fix(deps): update rust crate tokio to 1.38.2 [security]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
tokio (source)	dependencies	minor	1.27.0 -> 1.38.2

GitHub Vulnerability Alerts

GHSA-4q83-7cq4-p6wg

tokio::io::ReadHalf<T>::unsplit can violate the Pin contract

The soundness issue is described in the tokio/issues#5372

Specific set of conditions needed to trigger an issue (a !Unpin type in ReadHalf)
is unusual, combined with the difficulty of making any arbitrary use-after-free
exploitable in Rust without doing a lot of careful alignment of data types in
the surrounding code.

The tokio feature io-util is also required to be enabled to trigger this
soundness issue.

Thanks to zachs18 reporting the issue to Tokio team responsibly and taiki-e
and carllerche appropriately responding and fixing the soundness bug.

Tokio before 0.2.0 used futures 0.1 that did not have Pin, so it is not
affected by this issue.

GHSA-rr8g-9fpq-6wmg

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync.

Thank you to Austin Bonander for finding and reporting this issue.

---

Release Notes

tokio-rs/tokio (tokio)

v1.38.2: Tokio v1.38.2

Compare Source

This release fixes a soundness issue in the broadcast channel. The channel accepts values that are Send but !Sync. Previously, the channel called clone() on these values without synchronizing. This release fixes the channel by synchronizing calls to .clone() (Thanks Austin Bonander for finding and reporting the issue).

Fixed

• sync: synchronize clone() call in broadcast channel (#​7232)

v1.38.1: Tokio v1.38.1

Compare Source

1.38.1 (July 16th, 2024)

This release fixes the bug identified as (#​6682), which caused timers not
to fire when they should.

Fixed

• time: update wake_up while holding all the locks of sharded time wheels (#​6683)

v1.38.0: Tokio v1.38.0

Compare Source

This release marks the beginning of stabilization for runtime metrics. It
stabilizes RuntimeMetrics::worker_count. Future releases will continue to
stabilize more metrics.

Added

• fs: add File::create_new (#​6573)
• io: add copy_bidirectional_with_sizes (#​6500)
• io: implement AsyncBufRead for Join (#​6449)
• net: add Apple visionOS support (#​6465)
• net: implement Clone for NamedPipeInfo (#​6586)
• net: support QNX OS (#​6421)
• sync: add Notify::notify_last (#​6520)
• sync: add mpsc::Receiver::{capacity,max_capacity} (#​6511)
• sync: add split method to the semaphore permit (#​6472, #​6478)
• task: add tokio::task::join_set::Builder::spawn_blocking (#​6578)
• wasm: support rt-multi-thread with wasm32-wasi-preview1-threads (#​6510)

Changed

• macros: make #[tokio::test] append #[test] at the end of the attribute list (#​6497)
• metrics: fix blocking_threads count (#​6551)
• metrics: stabilize RuntimeMetrics::worker_count (#​6556)
• runtime: move task out of the lifo_slot in block_in_place (#​6596)
• runtime: panic if global_queue_interval is zero (#​6445)
• sync: always drop message in destructor for oneshot receiver (#​6558)
• sync: instrument Semaphore for task dumps (#​6499)
• sync: use FIFO ordering when waking batches of wakers (#​6521)
• task: make LocalKey::get work with Clone types (#​6433)
• tests: update nix and mio-aio dev-dependencies (#​6552)
• time: clean up implementation (#​6517)
• time: lazily init timers on first poll (#​6512)
• time: remove the true_when field in TimerShared (#​6563)
• time: use sharding for timer implementation (#​6534)

Fixed

• taskdump: allow building taskdump docs on non-unix machines (#​6564)
• time: check for overflow in Interval::poll_tick (#​6487)
• sync: fix incorrect is_empty on mpsc block boundaries (#​6603)

Documented

• fs: rewrite file system docs (#​6467)
• io: fix stdin documentation (#​6581)
• io: fix obsolete reference in ReadHalf::unsplit() documentation (#​6498)
• macros: render more comprehensible documentation for select! (#​6468)
• net: add missing types to module docs (#​6482)
• net: fix misleading NamedPipeServer example (#​6590)
• sync: add examples for SemaphorePermit, OwnedSemaphorePermit (#​6477)
• sync: document that Barrier::wait is not cancel safe (#​6494)
• sync: explain relation between watch::Sender::{subscribe,closed} (#​6490)
• task: clarify that you can't abort spawn_blocking tasks (#​6571)
• task: fix a typo in doc of LocalSet::run_until (#​6599)
• time: fix test-util requirement for pause and resume in docs (#​6503)

v1.37.0: Tokio v1.37.0

Compare Source

1.37.0 (March 28th, 2024)

