colored
- Initial experimental support for asynchronous tests

License

Licensed under either of

Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Comments

Allow `deploy` to a custom location

Solve issue #96

Basically, this work. But no code for auto-test yet! Reading the code, I am unable to figure out how to run test locally!

How can I run tests locally? Especially, with a custom deploy-path?

opened by limira 13

cargo-web fails to build with reqwest 0.8 and openssl 1.1.1

The problem is fixed in reqwest's master branch but not in a release yet.

Related to: https://github.com/seanmonstar/reqwest/issues/345

error: failed to run custom build command for `openssl v0.9.24`
process didn't exit successfully: `/tmp/cargo-installg0SfjE/release/build/openssl-d41cfa5104acbee0/build-script-build` (exit code: 101)
--- stderr
thread 'main' panicked at 'Unable to detect OpenSSL version', /home/user/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.9.24/build.rs:16:14
note: Run with `RUST_BACKTRACE=1` for a backtrace.

opened by technetos 12

Return content of /index.html instead of 404

The PR that implements the feature request detailed in https://github.com/koute/cargo-web/issues/100.

I don't think it is exactly clean enough to merge in its current state, but I have tested it and observed that it worked as intended, returning the index.html file instead of a 404 response when a requested file path doesn't exist.

This would allow a yew application with routing to return to a routed page when a page refresh is performed, improving developer ergonomics.

opened by hgzimmerman 12

Failed to run custom build command for `openssl-sys v0.9.24`

The command cargo install cargo-web, after a minute and half of compiling, printed:

error: failed to run custom build command for `openssl-sys v0.9.24`
process didn't exit successfully: `/tmp/cargo-install.aKdf8gWcEAu5/release/build/openssl-sys-5ee2bfe045b42a7a/build-script-build` (exit code: 101)
--- stdout
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR
cargo:rerun-if-env-changed=OPENSSL_LIB_DIR
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_INCLUDE_DIR
cargo:rerun-if-env-changed=OPENSSL_INCLUDE_DIR
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR
cargo:rerun-if-env-changed=OPENSSL_DIR
run pkg_config fail: "`\"pkg-config\" \"--libs\" \"--cflags\" \"openssl\"` did not exit successfully: exit code: 1\n--- stderr\nPackage openssl was not found in the pkg-config search path.\nPerhaps you should add the directory containing `openssl.pc\'\nto the PKG_CONFIG_PATH environment variable\nNo package \'openssl\' found\n"

--- stderr
thread 'main' panicked at '

Could not find directory of OpenSSL installation, and this `-sys` crate cannot
proceed without this knowledge. If OpenSSL is installed and this crate had
trouble finding it,  you can set the `OPENSSL_DIR` environment variable for the
compilation process.

If you're in a situation where you think the directory *should* be found
automatically, please open a bug at https://github.com/sfackler/rust-openssl
and include information about your system as well as this message.

    $HOST = x86_64-unknown-linux-gnu
    $TARGET = x86_64-unknown-linux-gnu
    openssl-sys = 0.9.24

The command which openssl prints /usr/bin/openssl, and so I tried also the command OPENSSL_DIR=/usr/bin cargo install cargo-web, getting the following output:

error: failed to run custom build command for `openssl-sys v0.9.24`
process didn't exit successfully: `/tmp/cargo-install.FbQ5fWKqfqMJ/release/build/openssl-sys-5ee2bfe045b42a7a/build-script-build` (exit code: 101)
--- stdout
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR
cargo:rerun-if-env-changed=OPENSSL_LIB_DIR
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_INCLUDE_DIR
cargo:rerun-if-env-changed=OPENSSL_INCLUDE_DIR
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR
cargo:rerun-if-env-changed=OPENSSL_DIR

--- stderr
thread 'main' panicked at 'OpenSSL library directory does not exist: /usr/bin/lib ...

opened by carlomilanesi 11

supporting new non-emscripten target

I'd love to see support for https://www.hellorust.com/news/native-wasm-target.html in cargo-web; I think it's going to be an even bigger target than the emscripten one.

opened by steveklabnik 11
Refactor into library, use structopt for CLI handling

This is re: #74 - it seems like a cool idea to be able to build your entire webapp (frontend and backend) in one go using a cargo build script. This would make it possible to embed your frontend build artifacts in your backend binary (which is my immediate goal), or do other, even fancier stuff like hot-reloading with an api backend.

