chore(deps)(deps): bump thin-vec from 0.2.14 to 0.2.18#1
chore(deps)(deps): bump thin-vec from 0.2.14 to 0.2.18#1dependabot[bot] wants to merge 1 commit into
Conversation
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Bumps [thin-vec](https://github.com/mozilla/thin-vec) from 0.2.14 to 0.2.18. - [Changelog](https://github.com/mozilla/thin-vec/blob/main/RELEASES.md) - [Commits](https://github.com/mozilla/thin-vec/commits) --- updated-dependencies: - dependency-name: thin-vec dependency-version: 0.2.18 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
cdd2c7b to
4ebb877
Compare
|
Claude finished @bdimitrov-netzine's task in 1m 7s —— View job PR Review:
|
| Version | Changes | Impact |
|---|---|---|
| 0.2.15 | extract_if, const new() flag, hygiene fix for thin_vec! macro, extend() perf improvement |
Low — additive |
| 0.2.16 | Fix double-drop bugs in ThinVec::clear() and ThinVec::into_iter() when an item's Drop panics; fix reserve() in gecko-ffi mode |
Notable — memory safety correctness fix |
| 0.2.17/0.2.18 | Fix feature-combination compilation in no_std mode |
Low |
The double-drop fixes in 0.2.16 are the most significant change. While panic-in-Drop is an edge case in practice, it previously caused unsound behavior (double-free). Picking up this fix is a correctness improvement.
Assessment
Recommendation: safe to merge.
- No direct usage of
thin-vecin this codebase — only transitive exposure. - The update includes bug fixes (including a memory safety correction), no breaking API changes.
- Checksum is updated correctly in
Cargo.lock. - CI checks are currently in progress; confirm they pass before merging.
Note on Dependabot Labels
The Dependabot bot flagged that labels dependencies and rust don't exist in this repo. Consider creating them to keep future dependency PRs organized — this doesn't block merging.
Security Scan - CodeSeverity: HIGH, CRITICAL No vulnerabilities found View scan results |
Bumps thin-vec from 0.2.14 to 0.2.18.
Changelog
Sourced from thin-vec's changelog.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.