Added

• fs: add set_max_buf_size to tokio::fs::File (#​6411)
• io: add try_new and try_with_interest to AsyncFd (#​6345)
• sync: add forget_permits method to semaphore (#​6331)
• sync: add is_closed, is_empty, and len to mpsc receivers (#​6348)
• sync: add a rwlock() method to owned RwLock guards (#​6418)
• sync: expose strong and weak counts of mpsc sender handles (#​6405)
• sync: implement Clone for watch::Sender (#​6388)
• task: add TaskLocalFuture::take_value (#​6340)
• task: implement FromIterator for JoinSet (#​6300)

Changed

• io: make io::split use a mutex instead of a spinlock (#​6403)

Fixed

• docs: fix docsrs build without net feature (#​6360)
• macros: allow select with only else branch (#​6339)
• runtime: fix leaking registration entries when os registration fails (#​6329)

Documented

• io: document cancel safety of AsyncBufReadExt::fill_buf (#​6431)
• io: document cancel safety of AsyncReadExt's primitive read functions (#​6337)
• runtime: add doc link from Runtime to #[tokio::main] (#​6366)
• runtime: make the enter example deterministic (#​6351)
• sync: add Semaphore example for limiting the number of outgoing requests (#​6419)
• sync: fix missing period in broadcast docs (#​6377)
• sync: mark mpsc::Sender::downgrade with #[must_use] (#​6326)
• sync: reorder const_new before new_with (#​6392)
• sync: update watch channel docs (#​6395)
• task: fix documentation links (#​6336)

Changed (unstable)

• runtime: include task Id in taskdumps (#​6328)
• runtime: panic if unhandled_panic is enabled when not supported (#​6410)

v1.36.0: Tokio v1.36.0

Compare Source

1.36.0 (February 2nd, 2024)

Added

• io: add tokio::io::Join (#​6220)
• io: implement AsyncWrite for Empty (#​6235)
• net: add support for anonymous unix pipes (#​6127)
• net: add UnixSocket (#​6290)
• net: expose keepalive option on TcpSocket (#​6311)
• sync: add {Receiver,UnboundedReceiver}::poll_recv_many (#​6236)
• sync: add Sender::{try_,}reserve_many (#​6205)
• sync: add watch::Receiver::mark_unchanged (#​6252)
• task: add JoinSet::try_join_next (#​6280)

Changed

• io: make copy cooperative (#​6265)
• io: make repeat and sink cooperative (#​6254)
• io: simplify check for empty slice (#​6293)
• process: use pidfd on Linux when available (#​6152)
• sync: use AtomicBool in broadcast channel future (#​6298)

Documented

• io: clarify clear_ready docs (#​6304)
• net: document that *Fd traits on TcpSocket are unix-only (#​6294)
• sync: document FIFO behavior of tokio::sync::Mutex (#​6279)
• chore: typographic improvements (#​6262)
• runtime: remove obsolete comment (#​6303)
• task: fix typo (#​6261)

v1.35.1: Tokio v1.35.1

Compare Source

1.35.1 (December 19, 2023)

This is a forward part of a change that was backported to 1.25.3.

Fixed

• io: add budgeting to tokio::runtime::io::registration::async_io (#​6221)

v1.35.0: Tokio v1.35.0

Compare Source

1.35.0 (December 8th, 2023)

Added

• net: add Apple watchOS support (#​6176)

Changed

• io: drop the Sized requirements from AsyncReadExt.read_buf (#​6169)
• runtime: make Runtime unwind safe (#​6189)
• runtime: reduce the lock contention in task spawn (#​6001)
• tokio: update nix dependency to 0.27.1 (#​6190)

Fixed

• chore: make --cfg docsrs work without net feature (#​6166)
• chore: use relaxed load for unsync_load on miri (#​6179)
• runtime: handle missing context on wake (#​6148)
• taskdump: fix taskdump cargo config example (#​6150)
• taskdump: skip notified tasks during taskdumps (#​6194)
• tracing: avoid creating resource spans with current parent, use a None parent instead (#​6107)
• tracing: make task span explicit root (#​6158)

