From df60793e3bc21122c5654408e7f3a22e2c3388e4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 5 Mar 2023 19:31:43 -0800
Subject: [PATCH] Bump tempfile from 3.3.0 to 3.4.0 (#8329)

Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.3.0 to
3.4.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Stebalien/tempfile/blob/master/NEWS">tempfile's
changelog</a>.</em></p>
<blockquote>
<h1>3.4.0</h1>
<p>SECURITY: Prior <code>tempfile</code> releases depended on
<code>remove_dir_all</code> version 0.5.0 which was vulnerable to a <a
href="https://github.com/XAMPPRocky/remove_dir_all/security/advisories/GHSA-mc8h-8q98-g5hr">TOCTOU
race</a>. This same race is present in rust versions prior to
1.58.1.</p>
<p>Features:</p>
<ul>
<li>Generalized temporary files: <code>NamedTempFile</code> can now
abstract over different kinds of files (e.g.,
unix domain sockets, pipes, etc.):
<ul>
<li>Add <code>Builder::make</code> and <code>Builder::make_in</code> for
generalized temp file
creation.</li>
<li>Add <code>NamedTempFile::from_parts</code> to complement
<code>NamedTempFile::into_parts</code>.</li>
<li>Add generic parameter to <code>NamedTempFile</code> to support
wrapping non-File types.</li>
</ul>
</li>
</ul>
<p>Bug Fixes/Improvements:</p>
<ul>
<li>Don't try to create a temporary file multiple times if the file path
has been fully specified by
the user (no random characters).</li>
<li><code>NamedTempFile::persist_noclobber</code> is now always atomic
on linux when <code>renameat_with</code> is
supported. Previously, it would first link the new path, then unlink the
previous path.</li>
<li>Fix compiler warnings on windows.</li>
</ul>
<p>Trivia:</p>
<ul>
<li>Switch from <code>libc</code> to <code>rustix</code> on wasi/unix.
This now makes direct syscalls instead of calling
through libc.</li>
<li>Remove <code>remove_dir_all</code> dependency. The rust standard
library has optimized their internal version
significantly.</li>
<li>Switch to official windows-sys windows bindings.</li>
</ul>
<p>Breaking:</p>
<ul>
<li>The minimum rust version is now <code>1.48.0</code>.</li>
<li>Mark most functions as <code>must_use</code>.</li>
<li>Uses direct syscalls on linux by default, instead of libc.</li>
<li>The new type parameter in <code>NamedTempFile</code> may lead to
type inference issues in some cases.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/Stebalien/tempfile/commits">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tempfile&package-manager=cargo&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Cargo.lock | 18 ++++--------------
 Cargo.toml |  2 +-
 2 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 52f9016dda..55a570e9f2 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4282,15 +4282,6 @@ version = "0.6.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a3f87b73ce11b1619a3c6332f45341e0047173771e8b8b73f87bfeefb7b56244"
 
-[[package]]
-name = "remove_dir_all"
-version = "0.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"
-dependencies = [
- "winapi",
-]
-
 [[package]]
 name = "retain_mut"
 version = "0.1.9"
@@ -5118,16 +5109,15 @@ dependencies = [
 
 [[package]]
 name = "tempfile"
-version = "3.3.0"
+version = "3.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4"
+checksum = "af18f7ae1acd354b992402e9ec5864359d693cd8a79dcbef59f76891701c1e95"
 dependencies = [
  "cfg-if",
  "fastrand",
- "libc",
  "redox_syscall",
- "remove_dir_all",
- "winapi",
+ "rustix 0.36.8",
+ "windows-sys 0.42.0",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 6af1938229..0ebedd0813 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -90,7 +90,7 @@ atty = "0.2"
 
 [dev-dependencies]
 nu-test-support = { path = "./crates/nu-test-support", version = "0.76.1" }
-tempfile = "3.2.0"
+tempfile = "3.4.0"
 assert_cmd = "2.0.2"
 criterion = "0.4"
 pretty_assertions = "1.0.0"