For an example consumer, check out this build script that I used to test this PR.

I'm absolutely certain that this is not a finished effort - there is obviously a lot of work in the way of docs and API exposure considerations before it would be ready for prime time. I just want to know if this sort of functionality is actually interesting, or if I should drop it.

Thanks! This project makes my hobby possible, so i'm excited to have something to give back.

opened by g-s-k 10
Ensure error is actually visible if wasm fails to load

https://github.com/koute/cargo-web/blob/8b9b5da0d767d8b9d8924bfedd16e54c5f0028e5/src/wasm_runtime_standalone.js#L46

This should be error.toString(), not just error to ensure that the error message is actually printed. If the object can't be cloned, the message will be "<unavailable>", which is not helpful at all.

opened by lukaslueg 10
Project builds in debug mode, fails with --release
I'm hacking on this code. If I run:

cargo web build --target-webasm-emscripten

The project builds fine. If I run:

cargo web build --target-webasm-emscripten --release

the build fails with screens of errors, at the top of which is:

= note: WARNING:root:emcc: cannot find library "SDL2"

The errors look like so:

WARNING:root:object /tmp/emscripten_temp_3wyyWe_archive_contents/ncollide-cfdd2aa6ffc25dc6.ncollide0.rust-cgu.bytecode.encoded is not valid, cannot link

This is with a stock Emscripten environment under Linux (I.e. the prebuilt 1.37.27 binaries.) No other change is made in the environment beyond adding --release to the build command, and I'm using latest Rust stable.
opened by ndarilek 10
LLVM ERROR: Binary operator type not yet supported for integer types larger than 64 bits
I get this error when trying to compile my project using cargo-web 0.6.19 and 0.6.20:

LLVM ERROR: Binary operator type not yet supported for integer types larger than 64 bits

Full log attached: build.log

System information: Arch Linux gcc 8.2.1, clang 7, rust 1.32.0-nightly. It doesn't matter when I use the emscripten/binaryen versions that cargo-web wants to download or whether I use my system versions.

There's an issue in emscripten that looks like it: https://github.com/kripken/emscripten/issues/3789

What I do: cargo-web build --release

My Web.toml:

default-target = "wasm32-unknown-emscripten" [target.emscripten] link-args = ["-s", "EMTERPRETIFY=1", "-s", "EMTERPRETIFY_ASYNC=1"]

I don't even know whether this is the right place to post this but I've got to start somewhere.
opened by svenstaro 9
Replace rouille by hyper
Following #49 discussion, here is a first PR to support auto-reload with WebSockets. It only replaces rouille by hyper. I tried to keep the same logic as much as possible.

I initially wanted to use hyper-staticfile, but there is some issues:

it doesn't handle mime types

it doesn't compile with the latest futures crate (because of https://github.com/alexcrichton/futures-rs/issues/228 )

because it resolves the file location itself, rethinking the whole cargo-web artifacts logic would be too much changes for this PR.

Instead, I based the file streaming on the Hyper guide. But still, it's a project to consider.

Note: you are using a different code style than mine (especially on spaces inside brackets and parens). Would you mind commiting a rustfmt configuration file reflecting your tastes so it'd be easier for other folks to contribute? See this configuration value in particular.
opened by BenoitZugmeyer 9
Customize code for loading wasm file

When using this tool combined with common web infrastructure such as webpack, it's useful to be able to control how the wasm file is loaded from Javascript instead of hardcoding a fetch call.

It might be useful to use the native wasm support in Webpack 4 for example, where the exports from a wasm file can be imported simply using import {myfunction} from "bla.wasm";

We might also want to put the wasm file on a CDN or integrate it with a service worker asset loader etc. which also requires being able to customize the wasm file url.

Right now I do this by search replacing the generated url like so: https://github.com/dflemstr/rust-native-wasm-loader/blob/f30905197637b7e3dbccfdd1ac61a43709d395d5/index.js#L68

opened by dflemstr 9
Bump websocket from 0.21.1 to 0.26.5
Bumps websocket from 0.21.1 to 0.26.5.

Commits

74c82be Higher-level API for memory limits

3bde0f4 PER_DATAFRAME_OVERHEAD

604d010 Impose message and dataframe limits on async version as well.

