From e44710c6c1b0b4c2ddaa40bfbabb35333c376bf5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 24 Jul 2024 05:00:16 +0000
Subject: [PATCH] build(deps): Bump sd-notify from 0.4.1 to 0.4.2 in /rust
(#6004)
Bumps [sd-notify](https://github.com/lnicola/sd-notify) from 0.4.1 to
0.4.2.
Changelog
Sourced from sd-notify's
changelog.
[0.4.2] - 2024-07-03
Fixed
- fixed
listen_fds to use the right value of
FD_CLOEXEC
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
rust/Cargo.lock | 4 ++--
rust/headless-client/Cargo.toml | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/rust/Cargo.lock b/rust/Cargo.lock
index 051dcc3a3..042e924c8 100644
--- a/rust/Cargo.lock
+++ b/rust/Cargo.lock
@@ -5350,9 +5350,9 @@ dependencies = [
[[package]]
name = "sd-notify"
-version = "0.4.1"
+version = "0.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "621e3680f3e07db4c9c2c3fb07c6223ab2fab2e54bd3c04c3ae037990f428c32"
+checksum = "4646d6f919800cd25c50edb49438a1381e2cd4833c027e75e8897981c50b8b5e"
[[package]]
name = "secrecy"
diff --git a/rust/headless-client/Cargo.toml b/rust/headless-client/Cargo.toml
index 7f670d845..b7335b2bb 100644
--- a/rust/headless-client/Cargo.toml
+++ b/rust/headless-client/Cargo.toml
@@ -46,7 +46,7 @@ libc = "0.2.150"
nix = { version = "0.28.0", features = ["fs", "user", "socket"] }
resolv-conf = "0.7.0"
rtnetlink = { workspace = true }
-sd-notify = "0.4.1" # This is a pure Rust re-implementation, so it isn't vulnerable to CVE-2024-3094
+sd-notify = "0.4.2" # This is a pure Rust re-implementation, so it isn't vulnerable to CVE-2024-3094
[target.'cfg(target_os = "macos")'.dependencies]
dirs = "5.0.1"