Bump tempfile from 3.26.0 to 3.27.0 #124

Closed
dependabot[bot] wants to merge 1 commit from dependabot/cargo/tempfile-3.27.0 into main
dependabot[bot] commented 2026-03-16 19:08:23 +00:00 (Migrated from github.com)

Bumps tempfile from 3.26.0 to 3.27.0.

Changelog

Sourced from tempfile's changelog.

3.27.0

This release adds TempPath::try_from_path and deprecates TempPath::from_path.

Prior to this release, TempPath::from_path made no attempts to convert relative paths into absolute paths. The following code would have deleted the wrong file:

let tmp_path = TempPath::from_path("foo")
std::env::set_current_dir("/some/other/path").unwrap();
drop(tmp_path);

Now:

  1. TempPath::from_path will attempt to convert relative paths into absolute paths. However, this isn't always possible as we need to call std::env::current_dir, which can fail. If we fail to convert the relative path to an absolute path, we simply keep the relative path.
  2. The TempPath::try_from_path behaves exactly like TempPath::from_path, except that it returns an error if we fail to convert a relative path into an absolute path (or if the passed path is empty).

Neither function attempt to verify the existence of the file in question.

Thanks to @​meng-xu-cs for reporting this issue.

Commits
  • 5c8fa12 chore: release 3.27.0
  • e34e574 test: disable uds conflict test on redox
  • 772c795 test: add CWD guards
  • 2632fb9 fix: resolve relative paths when constructing TempPath
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.26.0 to 3.27.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md">tempfile's changelog</a>.</em></p> <blockquote> <h2>3.27.0</h2> <p>This release adds <code>TempPath::try_from_path</code> and deprecates <code>TempPath::from_path</code>.</p> <p>Prior to this release, <code>TempPath::from_path</code> made no attempts to convert relative paths into absolute paths. The following code would have deleted the wrong file:</p> <pre lang="rust"><code>let tmp_path = TempPath::from_path(&quot;foo&quot;) std::env::set_current_dir(&quot;/some/other/path&quot;).unwrap(); drop(tmp_path); </code></pre> <p>Now:</p> <ol> <li><code>TempPath::from_path</code> will attempt to convert relative paths into absolute paths. However, this isn't always possible as we need to call <code>std::env::current_dir</code>, which can fail. If we fail to convert the relative path to an absolute path, we simply keep the relative path.</li> <li>The <code>TempPath::try_from_path</code> behaves exactly like <code>TempPath::from_path</code>, except that it returns an error if we fail to convert a relative path into an absolute path (or if the passed path is empty).</li> </ol> <p>Neither function attempt to verify the existence of the file in question.</p> <p>Thanks to <a href="https://github.com/meng-xu-cs"><code>@​meng-xu-cs</code></a> for reporting this issue.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Stebalien/tempfile/commit/5c8fa12eb584931b4f1bccfde87eb72fbfa7dc61"><code>5c8fa12</code></a> chore: release 3.27.0</li> <li><a href="https://github.com/Stebalien/tempfile/commit/e34e5748d66a48073ec8e1e6ba37338eecca4548"><code>e34e574</code></a> test: disable uds conflict test on redox</li> <li><a href="https://github.com/Stebalien/tempfile/commit/772c795a27342089dd0dc48125b82454e75ac38d"><code>772c795</code></a> test: add CWD guards</li> <li><a href="https://github.com/Stebalien/tempfile/commit/2632fb9e9465b86141b5bbe47b07dbf5b7110072"><code>2632fb9</code></a> fix: resolve relative paths when constructing <code>TempPath</code></li> <li>See full diff in <a href="https://github.com/Stebalien/tempfile/compare/v3.26.0...v3.27.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tempfile&package-manager=cargo&previous-version=3.26.0&new-version=3.27.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
dependabot[bot] commented 2026-04-11 20:30:52 +00:00 (Migrated from github.com)

Looks like tempfile is up-to-date now, so this is no longer needed.

Looks like tempfile is up-to-date now, so this is no longer needed.

Pull request closed

Sign in to join this conversation.
No description provided.