3802c7d Changed my mind about major version bump: amend to 0.26.5

eb877c2 Bump version: 0.27.0

cbf6e99 Implement dataframe and message size limits

d0adc93 Version bump for bugfix publish

40e290a Merge pull request #267 from newpavlov/patch-1

3878914 Properly gate TLS error variants in Display impl

572693f Merge pull request #265 from AidenH/patch-1

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump openssl-src from 111.2.1+1.1.1b to 111.22.0+1.1.1q
Bumps openssl-src from 111.2.1+1.1.1b to 111.22.0+1.1.1q.

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump net2 from 0.2.33 to 0.2.37
Bumps net2 from 0.2.33 to 0.2.37.

Commits

a183475 Release v0.2.37

6081dff haiku: Fix sockaddr_in/sockaddr_in6; Solves #108

71708b7 Release v0.2.36

49b43f2 Do not assume memory layout of std::net::SocketAddr

77a6eb4 Release v0.2.35

eeeab13 Add support for Haiku

1e91530 Release v0.2.34

89945eb Make cargo packaging explicit

fe62962 Clean up trailing whitespace

67ec2c1 Update URLs in Cargo.toml

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump miow from 0.2.1 to 0.2.2
Bumps miow from 0.2.1 to 0.2.2.

Commits

6fd7b9c Bump version to 0.2.2

550efc2 Merge branch 'fix-sockaddr-convertion-v0.2.x' into 0.2.x

ca8db53 Stop using from_ne_bytes to be compatible with Rust < 1.32.0

3e217e3 Bump net2 dep to 0.2.36 without invalid SocketAddr convertion

27b77cc Adapt to winapi 0.2

2783715 Safely convert SocketAddr into raw SOCKADDR

f6662ef Clarify wording of license information in README.

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump regex from 1.0.5 to 1.5.5
Bumps regex from 1.0.5 to 1.5.5.

Changelog

Sourced from regex's changelog.

1.5.5 (2022-03-08)

This releases fixes a security bug in the regex compiler. This bug permits a vector for a denial-of-service attack in cases where the regex being compiled is untrusted. There are no known problems where the regex is itself trusted, including in cases of untrusted haystacks.

SECURITY #GHSA-m5pq-gvj9-9vr8: Fixes a bug in the regex compiler where empty sub-expressions subverted the existing mitigations in place to enforce a size limit on compiled regexes. The Rust Security Response WG published an advisory about this: https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw

1.5.4 (2021-05-06)

This release fixes another compilation failure when building regex. This time, the fix is for when the pattern feature is enabled, which only works on nightly Rust. CI has been updated to test this case.

[BUG #772](rust-lang/regex#772): Fix build when pattern feature is enabled.

1.5.3 (2021-05-01)

This releases fixes a bug when building regex with only the unicode-perl feature. It turns out that while CI was building this configuration, it wasn't actually failing the overall build on a failed compilation.

[BUG #769](rust-lang/regex#769): Fix build in regex-syntax when only the unicode-perl feature is enabled.

1.5.2 (2021-05-01)

This release fixes a performance bug when Unicode word boundaries are used. Namely, for certain regexes on certain inputs, it's possible for the lazy DFA to stop searching (causing a fallback to a slower engine) when it doesn't actually need to.

[PR #768](rust-lang/regex#768) fixes the bug, which was originally reported in ripgrep#1860.

1.5.1 (2021-04-30)

This is a patch release that fixes a compilation error when the perf-literal feature is not enabled.

... (truncated)

Commits

d130381 1.5.5

ae70b41 security: fix denial-of-service bug in compiler

b92ffd5 cargo: use SPDX license format

f6e52da syntax: fix 'unused' warnings

5197f21 fuzz: do not use inherits in Cargo.toml

3662851 doc: fix typo

63ee669 syntax/doc: fix 'their' typo

d6bc7a4 readme: remove broken badge

bd74660 fuzz: try to fix build issue

bd0a142 readme: fix badges

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump generic-array from 0.9.0 to 0.9.1
Bumps generic-array from 0.9.0 to 0.9.1.

Commits

3e8764e Bump version

5b6d0e8 Backport the reimplementation of transmute

fa46b38 Fixed lifetime unsoundness in arr macro.

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0