Documented

• io: flush in AsyncWriteExt examples (#​6149)
• runtime: document fairness guarantees and current behavior (#​6145)
• task: document cancel safety of LocalSet::run_until (#​6147)

v1.34.0: Tokio v1.34.0

Compare Source

Fixed

• io: allow clear_readiness after io driver shutdown (#​6067)
• io: fix integer overflow in take (#​6080)
• io: fix I/O resource hang (#​6134)
• sync: fix broadcast::channel link (#​6100)

Changed

• macros: use ::core qualified imports instead of ::std inside tokio::test macro (#​5973)

Added

• fs: update cfg attr in fs::read_dir to include aix (#​6075)
• sync: add mpsc::Receiver::recv_many (#​6010)
• tokio: added vita target support (#​6094)

v1.33.0: Tokio v1.33.0

Compare Source

1.33.0 (October 9, 2023)

Fixed

• io: mark Interest::add with #[must_use] (#​6037)
• runtime: fix cache line size for RISC-V (#​5994)
• sync: prevent lock poisoning in watch::Receiver::wait_for (#​6021)
• task: fix spawn_local source location (#​5984)

Changed

• sync: use Acquire/Release orderings instead of SeqCst in watch (#​6018)

Added

• fs: add vectored writes to tokio::fs::File (#​5958)
• io: add Interest::remove method (#​5906)
• io: add vectored writes to DuplexStream (#​5985)
• net: add Apple tvOS support (#​6045)
• sync: add ?Sized bound to {MutexGuard,OwnedMutexGuard}::map (#​5997)
• sync: add watch::Receiver::mark_unseen (#​5962, #​6014, #​6017)
• sync: add watch::Sender::new (#​5998)
• sync: add const fn OnceCell::from_value (#​5903)

Removed

• remove unused stats feature (#​5952)

Documented

• add missing backticks in code examples (#​5938, #​6056)
• fix typos (#​5988, #​6030)
• process: document that Child::wait is cancel safe (#​5977)
• sync: add examples for Semaphore (#​5939, #​5956, #​5978, #​6031, #​6032, #​6050)
• sync: document that broadcast capacity is a lower bound (#​6042)
• sync: document that const_new is not instrumented (#​6002)
• sync: improve cancel-safety documentation for mpsc::Sender::send (#​5947)
• sync: improve docs for watch channel (#​5954)
• taskdump: render taskdump documentation on docs.rs (#​5972)

Unstable

• taskdump: fix potential deadlock (#​6036)

v1.32.1: Tokio v1.32.1

Compare Source

1.32.1 (December 19, 2023)

This is a forward part of a change that was backported to 1.25.3.

Fixed

• io: add budgeting to tokio::runtime::io::registration::async_io (#​6221)

v1.32.0: Tokio v1.32.0

Compare Source

Fixed

• sync: fix potential quadratic behavior in broadcast::Receiver (#​5925)

Added

• process: stabilize Command::raw_arg (#​5930)
• io: enable awaiting error readiness (#​5781)

Unstable

• rt(alt): improve the scalability of alt runtime as the number of cores grows (#​5935)

v1.31.0: Tokio v1.31.0

Compare Source

Fixed

• io: delegate WriteHalf::poll_write_vectored (#​5914)

Unstable

• rt(unstable): fix memory leak in unstable next-gen scheduler prototype (#​5911)
• rt: expose mean task poll time metric (#​5927)

v1.30.0: Tokio v1.30.0

Compare Source

1.30.0 (August 9, 2023)

This release bumps the MSRV of Tokio to 1.63. (#​5887)

Changed

• tokio: reduce LLVM code generation (#​5859)
• io: support --cfg mio_unsupported_force_poll_poll flag (#​5881)
• sync: make const_new methods always available (#​5885)
• sync: avoid false sharing in mpsc channel (#​5829)
• rt: pop at least one task from inject queue (#​5908)

Added

• sync: add broadcast::Sender::new (#​5824)
• net: implement UCred for espidf (#​5868)
• fs: add File::options() (#​5869)
• time: implement extra reset variants for Interval (#​5878)
• process: add {ChildStd*}::into_owned_{fd, handle} (#​5899)

Removed

• tokio: removed unused tokio_* cfgs (#​5890)
• remove build script to speed up compilation (#​5887)

Documented

• sync: mention lagging in docs for broadcast::send (#​5820)
• runtime: expand on sharing runtime docs (#​5858)
• io: use vec in example for AsyncReadExt::read_exact (#​5863)
• time: mark Sleep as !Unpin in docs (#​5916)
• process: fix raw_arg not showing up in docs (#​5865)

Unstable

• rt: add runtime ID (#​5864)
• rt: initial implementation of new threaded runtime (#​5823)

v1.29.1: Tokio v1.29.1

Compare Source

Fixed

• rt: fix nesting two block_in_place with a block_on between (#​5837)

v1.29.0: Tokio v1.29.0

Compare Source

Technically a breaking change, the Send implementation is removed from
runtime::EnterGuard. This change fixes a bug and should not impact most users.

Breaking

• rt: EnterGuard should not be Send (#​5766)

Fixed

• fs: reduce blocking ops in fs::read_dir (#​5653)
• rt: fix possible starvation (#​5686, #​5712)
• rt: fix stacked borrows issue in JoinSet (#​5693)
• rt: panic if EnterGuard dropped incorrect order (#​5772)
• time: do not overflow to signal value (#​5710)
• fs: wait for in-flight ops before cloning File (#​5803)

Changed

• rt: reduce time to poll tasks scheduled from outside the runtime (#​5705, #​5720)

Added

• net: add uds doc alias for unix sockets (#​5659)
• rt: add metric for number of tasks (#​5628)
• sync: implement more traits for channel errors (#​5666)
• net: add nodelay methods on TcpSocket (#​5672)
• sync: add broadcast::Receiver::blocking_recv (#​5690)
• process: add raw_arg method to Command (#​5704)
• io: support PRIORITY epoll events (#​5566)
• task: add JoinSet::poll_join_next (#​5721)
• net: add support for Redox OS (#​5790)

Unstable

• rt: add the ability to dump task backtraces (#​5608, #​5676, #​5708, #​5717)
• rt: instrument task poll times with a histogram (#​5685)

v1.28.2: Tokio v1.28.2

Compare Source

1.28.2 (May 28, 2023)

Forward ports 1.18.6 changes.

Fixed

• deps: disable default features for mio (#​5728)

v1.28.1: Tokio v1.28.1

Compare Source

1.28.1 (May 10th, 2023)

This release fixes a mistake in the build script that makes AsFd implementations unavailable on Rust 1.63. (#​5677)

v1.28.0: Tokio v1.28.0

Compare Source

1.28.0 (April 25th, 2023)

Added

• io: add AsyncFd::async_io (#​5542)
• io: impl BufMut for ReadBuf (#​5590)
• net: add recv_buf for UdpSocket and UnixDatagram (#​5583)
• sync: add OwnedSemaphorePermit::semaphore (#​5618)
• sync: add same_channel to broadcast channel (#​5607)
• sync: add watch::Receiver::wait_for (#​5611)
• task: add JoinSet::spawn_blocking and JoinSet::spawn_blocking_on (#​5612)

Changed

• deps: update windows-sys to 0.48 (#​5591)
• io: make read_to_end not grow unnecessarily (#​5610)
• macros: make entrypoints more efficient (#​5621)
• sync: improve Debug impl for RwLock (#​5647)
• sync: reduce contention in Notify (#​5503)

Fixed

• net: support get_peer_cred on AIX (#​5065)
• sync: avoid deadlocks in broadcast with custom wakers (#​5578)

Documented

• sync: fix typo in Semaphore::MAX_PERMITS (#​5645)
• sync: fix typo in tokio::sync::watch::Sender docs (#​5587)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: functions-templates/rust/hello-world/Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path functions-templates/rust/hello-world/Cargo.toml --workspace
error: invalid character `{` in package name: `{{name}}`, the first character must be a Unicode XID start character (most letters or `_`)
 --> functions-templates/rust/hello-world/Cargo.toml:3:8
  |
3 | name = "{{name}}"
  |        ^^^^^^^^^^
  |

[github-actions]

📊 Benchmark results

Comparing with c9dbcc1

• Dependency count: 1,173 (no change)
• Package size: 284 MB (no change)
• Number of ts-expect-error directives: 426 (no change)